User Guide
Using and administering Red Hat Satellite
Abstract
Chapter 1. Managing User Accounts
1.1. Creating and Deleting User Accounts
Before Satellite users can register with the Satellite server to request product updates or to perform other maintenance, they need a suitable user account. Only certain Satellite Administrators
can create user accounts.
Procedure 1.1. Creating User Accounts
- Navigate to the Satellite web server page, and click the tab on the navigation bar.
- On the right side of the page, click create new user to open the Create User page.
- Complete all of the required fields.
Note
The login value must be at least five characters long, and may only contain alphanumeric, hyphen, underscore, comma, period, and commercial at (@) characters. - Clickto create the new user. An email will be sent to the user, using the address specified during creation, to inform them of the new account details. This will include the password in plain text.
- When the account has been successfully created, you will be redirected to the User List page. To change permissions and set options for the new user, select their name from the displayed list to display the User Details page, and navigate to the appropriate tabs to make your changes.
Only Satellite Administrators
can delete user accounts. Deleted accounts cannot be used to log in to the Satellite server interface, or to schedule actions.
Warning
Procedure 1.2. Deleting User Accounts
- Navigate to the Satellite web server page, and click the tab on the navigation bar.
- Click the user name of the account that you want to delete from the Username list. The User Details page displays.
- Ensure that the user account is not a Satellite administrator.If the user is a Satellite administrator, clear the associated check box, and click .If the user is not a Satellite administrator, continue to the next step.
- Click Delete User. The Confirm User Deletion page displays.
- Ensure that you want to completely delete this user account, and click.
Procedure 1.3. Activating and Deactivating Users
Note
- Select the user's name from the list in the Users tab, to display the User Details page.
- Check to see if the user is a Satellite administrator.If the user is a Satellite administrator, uncheck the box next to that role, and click.If the user is not a Satellite administrator, continue to the next step.
- Click Deactivate User.You will be asked to confirm this action, by clicking it again. Check the details, and then click Deactivate User again to confirm.
- Once the account has been successfully deactivated, the user's name will not appear in the Active Users list. Click the Deactivated link from the User List menu to view deactivated user accounts.
- To reactivate the user account, view the Deactivated list, check the box next to the user to be reactivate, and click .
1.2. Assigning Roles to User Accounts
User Roles
- Satellite Administrator
- A special role for Satellite administrative tasks such as creating organizations, managing subscriptions, and configuring global Satellite Server settings.This role cannot be assigned on the User Details page. A user that already has the Satellite Server administrator role can assign the role to another user by going to → .
- Organization Administrator
- Performs management functions such as managing users, systems, and channels within the context of their organization. Organization administrators are automatically granted administration access to all other roles, which are signified by the checkboxes for the other roles being selected and grayed-out.
- Activation Key Administrator
- Performs activation key functions for such as creating, modifying, and deleting keys within the account.
- Channel Administrator
- Provides complete access to the software channels and related associations within the organization. Performs functions such as making channels globally subscribable, and creating new channels, and managing the packages within channels.
- Configuration Administrator
- Has complete access to the configuration channels and related associations within the organization. Also has complete access to the kickstart profiles and associated items within the organization. Performs kickstart profile, channel and file management configuration functions in the organization.
- Monitoring Administrator
- Performs scheduling of probes and oversight of other monitoring infrastructure. This role is available only on Satellite Servers with monitoring enabled.
- System Group Administrator
- This role has complete authority over the systems and system groups to which it is granted access. Performs administrative functions such as creating new system groups, deleting assigned system groups, adding systems to groups, and managing user access to groups.
1.3. Customizing Selected Parts of Red Hat Satellite
- Open the
rhn.conf
file of Red Hat Satellite in a text editor. - Edit the file with the required content. To enter content that spans multiple lines escape every new line with a backslash character. Backslashes themselves can be escaped but HTML is not escaped.
Note
Red Hat Satellite does not currently support UTF-8 encoding forrhn.conf
.- To customize the header edit
java.custom_header
with the required content. - To customize the footer edit
java.custom_footer
with the required content. - To customize the login banner edit
java.login_banner
with the required content.
- Restart Satellite for the changes to take effect.
Chapter 2. Automatically Synchronizing the Red Hat Satellite Server Repository
cron
utility to effectively automate synchronization.
Procedure 2.1. To Use the cron Utility to Automate Synchronization:
- Switch to the root user, and run the following command to open the
crontab
in a text editor:# crontab -e
- Create a suitable job definition to schedule the synchronization. To create a random synchronization time, use the following entry:
0 1 * * * perl -le 'sleep rand 9000' && satellite-sync --email >/dev/null 2>1
This entry runs the synchronization job randomly between 01:00 and 03:30, and discardsstdout
andstderr
messages from thecron
utility. This prevents duplicating messages from thesatellite-sync
command. Other options can be included as needed. See thecrontab
manual pageman crontab
for more information. - Exit the text editor to save the updated
crontab
file. The new rules take effect immediately.
Note
crontab
file opens in vi by default. To change this behavior, change the EDITOR
variable to the name of the text editor you prefer.
Chapter 3. Planning for Disaster Recovery
3.1. Backing up a Red Hat Satellite Server
Red Hat recommends that you back up at least the following files and directories:
/opt/rh/postgresql92/root/var/lib/pgsql/
(Embedded database only)/etc/sysconfig/rhn/
/etc/rhn/
/etc/sudoers
/var/www/html/pub/
/var/satellite/redhat/[0-9]*/
(This is the location of any custom RPMs)/root/.gnupg/
/root/ssl-build/
/etc/dhcp.conf
/etc/httpd
/var/lib/tftpboot/
(In Red Hat Enterprise Linux 6)/var/lib/cobbler/
/var/lib/rhn/kickstarts/
/var/www/
/var/lib/nocpulse/
/etc/tomcat*/
/etc/jabberd/
/etc/cobbler/
/var/satellite/
as well. In case of failure, this will save lengthy download times. The /var/satellite/
directory (specifically /var/satellite/redhat/NULL/
) is primarily a duplicate of Red Hat's RPM repository, and can be regenerated using the satellite-sync
command. Red Hat recommends that the entire /var/satellite/
tree be backed up. In the case of disconnected satellites, /var/satellite/
must be backed up.
- Reinstall the Red Hat Satellite ISO RPMs.
- Reregister the server.
- Use the
satellite-sync
command to resynchronize Red Hat packages. - Reinstall the
/root/ssl-build/rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm
file.
Another method is to back up all of the files and directories mentioned above but reinstall the Satellite server without reregistering it. During the installation, cancel or skip the Red Hat Network registration and SSL certificate generation sections.
The final and most comprehensive method is to back up the entire machine. This saves download and reinstallation time but requires additional disk space and back-up time.
Important
rhn-search
service is started:
# service rhn-search cleanindex
3.2. Backing up an Embedded Database
db-control
command provides features to create, verify, and restore backups, to obtain database status information and to restart the database when necessary. See the db-control
manual page (man db-control
) for a full listing of the features available.
3.2.1. Performing Online Database Backups
db-control
command make this functionality possible.
db-control
command:
online-backup FILENAME:
Performs an online backup of the Satellite database (embedded PostgreSQL only).reset-password:
Resets the user password and unlocks the account.restore DIRECTORY | FILENAME:
Restores the database from either:- An offline backup taken by
db-control
and saved in the DIRECTORY directory. The database must be stopped for both thebackup
backup
andrestore
operations in order to run successfully. - An online backup taken by
db-control
and saved as FILENAME. The database itself must be running for both theonline-backup
online-backup
andrestore
operations in order to run successfully, but all other Satellite services must be stopped.
3.2.1.1. Performing an Online Backup
FILENAME
option with the full path to the backup file that you want to create. This location needs to be writable by the PostgreSQL user:
# db-control online-backup
FILENAME
Note
3.2.1.2. Restoring a Database from an Online Backup
db-control restore
FILENAME
command to restore an embedded database from a backup created using the db-control online-backup
command. Before you restore a database, you need to shut down all Satellite services except the database itself.
Procedure 3.1. To Restore a Database from an Online Backup:
- Change to the root user, and run the following command to stop all Satellite services except the database:
# rhn-satellite
stop
--exclude=postgresql92-postgresql
- Run the following command to restore the database. Replace the
FILENAME
option with the full path to the backup file created with thedb-control
command:online-backup
# db-control
restore
FILENAME
- After the restoration is complete, run the following command to restart the database and all related services:
# rhn-satellite
start
3.2.2. Performing Offline Database Backups
3.2.2.1. Performing an Offline Backup
Procedure 3.2. To Create an Offline Backup:
- Change to the root user, and run the following command to stop the Satellite server:
# rhn-satellite stop
- Run the following command to create the backup:
# db-control
backup DIRECTORY
Replace DIRECTORY with the absolute path to the location where you want to store your database backup. This process will take several minutes. - When the backup is complete, run the following command to restart the Satellite server:
# rhn-satellite start
- Copy the backup to another system using rsync or another file-transfer utility. Red Hat strongly recommends scheduling the backup process automatically using cron jobs. For instance, back up the system at 03:00 and then copy the backup to the separate repository (partition, disk, or system) at 06:00.
3.2.2.2. Verifying the Backup
# db-control examine
BACKUP_FILE
# db-control verify
BACKUP_FILE
Note
3.2.2.3. Restoring the Database
db-control restore
command to restore embedded databases from backup. Before you attempt to restore a database, you need to shut down the database and any related services.
Procedure 3.3. To Restore an Embedded Database from a Backup:
- Run the following command to stop all of the Red Hat Satellite services:
# rhn-satellite
stop
- Run the following command, including the directory containing the backup, to begin the restoration. Ensure that you replace directory with the absolute path to the location that contains the backup. This process will verify the contents of the backup before restoring the database. The process will take several minutes.
# db-control
restore directory
This not only restores the embedded database but first verifies the contents of the backup directory using checksums. - After the restoration is complete, restart the database and related services:
# rhn-satellite
start
- Regardless of whether you are backing up an external or embedded database, when the database is restored from a backup, you should schedule the restoration of search indexes the next time the
rhn-search
service is started:# service rhn-search
cleanindex
3.3. Cloning a Red Hat Satellite with an Embedded Database
Procedure 3.4. To Clone a Satellite Server with an Embedded Database:
- Install Red Hat Satellite with an embedded database on a base install of Red Hat Enterprise Linux on a separate machine. That is, a machine separate from your primary Red Hat Satellite server. Omit the SSL Certificate generation step.
- Back up the primary server's database daily using the commands described in Section 3.2.2.1, “Performing an Offline Backup”. This ensures that only changes made the day of the failure are lost.
- Establish a mechanism to copy the backup to the secondary server. Keep these repositories synchronized using a file transfer program such as rsync. Copying is not necessary if using a Storage Area Network (SAN).
- Use the
db-control
command to import duplicate data.restore
- If the primary server fails, transfer the SSL key pair RPM package in
/root/ssl-build
from the primary to the secondary server, and install that package. This ensures that Red Hat Satellite clients can authenticate with and securely connect to the secondary server. - Update your DNS to reference the secondary server, or configure your load balancer appropriately.
3.4. Creating Redundant Satellites with External Databases
Important
Procedure 3.5. To Create a Redundant Satellite with an External Database:
- Install Red Hat Satellite on a separate machine, but omit the database configuration, database schema, SSL certificate, and bootstrap script generation steps. Include the same Red Hat Network account and database connection information provided during the initial Satellite installation.
- Register the new Satellite server. See the Red Hat Satellite Installation Guide for more information.
- If your original SSL certificate does not take your high-availability solution into account, create a new one with a more appropriate
Common Name
value (see The SSL Maintenance Tool in the Red Hat Satellite Client Configuration Guide). In this case, generate a new bootstrap script (as defined in Generating Bootstrap Scripts in the Red Hat Satellite Client Configuration Guide) that captures this new value. Ensure theCommon Name
value represents the combined Satellite solution, not a single machine's host name. - After installation, copy the following files from the primary server to the secondary:
/etc/rhn/rhn.conf
/etc/tnsnames.ora
(Oracle database only.)
- Copy the server-side SSL certificate RPMs from the primary server and install them on the secondary server.If, during the installation process, you generated a new SSL certificate that included a new Common Name value, copy the SSL certificate RPMs from the secondary to the primary server and redistribute the client-side certificate. If you also created another bootstrap script, use it to install the certificate on all client systems.
- If you created a new bootstrap script, copy the contents of
/var/www/html/pub/bootstrap/
to the primary server. - If you did not create a new bootstrap script, copy the contents of
/var/www/html/pub/bootstrap/
from the primary server to the secondary server.
- Run the following command on the secondary server to stop the Red Hat Network Task Engine service:
# service taskomatic stop
You can use custom scripting or other means to establish automatic start-up/failover of the Red Hat Network Task Engine on the secondary server. Regardless, you need to ensure that it starts in the event of a failure. - Share channel package data (by default located in
/var/satellite
) and cache data (by default located in/var/cache/rhn
) between the primary and secondary servers over some type of networked storage device. This eliminates data replication and ensures a consistent store of data for each server. - Make the various servers available on your network using a suitable Common Name and a method that suits your infrastructure. Options include round-robin DNS, a network load balancer, and a reverse-proxy setup.
3.5. Automating Satellite Database Backups
cron
.
Procedure 3.6. To Automate Satellite Server Database Backups:
backup-db.sh
containing the following script. This script will stop the satellite, perform a database backup, and restart the satellite:
#!/bin/bash { /usr/sbin/rhn-satellite stop d=db-backup-$(date "+%F"); mkdir -p /tmp/$d; db-control backup /tmp/$d /usr/sbin/rhn-satellite start } &> /dev/null
- Create a new file called
move-files.sh
containing the following script. This script will usersync
to move the backup files to a directory to be stored:#!/bin/bash rsync -avz /tmp/db-backup-$(date "+%F") <destination> &> /dev/null
Replace <destination> with the path to the backup directory.Alternatively, use the following script to achieve the same goal:#!/bin/bash scp -r /tmp/db-backup-$(date "+%F") <destination> &> /dev/null
- Switch to the root user, and open the
crontab
file in a text editor:# crontab -e
Note
Thecrontab
file opens in vi by default. To change this behavior, change theEDITOR
variable to the name of the text editor you prefer. - Create a suitable job definition to schedule the backup scripts to run:
0 3 * * * backup-db.sh 0 6 * * * move-files.sh
Thiscrontab
entry will run the backup at 03:00, and transfer the backup files at 06:00. Other options can be included as needed. You can also include a clean up script to remove older backup directories and prevent the backup storage from filling up. - Exit the editor to save the
crontab
file. The new rules take effect immediately.
Chapter 4. Using Command Line Configuration Management Tools
Note
/var/lib/rhncfg/backups/
directory on the affected system. The backup retains its filename but has a .rhn-cfg-backup
extension appended.
4.1. Using Red Hat Network Actions Control
rhn-actions-control
) application is used to enable and disable configuration management of a system. Client systems cannot be managed in this fashion by default. This tool allows System Administrators to enable or disable specific modes of allowable actions such as: deploying a configuration file onto the system, uploading a file from the system, using diff to find out what is currently managed on a system and what is available, or allowing running arbitrary remote commands. These various modes are enabled/disabled by placing/removing files and directories in the /etc/sysconfig/rhn/allowed-actions/
directory. Due to the default permissions on the /etc/sysconfig/rhn/
directory, Red Hat Network Actions Control have to be run by someone with root access.
4.1.1. Using General Command Line Options
man
page available, as there are for most command line tools. Simply decide what Red Hat Network scheduled actions should be enabled for use by system administrators. These options enable the various scheduled action modes:
Table 4.1. rhn-actions-control
options
Option | Description |
---|---|
--enable-deploy | Allow rhncfg-client to deploy files. |
--enable-diff | Allow rhncfg-client to diff files. |
--enable-upload | Allow rhncfg-client to upload files. |
--enable-mtime-upload | Allow rhncfg-client to upload mtime. |
--enable-all | Allow rhncfg-client to do everything. |
--enable-run | Enable script.run |
--disable-deploy | Disable deployment. |
--disable-diff | Disable diff |
--disable-upload | Disable upload |
--disable-mtime-upload | Disable mtime upload |
--disable-all | Disable all options |
--disable-run | Disable script.run |
--report | Report whether the modes are enabled or disabled |
-f, --force | Force the operation without asking first |
-h, --help | show help message and exit |
rhn-actions-control --enable-all
is a common option.
4.2. Using the Red Hat Network Configuration Client
rhncfg-client
) is installed and run from an individual client system. From there you may use it to gain knowledge about how Red Hat Network deploys configuration files to the client.
4.2.1. Listing Configuration Files
rhncfg-client list
Config Channel File config-channel-17 /etc/example-config.txt config-channel-17 /var/spool/aalib.rpm config-channel-14 /etc/rhn/rhn.conf
rhncfg-manager list config-channel-14
Files in config channel 'config-channel-14' /etc/example-config.txt /etc/rhn/rhn.conf
/etc/example-config.txt
went. The rank of the /etc/example-config.txt
file in config-channel-17
was higher than that of the same file in config-channel-14
. As a result, the version of the configuration file in config-channel-14
is not deployed for this system, although the file still resides in the channel. The rhncfg-client
command does not list the file because it will not be deployed on this system.
4.2.2. Getting a Configuration File
rhncfg-client get /etc/example-config.txt
Deploying /etc/example-config.txt
less
or another pager. Note that the file is selected as the most relevant based upon the rank of the config channel containing it. This is accomplished within the Configuration tab of the System Details page.
4.2.3. Viewing Configuration Channels
rhncfg-client channels
Config channels: Label Name ----- ---- config-channel-17 config chan 2 config-channel-14 config chan 1
rhncfg-client get
:
Table 4.2. rhncfg-client get
options
Option | Description |
---|---|
--topdir=TOPDIR | Make all file operations relative to this string. |
--exclude=EXCLUDE | Excludes a file from being deployed with 'get'/ May be used multiple times. |
-h, --help | Show help message and exit |
4.2.4. Differentiating between Configuration Files
rhncfg-client diff
[root@testsatellite root]# rhncfg-client diff --- /etc/test +++ /etc/test 2013-08-28 00:14:49.405152824 +1000 @@ -1 +1,2 @@ This is the first line +This is the second line added
--topdir
option to compare config files in Red Hat Network with those located in an arbitrary (and unused) location on the client system, like so:
[root@ root]# rhncfg-client diff --topdir /home/test/blah/ /usr/bin/diff: /home/test/blah/etc/example-config.txt: No such file or directory /usr/bin/diff: /home/test/blah/var/spool/aalib.rpm: No such file or directory
4.2.5. Verifying Configuration Files
rhncfg-client verify
modified /etc/example-config.txt /var/spool/aalib.rpm
example-config.txt
is locally modified, while aalib.rpm
is not.
rhncfg-client verify
:
Table 4.3. rhncfg-client verify
options
Option | Description |
---|---|
-v, --verbose | Increase the amount of output detail. Displays differences in the mode, owner, and group permissions for the specified config file. |
-o, --only | Only show files that differ. |
-h, --help | Show help message and exit |
4.3. Using the Red Hat Network Configuration Manager
rhncfg-manager
) is designed to maintain Red Hat Network's central repository of config files and channels, not those located on client systems. This tool offers a command line alternative to the configuration management features within the Red Hat Network website, as well as the ability to script some or all of the related maintenance.
/etc/sysconfig/rhn/rhncfg-manager.conf
or in the [rhncfg-manager] section of ~/.rhncfgrc
.
~/.rhncfgrc
file. The session file is cached in ~/.rhncfg-manager-session
to prevent logging in for every command.
server.session_lifetime
option and new value to the /etc/rhn/rhn.conf
file on the server running the manager, like so:
server.session_lifetime = 120
rhncfg-manager mode --help
rhncfg-manager diff-revisions --help
4.3.1. Creating a Configuration Channel
rhncfg-manager create-channel channel-label
Red Hat Network username: rhn-user Password: Creating config channel channel-label Config channel channel-label created
4.3.2. Adding Files to a Configuration Channel
rhncfg-manager add --channel=channel-label
/path/to/file
--dest-file
option in the command, like:
rhncfg-manager add --channel=channel-label
--dest-file=/new/path/to/file.txt
/path/to/file
Pushing to channel example-channel Local file >/path/to/file -> remote file /new/path/to/file.txt
rhncfg-manager add
:
Table 4.4. rhncfg-manager add
options
Option | Description |
---|---|
-c CHANNEL --channel=CHANNEL | Upload files in this config channel |
-d DEST_FILE --dest-file=DEST_FILE | Upload the file as this path |
--delim-start=DELIM_START | Start delimiter for variable interpolation |
--delim-end=DELIM_END | End delimiter for variable interpolation |
-i, --ignore-missing | Ignore missing local files |
--selinux-context=SELINUX_CONTEXT | Overwrite the SELinux context |
-h, --help | show help message and exit |
Note
/usr/share/rhn/config-defaults/rhn_web.conf
(in bytes):
maximum_config_file_size = 131072
/usr/share/rhn/config-defaults/rhn_server.conf
(in bytes):
maximum_config_file_size = 131072
/usr/share/rhn/config-defaults/rhn_java.conf
(in kilobytes):
java.config_file_edit_size = 128
4.3.3. Differentiating between Latest Configuration Files
rhncfg-manager diff --channel=channel-label
--dest-file=/path/to/file.txt
\ /local/path/to/file
--- /tmp/dest_path/example-config.txt config_channel: example-channel revision: 1 +++ /home/test/blah/hello_world.txt 2003-12-14 19:08:59.000000000 -0500 @@ -1 +1 @@ -foo +hello, world
rhncfg-manager diff
:
Table 4.5. rhncfg-manager diff
options
Option | Description |
---|---|
-c CHANNEL, --channel=CHANNEL | Get file(s) from this config channel |
-r REVISION, --revision=REVISION | Use this revision |
-d DEST_FILE, --dest-file=DEST_FILE | Upload the file as this path |
-t TOPDIR, --topdir=TOPDIR | Make all files relative to this string |
-h, --help | Show help message and exit |
4.3.4. Differentiating between Various Versions
-r
flag to indicate which revision of the file should be compared and the -n
flag to identify the two channels to be checked. See Section 4.3.11, “Determining the Number of File Revisions” for related instructions. Specify only one file name here, since you are comparing the file against another version of itself. For example:
rhncfg-manager diff-revisions -n=channel-label1
-r=1
-n=channel-label2
-r=1
/path/to/file.txt
--- /tmp/dest_path/example-config.txt 2004-01-13 14:36:41 \ config channel: example-channel2 revision: 1 --- /tmp/dest_path/example-config.txt 2004-01-13 14:42:42 \ config channel: example-channel3 revision: 1 @@ -1 +1,20 @@ -foo +blah +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (GNU/Linux) +Comment: For info see http://www.gnupg.org + +iD8DBQA9ZY6vse4XmfJPGwgRAsHcAJ9ud9dabUcdscdcqB8AZP7e0Fua0NmKsdhQCeOWHX +VsDTfen2NWdwwPaTM+S+Cow= +=Ltp2 +-----END PGP SIGNATURE-----
rhncfg-manager diff-revisions
:
Table 4.6. rhncfg-manager diff-revisions
options
Option | Description |
---|---|
-c CHANNEL, --channel=CHANNEL | Use this config channel |
-r REVISION, --revision=REVISION | Use this revision |
-h, --help | Show help message and exit |
4.3.5. Downloading All Files in a Channel
rhncfg-manager download-channel channel-label --topdir .
Copying /tmp/dest_path/example-config.txt -> \ blah2/tmp/dest_path/example-config.txt
rhncfg-manager download-channel
:
Table 4.7. rhncfg-manager download-channel
options
Option | Description |
---|---|
-t TOPDIR, --topdir=TOPDIR | Directory all the file paths are relative to. This option must be set. |
-h, --help | Show help message and exit |
4.3.6. Getting the Contents of a File
rhncfg-manager get --channel=channel-label
\ /tmp/dest_path/example-config.txt
4.3.7. Listing All Files in a Channel
rhncfg-manager list channel-label
Files in config channel `example-channel3': /tmp/dest_path/example-config.txt
rhncfg-manager get
:
Table 4.8. rhncfg-manager get
options
Option | Description |
---|---|
-c CHANNEL, --channel=CHANNEL | Get file(s) from this config channel |
-t TOPDIR, --topdir=TOPDIR | Make all files relative to this string |
-r REVISION, --revision=REVISION | Get this file revision |
-h, --help | Show help message and exit |
4.3.8. Listing All Configuration Channels
rhncfg-manager list-channels
Available config channels: example-channel example-channel2 example-channel3 config-channel-14 config-channel-17
local_override
or server_import
channels.
4.3.9. Removing a File from a Channel
rhncfg-manager remove --channel=channel-label
/tmp/dest_path/example-config.txt
Red Hat Network username: rhn-user Password: Removing from config channel example-channel3 /tmp/dest_path/example-config.txt removed
rhncfg-manager remove
:
Table 4.9. rhncfg-manager remove
options
Option | Description |
---|---|
-c CHANNEL, --channel=CHANNEL | Remove files from this config channel |
-t TOPDIR, --topdir=TOPDIR | Make all files relative to this string |
-h, --help | Show help message and exit |
4.3.10. Deleting a Configuration Channel
rhncfg-manager remove-channel channel-label
Removing config channel example-channel Config channel example-channel removed
4.3.11. Determining the Number of File Revisions
rhncfg-manager revisions channel-label /tmp/dest_path/example-config.txt
Analyzing files in config channel example-channel \ /tmp/dest_path/example-config.txt: 1
4.3.12. Updating a File in a Channel
rhncfg-manager update \ --channel=channel-label
--dest-file=/path/to/file.txt
/local/path/to/file
Pushing to channel example-channel: Local file example-channel/tmp/dest_path/example-config.txt -> \ remote file /tmp/dest_path/example-config.txt
rhncfg-manager update
:
Table 4.10. rhncfg-manager update
options
Option | Description |
---|---|
-c CHANNEL, --channel=CHANNEL | Upload files in this config channel |
-d DEST_FILE, --dest-file=DEST_FILE | Upload the file as this path |
-t TOPDIR, --topdir=TOPDIR | Make all files relative to this string |
--delim-start=DELIM_START | Start delimiter for variable interpolation |
--delim-end=DELIM_END | End delimiter for variable interpolation |
-h, --help | Show help message and exit |
4.3.13. Uploading Multiple Files at Once
rhncfg-manager upload-channel --topdir=topdir
channel-label
Using config channel example-channel4 Uploading /tmp/ola_world.txt from blah4/tmp/ola_world.txt
rhncfg-manager upload-channel
:
Table 4.11. rhncfg-manager upload-channel
options
Option | Description |
---|---|
-t TOPDIR, --topdir=TOPDIR | Directory all the file paths are relative to |
-c CHANNEL, --channel=CHANNEL | List of channels the config info will be uploaded into. Channels delimited by ','. Example: --channel=foo,bar,baz |
-h, --help | Show help message and exit |
4.4. Using the Red Hat Satellite Command Line Tool (spacecmd)
spacecmd
tool interacts with Red Hat Satellite's XML-RPC API. This provides users with a simple way of executing Satellite functionality from the command line.
Note
spacecmd
requires your username and password. This opens a session ticket for the chosen user and all subsequent usage of spacecmd
uses this session until it expires, in one hour. Change the user and password using the -u USERNAME
and -p PASSWORD
options.
spacecmd
uses two methods of execution.
From the Interactive Shell
spacecmd
alone to start the interactive shell.
[root@satellite57 ~]# spacecmd Welcome to spacecmd, a command-line interface to Spacewalk. Type: 'help' for a list of commands 'help <cmd>' for command-specific help 'quit' to quit INFO: Connected to https://localhost/rpc/api as admin spacecmd {SSM:0}>
spacecmd
prompt, which also indicates the number of system attached to the System Set Manager (SSM).
system_list
:
spacecmd {SSM:0}> system_list system001.example.com system002.example.com system003.example.com system004.example.com ...
system_list
followed by the name of the system:
spacecmd {SSM:0}> system_listbasechannel system001.example.com rhel-x86_64-server-6
help
command.
From the Terminal
spacecmd
commands directly from the your Linux terminal. For example, use spacecmd system_list
to list all your systems:
[root@satellite57 ~]# spacecmd system_list INFO: Connected to https://localhost/rpc/api as admin system001.example.com system002.example.com system003.example.com system004.example.com ...
spacecmd system_listbasechannel systemname
:
[root@satellite57 ~]# spacecmd system_listbasechannel system001.example.com INFO: Connected to https://localhost/rpc/api as admin rhel-x86_64-server-6
spacecmd help
.
4.5. Using the Red Hat Satellite Final Archive Tool (spacewalk-final-archive)
spacewalk-final-archive
is used to generate a final archive of your Red Hat Satellite 5 server before decomissioning it. The command generates an archive file found at /tmp/spacewalk-final/final-archive.tar.bz2
. This archive includes:
- A backup of the database stored in the
archive/db_backup
directory. This backup is created with thedb-control
command. - A copy of all relevant system files stored in the
archive/debug
directory. This backup is created with thespacewalk-debug
command. - A final copy of all reports in CSV format stored in the
archive/reports
directory. This backup is created with thespacewalk-report
command. - Transition data in CSV format for use with Red Hat Satellite 6 stored in the
archive/transition
directory. This backup is created with thespacewalk-export
command.
[root@satellite57 ~]# spacewalk-final-archive
-h
option to see other options to restrict certain content from the archive or to change the archive export directory.
Chapter 5. Cloning Software Channels and Errata
spacewalk-clone-by-date
command to create custom cloned Red Hat Enterprise Linux channels based on the date an erratum was made available to the Red Hat Enterprise Linux system.
5.1. Features
spacewalk-clone-by-date
:
- Cloning the channel errata and associated package states as they were on a specific date
- Automating the cloning by scripts and template files
- Removing or blocking packages from channels
- Resolving package dependencies within the parent and child channels
- Filtering and acting on specific errata while ignoring others. For example, acting only on security errata and ignoring bugfixes and enhancements.
Note
spacewalk-clone-by-date
command as the root user and the username
needs to be either an Organizational Administrator or Channel Administrator.
Important
spacewalk-clone-by-date
is limited to Red Hat Enterprise Linux 5 and higher versions because spacewalk-clone-by-date
uses yum
metadata to complete dependency resolution. Red Hat Enterprise Linux 4 and lower versions use the up2date
command to install and update packages and does not provide the metadata spacewalk-clone-by-date
requires.
5.2. Example Usage
rhel-i386-server-5
channel errata as it is on January 1st, 2012, into the channel named my-clone-RHEL-5.
# spacewalk-clone-by-date --username=your_username --password=your_password --server=satellite_server_url --channels=rhel-i386-server-5 my-clone-RHEL-5 --to_date=2012-01-01
Important
# spacewalk-clone-by-date --username=your_username --password=your_password --server=satellite_server_url --channels=rhel-i386-server-5 my-clone-RHEL-5 --to_date=2012-01-01 --security_only --background --blacklist=kernel,vim-extended --assumeyes
spacewalk-clone-by-date
for more information about the available options and how to use them.
Chapter 6. Monitoring
6.1. Prerequisites
- Monitoring entitlements - These entitlements are required for all systems that are to be monitored. Monitoring is only supported on Red Hat Enterprise Linux systems.
- Red Hat Satellite with monitoring - monitoring systems must be connected to a Satellite with a base operating system of Red Hat Enterprise Linux 5 or later.
- Monitoring Administrator - This role must be granted to users installing probes, creating notification methods, or altering the monitoring infrastructure in any way. (Remember, the Satellite Administrator automatically inherits the abilities of all other roles within an organization and can therefore conduct these tasks.). Assign this role through the User Details page for the user.
- Red Hat Network monitoring daemon - This daemon, along with the SSH key for the scout, is required on systems that are monitored in order for the internal process monitors to be executed. You may, however, be able to run these probes using the systems' existing SSH daemon (
sshd
). See Section 6.2, “Configuring the Red Hat Network Monitoring Daemon (rhnmd)” for the complete list of available probes.
Enabling Monitoring
- Log in as a user with Satellite Administrator privileges and navigate to Enable Monitoring checkbox, then click to save.→ . Click the
- Restart services to pick up the changes. Go to thetab to restart the Satellite. This will take the Satellite offline for a few minutes.
- Check if thetab is available under to confirm that monitoring is enabled.
- Navigate to→ → . Click the checkbox to enable the scout. Click to save.
Note
6.2. Configuring the Red Hat Network Monitoring Daemon (rhnmd)
rhnmd
enables the Satellite to communicate securely with the client system to access internal processes and retrieve probe status.
sshd
instead. See Section 6.2.2, “Configuring SSH” for details.
sshd
, is required on client systems for the following probes to run:
- Linux::CPU Usage
- Linux::Disk IO Throughput
- Linux::Disk Usage
- Linux::Inodes
- Linux::Interface Traffic
- Linux::Load
- Linux::Memory Usage
- Linux::Process Counts by State
- Linux::Process Count Total
- Linux::Process Health
- Linux::Process Running
- Linux::Swap Usage
- Linux::TCP Connections by State
- Linux::Users
- Linux::Virtual Memory
- LogAgent::Log Pattern Match
- LogAgent::Log Size
- Network Services::Remote Ping
- Oracle::Client Connectivity
- General::Remote Program
- General::Remote Program with Data
6.2.1. Installing the Red Hat Network Monitoring Daemon
rhnmd
. Note that the steps in this section are optional if you intend to use sshd
to allow secure connections between the Red Hat Network monitoring infrastructure and the monitored systems. See Section 6.2.2, “Configuring SSH” for instructions.
rhnmd
package can be found in the Red Hat Network Tools channel for all Red Hat Enterprise Linux distributions. To install it:
- Subscribe the systems to be monitored to the Red Hat Network Tools channel associated with the system. This can be done individually through the→ → subtab or for multiple systems at once through the → tab.
- Once subscribed, open the→ tab and find the
rhnmd
package (under 'R'). - Click the package name to open the Package Details page. Go to the Target Systems tab, select the desired systems, and click .
- Install the SSH public key on all client systems to be monitored, as described in Section 6.2.3, “Installing the SSH key”.
- Start the Red Hat Network monitoring daemon on all client systems using the command:
service rhnmd start
- When adding probes requiring the daemon, accept the default values for RHNMD User and RHNMD Port:
nocpulse
and4545
, respectively.
6.2.2. Configuring SSH
sshd
to provide the encrypted connection required between the systems and Red Hat Network. This may be especially desirable if you already have sshd
running. To configure the daemon for monitoring use:
- Ensure the SSH package is installed on the systems to be monitored:
rpm -qi openssh-server
- Identify the user to be associated with the daemon. This can be any user available on the system, as long as the required SSH key can be put in the user's
~/.ssh/authorized_keys
file. - Install the SSH public key on all client systems to be monitored, as described in Section 6.2.3, “Installing the SSH key”.
- Start the
sshd
on all client systems using the command:service sshd start
- When adding probes requiring the daemon, insert the values derived from steps 2 and 3 in the RHNMD User and RHNMD Port fields.
6.2.3. Installing the SSH key
rhnmd
or sshd
, you must install the Red Hat Network monitoring daemon public SSH key on the systems to be monitored to complete the secure connection. To install it:
- Copy the character string (beginning with ssh-dss and ending with the hostname of the Satellite).
- Select Systems from the left menu, and click the checkbox next to the systems you want to send the SSH key to. Click the button at the top to finish.
- From the System Set Manager, click Run remote commands, then in the Script text box, type the following line:
#!/bin/sh cat <<EOF >> ~nocpulse/.ssh/authorized_keys
Then, press Enter, paste the SSH Key and add EOF. The result should look similar to the following:#!/bin/sh cat <<EOF>> ~nocpulse/.ssh/authorized_keys ssh-dss AABBAB3NzaC3kc3MABCCBAJ4cmyf5jt/ihdtFbNE1YHsT0np0SYJz7xk hzoKUUWnZmOUqJ7eXoTbGEcZjZLppOZgzAepw1vUHXfa/L9XiXvsV8K5Qmcu70h0 1gohBIder/1I1QbHMCgfDVFPtfV5eedau4AAACAc99dHbWhk/dMPiWXgHxdI0vT2 SnuozIox2klmfbTeO4Ajn/Ecfxqgs5diat/NIaeoItuGUYepXFoVv8DVL3wpp45E 02hjmp4j2MYNpc6Pc3nPOVntu6YBv+whB0VrsVzeqX89u23FFjTLGbfYrmMQflNi j8yynGRePIMFhI= root@satellite.example.com EOF
- Set the date and time you want for the action to take place, then click.
ssh
connections between the monitoring infrastructure and the monitored system. You may then schedule probes requiring the monitoring daemon to run against the newly configured systems.
6.3. Configuring the mysql package for probes
mysql
package on the Red Hat Satellite. See Appendix A, Probes for a listing of all available probes.
mysql
package with either the yum
(Red Hat Enterprise Linux 5, 6, and 7) command or the up2date
command (Red Hat Enterprise Linux 3 and 4).
6.4. Enabling Notifications
6.4.1. Creating Notification Methods
- Log into the Satellite as either a Satellite Administrator or Monitoring Administrator.
- Navigate to Users and select the username. On the User Details page, click on → .
- Enter an intuitive, descriptive label for the method name, such as
DBA day email
, and provide the correct email address. Remember, the labels for all notification methods are available in a single list during probe creation, so they should be unique to your organization. - Select the checkbox if you desire abbreviated messages to be sent to the email address. This shorter format contains only the probe state, system hostname, probe name, time of message, and Send ID. The standard, longer format displays additional message headers, system and probe details, and instructions for response.
- When finished, click Notification page under the top Monitoring category. Click its name to edit or delete it.. The new method shows up in the → tab and the
- While adding probes, select the Probe Notifications checkbox and select the new notification method from the resulting dropdown menu. Notification methods assigned to probes cannot be deleted until they are dis-associated from the probe.
6.4.2. Receiving Notifications
Subject: CRITICAL: [hostname]: Satellite: Users at 1 From: "Monitoring Satellite Notification" (rogerthat01@redhat.com) Date: Mon, 26 Aug 2013 13:42:28 -0800 To: user@organization.com This is Red Hat Monitoring Satellite notification 01dc8hqw. Time: Mon Aug 26, 21:42:25 PST State: CRITICAL System: [hostname] ([IP address]) Probe: Satellite: Users Message: Users 6 (above critical threshold of 2) Notification #116 for Users Run from: Red Hat Monitoring Satellite
Note
6.4.3. Redirecting Notifications
/etc/aliases
and adding the following line:
rogerthat01: "| /etc/smrsh/ack_queuer.pl"
- ACK METOO - Sends the notification to the redirect destination(s) in addition to the default destination.
- ACK SUSPEND - Suspends the notification method for a specified time period.
- ACK AUTOACK - Does not change the destination of the notification, but automatically acknowledges matching alerts as soon as they are sent.
- ACK REDIR - Sends the notification to the redirect destination(s) instead of the default destination.
check
or host
, duration indicates the length of time for the redirect, and email_address indicates the intended recipient. For example:
ACK METOO host 1h boss@domain.com
Note
ack suspend host
. However, you cannot halt Satellite probe notifications by responding to a probe with ack suspend host
or other redirect responses. These probes require you to change the notifications within the web interface of the Satellite.
6.4.4. Deleting Notification Methods
- Log into the Satellite as a Satellite Administrator or Monitoring Administrator.
- Navigate to the→ page and click the name of the method to be removed.
- On the delete method. If the method is not associated with any probes, you are presented with a confirmation page. Click . The notification method is removed.→ → tab, click
Note
Since both the notification method name and address can be edited, consider updating the method rather than deleting it. This redirects notifications from all probes using the method without having to edit each probe and create a new notification method. - If the method is associated with one or more probes, you are presented with a list of the probes using the method and the systems to which the probes are attached instead of a confirmation page. Click the probe name to go directly to the→ tab.
- Select another notification method and click.
- Return to the→ page and delete the notification method.
6.5. Probes
6.5.1. Managing Probes
- Log into the Satellite as either a Satellite Administrator or the System Group Administrator for the system.
- Navigate to the create new probe.→ tab and click
- On the System Probe Creation page, complete all required fields. First, select the Probe Command Group. This alters the list of available probes and other fields and requirements. See Appendix A, Probes for the complete list of probes by command group. Remember that some probes require the Red Hat Network monitoring daemon to be installed on the client system.
- Select the desired Probe Command and the monitoring Scout, typically
Red Hat Monitoring Satellite
but possibly a Red Hat Satellite Proxy Server. Enter a brief but unique description for the probe. - Select the Probe Notifications checkbox to receive notifications when the probe changes state. Use the Probe Check Interval dropdown menu to determine how often notifications should be sent. Selecting
1 minute
(and the Probe Notification checkbox) means you will receive notifications every minute the probe surpasses its CRITICAL or WARNING thresholds. See Section 6.4, “Enabling Notifications” to find out how to create notification methods and acknowledge their messages. - Use the RHNMD User and RHNMD Port fields, if they appear, to force the probe to communicate via
sshd
, rather than the Red Hat Network monitoring daemon. See Section 6.2.2, “Configuring SSH” for details. Otherwise, accept the default values ofnocpulse
and4545
, respectively. - If the Timeout field appears, review the default value and adjust to meet your needs. Most but not all timeouts result in an UNKNOWN state. If the probe's metrics are time-based, ensure the timeout is not less than the time allotted to thresholds. Otherwise, the metrics serve no purpose, as the probe will time out before any thresholds are crossed.
- Use the remaining fields to establish the probe's alert thresholds, if applicable. These CRITICAL and WARNING values determine at what point the probe has changed state. See Section 6.5.2, “Establishing Thresholds” for best practices regarding these thresholds.
- When finished, click Scout Config Push page for this to take effect.. Remember, you must commit your monitoring configuration change on the
6.5.2. Establishing Thresholds
6.5.3. Monitoring the Satellite Server
Satellite
Probe Command Group. Next, complete the remaining fields as you would for any other probe. See Section 6.5.1, “Managing Probes” for instructions.
Note
6.6. Monitoring
6.6.1. Probe Status
Important
- Critical - The probe has crossed a CRITICAL threshold.
- Warning - The probe has crossed a WARNING threshold.
- Unknown - The probe is not able to accurately report metric or state data.
- Pending - The probe has been scheduled but has not yet run or is unable to run.
- OK - The probe is running successfully.
- Probe status
- All probes in a given state (OK, WARN, UNKNOWN, CRITICAL, PENDING)
- A Probe Event history
6.6.1.1. Probe Status ⇒ Critical
Important
6.6.1.2. Probe Status ⇒ Warning
Important
6.6.1.3. Probe Status ⇒ Unknown
Important
6.6.1.4. Probe Status ⇒ Pending
Important
6.6.1.5. Probe Status ⇒ OK
Important
6.6.1.6. Probe Status ⇒ All
Important
6.6.1.7. Current State
Important
6.6.2. Notification
Important
6.6.2.1. Notification ⇒ Filters
6.6.2.1.1. Notification ⇒ Notification Filters ⇒ Active Filters
- Description: Enter a value that allows you to distinguish this filter from others.
- Type: Determine what action the filter should take: redirect, acknowledge, suspend, or supplement the incoming notification.
- Send to: The Redirect Notification and Supplemental Notification options in step two require an email address to which to send the notifications. The remaining options require no email address.
- Scope: Determine which monitoring components are subject to the filter.
- Organization/Scout/Probe: This option allows you to select the organization, scout(s), or probe(s) to which this filter applies. To select multiple items from the list, hold the Ctrl key while clicking the names of the items. To select a range of items, hold the Shift key while clicking on the first and last items in the range.
- Probes in State: Select which probe state(s) relate to the filter. For example, you may choose to create a supplemental notification for critical probes only. Uncheck the box to the left of any state you want the filter to ignore.
- Notifications sent to: This is the method to which the notification would be sent if no filter were in place. You may, for example, redirect notifications that would normally go to a user should that individual go on vacation, leaving all other notifications from the probe unchanged.
- Match Output: Select precise notification results by entering a regular expression here. If the "Message:" portion of the notification does not match the regular expression, the filter is not applied.
- Recurring: Select whether a filter runs continuously or on a recurring basis. A recurring filter runs multiple times for a period of time smaller than the duration of the filter. For example, a recurring filter could run for 10 minutes of every hour between the start and end times of the filter. A non-recurring filter runs continuously between the start and end times of the filter.
- Beginning: Enter a date and time for the filter to begin operation.
- Ending: Enter an end date and time for the filter.
- Recurring Duration: How long a recurring filter instance is active. This field, applicable to recurring filters only, begins at the Beginning time specified above. Any notification generated outside of the specified duration is not filtered.
- Recurring Frequency: How often the filter activates.
6.6.2.1.2. Notification ⇒ Notification Filters ⇒ Expired Filters
6.6.3. Probe Suites
- From the Monitoring ⇒ Probe Suites page, select the create probe suite link. Enter an easily distinguishable name for the Probe Suite. You may also choose to add a brief description of the Suite. Click the button to continue.
- Add and configure the probes that comprise the Suite. Click the create new probe link in the upper right.
- Configure the probe and click thebutton in the lower right. Repeat this process until all desired probes have been added.
Note
Sendmail must be configured correctly on your Red Hat Satellite and each client system to which the Probe Suite is applied must have therhnmd
daemon installed and running. See the Red Hat Satellite Installation Guide for additional information. - On the "Systems" tab, add the systems to which the Probe Suite applies. Click the add systems to probe suite link in the upper right of the screen to continue.
- The next page displays a list of all systems with Monitoring entitlements. Check the box to the left of the system(s) to which you wish to apply the Probe Suite, select the monitoring scout you wish to use, and click thebutton to complete the creation of the Probe Suite.
- From the Monitoring ⇒ Probe Suites page, click on the title of the Probe Suite you wish to alter.
- Select the Probes sub-tab.
- Check the box next to the probe you wish to remove.
- Click thebutton.
- From the Monitoring ⇒ Probe Suites page, click on the title of the Probe Suite you wish to alter.
- Select the Systems sub-tab.
- Check the box next to the system(s) you wish to remove from the Probe Suite.
- Click thebutton
Note
- From the Monitoring ⇒ Probe Suites page, click on the title of the Probe Suite you wish to alter.
- Select the Systems sub-tab.
- Check the box next to the system(s) you wish to remove from the Probe Suite.
- Click thebutton.
6.6.4. Scout Config Push
Important
6.6.5. General Monitoring Config
Important
6.7. Monitoring Tablespaces
db-control report
command as the root
user.
db-control tablesizes
command as the root
user.
6.8. Monitoring Red Hat Satellite Server Processes
rhn-satellite status
command to verify that all services related to the Satellite Server are running:
# rhn-satellite status
Chapter 7. Maintaining System Security Using OpenSCAP
7.1. OpenSCAP Features
7.2. OpenSCAP Prerequisites
- A tool to verify that a system conforms to a standard.Satellite Server 5.5 and later use OpenSCAP as an auditing feature. This allows you to use the web interface to schedule and view compliance scans for any system.
- SCAP content.You can generate your own SCAP content if you have an understanding of at least XCCDF or OVAL. XCCDF content is also frequently published online under open source licenses, and you can customize this content to suit your needs instead.
Note
Red Hat supports the use of templates to evaluate your systems. However, custom content authoring of these templates is not supported.Some examples of bodies that publish XCCDF content are:- The United States Government Configuration Baseline (USGCB): Official SCAP content for desktops within federal agencies that has been developed at NIST in collaboration with Red Hat, Inc. and the United States Department of Defense (DoD) using OVAL.
- Community-provided content:
- SCAP Security Guide: Active community-run content that sources from the USGCB requirements and widely-accepted policies and contains profiles for desktop, server, and FTP server. Suitable for Red Hat Enterprise Linux 6 and JBoss Enterprise Application Server 5.
- OpenSCAP Content for Red Hat Enterprise Linux 6: The openscap-content package from the Red Hat Enterprise Linux 6 Optional Channel also provides default content guidance by means of a template.
7.3. Red Hat Satellite Prerequisites for Using OpenSCAP
- Satellite Server: Satellite 5.5 or later.
- Satellite Client: spacewalk-oscap package (available from the Red Hat Network Tools Child Channel).
A Management entitlement is required for scheduling scans.
Satellite Client: Distribution of the XCCDF content to all client machines.
- Traditional methods, such as CD, USB, NFS, SCP, FTP.
- Satellite scripts.
- RPM packages.Custom RPMs are the recommended way to distribute SCAP content to other machines. RPM packages can be signed and verified to ensure their integrity. Installation, removal, and verification of RPM packages can be managed from the user interface.
7.4. Performing Audit Scans
7.4.1. Using the Web Interface to Perform Audit Scans
Procedure 7.1. To Perform an Audit Scan Using the Web Interface:
- Log in to the Satellite web interface.
- Click→
- Click→
- Complete the
Schedule New XCCDF Scan
page. See Section 7.5.2.3, “Schedule Page” for information about the fields on this page.Warning
The XCCDF content is validated before it is run on the remote system. Specifying invalid command-line arguments can causespacewalk-oscap
to fail to validate or run. Due to security concerns theoscap xccdf eval
command only accepts a limited set of parameters.
Note
rhn_check
command to ensure that the action is being picked up by the client system.
# rhn_check -vv
rhnsd
or osad
are running on the client system, the action will be picked up by these services. To check if they are running, run one of the following commands.
# service rhnsd start
# chkconfig rhnsd on
OR# service osad start
# chkconfig osad on
# systemctl enable rhnsd
# systemctl start rhnsd
OR# systemctl enable osad
# systemctl start osad
7.4.2. Using the API to Perform Audit Scans
Procedure 7.2. To Perform an Audit Scan Using the API:
- Choose an existing script or create a script for scheduling a system scan through
system.scap.scheduleXccdfScan
, the front-end API, for example:#!/usr/bin/python import xmlrpclib client = xmlrpclib.Server('https://satellite.example.com/rpc/api') key = client.auth.login('username', 'password') client.system.scap.scheduleXccdfScan(key, 1000010001, '/usr/local/share/scap/usgcb-rhel5desktop-xccdf.xml', '--profile united_states_government_configuration_baseline')
Where:- 1000010001 is the
system ID (sid)
. /usr/local/share/scap/usgcb-rhel5desktop-xccdf.xml
is the path to the content location on the client system. In this case, it assumes USGCB content in the/usr/local/share/scap
directory.--profile united_states_government_configuration_baseline
is an additional argument to theoscap
command. In this case, it is using the USGCB.
- Run the script on the command-line interface of any system. The system needs the appropriate Python and XML-RPC libraries installed.
Note
rhn_check
command to ensure that the action is being picked up by the client system.
# rhn_check -vv
rhnsd
or osad
are running on the client system, the action will be picked up by these services. To check if they are running, run one of the following commands:
# service rhnsd start
# chkconfig rhnsd on
OR# service osad start
# chkconfig osad on
# systemctl enable rhnsd
# systemctl start rhnsd
OR# systemctl enable osad
# systemctl start osad
7.4.3. Viewing the Results of SCAP Audits
- Using the web interface. After the scan has finished, the results are available on the Section 7.5, “OpenSCAP Satellite Web Interface”.page of specific system. See
- Using the API functions in handler
system.scap
. - Using the
spacewalk-report
command, as follows:# spacewalk-report system-history-scap
# spacewalk-report scap-scan
# spacewalk-report scap-scan-results
7.5. OpenSCAP Satellite Web Interface
7.5.1. OpenSCAP Scans Page
7.5.1.1. All Scans
- System: the system that was scanned.
- XCCDF Profile: the evaluated profile.
- Completed: the time the scan was completed.
- Satisfied: the number of rules that were satisfied. A rule is considered to be Satisfied if the result of the evaluation is either Pass or Fixed.
- Dissatisfied: the number of rules that were not satisfied. A rule is considered to be Dissatisfied if the result of the evaluation is Fail.
- Unknown: the number of rules that failed to evaluate. A rule is considered to be Unknown if the result of the evaluation is Error, Unknown or Not Checked.
7.5.1.2. XCCDF Diff
diff
output of similar scans. Alternatively, or you can specify the ID of arbitrary scans.
7.5.1.3. Advanced Search
- Rule results.
- Targeted machine.
- Time frame of the scan.
7.5.2. Systems Audit Page
Security Content Automation Protocol (SCAP).
Before you scan a system, ensure that the SCAP content is prepared and all prerequisites are met.
7.5.2.1. List Scans
Table 7.1. OpenSCAP Scan Labels
Column Label | Definition |
---|---|
XCCDF Test Result | The scan test result name. This is also a link to the detailed results of the scan. |
Completed | The exact time the scan finished. |
Compliance | The unweighted pass:fail ratio of compliance based on the standard that was used. |
P | The number of checks that passed. |
F | The number of checks that failed. |
E | The number of errors that occurred during the scan. |
U | Unknown |
N | Not applicable to the machine. |
K | Not checked. |
S | Not selected. |
I | Informational |
X | Fixed |
Total | Total number of checks. |
No difference between the compared scans.
Arbitrary differences between the compared scans.
Major differences between the compared scans. Either there are more failures than the previous scan or less passes.
No comparable scan was found, and therefore no comparison was made.
7.5.2.2. Scan Details
This section displays various details about the scan, including:
File System Path:
The path to the XCCDF file used for the scan.Command-line Arguments:
Any additional command-line arguments that were used.Profile Identifier:
The profile identifier used for the scan.Profile Title:
The title of the profile used for the scan.Scan's Error output:
Any errors encountered during the scan.
The rule results provide the full list of XCCDF rule identifiers, identifying tags, and the result for each of these rule checks. This list can be filtered by a specific result.
7.5.2.3. Schedule Page
- Command-line Arguments: Optional arguments to the
oscap
command, either:--profile PROFILE
: Specifies a particular profile from the XCCDF document.Profiles are determined by theProfile
tag in the XCCDF XML file. Use theoscap
command to see a list of profiles within a given XCCDF file, for example:$ oscap info /usr/share/openscap/scap-rhel6-xccdf.xml Document type: XCCDF Checklist Checklist version: 1.1 Status: draft Generated: 2011-10-12 Imported: 2012-11-15T22:10:41 Resolved: false Profiles: RHEL6-Default
If not specified, the default profile is used.Note
Some early versions of OpenSCAP in Red Hat Enterprise Linux 5 require that you use the--profile
option or the scan will fail.--skip-valid
: Do not validate input and output files. You can use this option to bypass the file validation process if you do not have well-formed XCCDF content.
- Path to XCCDF Document: This is a required field. The
path
parameter points to the XCCDF content location on the client system. For example:/usr/local/scap/dist_rhel6_scap-rhel6-oval.xml
Warning
The XCCDF content is validated before it is run on the remote system. Specifying invalid arguments can causespacewalk-oscap
to fail to validate or run. Due to security concerns, theoscap xccdf eval
command only accepts a limited set of parameters.
Chapter 8. Reporting Client Software Failures
8.1. Viewing Software Failures for a Single Client
Procedure 8.1. To View Software Failures for a Single Client:
- Log in to the Red Hat Satellite Web UI.
- Click→ → → to see the list of software failures that occurred on the registered system.
- Click the required failure to display its details and the files captured for this software failure report.
8.2. Grouping Similar Software Failures
Procedure 8.2. To view similar software failures across clients
- Log into your Red Hat Satellite Web UI.
- Click→ to see a list of all software failures across all registered systems.
- Click the on a Crash UUID to see the systems affected by the software failure.
- Click on a specific system to see details and the files captured for the individual software failure report.
8.3. Changing Organization-wide Settings for Software Failure Reports
Procedure 8.3. To Change the Organization-wide Settings for Software Failures:
- In the Satellite Web UI, click → → .
- Modify the desired organization-wide and upload size settings, and then click Update Organization.
8.4. Log Files of Software Failures
/var/satellite/systems/$org_id/$system_id/crashes/$crash_name/
directory.
Chapter 9. Generating Red Hat Satellite Reports
channel-packages
- Packages in channelschannels
- Channel reportcustom-info
- Display system custom infoentitlements
- Entitlement and channel list and usageerrata-channels
- List of errata in channelserrata-list
- Errata information based upon compliance checks against systemserrata-list-all
- List of all errataserrata-systems
- Listing of each errata applicable to each affected systeminactive-systems
- Inactive systems in Satelliteinventory
- Inventory reportkickstartable-trees
- List of kickstartable treespackages-updates-all
- List of packages that can be upgradedpackages-updates-newest
- List of packages that can be upgradedscap-scan
- Results of OpenSCAP xccdf evaluationscap-scan-results
- Results of OpenSCAP xccdf evaluationsystem-crash-count
- Crash count for systemssystem-crash-details
- Crash details for systemssystem-currency
- System currency listsystem-groups
- System groups in Satellitesystem-groups-keys
- Activation keys for system groupssystem-groups-systems
- Systems in system groupssystem-groups-users
- System groups users reportsystem-history
- System event historysystem-history-channels
- Channel event historysystem-history-configuration
- Configuration event historysystem-history-entitlements
- System entitlement event historysystem-history-errata
- Errata event historysystem-history-kickstart
- Kickstart event historysystem-history-packages
- Package event historysystem-history-scap
- OpenSCAP event historysystem-packages-installed
- Packages installed on systemsusers
- Users in the systemusers-systems
- Systems administered by individual users
spacewalk-report
command as follows:
# spacewalk-report report-name
Note
spacewalk-report
command with the -h
option.
Chapter 10. Scheduling Red Hat Satellite Administrative Tasks
taskomatic
service. These operations are segregated into individual tasks and grouped logically into a bunch that is defined by schedules. You can modify these schedules to execute at specific time intervals. Satellite schedules are used to:
- Remove the administrative burden from the organizational administrator by automating tasks.
- Schedule operational tasks for time frames that will not tax the organization's daily network traffic.
Table 10.1. Default Schedules in Red Hat Satellite 5.7
Schedule Name | Bunch Name | Bunch Function |
---|---|---|
channel-repodata-default | channel-repodata-bunch | Generates channel repository data. |
cleanup-data-default | cleanup-data-bunch | Cleans up orphaned and outdated data. |
clear-taskologs-default | clear-taskologs-bunch | Clears taskomatic run log history. |
cobbler-sync-default | cobbler-sync-bunch | Applies any cobbler configuration changes. |
compare-configs-default | compare-configs-bunch | Schedules a comparison of configuration files on all systems. |
daily-status-queue | daily-status-bunch | Sends daily report. |
errata-cache-default | errata-cache-bunch | Recalculates errata cache for a given server or channel. |
errata-queue-default | errata-queue-bunch | Processes errata. |
kickstart-cleanup-default | kickstart-cleanup-bunch | Cleans up stale kickstart files. |
kickstartfile-sync-default | kickstartfile-sync-bunch | Synchronizes kickstart profiles that were generated using the wizard. |
package-cleanup-default | package-cleanup-bunch | Cleans up orphaned packages. |
sandbox-cleanup-default | sandbox-cleanup-bunch | Cleans up sandbox. |
satcert-check-default | satcert-check-bunch | Determines expiration status of Satellite certificate. |
session-cleanup-default | session-cleanup-bunch | Deletes expired rows from the PXTSessions table to prevent it from growing too large. |
sync-probe-default | sync-probe-bunch | Synchronizes probe state. |
10.1. Scheduling a Run
Procedure 10.1. Creating a Schedule Template
- Log in to Satellite as the Organization Administrator.
- Click→ → .
- Complete the following fields:
- Schedule Name: must begin with a letter and contain only lowercase characters, hyphens, periods, underscores, or numerals.
- Bunch: the default bunch of administrative tasks the administrator can choose from.
- FrequencyThe following frequency options are available:
- Disable Schedule: only recommended for administrators who have advanced knowledge of the scheduled tasks and their consequences. Disabling schedules can change Satellite behavior.
- Daily: creates a daily schedule for a specific time of day.
- Weekly: creates a weekly schedule for a specific day and time of day.
- Monthly: creates a monthly schedule for a specific day and time of day.
- Custom Quartz Format: this format relies on cron expressions to define the schedule. For more information about this format, see the crontab man page (
man 5 crontab
.)
- Click.
Procedure 10.2. Editing Schedule Templates
- Log in to Satellite as the Organization Administrator.
- Click→ .
- Click the schedule that you want to modify.
- Change the Frequency type as required.
- Click.
10.2. Setting Up a Self-Subscribed Red Hat Satellite
satellite-sync
command get new packages and content from the Red Hat Network Classic Hosted servers.
Important
- A self-subscribed Satellite cannot be used as means to monitor itself. Installing the client side
rhnmd
package will break the monitoring of the Satellite. Red Hat Network Classic Hosted provides custom monitoring probes that can be configured to monitor a self-subscribed Satellite. - A self-subscribed Satellite treats the self-registration as it does any other client system registration. To prevent accidental changes to your self-subscribed Satellite lock the self-subscribed Satellite's system profile using Lock system in the system profile.
- A self-subscribed Satellite cannot use
osad
. Installing the client-sideosad
package will break the provisioning feature of Satellite.
10.2.1. Installing and Configuring a Self-Subscribed Satellite
Procedure 10.3. Installing and Configuring a Self-Subscribed Satellite
- Install Red Hat Enterprise Linux following the instructions provided in Scenario 1: Installing Satellite with Embedded Database in the Red Hat Satellite 5 Installation Guide.
- Install Red Hat Satellite 5 following the instructions provided in Scenario 1: Installing Satellite with Embedded Database in the Red Hat Satellite 5 Installation Guide. Allow the Satellite to register and activate the Satellite subscription to Red Hat Network Classic Hosted.
- Use the
satellite-sync
command to download and import the base channel that matches the version of Red Hat Enterprise Linux installed on the Satellite server in Step 1. Thesatellite-sync
command can import the necessary files either from the Red Hat Network Classic Hosted servers or the base channel content ISOs available for download. - Use the Satellite 5 web interface to create a cloned channel of the imported base channel. See Chapter 5, Cloning Software Channels and Errata for more information.
- Use the following command to rename the
systemid
file. This file allows communication between the Satellite and the Red Hat Network Classic Hosted servers.# mv /etc/sysconfig/rhn/systemid /etc/sysconfig/rhn/systemid.sat
- Install the client side Satellite SSL certificate onto the Satellite using the following command.
# rpm -Uvh /var/www/html/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
- Reconfigure
Red Hat Update Agent
to use the Satellite hostname and SSL certificate by editing the/etc/sysconfig/rhn/up2date
. Change the following options:The/etc/sysconfig/rhn/up2date
options will be setsslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT noSSLServerURL=http://satellite-server-hostname/XMLRPC serverURL=https://satellite-server-hostname/XMLRPC
Note
The HTTP proxy information that allows the Satellite access to the Red Hat Network Classic Hosted server must be removed from the configuration settings. This will permit the Update Agent to communicate with the Satellite.Depending on network settings it may be necessary to use the main IP address associated with the default network card to communicate with the Satellite rather than the hostname or localhost. - Register the Satellite server using one of the following commands:
- Red Hat Enterprise Linux 5, 6, and 7:
rhnreg_ks --username satellite_username --password satellite_password
command. - Red Hat Enterprise Linux 3 and 4:
up2date --register
- Once registration is complete rename the
systemid
file tosystemid.up2date
and rename thesystemid.sat
file back tosystemid
using the following commands.# mv /etc/sysconfig/rhn/systemid /etc/sysconfig/rhn/systemid.up2date # mv /etc/sysconfig/rhn/systemid.sat /etc/sysconfig/rhn/systemid
- Change the
systemIdPath
option ofup2date
to the path of thesystemid.up2date
file.systemIdPath=/etc/sysconfig/rhn/systemid.up2date
- Log into the Satellite web interface. Go to the→ then select the cloned base channel from the drop-down menu. Click .
10.2.2. Testing Self-Subscribed Satellite Functionality
Procedure 10.4. Testing Self-Subscribed Satellite Functionality
- Test the
satellite-sync
command by running the following command.# satellite-sync -l
Running thesatellite-sync
command should return information indicating the Satellite connects to satellite.rhn.redhat.com. The output should resemble the following:16:50:22 Red Hat Network Satellite - live synchronization 16:50:22 url: https://satellite.rhn.redhat.com 16:50:22 debug/output level: 1
- Test using one of the following commands:
- Red Hat Enterprise Linux 5, 6, and 7:
yum check-update
- Red Hat Enterprise Linux 3 and 4:
up2date -l
This should display information indicating that packages are downloaded from the Satellite rather than from the Red Hat Network Classic Hosted server.
10.2.3. Client-Side Application Functionality with a Self-Subscribed Satellite
Warning
rhnmd
client-side monitoring package onto a self-subscribed Satellite as this will break Monitoring.
Important
- If a client-side application is not listed here it has not been tested.
- Red Hat recommends that Administrators lock the registered Self-Subscribed Satellite within the Satellite web interface. This prevents any scheduled event from executing. Before unlocking the Satellite review the pending events and delete those you do not want to run.
- Red Hat recommends Administrators entitle the Self-Subscribed Satellite to the Management level but with no Provisioning or Monitoring entitlements. This helps to avoid possible harmful or accidental changes to the Satellite server.
- If the self-subscribed Satellite has been granted a Provisioning entitlement do not attempt to use the Satellite to re-provision itself. The Satellite will attempt to perform the re-installation of the Red Hat Enterprise Linux operating system but on reboot the Red Hat installation program will be unable to download the necessary packages from the Satellite to perform the installation. There is a high risk of data loss and service interruption for your Satellite, especially if external kickstart trees are used.
- Red Hat Update Agent ToolsThe
up2date
,rhn_check
,rhnsd
and,yum
packages will all function normally on a self-subscribed Satellite. - PushThe
osad
package will not install. Theosad
package is used to push packages to client systems but it conflicts with the server-sideosa-dispatcher
package. Do not attempt to force the installation ofosad
on a self-subscribed Satellite. - AppletBoth the
rhn-applet-tui
package and therhn-applet-gui
package will function normally. Installation and configuration of therhn-applet-tui
andrhn-applet-gui
packages will complete normally. These packages allow client systems to communicate with the Satellite.Note
Therhn-applet-gui
requires packages that are not installed by default. - Configuration Client ToolThe
rhncfg-client
package will function normally after a change to the configuration file. Edit the/etc/sysconfig/rhn/rhncfg-client.conf
file and change thesystemIdPath
option to match the path tosystemid.up2date
created in Procedure 10.3, “Installing and Configuring a Self-Subscribed Satellite”. - Configuration Management ToolThe
rhncfg-manager
package will function normally. - Custom InfoThe
rhn-custom-info
package will function normally. - Client MonitoringThe
rhnmd
package will not install. Therhnmd
package conflicts with the server-side monitoring packages. Do not attempt to force the installation ofrhnmd
as this will break Monitoring on the Satellite.
Chapter 11. Troubleshooting
tail -f
command for all log files and then run yum list
. You should then examine all new log entries for potential clues.
- 11.1. Disk Space
- 11.2. Installing and Updating
- 11.3. Services
- 11.4. Connectivity
- 11.5. Logging and Reporting
- 11.6. Errors
- Q: I'm getting an "Error validating satellite certificate" error during a Red Hat Satellite installation. How do I fix it?
- Q: I'm getting an "ERROR: server.mount_point not set in the configuration file" error when I try to activate or synchronize the Red Hat Satellite. How do I fix it?
- Q: Why does cobbler check give an error saying that it needs a different version of yum-utils?
- Q: I'm getting an "unsupported version" error when I try to activate the Red Hat Satellite certificate. How do I fix it?
- Q: I'm getting an "Internal Server Error" complaining about ASCII when I try to edit the kickstart profile. What's going on?
- Q: I'm getting "Host Not Found" or "Could Not Determine FQDN" errors. What do I do now?
- Q: I'm getting a "This server is not an entitled Satellite" when I try to synchronize the Red Hat Satellite server. How do fix it?
- 11.7. Web Interface
- 11.8. Anaconda
- 11.9. Tracebacks
- 11.10. Registration
- 11.11. Kickstarts and Snippets
- 11.12. Monitoring
- 11.13. Multi-Organization Satellites and Satellite Certificate
- 11.14. Proxy Installation and Configuration
- Q: After configuring the Red Hat Network Package Manager how can I determine if the local packages were successfully added to the private Red Hat Network channel?
- Q: How can I determine whether the clients are connecting to the Squid server?
- Q: The Red Hat Update Agent on the client systems does not connect through the Red Hat Satellite Proxy. How can I resolve this error?
- Q: My Red Hat Satellite Proxy configuration does not work. Where do I begin troubleshooting it?
- Q: How do I troubleshoot general problems in the Red Hat Satellite Proxy?
- Q: My Red Hat Satellite Proxy encountered the error "Host Not Found"/"Could not Determine FQDN". What should I do?
- Q: I am having issues with Red Hat Satellite Proxy and network connection errors. What should I do?
- Q: I am having issues with package delivery errors and object corruption. What should I check for?
11.1. Disk Space
# df -h
# /usr/sbin/rhn-satellite status
# service httpd status
11.2. Installing and Updating
audit.log
files available so that Red Hat Support personnel can assist you. You can find the file in /var/log/audit/audit.log
and can attach the file to your Support ticket for engineers to assist you.
/var/satellite
to an NFS mount, and now SELinux is stopping it from working properly. What do I need to do?
# /usr/sbin/setsebool -P spacewalk_nfs_mountpoint on
# /usr/sbin/setsebool -P cobbler_use_nfs on
- Red Hat Developer Suite
- Red Hat Application Server
- Red Hat Extras
- JBoss product channels
11.3. Services
/etc/hosts
file may be incorrect.
# service taskomatic status
# db-control status
# service jabberd stop # rm -f /var/lib/jabberd/db/_db* # service jabberd start
11.4. Connectivity
- Attempt to connect to the Red Hat Satellite's database at the command line using the correct connection string as found in
/etc/rhn/rhn.conf
:# sqlplus username/password@sid
- Make sure that Red Hat Satellite is using Network Time Protocol (NTP) and set to the appropriate time zone. This also applies to all client systems and the separate database machine in Red Hat Satellite with Stand-Alone Database.
- Confirm the correct package:
rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm
is installed on the Red Hat Satellite and the correspondingrhn-org-trusted-ssl-cert-*.noarch.rpm
or raw CA SSL public (client) certificate is installed on all client systems. - Verify the client systems are configured to use the appropriate certificate.
- If also using one or more Red Hat Satellite Proxy Servers, ensure each Proxy's SSL certificates are prepared correctly. The Proxy should have both its own server SSL key-pair and CA SSL public (client) certificate installed, since it will serve in both capacities. See the SSL Certificates chapter of the Red Hat Satellite Client Configuration Guide for specific instructions.
- Make sure client systems are not using firewalls of their own, blocking required ports as identified in the Red Hat Satellite Installation Guide's Additional Requirements section.
# rm -rf temporary-directory
Note
/var/rhn-sat-import/
as the temporary directory.
SSL_CONNECT
errors, is the result of a Satellite being installed on a machine whose time had been improperly set. During the Satellite installation process, SSL certificates are created with inaccurate times. If the Satellite's time is then corrected, the certificate start date and time may be set in the future, making it invalid.
# date
# openssl x509 -dates -noout -in /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
# openssl x509 -dates -noout -in /etc/httpd/conf/ssl.crt/server.crt
11.5. Logging and Reporting
/var/log/rhn/
directory. These are rotated logs, which are log files created with a .<NUMBER> extension when the current rhn_satellite_install.log
file fills up to a size as specified by the logrotate(8)
daemon and the contents written to a rotated log file. For example, the rhn_satellite_install.log.1
contains the oldest rotated log file, while rhn_satellite_install.log.4
contains the most recently rotated log.
Table 11.1. Log Files
Component/Task | Log File Location |
---|---|
Apache Web server | /var/log/httpd/ directory |
Red Hat Satellite | /var/log/rhn/ directory |
Red Hat Satellite Installation Program | /var/log/rhn/rhn_satellite_install.log |
Database installation - Embedded Database | /var/log/rhn/install_db.log |
Database population | /var/log/rhn/populate_db.log |
Red Hat Satellite Synchronization Tool | /var/log/rhn/rhn_server_satellite.log |
Monitoring infrastructure | /var/log/nocpulse/ directory |
Monitoring notifications | /var/log/notification/ directory |
Red Hat Network DB Control - Embedded Database | /var/log/rhn/rhn_database.log |
Red Hat Network Task Engine (taskomatic) | /var/log/messages |
yum | /var/log/yum.log |
XML-RPC transactions | /var/log/rhn/rhn_server_xmlrpc.log |
spacewalk-report
?
spacewalk-report
command to gather and display vital Satellite information at once.
Note
spacewalk-report
you must have the spacewalk-reports
package installed.
spacewalk-report
allows administrators to organize and display reports about content, errata, systems, system event history, and user resources across the Satellite. The spacewalk-report
command is used to generate reports on:
- System Inventory - Lists all of the systems registered to the Satellite.
- Entitlements - Lists all organizations on the Satellite, sorted by system or channel entitlements.
- Errata - Lists all the errata relevant to the registered systems, sorts errata by severity as well as the systems that apply to a particular erratum.
- Users - Lists all the users registered to the Satellite, and lists any systems associated with a particular user.
- System History - Lists all, or a subset, of the system events that have occurred.
# spacewalk-report report_name
Table 11.2. spacewalk-report
Reports
Report | Invoked as | Description |
---|---|---|
Group Audit | audit-server-groups | Audit of user changes in group |
Server Audit | audit-servers | Audit of server changes |
User Audit | audit-users | Audit of user changes |
Packages Report | channel-packages | Lists the packages, as well as the channels they are in |
Channels | channels | Lists the channels available on the server |
Cloned Channels | cloned-channels | Lists channels that have been cloned |
Custom Information | custom-info | Displays any custom information about the system |
Entitlements | entitlements | Lists all organizations on the Satellite with their system or channel entitlements |
Errata in channels | errata-channels | Lists errata in channels |
Errata Compliance | errata-list | Lists the details of errata out of compliance information |
All Errata | errata-list-all | Complete list of all errata |
Errata for systems | errata-systems | Lists applicable errata and any registered systems that are affected |
Relationship Mapping | host-guests | Provides host-guest mapping details |
Inactive Systems | inactive-systems | |
System Inventory | inventory | List of systems registered to the server, together with hardware and software information |
Kickstart Trees | kickstartable-trees | Lists trees able to be kickstarted |
Package Update | packages-updates-all | List of all packages that can be updated |
Newest Package Update | package-updates-newest | Lists the newest updates to packages |
SCAP Scans | scap-scan
scap-scan-results
| Displays the results of an OpenSCAP xccdf evaluation |
Splice Reporting | splice-export | Displays system data needed for splice integration for enhanced reporting |
Crash Count | system-crash-count | Displays the number of times systems have crashed |
Crash Details | system-crash-details | Lists the systems' crash details |
System Currency | system-currency | Lists system currency values |
System Groups | system-groups | Lists system groups in the Satellite server |
Group Activation keys | system-groups-keys | Lists all existing activation keys for the system groups |
Systems in System Groups | system-groups-systems | Lists all system groups and systems within each group |
Users in System Groups | system-groups-users | Lists all system groups and their affiliated users |
System history | system-history | Lists system event history |
System history channels | system-history-channels | Lists system event history |
System history configuration | system-history-configuration | Lists system configuration event history |
System history entitlements | system-history-entitlements | Lists system entitlement event history |
System history errata | system-history-errata | Lists system errata event history |
System history kickstart | system-history-kickstart | Lists system kickstart and provisioning event history |
System history packages | system-history-packages | Lists system package event history |
SCAP Event History | system-history-scap | Lists systems' OpenSCAP event history |
Installed Packages | system-packages-installed | Lists all packages installed on the systems |
Users in the system | users | Lists all users registered to the Satellite |
Systems administered | users-systems | Lists systems that can be administered by individual users |
spacewalk-report
with the --info
or --list-fields-info
and the report name. The description and list of possible fields in the report will be shown.
spacewalk-report(8)
manpage as well as the --help
parameter of the spacewalk-report
program can be used to get additional information about the program invocations and their options.
# rhn-schema-version
# rhn-charsets
traceback_mail
in /etc/rhn/rhn.conf
.
web.default_mail_from
option and appropriate value in /etc/rhn/rhn.conf
.
11.6. Errors
install.log
file, and locating the following error:
ERROR: unhandled exception occurred: Traceback (most recent call last): File "/usr/bin/rhn-satellite-activate", line 45, in ? sys.exit(abs(mod.main() or 0)) File "/usr/share/rhn/satellite_tools/rhn_satellite_activate.py", line 585, in main activateSatellite_remote(options) File "/usr/share/rhn/satellite_tools/rhn_satellite_activate.py", line 291, in activateSatellite_remote ret = s.satellite.deactivate_satellite(systemid, rhn_cert) File "/usr/lib/python2.4/site-packages/rhn/rpclib.py", line 603, in __call__ return self._send(self._name, args) File "/usr/lib/python2.4/site-packages/rhn/rpclib.py", line 326, in _request self._handler, request, verbose=self._verbose) File "/usr/lib/python2.4/site-packages/rhn/transports.py", line 171, in request headers, fd = req.send_http(host, handler) File "/usr/lib/python2.4/site-packages/rhn/transports.py", line 698, in send_http self._connection.connect() File "/usr/lib/python2.4/site-packages/rhn/connections.py", line 193, in connect sock.connect((self.host, self.port)) File "<string>", line 1, in connect socket.timeout: timed out
- Run the install script in disconnected mode, and skip the database installation which has already been done:
# ./install.pl --disconnected --skip-db-install
- Open
/etc/rhn/rhn.conf
with your preferred text editor, and add or modify the following line:server.satellite.rhn_parent = satellite.rhn.redhat.com
Remove the following line:disconnected=1
If you are using a proxy for the connection to Red Hat Network, you will also need to add or modify the following lines to reflect the proxy settings.server.satellite.http_proxy = <hostname>:<port> server.satellite.http_proxy_username = <username> server.satellite.http_proxy_password = <password>
- Re-activate the Satellite in connected mode, using the
rhn-satellite-activate
command as the root user, including the path and filename of the satellite certificate:# rhn-satellite-activate --rhn-cert=/path/to/file.cert
install.pl
script in connected mode, but with the --answer-file=answer file
option. Ensure the answer file has the HTTP proxy information specified as follows:
rhn-http-proxy = <hostname>:<port> rhn-http-proxy-username = <username> rhn-http-proxy-password = <password>
mount_point
configuration parameter in /etc/rhn/rhn.conf
does not point to a directory path, or the directory path it points to is not present or does not have permission to access the directory.
mount_point
configuration parameter in /etc/rhn/rhn.conf
. If it set to the default value of /var/satellite
, verify that the /var/satellite
and /var/satellite/redhat
directories exist. For all values, check that path to the file is accurate, and that the permissions are set correctly.
cobbler check
give an error saying that it needs a different version of yum-utils
?
cobbler check
command can give an error similar to the following:
# cobbler check The following potential problems were detected: #0: yum-utils need to be at least version 1.1.17 for reposync -l, current version is 1.1.16
reposync
package. The error is spurious and can be safely ignored. This error will be resolved in future versions of Red Hat Satellite.
ERROR: <Fault -2: 'unhandled internal exception: unsupported version: 96'>
RHN_PARENT: satellite.rhn.redhat.com Error reported from RHN: <Fault -2: 'unhandled internal exception: unsupported version: 115'> ERROR: unhandled XMLRPC fault upon remote activation: <Fault -2: 'unhandled internal exception: unsupported version: 115'> ERROR: <Fault -2: 'unhandled internal exception: unsupported version: 115'>
Invalid satellite certificate
'ascii' codec can't encode character u'\u2013'
- Ssh directly onto the Satellite server as the root user:
# ssh root@satellite.fqdn.com
- Find the kickstart profile that is causing the problem by looking at the dates of the files in
/var/lib/cobbler/config/profiles.d
and locating the one that was edited most recently:# ls -l /var/lib/cobbler/config/profiles.d/
- Open the profile in your preferred text editor, and locate the following text:
\u2013hostname
Change the entry to read:--hostname
- Save changes to the profile and close the file.
- Restart the Red Hat Satellite services to pick up the updated profile:
# rhn-satellite restart Shutting down rhn-satellite... Stopping RHN Taskomatic... Stopped RHN Taskomatic. Stopping cobbler daemon: [ OK ] Stopping rhn-search... Stopped rhn-search. Stopping MonitoringScout ... [ OK ] Stopping Monitoring ... [ OK ] Stopping httpd: [ OK ] Stopping tomcat5: [ OK ] Shutting down osa-dispatcher: [ OK ] Shutting down Oracle Net Listener ... [ OK ] Shutting down Oracle DB instance "rhnsat" ... [ OK ] Shutting down Jabber router: [ OK ] Done. Starting rhn-satellite... Starting Jabber services [ OK ] Starting Oracle Net Listener ... [ OK ] Starting Oracle DB instance "rhnsat" ... [ OK ] Starting osa-dispatcher: [ OK ] Starting tomcat5: [ OK ] Starting httpd: [ OK ] Starting Monitoring ... [ OK ] Starting MonitoringScout ... [ OK ] Starting rhn-search... Starting cobbler daemon: [ OK ] Starting RHN Taskomatic... Done.
- Return to the web interface. Note that the interface can take some time to resolve the services. It should return to normal after some time.
/etc/hosts
file. You may confirm this by examining /etc/nsswitch.conf
, which defines the methods and the order by which domain names are resolved. Usually, the /etc/hosts
file is checked first, followed by Network Information Service (NIS) if used, followed by DNS. One of these has to succeed for the Apache Web server to start and the Red Hat Network client applications to work.
/etc/hosts
file. It may look like this:
127.0.0.1 this_machine.example.com this_machine localhost.localdomain \ localhost
127.0.0.1 localhost.localdomain.com localhost
127.0.0.1 localhost.localdomain.com localhost 123.45.67.8 this_machine.example.com this_machine
satellite-sync
reports that the server is not activated as a Red Hat Satellite, it isn't subscribed to the respective Red Hat Satellite channel. If this is a newly installed system, make sure that the satellite certificate is activated on the system. If it was activated earlier, then it has become deactivated.
# yum repolist
# rhn-satellite-activate -vvv --rhn-cert=/path/to/certificate
11.7. Web Interface
/var/log/tomcat6/catalina.out
log file.
/var/log/httpd/error_log
log file.
11.8. Anaconda
Error downloading kickstart file
. What is the problem and how do I fix it?
cobbler check
command, and read the output, which should look something like this:
# cobbler check The following potential problems were detected: #0: reposync is not installed, need for cobbler reposync, install/upgrade yum-utils? #1: yumdownloader is not installed, needed for cobbler repo add with --rpm-list parameter, install/upgrade yum-utils? #2: The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed #3: fencing tools were not found, and are required to use the (optional) power management features. install cman to use them
cobbler check
does not provide any answers, check the following:
- Verify
httpd
is running:service httpd status
- Verify
cobblerd
is running:service cobblerd status
- Verify that you can fetch the kickstart file using
wget
from a different host:wget http://satellite.example.com/cblr/svc/op/ks/profile/rhel5-i386-u3:1:Example-Org
The file chkconfig-1.3.30.1-2.i386.rpm cannot be opened
. What is the problem and how do I fix it?
--url
parameter in the kickstart. For example:
url --url http://satellite.example.com/ks/dist/ks-rhel-i386-server-5-u3
200 OK
response. You can do this by attempting to wget
the file located at that URL:
wget http://satellite.example.com/ks/dist/ks-rhel-i386-server-5-u3 --2011-08-19 15:06:55-- http://satellite.example.com/ks/dist/ks-rhel-i386-server-5-u3 Resolving satellite.example.com... 10.10.77.131 Connecting to satellite.example.com|10.10.77.131|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 0 [text/plain] Saving to: `ks-rhel-i386-server-5-u3.1' 2011-08-19 15:06:55 (0.00 B/s) - `ks-rhel-i386-server-5-u3.1' saved [0/0]
200 OK
, check the error logs to find out what the problem is. You can also check the actual file Anaconda tried to download by searching the access_log
file:
# grep chkconfig /var/log/httpd/access_log 10.10.77.131 - - [19/Aug/2011:15:12:36 -0400] "GET /rhn/common/DownloadFile.do?url=/ks/dist/ks-rhel-i386-server- 5-u3/Server /chkconfig-1.3.30.1-2.i386.rpm HTTP/1.1" 206 24744 "-" "urlgrabber/3.1.0 yum/3.2.19" 10.10.76.143 - - [19/Aug/2011:15:12:36 -0400] "GET /ks/dist/ks-rhel-i386-server-5-u3/Server/chkconfig- 1.3.30.1-2.i386.rpm HTTP/1.1" 206 24744 "-" "urlgrabber/3.1.0 yum/3.2.19" 10.10.76.143 - - [19/Aug/2011:15:14:20 -0400] "GET /ks/dist/ks-rhel-i386-server-5-u3/Server/chkconfig- 1.3.30.1-2.i386.rpm HTTP/1.1" 200 162580 "-" "urlgrabber/3.1.0 yum/3.2.19" 10.10.77.131 - - [19/Aug/2011:15:14:20 -0400] "GET /rhn/common/DownloadFile.do?url=/ks/dist/ks-rhel-i386-server- 5-u3/Server/chkconfig-1.3.30.1-2.i386.rpm HTTP/1.1" 200 162580 "-" "urlgrabber/3.1.0 yum/3.2.19"
access_log
file, the system might be having trouble with the networking setup. If the requests are appearing but are generating errors, check the error logs.
wget http://satellite.example.com/ks/dist/ks-rhel-i386-server-5-u3/Server/chkconfig-1.3.30.1-2.i386.rpm
11.9. Tracebacks
Subject: WEB TRACEBACK from satellite.example.com Date: Wed, 19 Aug 2011 20:28:01 -0400 From:Red Hat Satellite <dev-null@redhat.com> To: admin@example.com java.lang.RuntimeException: XmlRpcException calling cobbler. at com.redhat.rhn.manager.kickstart.cobbler.CobblerXMLRPCHelper.invokeMethod(CobblerXMLRPCHelper.java:72) at com.redhat.rhn.taskomatic.task.CobblerSyncTask.execute(CobblerSyncTask.java:76) at com.redhat.rhn.taskomatic.task.SingleThreadedTestableTask.execute(SingleThreadedTestableTask.java:54) at org.quartz.core.JobRunShell.run(JobRunShell.java:203) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520) Caused by: redstone.xmlrpc.XmlRpcException: The response could not be parsed. at redstone.xmlrpc.XmlRpcClient.handleResponse(XmlRpcClient.java:434) at redstone.xmlrpc.XmlRpcClient.endCall(XmlRpcClient.java:376) at redstone.xmlrpc.XmlRpcClient.invoke(XmlRpcClient.java:165) at com.redhat.rhn.manager.kickstart.cobbler.CobblerXMLRPCHelper.invokeMethod(CobblerXMLRPCHelper.java:69) ... 4 more Caused by: java.io.IOException: Server returned HTTP response code: 503 for URL: http://someserver.example.com:80/cobbler_api at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1236) at redstone.xmlrpc.XmlRpcClient.handleResponse(XmlRpcClient.java:420) ... 7 more
taskomatic
service. Try checking the following:
- Verify
httpd
is running:# service httpd status
- Verify
cobblerd
is running:# service cobblerd status
- Verify that there are no firewall rules that would prevent
localhost
connections
11.10. Registration
rhnreg_ks
command is failing when I run it, saying ERROR: unable to read system id
. What is the problem?
%post
section that registers the machine to the Red Hat Satellite:
# begin Red Hat management server registration mkdir -p /usr/share/rhn/ wget http://satellite.example.com/pub/RHN-ORG-TRUSTED-SSL-CERT -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT perl -npe 's/RHNS-CA-CERT/RHN-ORG-TRUSTED-SSL-CERT/g' -i /etc/sysconfig/rhn/* rhnreg_ks --serverUrl=https://satellite.example.com/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-c8d01e2f23c6bbaedd0f6507e9ac079d # end Red Hat management server registration
- Create a directory to house the custom SSL cert used by the Red Hat Satellite.
- Fetch the SSL certificate to use during registration.
- Search and replace the SSL certificate strings from the
rhn_register
configuration files, and then register to the Red Hat Satellite using the SSL certificate and an activation key. Every kickstart profile includes an activation key that assures that the system is assigned the correct base and child channels, and gets the correct system entitlements. If it is a reprovisioning of an existing system, the activation key will also ensure it is associated with the previous system profile.
rhnreg_ks
command fails, you might see errors like this in the ks-post.log
log file:
ERROR: unable to read system id.
rhn_check
and the system has not registered to the Red Hat Satellite.
11.11. Kickstarts and Snippets
/var/lib/rhn/kickstarts/
. Within this directory, raw kickstarts are in the upload
subdirectory, and wizard-generated kickstarts are in the wizard
subdirectory:
Raw Kickstarts: /var/lib/rhn/kickstarts/upload/$profile_name--$org_id.cfg Wizard Kickstarts: /var/lib/rhn/kickstarts/wizard/$profile_name--$org_id.cfg
/var/lib/rhn/kickstarts/snippets
. Cobbler accesses snippets using the symbolic link /var/lib/cobbler/snippets/spacewalk
.
Snippets: /var/lib/rhn/kickstarts/snippets/$org_id/$snippet_name
Important
11.12. Monitoring
nocpulse
user on the Satellite conducting the monitoring.
nocpulse
user with the following command:
su - nocpulse
rhn-catalog
on the Red Hat Satellite Server as the nocpulse
user. The output will resemble:
2 ServiceProbe on example1.redhat.com (199.168.36.245): test 2 3 ServiceProbe on example2.redhat.com (199.168.36.173): rhel2.1 test 4 ServiceProbe on example3.redhat.com (199.168.36.174): SSH 5 ServiceProbe on example4.redhat.com (199.168.36.175): HTTP
--commandline
(-c
) and --dump
(-d
) options along with a probe ID to rhn-catalog
to obtain additional details about the probe, like so:
rhn-catalog --commandline --dump 5
--commandline
option yields the command parameters set for the probe, while --dump
retrieves everything else, including alert thresholds and notification intervals and methods.
5 ServiceProbe on example4.redhat.com (199.168.36.175 ): linux:cpu usage Run as: Unix::CPU.pm --critical=90 --sshhost=199.168.36.175 --warn=70 --timeout=15 --sshuser=nocpulse --shell=SSHRemoteCommandShell --sshport=4545
rhn-runprobe
to examine the probe's output.
rhn-runprobe
?
rhn-catalog
, use it in conjunction with rhn-runprobe
to examine the complete output of the probe. Note that by default, rhn-runprobe
works in test mode, meaning no results are entered in the database. Here are its options:
Table 11.3. rhn-runprobe
Options
Option | Description |
---|---|
--help | List the available options and exit. |
--probe=PROBE_ID | Run the probe with this ID. |
--prob_arg=PARAMETER | Override any probe parameters from the database. |
--module=PERL_MODULE | Package name of alternate code to run. |
--log=all=LEVEL | Set log level for a package or package prefix. |
--debug=LEVEL | Set numeric debugging level. |
--live | Execute the probe, queue data and send out notifications (if needed). |
--probe
option, the --log
option, and values for each. The --probe
option takes the probeID as its value and the --log
option takes the value "all" (for all run levels) and a numeric verbosity level as its values. Here is an example:
rhn-runprobe --probe=5 --log=all=4
rhn-catalog
, like so:
rhn-runprobe 5 --log=all=4 --sshuser=nocpulse --sshport=4545
11.13. Multi-Organization Satellites and Satellite Certificate
- In the
/etc/rhn/rhn.conf
file, setweb.force_unentitlement
to 1. - Restart the Satellite.
- Reduce the allocated entitlements to the desired organizations either via each organization's Subscriptions tab or via individual entitlement's Organizations tabs.
- A number of systems in the organization should now be in an unentitled state. The number of systems unentitled in the organization will be equal to the difference between the total number of entitlements you removed from the organization and the number of entitlements the organization did not have applied to the systems.For example, if you removed 10 entitlements from the organization in step 3, and the organization has 4 entitlements that were not in use by systems, then 6 systems in the organization will be unentitled.
web.force_unentitlement
variable is only necessary to reduce an organization's allocated entitlements below what they are using. If an organization has more entitlements than are being actively used, you do not need to set this variable to remove them.
11.14. Proxy Installation and Configuration
rhn_package_manager -l -c "name_of_private_channel"
to list the private channel packages known to the Satellite. Or visit the Satellite interface.
yum --disablerepo="*" --enablerepo="your_repo_name" list available
on the registered system and look for the packages from the private Satellite channel.
/var/log/squid/access.log
file logs all connections to the Squid server.
yum update yum
as root or from http://www.redhat.com/support/errata/.
/etc/sysconfig/rhn/systemid
is owned by root.apache with the permissions 0640.
df -h
service httpd status
service squid status
traceback_mail
in /etc/rhn/rhn.conf
.
/etc/hosts
file. Confirm this by examining the /etc/nsswitch.conf
file, which defines the methods and the order by which domain names are resolved. Usually, the /etc/hosts
file is checked first, followed by Network Information Service (NIS) if it is being used, followed by DNS. One of these has to succeed for the Apache Web server to start and the Red Hat Network client applications to work.
/etc/hosts
file. It may look like this:
127.0.0.1 this_machine.example.com this_machine localhost.localdomain \ localhost
127.0.0.1 localhost.localdomain.com localhost
127.0.0.1 localhost.localdomain.com localhost 123.45.67.8 this_machine.example.com this_machine
- Confirm the correct package:
rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm
is installed on the Red Hat Satellite Proxy and the correspondingrhn-org-trusted-ssl-cert-*.noarch.rpm
or raw CA SSL public (client) certificate is installed on all client systems. - Verify the client systems are configured to use the appropriate certificate.
- If using one or more Red Hat Satellite Proxies, ensure each Proxy's SSL certificate is prepared correctly. If using the Red Hat Satellite Proxy in conjunction with a Red Hat Satellite, the Proxy should have both its own server SSL key-pair and CA SSL public (client) certificate installed, since it will serve in both capacities. See the SSL Certificates chapter of the Red Hat Satellite Client Configuration Guide for specific instructions.
- If the Red Hat Satellite Proxy is connecting through an HTTP Proxy, make sure the URL listed is valid. For instance, the HTTP Proxy URL field should not contain references to protocols, such as http:// or https://. Only the hostname and port should be included in the form hostname:port, such as
your-gateway.example.com:8080
. - Make sure client systems are not using firewalls of their own, blocking required ports, as identified in the Additional Requirements section of the Red Hat Satellite Proxy Installation Guide.
/var/spool/squid/
. To clear it:
- Stop the Apache Web server:
service httpd stop
- Stop the Squid server:
service squid stop
- Delete the contents of that directory:
rm -fv /var/spool/squid/*
- Restart both services:
service squid start service httpd start
rm -fv /var/spool/squid/*
Note
satellite-debug
. To use this tool, issue the command as root. You will see the pieces of information collected and the single tarball created, like so:
# satellite-debug Collecting and packaging relevant diagnostic information. Warning: this may take some time... * copying configuration information * copying logs * querying RPM database (versioning of Red Hat Satellite, etc.) * querying schema version and database character sets * get diskspace available * timestamping * creating tarball (may take some time): /tmp/satellite-debug.tar.bz2 * removing temporary debug tree Debug dump created, stored in /tmp/satellite-debug.tar.bz2 Deliver the generated tarball to your Red Hat Network contact or support channel.
/tmp/
directory to your Red Hat representative for immediate diagnosis.
sosreport
. This tool collects your Proxy's configuration parameters, log files, and database information and sends it directly to Red Hat.
sos
package installed. Type sosreport -o satellite
as root on the Satellite server to create a report. For example:
[root@satserver ~]# sosreport -o satellite sosreport (version 3.2) This command will collect diagnostic and configuration information from this Red Hat Enterprise Linux system and installed applications. An archive containing the collected information will be generated in /tmp and may be provided to a Red Hat support representative. Any information provided to Red Hat will be treated in accordance with the published support policies at: https://access.redhat.com/support/ The generated archive may contain data considered sensitive and its content should be reviewed by the originating organization before being passed to any third party. No changes will be made to system configuration. Press ENTER to continue, or CTRL-C to quit.
/tmp/
directory to your Red Hat representative for immediate diagnosis.
Appendix A. Probes
rhnmd
). This requirement is noted within the individual probe reference.
Note
A.1. Probe Guidelines
- Unknown
- The probes that cannot collect the metrics needed to determine probe state. Most (though not all) probes enter this state when exceeding their timeout period. Probes in this state may be configured incorrectly, as well.
- Pending
- The probes whose data has not been received by the Red Hat Satellite. It is normal for new probes to be in this state. However, if all probes move into this state, the monitoring infrastructure may be failing.
- OK
- The probes that have run successfully without error. This is the desired state for all probes.
- Warning
- The probes that have crossed their WARNING thresholds.
- Critical
- The probes that have crossed their CRITICAL thresholds or reached a critical status by some other means. (Some probes become critical when exceeding their timeout period.)
Important
A.2. Apache 1.3.x and 2.0.x
https
and the port to 443
.
A.2.1. Apache::Processes
- Data Transferred Per Child - Records data transfer information about individual children. A child process is one that is created from the parent process or another process.
- Data Transferred Per Slot - The cumulative amount of data transferred by a child process that restarts. The number of slots is configured in the
httpd.conf
file using theMaxRequestsPerChild
setting.
ExtendedStatus
directive in the httpd.conf
file of the Web server must be set to On
for this probe to function properly.
Table A.1. Apache::Processes settings
Field | Value |
---|---|
Application Protocol* | http |
Port* | 80 |
Pathname* | /server-status |
UserAgent* | NOCpulse-ApacheUptime/1.0 |
Username | |
Password | |
Timeout* | 15 |
Critical Maximum Megabytes Transferred Per Child | |
Warning Maximum Megabytes Transferred Per Child | |
Critical Maximum Megabytes Transferred Per Slot | |
Warning Maximum Megabytes Transferred Per Slot |
A.2.2. Apache::Traffic
- Current Requests - The number of requests being processed by the server at probe runtime.
- Request Rate - The accesses to the server per second since the probe last ran.
- Traffic - The kilobytes per second of traffic the server has processed since the probe last ran.
ExtendedStatus
directive in the httpd.conf
file of the Web server must be set to On
for this probe to function properly.
Table A.2. Apache::Traffic settings
Field | Value |
---|---|
Application Protocol* | http |
Port* | 80 |
Pathname* | /server-status |
UserAgent* | NOCpulse-ApacheUptime/1.0 |
Username | |
Password | |
Timeout* | 15 |
Critical Maximum Current Requests (number) | |
Warning Maximum Current Requests (number) | |
Critical Maximum Request Rate (events per second) | |
Warning Maximum Request Rate (events per second) | |
Critical Maximum Traffic (kilobytes per second) | |
Warning Maximum Traffic (kilobytes per second) |
A.2.3. Apache::Uptime
Table A.3. Apache::Uptime settings
Field | Value |
---|---|
Application Protocol* | http |
Port* | 80 |
Pathname* | /server-status |
UserAgent* | NOCpulse-ApacheUptime/1.0 |
Username | |
Password | |
Timeout* | 15 |
A.3. BEA WebLogic 6.x and higher
community_prefix@managed_server_name
in order for the SNMP query to return results for the desired Managed Server. Finally, SNMP must be enabled on each monitored system. SNMP support can be enabled and configured through the WebLogic Console.
A.3.1. BEA WebLogic::Execute Queue
- Idle Execute Threads - The number of execution threads in an idle state.
- Queue Length - The number of requests in the queue.
- Request Rate - The number of requests per second.
Table A.4. BEA WebLogic::Execute Queue settings
Field | Value |
---|---|
SNMP Community String* | public |
SNMP Port* | 161 |
SNMP Version* | 1 |
BEA Domain Admin Server | |
BEA Server Name* | myserver |
Queue Name* | default |
Critical Maximum Idle Execute Threads | |
Warning Maximum Idle Execute Threads | |
Critical Maximum Queue Length | |
Warning Maximum Queue Length | |
Critical Maximum Request Rate | |
Warning Maximum Request Rate |
A.3.2. BEA WebLogic::Heap Free
- Heap Free - The percentage of free heap space.
Table A.5. BEA WebLogic::Heap Free settings
Field | Value |
---|---|
SNMP Community String* | public |
SNMP Port* | 161 |
SNMP Version* | 1 |
BEA Domain Admin Server | |
BEA Server Name* | myserver |
Critical Maximum Heap Free | |
Warning Maximum Heap Free | |
Warning Minimum Heap Free | |
Critical Minimum Heap Free |
A.3.3. BEA WebLogic::JDBC Connection Pool
- Connections - The number of connections to the JDBC.
- Connections Rate - The speed at which connections are made to the JDBC, measured in connections per second.
- Waiters - The number of sessions waiting to connect to the JDBC.
Table A.6. BEA WebLogic::JDBC Connection Pool settings
Field | Value |
---|---|
SNMP Community String* | public |
SNMP Port* | 161 |
SNMP Version* | 1 |
BEA Domain Admin Server | |
BEA Server Name* | myserver |
JDBC Pool Name* | MyJDBC Connection Pool |
Critical Maximum Connections | |
Warning Maximum Connections | |
Critical Maximum Connection Rate | |
Warning Maximum Connection Rate | |
Critical Maximum Waiters | |
Warning Maximum Waiters |
A.3.4. BEA WebLogic::Server State
Table A.7. BEA WebLogic::Server State settings
Field | Value |
---|---|
SNMP Community String* | public |
SNMP Port* | 161 |
SNMP Version* | 1 |
BEA Domain Admin Server | |
BEA Server Name* |
A.3.5. BEA WebLogic::Servlet
- High Execution Time - The highest amount of time in milliseconds that the servlet takes to execute since the system was started.
- Low Execution Time - The lowest amount of time in milliseconds that the servlet takes to execute since the system was started.
- Execution Time Moving Average - A moving average of the execution time.
- Execution Time Average - A standard average of the execution time.
- Reload Rate - The number of times the specified servlet is reloaded per minute.
- Invocation Rate - The number of times the specified servlet is invoked per minute.
Table A.8. BEA WebLogic::Servlet settings
Field | Value |
---|---|
SNMP Community String* | public |
SNMP Port* | 161 |
SNMP Version* | 1 |
BEA Domain Admin Server | |
BEA Server Name* | myserver |
Servlet Name* | |
Critical Maximum High Execution Time | |
Warning Maximum High Execution Time | |
Critical Maximum Execution Time Moving Average | |
Warning Maximum Execution Time Moving Average |
A.4. General
A.4.1. General::Remote Program
rhnmd
) must be running on the monitored system to execute this probe.
Table A.9. General::Remote Program settings
Field | Value |
---|---|
Command* | |
OK Exit Status* | 0 |
Warning Exit Status* | 1 |
Critical Exit Status* | 2 |
Timeout | 15 |
A.4.2. General::Remote Program with Data
- <perldata> </perldata>
- <hash> </hash>
- <item key =" "> </item>
STDOUT
:
<perldata> <hash> <item key="data">10</item> <item key="status_message">status message here</item> </hash> </perldata>
data
is the data point to be inserted in the database for time-series trending. The status_message
is optional and can be whatever text string is desired with a maximum length of 1024 bytes. Remote programs that do not include a status_message
still report the value and status returned.
rhnmd
) must be running on the monitored system to execute this probe. XML is case-sensitive. The data
item key name cannot be changed and it must collect a number as its value.
Table A.10. General::Remote Program with Data settings
Field | Value |
---|---|
Command* | |
OK Exit Status* | 0 |
Warning Exit Status* | 1 |
Critical Exit Status* | 2 |
Timeout | 15 |
A.4.3. General::SNMP Check
1.3.6.1.2.1.1.1.0
) and a threshold associated with the return value. It collects the following metric:
- Remote Service Latency - The time it takes in seconds for the SNMP server to answer a connection request.
Table A.11. General::SNMP Check settings
Field | Value |
---|---|
SNMP OID* | |
SNMP Community String* | public |
SNMP Port* | 161 |
SNMP Version* | 2 |
Timeout* | 15 |
Critical Maximum Value | |
Warning Maximum Value | |
Warning Minimum Value | |
Critical Minimum Value |
A.4.4. General::TCP Check
- Remote Service Latency - The time it takes in seconds for the TCP server to answer a connection request.
Table A.12. General::TCP Check settings
Field | Value |
---|---|
Send | |
Expect | |
Port* | 1 |
Timeout* | 10 |
Critical Maximum Latency | |
Warning Maximum Latency |
A.4.5. General::UDP Check
- Remote Service Latency - The time it takes in seconds for the UDP server to answer a connection request.
Table A.13. General::UDP Check settings
Field | Value |
---|---|
Port* | 1 |
Send | |
Expect | |
Timeout* | 10 |
Critical Maximum Latency | |
Warning Maximum Latency |
A.4.6. General::Uptime (SNMP)
Table A.14. General::Uptime (SNMP) settings
Field | Value |
---|---|
SNMP Community String* | public |
SNMP Port* | 161 |
SNMP Version* | 2 |
Timeout* | 15 |
A.5. Linux
rhnmd
daemon be running on the monitored system.
A.5.1. Linux::CPU Usage
- CPU Percent Used - The five-second average of the percent of CPU usage at probe execution.
rhnmd
) must be running on the monitored system to run this probe.
Table A.15. Linux::CPU Usage settings
Field | Value |
---|---|
Timeout* | 15 |
Critical Maximum CPU Percent Used | |
Warning Maximum CPU Percent Used |
A.5.2. Linux::Disk IO Throughput
- Read Rate - The amount of data that is read in kilobytes per second.
- Write Rate - The amount of data that is written in kilobytes per second.
iostat
on the system to be monitored and see what name has been assigned to the disk you desire. The default value of 0
usually provides statistics from the first hard drive connected directly to the system.
rhnmd
) must be running on the monitored system to execute this probe. Also, the Disk number or disk name parameter must match the format visible when the iostat
command is run. If the format is not identical, the configured probe enters an UNKNOWN state.
Table A.16. Linux::Disk IO Throughput settings
Field | Value |
---|---|
Disk number or disk name* | 0 |
Timeout* | 15 |
Critical Maximum KB read/second | |
Warning Maximum KB read/second | |
Warning Minimum KB read/second | |
Critical Minimum KB read/second | |
Critical Maximum KB written/second | |
Warning Maximum KB written/second | |
Warning Minimum KB written/second | |
Critical Minimum KB written/second |
A.5.3. Linux::Disk Usage
- File System Used - The percentage of the file system currently in use.
- Space Used - The amount of the file system in megabytes currently in use.
- Space Available - The amount of the file system in megabytes currently available.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.17. Linux::Disk Usage settings
Field | Value |
---|---|
File system* | /dev/hda1 |
Timeout* | 15 |
Critical Maximum File System Percent Used | |
Warning Maximum File System Percent Used | |
Critical Maximum Space Used | |
Warning Maximum Space Used | |
Warning Minimum Space Available | |
Critical Minimum Space Available |
A.5.4. Linux::Inodes
- Inodes - The percentage of inodes currently in use.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.18. Linux::Inodes settings
Field | Value |
---|---|
File system* | / |
Timeout* | 15 |
Critical Maximum Inodes Percent Used | |
Warning Maximum Inodes Percent Used |
A.5.5. Linux::Interface Traffic
- Input Rate - The traffic in bytes per second going into the specified interface.
- Output Rate - The traffic in bytes per second going out of the specified interface.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.19. Linux::Interface Traffic settings
Field | Value |
---|---|
Interface* | |
Timeout* | 30 |
Critical Maximum Input Rate | |
Warning Maximum Input Rate | |
Warning Minimum Input Rate | |
Critical Minimum Input Rate | |
Critical Maximum Output Rate | |
Warning Maximum Output Rate | |
Warning Minimum Output Rate | |
Critical Minimum Output Rate |
A.5.6. Linux::Load
- Load - The average load on the system CPU over various periods.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.20. Linux::Load settings
Field | Value |
---|---|
Timeout* | 15 |
Critical CPU Load 1-minute average | |
Warning CPU Load 1-minute average | |
Critical CPU Load 5-minute average | |
Warning CPU Load 5-minute average | |
Critical CPU Load 15-minute average | |
Warning CPU Load 15-minute average |
A.5.7. Linux::Memory Usage
- RAM Free - The amount of free random access memory (RAM) in megabytes on a system.
yes
or no
in the Include reclaimable memory field.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.21. Linux::Memory Usage settings
Field | Value |
---|---|
Include reclaimable memory | no |
Timeout* | 15 |
Warning Maximum RAM Free | |
Critical Maximum RAM Free |
A.5.8. Linux::Process Counts by State
- Blocked - A process that has been switched to the waiting queue and whose state has been switched to
waiting
. - Defunct - A process that has terminated (either because it has been killed by a signal or because it has called
exit()
) and whose parent process has not yet received notification of its termination by executing some form of thewait()
system call. - Stopped - A process that has been stopped before its execution could be completed.
- Sleeping - A process that is in the
Interruptible
sleep state and that can later be reintroduced into memory, resuming execution where it left off.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.22. Linux::Process Counts by State settings
Field | Value |
---|---|
Timeout* | 15 |
Critical Maximum Blocked Processes | |
Warning Maximum Blocked Processes | |
Critical Maximum Defunct Processes | |
Warning Maximum Defunct Processes | |
Critical Maximum Stopped Processes | |
Warning Maximum Stopped Processes | |
Critical Maximum Sleeping Processes | |
Warning Maximum Sleeping Processes | |
Critical Maximum Child Processes | |
Warning Maximum Child Processes |
A.5.9. Linux::Process Count Total
- Process Count - The total number of processes currently running on the system.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.23. Linux::Process Count Total settings
Field | Value |
---|---|
Timeout* | 15 |
Critical Maximum Process Count | |
Warning Maximum Process Count |
A.5.10. Linux::Process Health
- CPU Usage - The CPU usage rate for a given process in milliseconds per second. This metric reports the time column of
ps
output, which is the cumulative CPU time used by the process. This makes the metric independent of probe interval, allows sane thresholds to be set, and generates usable graphs (i.e. a sudden spike in CPU usage shows up as a spike in the graph). - Child Process Groups - The number of child processes spawned from the specified parent process. A child process inherits most of its attributes, such as open files, from its parent.
- Threads - The number of running threads for a given process. A thread is the basic unit of CPU utilization, and consists of a program counter, a register set, and a stack space. A thread is also called a lightweight process.
- Physical Memory Used - The amount of physical memory (or RAM) in kilobytes used by the specified process.
- Virtual Memory Used - The amount of virtual memory in kilobytes used by the specified process, or the size of the process in real memory plus swap.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.24. Linux::Process Health settings
Field | Value |
---|---|
Command Name | |
Process ID (PID) file | |
Timeout* | 15 |
Critical Maximum CPU Usage | |
Warning Maximum CPU Usage | |
Critical Maximum Child Process Groups | |
Warning Maximum Child Process Groups | |
Critical Maximum Threads | |
Warning Maximum Threads | |
Critical Maximum Physical Memory Used | |
Warning Maximum Physical Memory Used | |
Critical Maximum Virtual Memory Used | |
Warning Maximum Virtual Memory Used |
A.5.11. Linux::Process Running
rhnmd
) must be running on the monitored system to execute this probe.
Table A.25. Linux::Process Running settings
Field | Value |
---|---|
Command name | |
PID file | |
Count process groups | (checked) |
Timeout* | 15 |
Critical Maximum Number Running | |
Critical Minimum Number Running |
A.5.12. Linux::Swap Usage
- Swap Free - The percent of swap memory currently free.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.26. Linux::Swap Usage settings
Field | Value |
---|---|
Timeout* | 15 |
Warning Minimum Swap Free | |
Critical Minimum Swap Free |
A.5.13. Linux::TCP Connections by State
- TIME_WAIT - The socket is waiting after close for remote shutdown transmission so it may handle packets still in the network.
- CLOSE_WAIT - The remote side has been shut down and is now waiting for the socket to close.
- FIN_WAIT - The socket is closed, and the connection is now shutting down.
- ESTABLISHED - The socket has a connection established.
- SYN_RCVD - The connection request has been received from the network.
netstat -ant
command to retrieve data. The Local IP address and Local port parameters use values in the Local Address column of the output; the Remote IP address and Remote port parameters use values in the Foreign Address column of the output for reporting.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.27. Linux::TCP Connections by State settings
Field | Value |
---|---|
Local IP address filter pattern list | |
Local port number filter | |
Remote IP address filter pattern list | |
Remote port number filter | |
Timeout* | 15 |
Critical Maximum Total Connections | |
Warning Maximum Total Connections | |
Critical Maximum TIME_WAIT Connections | |
Warning Maximum TIME_WAIT Connections | |
Critical Maximum CLOSE_WAIT Connections | |
Warning Maximum CLOSE_WAIT Connections | |
Critical Maximum FIN_WAIT Connections | |
Warning Maximum FIN_WAIT Connections | |
Critical Maximum ESTABLISHED Connections | |
Warning Maximum ESTABLISHED Connections | |
Critical Maximum SYN_RCVD Connections | |
Warning Maximum SYN_RCVD Connections |
A.5.14. Linux::Users
- Users - The number of users currently logged in.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.28. Linux::Users settings
Field | Value |
---|---|
Timeout* | 15 |
Critical Maximum Users | |
Warning Maximum Users |
A.5.15. Linux::Virtual Memory
- Virtual Memory - The percent of total system memory - random access memory (RAM) plus swap - that is free.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.29. Linux::Virtual Memory settings
Field | Value |
---|---|
Timeout* | 15 |
Warning Minimum Virtual Memory Free | |
Critical Minimum Virtual Memory Free |
A.6. LogAgent
nocpulse
user must be granted read access to your log files.
A.6.1. LogAgent::Log Pattern Match
- Regular Expression Matches - The number of matches that have occurred since the probe last ran.
- Regular Expression Match Rate - The number of matches per minute since the probe last ran.
rhnmd
) must be running on the monitored system to execute this probe. For this probe to run, the nocpulse
user must be granted read access to your log files.
egrep
, which is equivalent to grep -E
and supports extended regular expressions. This is the regular expression set for egrep
:
^ beginning of line $ end of line . match one char * match zero or more chars [] match one character set, e.g. '[Ff]oo' [^] match not in set '[^A-F]oo' + match one or more of preceding chars ? match zero or one of preceding chars | or, e.g. a|b () groups chars, e.g., (foo|bar) or (foo)+
Warning
egrep
to fail silently and the probe to time out.
Table A.30. LogAgent::Log Pattern Match settings
Field | Value |
---|---|
Log file* | /var/log/messages |
Basic regular expression* | |
Timeout* | 45 |
Critical Maximum Matches | |
Warning Maximum Matches | |
Warning Minimum Matches | |
Critical Minimum Matches | |
Critical Maximum Match Rate | |
Warning Maximum Match Rate | |
Warning Minimum Match Rate | |
Critical Maximum Match Rate |
A.6.2. LogAgent::Log Size
- Size - The size the log file has grown in bytes since the probe last ran.
- Output Rate - The number of bytes per minute the log file has grown since the probe last ran.
- Lines - The number of lines written to the log file since the probe last ran.
- Line Rate - The number of lines written per minute to the log file since the probe last ran.
rhnmd
) must be running on the monitored system to execute this probe. For this probe to run, the nocpulse
user must be granted read access to your log files.
Table A.31. LogAgent::Log Size settings
Field | Value |
---|---|
Log file* | /var/log/messages |
Timeout* | 20 |
Critical Maximum Size | |
Warning Maximum Size | |
Warning Minimum Size | |
Critical Minimum Size | |
Critical Maximum Output Rate | |
Warning Maximum Output Rate | |
Warning Minimum Output Rate | |
Critical Minimum Output Rate | |
Critical Maximum Lines | |
Warning Maximum Lines | |
Warning Minimum Lines | |
Critical Minimum Lines | |
Critical Maximum Line Rate | |
Warning Maximum Line Rate | |
Warning Minimum Line Rate | |
Critical Minimum Line Rate |
A.7. MySQL 3.23 - 3.33
mysqladmin
binary. No specific user privileges are needed for these probes.
mysql-server
package must be installed on the system conducting the monitoring for these probes to complete. See the MySQL Installation section of the Red Hat Satellite Installation Guide for instructions.
A.7.1. MySQL::Database Accessibility
Table A.32. MySQL::Database Accessibility settings
Field | Value |
---|---|
Username* | |
Password | |
MySQL Port | 3306 |
Database* | mysql |
Timeout | 15 |
A.7.2. MySQL::Opened Tables
- Opened Tables - The tables that have been opened since the server was started.
Table A.33. MySQL::Opened Tables settings
Field | Value |
---|---|
Username | |
Password | |
MySQL Port* | 3306 |
Timeout | 15 |
Critical Maximum Opened Objects | |
Warning Maximum Opened Objects | |
Warning Minimum Opened Objects | |
Critical Minimum Opened Objects |
A.7.3. MySQL::Open Tables
- Open Tables - The number of tables open when the probe runs.
Table A.34. MySQL::Open Tables settings
Field | Value |
---|---|
Username | |
Password | |
MySQL Port* | 3306 |
Timeout | 15 |
Critical Maximum Open Objects | |
Warning Maximum Open Objects | |
Warning Minimum Open Objects | |
Critical Minimum Open Objects |
A.7.4. MySQL::Query Rate
- Query Rate - The average number of queries per second per database server.
Table A.35. MySQL::Query Rate settings
Field | Value |
---|---|
Username | |
Password | |
MySQL Port* | 3306 |
Timeout | 15 |
Critical Maximum Query Rate | |
Warning Maximum Query Rate | |
Warning Minimum Query Rate | |
Critical Minimum Query Rate |
A.7.5. MySQL::Threads Running
- Threads Running - The total number of running threads within the database.
Table A.36. MySQL::Threads Running settings
Field | Value |
---|---|
Username | |
Password | |
MySQL Port* | 3306 |
Timeout | 15 |
Critical Maximum Threads Running | |
Warning Maximum Threads Running | |
Warning Minimum Threads Running | |
Critical Minimum Threads Running |
A.8. Network Services
A.8.1. Network Services::DNS Lookup
dig
command to see if it can resolve the system or domain name specified in the Host or Address to look up field. It collects the following metric:
- Query Time - The time in milliseconds required to execute the
dig
request.
Table A.37. Network Services::DNS Lookup settings
Field | Value |
---|---|
Host or Address to look up | |
Timeout* | 10 |
Critical Maximum Query Time | |
Warning Maximum Query Time |
A.8.2. Network Services::FTP
- Remote Service Latency - The time it takes in seconds for the FTP server to answer a connection request.
Table A.38. Network Services::FTP settings
Field | Value |
---|---|
Expect | FTP |
Username | |
Password | |
FTP Port* | 21 |
Timeout* | 10 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.8.3. Network Services::IMAP Mail
- Remote Service Latency - The time it takes in seconds for the IMAP server to answer a connection request.
Table A.39. Network Services::IMAP Mail settings
Field | Value |
---|---|
IMAP Port* | 143 |
Expect* | OK |
Timeout* | 5 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.8.4. Network Services::Mail Transfer (SMTP)
- Remote Service Latency - The time it takes in seconds for the SMTP server to answer a connection request.
Table A.40. Network Services::Mail Transfer (SMTP) settings
Field | Value |
---|---|
SMTP Port* | 25 |
Timeout* | 10 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.8.5. Network Services::Ping
ping
the monitored system or a specified IP address. It also checks the packet loss and compares the round trip average against the Warning and Critical threshold levels. The required Packets to send value allows you to control how many ICMP ECHO packets are sent to the system. This probe collects the following metrics:
- Round-Trip Average - The time it takes in milliseconds for the ICMP ECHO packet to travel to and from the monitored system.
- Packet Loss - The percent of data lost in transit.
ping
from a Red Hat Satellite Server and not the monitored system. Populating the IP Address field does not test connectivity between the system and the specified IP address but between the Red Hat Satellite Server and the IP address. Therefore, entering the same IP address for Ping probes on different systems accomplishes precisely the same task. To conduct a ping
from a monitored system to an individual IP address, use the Remote Ping probe instead. See Section A.8.7, “Network Services::Remote Ping”.
Table A.41. Network Services::Ping settings
Field | Value |
---|---|
IP Address (defaults to system IP) | |
Packets to send* | 20 |
Timeout* | 10 |
Critical Maximum Round-Trip Average | |
Warning Maximum Round-Trip Average | |
Critical Maximum Packet Loss | |
Warning Maximum Packet Loss |
A.8.6. Network Services::POP Mail
- Remote Service Latency - The time it takes in seconds for the POP server to answer a connection request.
+OK
. If the expected string is not found, the probe returns a CRITICAL state.
Table A.42. Network Services::POP Mail settings
Field | Value |
---|---|
Port* | 110 |
Expect* | +OK |
Timeout* | 10 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.8.7. Network Services::Remote Ping
ping
a specified IP address. It also monitors the packet loss and compares the round trip average against the Warning and Critical threshold levels. The required Packets to send value allows you to control how many ICMP ECHO packets are sent to the address. This probe collects the following metrics:
- Round-Trip Average - The time it takes in milliseconds for the ICMP ECHO packet to travel to and from the IP address.
- Packet Loss - The percent of data lost in transit.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.43. Network Services::Remote Ping settings
Field | Value |
---|---|
IP Address* | |
Packets to send* | 20 |
Timeout* | 10 |
Critical Maximum Round-Trip Average | |
Warning Maximum Round-Trip Average | |
Critical Maximum Packet Loss | |
Warning Maximum Packet Loss |
A.8.8. Network Services::RPCService
- Remote Service Latency - The time it takes in seconds for the RPC server to answer a connection request.
Table A.44. Network Services::RPCService settings
Field | Value |
---|---|
Protocol (TCP/UDP) | udp |
Service Name* | nfs |
Timeout* | 10 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.8.9. Network Services::Secure Web Server (HTTPS)
- Remote Service Latency - The time it takes in seconds for the HTTPS server to answer a connection request.
Table A.45. Network Services::Secure Web Server (HTTPS) settings
Field | Value |
---|---|
URL Path | / |
Expect Header | HTTP/1 |
Expect Content | |
UserAgent* | NOCpulse-check_http/1.0 |
Username | |
Password | |
Timeout* | 10 |
HTTPS Port* | 443 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.8.10. Network Services::SSH
- Remote Service Latency - The time it takes in seconds for the SSH server to answer a connection request.
Table A.46. Network Services::SSH settings
Field | Value |
---|---|
SSH Port* | 22 |
Timeout* | 5 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.8.11. Network Services::Web Server (HTTP)
- Remote Service Latency - The time it takes in seconds for the HTTP server to answer a connection request.
Table A.47. Network Services::Web Server (HTTP) settings
Field | Value |
---|---|
URL Path | / |
Virtual Host | |
Expect Header | HTTP/1 |
Expect Content | |
UserAgent* | NOCpulse-check_http/1.0 |
Username | |
Password | |
Timeout* | 10 |
HTTP Port* | 80 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.9. Oracle 8i, 9i, 10g, and 11g
$ORACLE_HOME/rdbms/admin/catalog.sql
A.9.1. Oracle::Active Sessions
- Active Sessions - The number of active sessions based on the value of
V$PARAMETER.PROCESSES
. - Available Sessions - The percentage of active sessions that are available based on the value of
V$PARAMETER.PROCESSES
.
Table A.48. Oracle::Active Sessions settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Timeout* | 30 |
Critical Maximum Active Sessions | |
Warning Maximum Active Sessions | |
Critical Maximum Available Sessions Used | |
Warning Maximum Available Sessions Used |
A.9.2. Oracle::Availability
Table A.49. Oracle::Availability settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Timeout* | 30 |
A.9.3. Oracle::Blocking Sessions
- Blocking Sessions - The number of sessions preventing other sessions from committing changes to the Oracle database, as determined by the required Time Blocking value you provide. Only those sessions that have been blocking for this duration, which is measured in seconds, are counted as blocking sessions.
Table A.50. Oracle::Blocking Sessions settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Time Blocking (seconds)* | 20 |
Timeout* | 30 |
Critical Maximum Blocking Sessions | |
Warning Maximum Blocking Sessions |
A.9.4. Oracle::Buffer Cache
- Db Block Gets - The number of blocks accessed via single block gets (not through the consistent get mechanism).
- Consistent Gets - The number of accesses made to the block buffer to retrieve data in a consistent mode.
- Physical Reads - The cumulative number of blocks read from disk.
- Buffer Cache Hit Ratio - The rate at which the database goes to the buffer instead of the hard disk to retrieve data. A low ratio suggests more RAM should be added to the system.
Table A.51. Oracle::Buffer Cache settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port | 1521 |
Timeout* | 30 |
Warning Minimum Buffer Cache Hit Ratio | |
Critical Minimum Buffer Cache Hit Ratio |
A.9.5. Oracle::Client Connectivity
rhnmd
connection to the system and issues a sqlplus connect
command on the monitored system.
V$DATABASE.NAME
. This value is case-insensitive. A CRITICAL status is returned if this value is not found.
rhnmd
) must be running on the monitored system to execute this probe. For this probe to run, the nocpulse
user must be granted read access to your log files.
Table A.52. Oracle::Client Connectivity settings
Field | Value |
---|---|
Oracle Hostname or IP address* | |
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
ORACLE_HOME* | /opt/oracle |
Expected DB Name* | |
Timeout* | 30 |
A.9.6. Oracle::Data Dictionary Cache
init.ora
. It collects the following metrics:
- Data Dictionary Hit Ratio - The ratio of cache hits to cache lookup attempts in the data dictionary cache. In other words, the rate at which the database goes to the dictionary instead of the hard disk to retrieve data. A low ratio suggests more RAM should be added to the system.
- Gets - The number of blocks accessed via single block gets (not through the consistent get mechanism).
- Cache Misses - The number of accesses made to the block buffer to retrieve data in a consistent mode.
Table A.53. Oracle::Data Dictionary Cache settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Timeout* | 30 |
Warning Minimum Data Dictionary Hit Ratio | |
Critical Minimum Data Dictionary Hit Ratio |
A.9.7. Oracle::Disk Sort Ratio
- Disk Sort Ratio - The rate of Oracle sorts that were too large to be completed in memory and were instead sorted using a temporary segment.
Table A.54. Oracle::Disk Sort Ratio settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Timeout* | 30 |
Critical Maximum Disk Sort Ratio | |
Warning Maximum Disk Sort Ratio |
A.9.8. Oracle::Idle Sessions
- Idle Sessions - The number of Oracle sessions that are idle, as determined by the required Time Idle value you provide. Only those sessions that have been idle for this duration, which is measured in seconds, are counted as idle sessions.
Table A.55. Oracle::Idle Sessions settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Time Idle (seconds)* | 20 |
Timeout* | 30 |
Critical Maximum Idle Sessions | |
Warning Maximum Idle Sessions |
A.9.9. Oracle::Index Extents
- Allocated Extents - The number of allocated extents for any index.
- Available Extents - The percentage of available extents for any index.
%
that matches any index name.
Table A.56. Oracle::Index Extents settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Index Owner* | % |
Index Name* | % |
Timeout* | 30 |
Critical Maximum of Allocated Extents | |
Warning Maximum of Allocated Extents | |
Critical Maximum of Available Extents | |
Warning Maximum of Available Extents |
A.9.10. Oracle::Library Cache
init.ora
. It collects the following metrics:
- Library Cache Miss Ratio - The rate at which a library cache pin miss occurs. This happens when a session executes a statement that it has already parsed but finds that the statement is no longer in the shared pool.
- Executions - The number of times a pin was requested for objects of this namespace.
- Cache Misses - The number of pins that must now retrieve the object of the disk. These pins are made up of objects with previous pins from the time the object handle was created.
Table A.57. Oracle::Library Cache settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Timeout* | 30 |
Critical Maximum Library Cache Miss Ratio | |
Warning Maximum Library Cache Miss Ratio |
A.9.11. Oracle::Locks
- Active Locks - The current number of active locks as determined by the value in the v$locks table. Database administrators should be aware of high numbers of locks present in a database instance.
Table A.58. Oracle::Locks settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Timeout* | 30 |
Critical Maximum Active Locks | |
Warning Maximum Active Locks |
A.9.12. Oracle::Redo Log
- Redo Log Space Request Rate - The average number of redo log space requests per minute since the server has been started.
- Redo Buffer Allocation Retry Rate - The average number of buffer allocation retries per minute since the server was started.
Table A.59. Oracle::Redo Log settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Timeout* | 30 |
Critical Maximum Redo Log Space Request Rate | |
Warning Maximum Redo Log Space Request Rate | |
Critical Maximum Redo Buffer Allocation Retry Rate | |
Warning Maximum Redo Buffer Allocation Retry Rate |
A.9.13. Oracle::Table Extents
- Allocated Extents-Any Table - The total number of extents for any table.
- Available Extents-Any Table - The percentage of available extents for any table.
%
that matches any table owner or name.
Table A.60. Oracle::Table Extents settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Table Owner* | % |
Table Name* | % |
Timeout* | 30 |
Critical Maximum Allocated Extents | |
Warning Maximum Allocated Extents | |
Critical Maximum Available Extents | |
Warning Maximum Available Extents |
A.9.14. Oracle::Tablespace Usage
- Available Space Used - The percentage of available space in each tablespace that has been used.
%
that matches any table name.
Table A.61. Oracle::Tablespace Usage settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Tablespace Name* | % |
Timeout* | 30 |
Critical Maximum Available Space Used | |
Warning Maximum Available Space Used |
A.9.15. Oracle::TNS Ping
- Remote Service Latency - The time it takes in seconds for the Oracle server to answer a connection request.
Table A.62. Oracle::TNS Ping settings
Field | Value |
---|---|
TNS Listener Port* | 1521 |
Timeout* | 15 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.10. Red Hat Satellite
A.10.1. Red Hat Satellite::Disk Space
- File System Used - The percent of the current file system now in use.
- Space Used - The file size used by the current file system.
- Space Available - The file size available to the current file system.
Table A.63. Red Hat Satellite::Disk Space settings
Field | Value |
---|---|
Device Pathname* | /dev/hda1 |
Critical Maximum File System Used | |
Warning Maximum File System Used | |
Critical Maximum Space Used | |
Warning Maximum Space Used | |
Critical Maximum Space Available | |
Warning Maximum Space Available |
A.10.2. Red Hat Satellite::Execution Time
- Probe Execution Time Average - The seconds required to fully execute a probe.
Table A.64. Red Hat Satellite::Execution Time settings
Field | Value |
---|---|
Critical Maximum Probe Execution Time Average | |
Warning Maximum Probe Execution Time Average |
A.10.3. Red Hat Satellite::Interface Traffic
- Input Rate - The amount of traffic in bytes per second the device receives.
- Output Rate - The amount of traffic in bytes per second the device sends.
Table A.65. Red Hat Satellite::Interface Traffic settings
Field | Value |
---|---|
Interface* | eth0 |
Timeout (seconds)* | 30 |
Critical Maximum Input Rate | |
Critical Maximum Output Rate |
A.10.4. Red Hat Satellite::Latency
- Probe Latency Average - The lag in seconds between the time a probe becomes ready to run and the time it is actually run. Under normal conditions, this is generally less than a second. When a Satellite is overloaded (because it has too many probes with respect to their average execution time), the number goes up.
Table A.66. Red Hat Satellite::Latency settings
Field | Value |
---|---|
Critical Maximum Probe Latency Average | |
Warning Maximum Probe Latency Average |
A.10.5. Red Hat Satellite::Load
- Load - The load average on the CPU for a 1-, 5-, and 15-minute period.
Table A.67. Red Hat Satellite::Load settings
Field | Value |
---|---|
Critical Maximum 1-minute Average | |
Warning Maximum 1-minute Average | |
Critical Maximum 5-minute Average | |
Warning Maximum 5-minute Average | |
Critical Maximum 15-minute Average | |
Warning Maximum 15-minute Average |
A.10.6. Red Hat Satellite::Probe Count
- Probes - The number of individual probes running on a Satellite.
Table A.68. Red Hat Satellite::Probe Count settings
Field | Value |
---|---|
Critical Maximum Probe Count | |
Warning Maximum Probe Count |
A.10.7. Red Hat Satellite::Process Counts
- Blocked - The number of processes that have been switched to the waiting queue and waiting state.
- Child - The number of processes spawned by another process already running on the machine.
- Defunct - The number of processes that have terminated (either because they have been killed by a signal or have called
exit()
) and whose parent processes have not yet received notification of their termination by executing some form of thewait()
system call. - Stopped - The number of processes that have stopped before their executions could be completed.
- Sleeping - A process that is in the
Interruptible
sleep state and that can later be reintroduced into memory, resuming execution where it left off.
Table A.69. Red Hat Satellite::Process Counts settings
Field | Value |
---|---|
Critical Maximum Blocked Processes | |
Warning Maximum Blocked Processes | |
Critical Maximum Child Processes | |
Warning Maximum Child Processes | |
Critical Maximum Defunct Processes | |
Warning Maximum Defunct Processes | |
Critical Maximum Stopped Processes | |
Warning Maximum Stopped Processes | |
Critical Maximum Sleeping Processes | |
Warning Maximum Sleeping Processes |
A.10.8. Red Hat Satellite::Processes
- Processes - The number of processes running simultaneously on the machine.
Table A.70. Red Hat Satellite::Processes settings
Field | Value |
---|---|
Critical Maximum Processes | |
Warning Maximum Processes |
A.10.9. Red Hat Satellite::Process Health
- CPU Usage - The CPU usage percent for a given process.
- Child Process Groups - The number of child processes spawned from the specified parent process. A child process inherits most of its attributes, such as open files, from its parent.
- Threads - The number of running threads for a given process. A thread is the basic unit of CPU utilization, and consists of a program counter, a register set, and a stack space. A thread is also called a lightweight process.
- Physical Memory Used - The amount of physical memory in kilobytes being used by the specified process.
- Virtual Memory Used - The amount of virtual memory in kilobytes being used by the specified process, or the size of the process in real memory plus swap.
Table A.71. Red Hat Satellite::Process Health settings
Field | Value |
---|---|
Command Name | |
Process ID (PID) file | |
Timeout* | 15 |
Critical Maximum CPU Usage | |
Warning Maximum CPU Usage | |
Critical Maximum Child Process Groups | |
Warning Maximum Child Process Groups | |
Critical Maximum Threads | |
Warning Maximum Threads | |
Critical Maximum Physical Memory Used | |
Warning Maximum Physical Memory Used | |
Critical Maximum Virtual Memory Used | |
Warning Maximum Virtual Memory Used |
A.10.10. Red Hat Satellite::Process Running
Table A.72. Red Hat Satellite::Process Running settings
Field | Value |
---|---|
Command Name | |
Process ID (PID) file | |
Critical Number Running Maximum | |
Critical Number Running Minimum |
A.10.11. Red Hat Satellite::Swap
Table A.73. Red Hat Satellite::Swap settings
Field | Value |
---|---|
Critical Minimum Swap Percent Free | |
Warning Minimum Swap Percent Free |
A.10.12. Red Hat Satellite::Users
Table A.74. Red Hat Satellite::Users settings
Field | Value |
---|---|
Critical Maximum Users | |
Warning Maximum Users |
Appendix B. Revision History
Revision History | |||||||||
---|---|---|---|---|---|---|---|---|---|
Revision 3-35 | Wed Jul 26 2017 | ||||||||
| |||||||||
Revision 3-34 | Thu Aug 20 2015 | ||||||||
| |||||||||
Revision 3-33 | Tue Aug 11 2015 | ||||||||
| |||||||||
Revision 3-32 | Wed May 27 2015 | ||||||||
| |||||||||
Revision 3-31 | Fri Apr 10 2015 | ||||||||
| |||||||||
Revision 3-30 | Mon Mar 2 2015 | ||||||||
| |||||||||
Revision 3-29 | Tue Feb 17 2015 | ||||||||
| |||||||||
Revision 3-28 | Tue Feb 3 2015 | ||||||||
| |||||||||
Revision 3-27 | Wed Jan 7 2015 | ||||||||
| |||||||||
Revision 3-26 | Thu Jan 1 2015 | ||||||||
| |||||||||
Revision 3-25 | Mon Dec 8 2014 | ||||||||
| |||||||||
Revision 3-24 | Thu Nov 20 2014 | ||||||||
| |||||||||
Revision 3-23 | Wed Nov 19 2014 | ||||||||
| |||||||||
Revision 3-22 | Sun Nov 16 2014 | ||||||||
| |||||||||
Revision 3-21 | Wed Oct 8 2014 | ||||||||
| |||||||||
Revision 3-20 | Fri Sep 27 2013 | ||||||||
| |||||||||
Revision 3-19 | Wed Sep 11 2013 | ||||||||
| |||||||||
Revision 3-18 | Wed Sep 11 2013 | ||||||||
| |||||||||
Revision 3-17 | Wed Sep 11 2013 | ||||||||
| |||||||||
Revision 3-16 | Tue Sep 10 2013 | ||||||||
| |||||||||
Revision 3-15 | Thu Aug 29 2013 | ||||||||
| |||||||||
Revision 3-14 | Tues Aug 20 2013 | ||||||||
| |||||||||
Revision 3-13 | Mon Jul 29 2013 | ||||||||
| |||||||||
Revision 3-12 | Sun Jul 28 2013 | ||||||||
| |||||||||
Revision 3-11 | Wed Jul 24 2013 | ||||||||
| |||||||||
Revision 3-10 | Tue Jul 23 2013 | ||||||||
| |||||||||
Revision 3-9 | Fri Jul 12 2013 | ||||||||
| |||||||||
Revision 3-8 | Fri Jul 12 2013 | ||||||||
| |||||||||
Revision 3-6 | Thu Jul 11 2013 | ||||||||
| |||||||||
Revision 3-5 | Wed Sep 19 2012 | ||||||||
| |||||||||
Revision 3-4 | Fri Aug 31 2012 | ||||||||
| |||||||||
Revision 3-3 | Fri Aug 24 2012 | ||||||||
| |||||||||
Revision 3-3 | Fri Aug 24 2012 | ||||||||
| |||||||||
Revision 3-2 | Fri Aug 24 2012 | ||||||||
| |||||||||
Revision 3-1 | Fri Aug 17 2012 | ||||||||
| |||||||||
Revision 3-0 | Thu Aug 9 2012 | ||||||||
| |||||||||
Revision 2-5 | Wed Aug 1 2012 | ||||||||
| |||||||||
Revision 2-0 | Fri Jul 6 2012 | ||||||||
| |||||||||
Revision 1-5 | Mon Aug 15 2011 | ||||||||
| |||||||||
Revision 1-4 | Mon Jun 20 2011 | ||||||||
| |||||||||
Revision 1-3 | Mon Jun 20 2011 | ||||||||
| |||||||||
Revision 1-2 | Wed Jun 15 2011 | ||||||||
| |||||||||
Revision 1-1 | Fri May 27 2011 | ||||||||
| |||||||||
Revision 1-0 | Fri May 6 2011 | ||||||||
| |||||||||
Revision 0-15 | Thu May 5 2011 | ||||||||
| |||||||||
Revision 0-14 | Mon May 2 2011 | ||||||||
| |||||||||
Revision 0-13 | Fri Apr 29 2011 | ||||||||
| |||||||||
Revision 0-12 | Mon Apr 18 2011 | ||||||||
| |||||||||
Revision 0-11 | Mon Apr 18 2011 | ||||||||
| |||||||||
Revision 0-10 | Mon Apr 18 2011 | ||||||||
| |||||||||
Revision 0-9 | Thu Apr 14 2011 | ||||||||
| |||||||||
Revision 0-8 | Wed Apr 13 2011 | ||||||||
| |||||||||
Revision 0-7 | Wed Mar 23 2011 | ||||||||
| |||||||||
Revision 0-6 | Mon Feb 21 2011 | ||||||||
| |||||||||
Revision 0-5 | Fri Feb 18 2011 | ||||||||
| |||||||||
Revision 0-4 | Mon Jan 10 2011 | ||||||||
| |||||||||
Revision 0-3 | Fri Jan 7 2011 | ||||||||
| |||||||||
Revision 0-2 | Wed Jan 5 2011 | ||||||||
| |||||||||
Revision 0-1 | Tue Jan 4 2011 | ||||||||
| |||||||||
Revision 0-0 | Tue Dec 21 2010 | ||||||||
|