Skip to content

SeaPhor/suma-channel-mgr_5

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

129 Commits

Archive

Archive

 
 

Latest_Stable

Latest_Stable

 
 

Tools

Tools

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

RepoLog.log

RepoLog.log

 
 

suma-channel-mgr.sh

suma-channel-mgr.sh

 
 

uyuni-channel-mgr.sh

uyuni-channel-mgr.sh

 
 

Repository files navigation

suma5

In 2017 I was asked to give a presentation and speech at SUSECon-2017 based on the process and execution for automating Patch LifeCycle Management through this scripted portable, scaleable, and automate-able set of commands and API calls on SUSE-Manager. I was not able to attend due to an employer conflict, but, it was an honor just to be asked.

Lifecycle-Management

  • According to "SUSE Manager Best Practices" and "Advanced Patch Lifecycle Management with SUSE Manager" [By Jeff Price, SUSE] ... "SUSE provided channels should NEVER be assigned to managed systems. One reason is that you do not have control over when the content is updated and made available." [Chapter 5-1 of the Administration guide for SUSE Manager and is also in the 2 titles mentioned above.]

    • EXAMPLE => Patch Non-Production one week/month to test the patches prior to implementing to Production, and then patch the Production the following week/month => packages will be different and test in Non-Production will be invalid.

  • There are 2 ways to accomplish this,

    • 1 => Manually in WebUI with some manual CLI as well <= NOT Discussed in this writing
    • 2 => Use my script, or create your own, to automate this entire process.
    • My Automation Script
      • Requirements-
        • Package => "spacewalk-utils" (in the repository for SUSE Manager)
          • This will give you the "spacewalk-manage-channel-lifecycle" command used in my script.
          • Upon the first run of the script it will check for this package and offer to install it for you if it not installed.
        • Source File for Local credentials and custom additions.
          • Upon the first run of the script it will check for this file and offer to create it for you if it does not exist.
      • Script Actions
        • First Run (Every run will check and verify)
          • Check for a "credentials" file to be sourced, and offer to create it if not present.
          • Source the "credentials" file
          • Check for the "spacewalk-utils" package and offer to install it for you if it not installed.
          • Check for the "~/.mgr-sync" file and create and populate it if not present
          • Refresh and sync all SUSE Channel Trees using the "mgr-sync -s refresh" and the "spacewalk-repo-sync" commands.
          • Check for the "dev-..." channel tree to determine first-run or not
            • Run the "spacewalk-manage-channel-lifecycle" command with the "--init" option in the first-run only, it uses the "--promote" thereafter.
              • This will clone the SUSE Channel Tree/s into "dev-..." trees as in "sles12-sp3-pool-x86_64" => "dev-sles12-sp3-pool-x86_64" and all child channels accordingly.
            • If not present it will create an "Activation Key" for each "dev-..." pool.
            • If not present it will create a "Bootstrap Script" with it's activation key for each "dev-..." pool.
          • Check for the "test-..." channel tree to determine first-run or not
            • Run the "spacewalk-manage-channel-lifecycle" command with the "--promote" option.
              • This will Promote (clone) the "dev-..." Channel Trees into "test-..." as in "dev-sles12-sp3-pool-x86_64" => "test-sles12-sp3-pool-x86_64" and all child channels accordingly.
            • If not present it will create an "Activation Key" for each "test-..." pool.
            • If not present it will create a "Bootstrap Script" with it's activation key for each "test-..." pool.
              • This will Promote (clone) the "test-..." Channel Trees into "prod-..." as in "test-sles12-sp3-pool-x86_64" => "prod-sles12-sp3-pool-x86_64" and all child channels accordingly.
            • If not present it will create an "Activation Key" for each "prod-..." pool.
            • If not present it will create a "Bootstrap Script" with it's activation key for each "prod-..." pool.
          • Run any Custom functions added to the "credentials" file- NOTE => this function call needs to be manually created and called either in the "credentials" file or in the script itself.
          • Email the named recipient with the results.
        • All logging is done in '~/reposync.log'
        • The script and the "credentials" file are located in '~/bin/'
        • The first-run will not run them out of sequence- they must be run i order- -b, -d, then -p
        • All runs after the first run will require no user interaction and can be put into cron-job/s.

APPENDIX A Lifecycle-Management Here's how I manage mine-

  • First Monday of every Month at 1am, 3am, 5am =>
  • [-b], [-d], [-p]
  • Every Monday at 1am =>
    • [-b] <= This channel is exclusively used for our PCI and other Compliance clients that MUST be kept patched at least Every Month with the Latest available packages.
  • We patch Non-Production PCI and other Compliance clients on a Monday, and then their Production counterparts on the following Thursday, allowing 3 days for OS and Application/s testing.
  • NON-Compliance clients are patched Quarterly, by groups, 1 group per month with the Non-Prod done in the first week of the month and the Production done in the third or fourth week of the month.

About

SUSE Manager LifeCycle Patch Channel Management

Topics

spacewalk lifecycle-management suse-manager

Resources

Readme

License

LGPL-2.1 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages