Configuring Spacewalk to import CentOS Errata
Monday, November 15th, 2010 by William Edwards (See all posts by William Edwards)
Spacewalk is an excellent tool for managing and deploying security updates for all of your Linux systems. Spacewalk itself is an open source systems management solution developed by RedHat. You can use it to deploy new software, manage updates, and deploy centrally managed configuration files to all your servers at once. Unfortunately, in order to get use the Errata functionality in a default installation, you have to have a RedHat subscription to the errata updates.
In this article, I am going to show you how you can setup your Spacewalk server to automatically fetch CentOS Errata from the CentOS Announce Archives and import them into your Spacewalk installation.
Instructions
This process is mainly accomplished using a python script written by Lars Jonsson from RedHat and David Nutter. The original download and instructions for the script can be found here.
Step 1
Download the CentOS Errata script and configuration file:
wget http://www.bioss.ac.uk/staff/davidn/spacewalk-stuff/centos-errata.py.txt -O centos-errata.py
wget http://www.bioss.ac.uk/staff/davidn/spacewalk-stuff/centos-errata.cfg
Mirror
centos-errata.py.txt
centos-errata.cfg
Step 2
Move the script to a directory where it can be executed by a cron job.
mkdir -p /opt/spacewalk-errata/errata
mv centos-errata.* /opt/spacewalk-errata/
chmod +x /opt/spacewalk-errata/centos-errata.py
Step 3
Edit the configuration file and modify it to suite your environment:
nano /opt/spacewalk-errata/centos-errata.cfg
[centos errata]
version=5
release=5
scrape_rhn=False[centos errata]
version=5
release=5
scrape_rhn=False[spacewalk]
server=<IP or Hostname of Spacewalk Server>
login=<Spacewalk Login Username>
password=’<Spacewalk User Password>‘[i386]
package_dir=/var/satellite/
# Enter the name of the channel that the errata will link to.
channel=centos5-updates-i386[x86_64]
package_dir=/var/satellite/
# Enter the name of the channel that the errata will link to.
channel=centos5-updates-x86_64
The script itself will parse announce archives from the CentOS Announce page, and import the data into the Spacewalk database.
Step 4
Create a cron job that will automatically download the latest announce archive and feed it into the python script. Be sure to edit the password field to include the password of the spacewalk user you are using to connect with.
nano /etc/cron.daily/centos-errata.cron && chmod +x /etc/cron.daily/centos-errata.cron
#!/bin/sh
# Processes CentOS Errata and imports it into Spacewalk# Obtains the current date and year.
DATE=`date +”%Y-%B”`# Fetches the errata data from centos.org.
wget -P /opt/spacewalk-errata/errata http://lists.centos.org/pipermail/centos-announce/$DATE.txt.gz
gunzip -f /opt/spacewalk-errata/errata/$DATE.txt.gz# Processes and imports the errata.
cd /opt/spacewalk-errata/ && \
/opt/spacewalk-errata/centos-errata.py -f archive /opt/spacewalk-errata/errata/$DATE.txt –password=’<Password>‘ –config=’/opt/spacewalk-errata/centos-errata.cfg’ >> /var/log/centos-errata.log
Step 5
Test to ensure that the script is importing correctly. You can now manually execute the script to ensure that it is working correctly:
sh /etc/cron.daily/centos-errata.cron
The script checks for new security bulletins each day and imports them into the Spacewalk database. If you have any problems with the script, check “/var/log/centos-errata.log” for any issues. Now, when you log in to Spacewalk, you should see Errata updates in the Errata tab!
Finally, I found the information I was looking for. I have looked for information of this caliber for the last several hours. Your site is greatly appreciated.
Good information, works now fine form me.
Thanks
Thanks, infor greatly appreciated.
This is great information, I’m almost there. The snag I’m hung on at the moment is that my .rpms are not in /var/satellite .. they’re in /var/satellite/redhat/1/ and in their own directories from there. How can I get the script to search through those directories and find the appropriate rpm?
Hello Phil,
The script should still associate the errata with packages stored in the database. The script should recursively look into the /var/satellite directory for the packages associated with the errata. As long as the script is configured to point to /var/satellite, it should work correctly.
Regards,
William
Same problem here – all RPMs are stored somewhere beneath /var/satellite.
The script seems to expect the RPMs directly in the directory specified in the config file and then quits with an error since the RPMs are not there.
Am facing the same issue as mentioned above, the directory is structured like – /var/satellite/redhat/1/, has anyone figured a workaround?
Unit what version of spacewalk did this work for you?
Sorry I mean until which version of spacewalk did this work for you?
Same problem over here. Spacewalk version 1.4.
I used:
package_dir=/data/satellite/
(That’s were packages are stored on my system)
But an update to the gimp rpm for example lives in:
/data/satellite/redhat/2/792/gimp/2.2.13-2.0.7.el5_6.2/i386/792c1e1451c5ffd44a1433468f5de4d1/gimp-2.2.13-2.0.7.el5_6.2.i386.rpm
The centos-errata.py script is unable to find it (version 0.2 as well as 0.3) because it’s looking for:
/data/satellite/gimp-2.2.13-2.0.7.el5_6.2.i386.rpm
Perhaps the script maintainer(s) can provide us with an update?
Extra information,
From the rhn_web_api.log on my spacewalk server I can see the requests coming in. For each package I see one ‘packages.search.name’ and 5 ‘packages.getDetails’ requests. But at the end of the process I see these kind of lines in the api.log:
[2011-06-03 23:06:25,519] ERROR – REQUESTED FROM: *callerIp* CALL: errata.getDetails(3518x8f9278f129f4f799760f4458c2685d22, CESA-2011:0486) CALLER: (david) TIME: 0.007 seconds
redstone.xmlrpc.XmlRpcFault: unhandled internal exception: could not execute query
On the centos-errata.py console (which I execute on the Spacewalk server itself by the way) I see this output for each unfound package:
Spacewalk search failed: falling back to searching /data/satellite/ for cpuspeed-1.2.1-10.el5.i386.rpm
process_pkg_file failed with exception [Errno 2] No such file or directory: ‘/data/satellite/cpuspeed-1.2.1-10.el5.i386.rpm’.
Traceback (most recent call last):
File “./centos-errata.py”, line 671, in process_pkg_file
fd = os.open(pkgfile, os.O_RDONLY)
OSError: [Errno 2] No such file or directory: ‘/data/satellite/cpuspeed-1.2.1-10.el5.i386.rpm’
and:
At the end I get some errors like these:
An exception occured when communicating with the server. Skipping erratum CEBA-2011:0825. Reason:
Traceback (most recent call last):
File “./centos-errata.py”, line 1031, in main
if not session.getErrataDetails(erratum.advisoryName) is None:
File “./centos-errata.py”, line 455, in getErrataDetails
result = self.server.errata.getDetails(self.rhnSessionKey,advisoryName)
File “/usr/lib64/python2.4/xmlrpclib.py”, line 1096, in __call__
return self.__send(self.__name, args)
File “/usr/lib64/python2.4/xmlrpclib.py”, line 1383, in __request
verbose=self.__verbose
File “/usr/lib64/python2.4/xmlrpclib.py”, line 1147, in request
return self._parse_response(h.getfile(), sock)
File “/usr/lib64/python2.4/xmlrpclib.py”, line 1286, in _parse_response
return u.close()
File “/usr/lib64/python2.4/xmlrpclib.py”, line 744, in close
raise Fault(**self._stack[0])
Hope someone can help me out.
Same problem here with SpaceWalk 1.4.
Workaround: Create Symlinks via CRON …
I created a Cron which does:
cd /var/satellite/redhat && ./do_link.sh
–content of do_link.sh–
#!/bin/bash
for i in $(find . -type f -name *.rpm); do
BASENAME=$(basename $i)
if [ ! -L $BASENAME ]; then
echo “Linking $i to $BASENAME …”
ln -s $i $BASENAME
fi
done
Hi Robert,
Really gr8 script. One issue I am facing with this script is, after repo-sync if I run the script on the same location for 2nd time then it throws the below error .
[root@spacewalk satellite]# ./do_link.sh
find: paths must precede expression
Usage: find [-H] [-L] [-P] [path...] [expression]
/\
dE
Robert,
how often do you run the do_link.sh script in cron?
Thanks,
for those: “paths must precede expression” errors (which will show the 2nd time you run the doLinks script), change the script:
from:
for i in $(find . -type f -name *.rpm); do
to:
for i in $(find . -type f -name ‘*.rpm’); do
Hello! Thanks for the script!
I have done an improvement in doLinks to search the files throug the database, it may speed up the process:
#!/bin/bash
read_sql_stmt() {
echo ”
set feedback off verify off heading off pagesize 0 line 1000
$1;
exit
” | sqlplus -s $user/$passwd@SPACEWALKDB
}
file=$1
if [ "$file" ]; then
grep rpm $file | cut -d ‘ ‘ -f3 | grep -v ‘^[ ]*$’ | while read pkt; do
echo -n “Processing $pkt: ”
SQL=”SELECT P.PATH FROM RHNPACKAGE P WHERE P.PATH LIKE ‘%$pkt%’”
found=$(read_sql_stmt “$SQL”)
if [ $found ]; then
BASENAME=$(basename $found)
TARGET=/var/satellite/$found
if [ -f $TARGET ]; then
#echo “Linking /var/satellite/$i to /var/test/$BASENAME”
ln -s $TARGET /var/test/$BASENAME
echo “OK”
else
echo “FILE NOT FOUND”
fi
else
echo “NOT IN DB”
fi
done
fi
Yo have to pass the file in text format to the script doLinks.
Salu2
Hello,
I hope it is not inappropriate to comment that I have also written a tool that imports CentOS Errata into Spacewalk which has some additonal Features like CVEs, Errata Selection and more.
If you are interested you can find it at -> http://cefs.steve-meier.de
Kind regards,
Steve