Red Hat Open-Sources RHN As "Spacewalk"

deadearth writes "At their annual summit, Red Hat announced they are open-sourcing the Red Hat Network Satellite product, calling it Spacewalk. This will be the new upstream for the Satellite system management solution. Here is the Wiki."

Automatic Updates

[suck_burners_rice]

It's about time! Now every kind of GPLed software, from operating systems to yet another version of colorizing "ls" can provide a nifty "automatic updates" feature without too much extra work on the part of the developers.

Re:Automatic Updates

[donaldm]

Automatic updates may be ok for the novice or the person who has no interest in knowing what is being updated until it is actually updated.

The problem you have in the enterprise is the IT mangers need to know what is being updated and talk to the appropriate application people so they can get approval to do the actual update. In the majority of cases you are going to find a vendor who is not willing to support a particular update so you end up with a political mess on your hands.

From the Redhat, Fedora or Centos side it is very easy to setup and maintain an in-house yum server so that you can "lock-in" a specific set of updates from which acceptance tests can be run and once accepted the same updates are then requested by each client. This may take a few months between testing, final acceptance and eventual update roll-out, in the meantime no new updates are are accepted. Then the cycle repeats.

Sounds silly but large corporations insist on this and the Redhat Satellite server was one of the best ways of doing this, however it was not a cheap solution. Since Redhat decided to use yum (RHEL5 on) the Satellite solution can now be replaced by a yum server although some companies with huge amounts of Linux machines could still benefit from the Satellite solution.

I am not quite sure if Redhat supports yum on RHEl4 but the packages can be got from Redhat and they do work. Using yum (not that much different to using apt-get or yast) is very easy and you can vet what you are going to update as well as preventing some applications from being updated such as "Java" and "MySQL" which can result in embarrassing moments if these are updated and the MySQL application does not support the later release.

Re:Automatic Updates

[Gazzonyx]

Yeah, it sounds silly until yum updates on a Thursday night, samba jumps up ten patch versions and twenty RHEL security patches and users can't access shares because your config has a setting that didn't cause any harm in the past, while blowing up the new samba version.

True story. It wasn't anyones fault, it was just a disastrous intersection of code bases. Also, Johnny Hughes of the CentOS team, and a regular slashdotter, was nothing short of amazing for email support. I think I heard back from him within the hour and we shot back and fourth emails until the problem was found and put in the bugtraq. Give this guys credit, BTW, they've earned my respect.

But yeah, these things happen when you have automatic updates. They make maintaining a farm easier, but don't be fooled in to thinking that they're the Silver Bullet. At work I use CentOS, and home I use Slackware; two completely different worlds. On my Slackware boxes, I can usually tell you what version of each major program is running, its patch level and its dependencies (and whether they're compiled as static or shared libraries) within a respectable margin of error.

On the server we have at work, I've kind of given up and yum does its thing. I've fallen in to the "I'll put it out when it catches on fire" mode of thinking due to poor management decisions that are in direct opposition to my advice. Both methods work, depending on how important your boxes and what they do are to you. By hand takes more time, but leaves you with exactly the system you demand. The other is "fire and forget" until you need to know what you fired where.

Re:In related news...

[kiehlster]

Why do you think that the Red Hat mascot looks strikingly like MJ from the 80s? If it was a full body representation, he'd be doing the moonwalk.

Caveats

[mattmarlowe]

Note that their blog entry states that they still expect all real redhat customers to continue purchasing the satellite service from RedHat rather than using this newly released software which is targeted for Fedora primarily with some support for centos. That's a little painful as I know several small businesses that pay for direct redhat updates/support and could use a local satellite install, but just can't afford the pricing and must continue to deal with the clunky/slow rhn web interface.

Re:Caveats

[mattmarlowe]

Also from the website:

    Can I use Spacewalk to sync my entitlements for Red Hat Enterprise Linux and other Red Hat software products?

    No. At this time, in order to be able to connect to rhn.redhat.com and satellite-sync Red Hat software content, you will need the Satellite product with an active Satellite certificate.

    Now that Spacewalk is available, does this affect Satellite pricing?

    Basing the Satellite product on a free & open source project will not affect the product's pricing. However, we are currently considering alternative ways of packaging the product based on studies we have done on the usage of the product as well as feedback from our valued customers.
    These considerations are unrelated to the product becoming free & open source, though. If you have feedback on this please contact your Red Hat sales representative or if applicable your Technical Account Manager.

If you look at the table/figures on the FAQ page, you'll also see that RedHat is discouraging use of spacewalk for RHEL.

Furthermore, if you look at the roadmap, you'll see support for various Fedora and CentOS versions listed but nothing for RHEL.

GPLv2

[dk90406]

Interesting that the chose GPLv2 over the GPLv3. Does anyone have a educated guess to why?

Re:GPLv2

[fsmunoz]

Because they felt like it is a good answer.

The "political statement" part and the "didn't want to be a part of it" are however conspiracy theories - or more likely a reflection of your own views, given your username - that seem to forget that RedHat welcomed the GPLv3 and contributed to the process:

We want to congratulate the Free Software Foundation, the Software Freedom Law Center, and the many companies and individuals, who have all worked so diligently, for their efforts in developing version 3 of the GNU General Public License. Their work is to be commended. Red Hat believes our end user customers will benefit from several of the new provisions in GPLv3, including the patent license provisions. Red Hat will continue to contribute to projects that migrate from GPLv2 or other licenses to GPLv3, and we will look to include GPLv3-licensed projects in our future distributions. GPLv3 will also be added to the list of approved open source licenses under Red Hatâ(TM)s Patent Promise.

Which means that they'll use both and see no problem in either - just like the vast majority of projects and developers that like the GPL in the first place.

My experience with RHN Satellite

[bwhaley]

I'm currently working towards on RHCA, which requires a series of 5 exams, one of which covers "systems management." In the Red Hat world, this means RHN Satellite, Xen, and a few other misc tricks of the trade (packaging RPMs, RHN proxy, etc). The rub is that I'm trying to do this without taking the courses associated with each exam. This is a huge challenge since there is very little official material to study from. I'm currently signed up for EX401, the systems management text, next week.

I obtained an evaluation satellite license (they quoted around $13k/year as a retail cost) and a bunch of management, provisioning, and virtualization entitlements. I only have the course outline and the exam "prep guide", which is really just 20 or so bullets on what you need to know. I've done all my studying using Red Hat's Satellite documentation and the varoius Xen materials that are publicly available.

Satellite is a really useful technology for large enterprises with a bunch of Red Hat/CentOS/Fedora servers. It's exactly like the rhn.redhat.com interface. You can create kickstart profiles, provision new systems, manage Xen guests, run system commands, deploy configuration files (centralized syslog.conf, anyone? common /etc/motd? hosts.allow/.deny? very useful.), run commands on a lot of hosts at once, and carefully control patches.

I've got some beef with it. First, it's currently supported only on RHEL 4, not 5. RHEL5 has been out for about 15 months - what gives? Getting it set up and configured correctly has been very finicky. I still don't understand all the behind-the-scenes services. The jabber service that runs OSAD is a huge mystery to me. And God save you if you try to change your hostname - getting that SSL cert to match again has been a nightmare.

Some of this is certainly my own lack of knowledge. There's a useful, active mailing list that I see the developers participate in. I'm sure support is excellent as well. I've been mostly impressed with the documentation, but I don't need to see screenshots of every piece of the web interface. Tell me WTF that jabber process does! How can I get OSAD working properly? Plus, the docs can be pretty spread out and tough to find. I wasn't even aware of the mailing list until I read the README that's buried in the Satellite ISO.

All-in-all, a cool product, but perhaps not useful for organizations with 50 servers or so.

Re:My experience with RHN Satellite

[antirelic]

This is part of the Red Hat enterprise experience, which in my humble opinion is not that great of an experience. I have used the RHN in the past, and I have been completely underwhelmed by the outdated up2date style gui's (which tend to freeze) and lack of really comprehensive command line support.

On top of that, your not really getting what you pay for over all. Sure, in corporate world you have a blame line and someone to go back to at least as far as distribution and configuration goes, but RHN is not "far superior" to current 'apt' and 'yum' type solutions that are available to the rest of the "free world". Any given day, I would trade off RHN interface for package management for those managers available on a (brace yourself) Ubuntu desktop.

Also, if your concerned about the "security' aspect of updating your enteprise from a public source (which is ridiculous in this day and age, just keep off the cutting edge and your fine) you can always create your own "yum" and "apt" repositories for a fraction of the price (price only implies hardware, bandwidth, and maintenance) of RHN.

On a "btw" I have never been in an environment where I needed to run the "same command" at exactly the "same time" on a variety of different servers. Of course... nothing says lovin like writing a perl script that has a "central server with distributed SSH key" that can "fork" processes off to the background and do a routine on multiple boxes for sans fee....

So why buy RHN again?

Re:My experience with RHN Satellite

[EvilAlphonso]

After 4 years of satellite management, I can say the following:

The configuration channels suck so much in practice that we are developing our own internal solution to replace it.

The RHEL5 support is a mystery to me as well, it might be related to the issues encountered running the Sat inside a xen guest. I need to check with my TAM, but the last official message I had was "not supported".

I'm in the process of migrating from Sat 5.0 to Sat 5.1, to take advantage of the sub-org delegation. That was one of the biggest pains in the previous versions as my customer is split into 20-ish independent entities and I get to manage the satellite that maintains them all. After the migration, I fully intend to just maintain the channel staging, the common custom packages and the kickstart templates. I will delegate the actual kickstart part to the sysadmins without having to give them complete control over all the machines of the site.

I am also very excited by the new RHN API, maybe I will finally be able to fully automate the errata management with automated regression testing for our supported use cases. As it stands now, the errata staging consumes most of my work week...

Hint: OSAD is used to push updates or commands to the client from the satellite. The clients subscribe to a jabber channel and do what the satellite tells them to. Chances are the old hostname is still in the jabber configuration file... happened to me during the Sat5 upgrade.

Re:My experience with RHN Satellite

[nologin]

Hmm, I've worked with RHN satellite quite a bit, and it does have some nice features. My biggest complaint about it is that the interface isn't intuitive as it should be; if you need to find things, some of them are hidden well enough so you have to memorize stuff...

But to answer your question about OSAD, the RHN satellite server uses this to automatically push instructions to its clients. Without OSAD, the only way that the client verifies that it has tasks to do is through a script called rhn-check. That runs periodically via crontab on the managed system; it initiates a connection to the satellite server and executes any tasks that are listed in its scheduled tasks. If you want to change how often the system checks in with the satellite server, just change the timing on rhn-check in the crontab.

The OSAD service is a tool that allows you to automatically push changes from the satellite server to the managed systems immediately. You run the osad service on the managed system and the osa-dispatcher service on the satellite server and once you use the webUI on the satellite server to do something (like upgrade a package for example), the managed system will update immediately, rather than wait for the next check in (rhn-check) to run on the managed system. A gross simplification of what OSAD does is that it performs actions in real time, rather than on a regular scheduled check-in basis.

Re:My experience with RHN Satellite

[bwhaley]

Hint: OSAD is used to push updates or commands to the client from the satellite. The clients subscribe to a jabber channel and do what the satellite tells them to. Chances are the old hostname is still in the jabber configuration file... happened to me during the Sat5 upgrade. Thanks. I get the purpose of OSAD, but all I see is errors in the client and server OSAD logs that are completely useless, even with debugging set to high values. I'm pretty sure it's an SSL cert error.

Re:My experience with RHN Satellite

[Wdomburg]

Net booting is only one aspect of provisioning. What about tracking (servers, virtual machines, assets, images, configs, etc)? Or adding hosts to DNS and DHCP configs? Or keeping machines synced after the initial install? Or password and user management?

Re:My experience with RHN Satellite

[sirrmt]

I quite like the configuration channels, but I tend to find that their tools are lacking. The official API is not feature complete, and I've been forced to hack together my own clients for configuration file management to allow nice, orderly, uploading and centralised revision control..

In my organisation, we also have multiple environments (dev, test, prod) and need to migrate config channels between them. I also had to hack together a way to automatically upload config files to the override channel for individual systems, because the API lacks support for this.

I eagerly look forward to being able to simply send patches upstream, instead of having to submit my patches via bugzilla and wait for them to filter through their support network.

In addition, fine-grained access control based on various criteria (such as IP addresses and arbitrary LDAP/other searches) for regulatory compliance or other purposes. Right now, I've implemented limited access control for kickstarts and up2date requests using mod_python handlers parsing URLs, but it's very hackish.. hopefully I can now add the appropriate hooks to Satellite itself!

Re:My experience with RHN Satellite

[bwhaley]

False. Satellite supports an external database as well. I suspect the lack of RHEL5 support is due to package incompatibilities.

Re:My experience with RHN Satellite

[Midnight+Warrior]

We've been using it for a couple of years now, and I've even taken the class on it. Everyone's gripes here are quite true. I've got three gripes with it. One: the Monitoring module, uses an internal package RedHat bought called NOCPulse. I've got auditing running on our machine and I found that gogo.pl, a piece of NOCPulse, opens /etc/shadow in read/write mode hundreds of times a day. The kicker, is that it's non-obvious from the source code where or how it's doing this, or even why. We've threatened to un-pay for Monitoring unless it gets fixed and now. Since we're using ZenOSS, we'll probably un-pay for it anyway since ZenOSS does all this stuff anyways.

Two: Oracle is their choice for a backend RDBMS. Oracle charges a very fine penny. Now, as RedHat open sources it, folks will hopefully change out the database package. RedHat has already indicated that they will keep the price the same, so my guess is that the expected profit increase will come from goading the OSS community to dump Oracle, thereby relieving them of licensing costs, and putting the new leftovers straight onto the bottom line. If Satellite Server was comparable in cost to Microsoft's SMS, I don't think folks would mind so much.

Three: Incremental updates are impossible for disconnected networks without moving all XX Gigabytes of RPMs. I've heard that under the new version, this might be possible, but I'm not holding my breath. In a world that expects you to maintain patch compliance, it's not so easy to deploy those patches. Where this matters most is isolated U.S. Government networks. Getting patches is non-trivial. Yes, it's the admin's job to sneaker-net the updates which is fine, but importing is not as trivial as you might think it should be.

Usability is something that is really lacking with this product. Notably, in configuration channels (which are a nice idea) while I'm looking at a configuration file, I should have the choice right then and there to deploy it to one or more hosts. Nope. I have to go to the system group and tell them to go get it. And even that is buried unless you've been trained on where it's hiding.

So, can the community do this? Sure. But I think most folks would rather just rewrite it around yum. The best thing Satellite offers is the automation of kickstarting and joining to the Satellite server. Sure, you go over DHCP, TFTP, and kickstart files in class, but Satellite does most of the work for you. I kinda wish mass deployment and patch monitoring was the default way to do RedHat, and the manual method is only meant for your first couple of installs - especially since RedHat has declared that they aren't interested in focusing on a general-user desktop.

Re:My experience with RHN Satellite

Your experiences seems old.

You used only RHN Hosted and not RHN Satellite. TFA is about RHN Satellite. Also, you do not 'Buy RHN' when using RHN Hosted, as it comes FoC with your Red Hat subscription.

RHN satellite can run completely disconnected from any network. You can stay like this or open maintenance windows to temporary connect to RHN Hosted to sync updates. If you choose to stay completely disconnected from the internet, Red Hat will send you updates on optical media, you can still patch your servers.

The ability to redeploy machines across from 32 to 64bit, preserve files on redeployment, define a kickstart file in 3 clicks, deploy all kinds of configuration files, diff machines configs and packages, create custom repos with your own software ... The day where you are admining 200+ boxes, you will love the ability to schedule a command on all those boxes from a central point, and up to 4 years in advance.

There is so much more to it that it will require a longer post ... but in short, this is why people buy RHN Satellite, because it makes Windows level admins able to manage linux after a small learning curve while keeping everything within their LAN. Sure creating repos and custom scripts can work too, but the convenience to have it all under a roof, under a week, with no problem of scalability, weeks of testing and fine tuning is again priceless to new organization coming to Linux. Also, what do you think is quicker to learn for the average Windows admin nowadays: command line creations of repos and sh / perl scripting or learning a web interface ?

Finally RHN provides an API that uses XML over RPC, standard compliant and usable by majority of languages that will let you do things without touching the web interface.

Re:Will it support LDAP and Kerberos?

[foobat]

it's planned to tie in with freeIPA https://fedorahosted.org/spacewalk/wiki/TheRoadmap

Re:RHN? Yum?

Because YUM doesn't track assets such as activation keys (for RHEL Products) nor does YUM by itself allow you to install a package on multiple systems at the same time without some type of frontend (like Spacewalk for instance).

I realize this is slashdot, where no one RTFAs before spouting off with an uninformed troll such as yours, but damn, even just a cursory glance of the wiki at the provided link would have answered your question.

Kudos!

[giminy]

I used to be a red hat satellite administrator. There were quite a few bugs in the system that prevented me from doing the things with the network that I would have liked (centralized configuration file management, custom package deployment issues). It took Red Hat about a year and a half to solve each of the bugs, from the time I submitted them to the bug tracker to the time that a patch came out. I'm somewhat competent with Java, and do believe that I could have fixed the problems myself. I was beginning to get a bit frustrated with Red Hat due to the little bugs that cropped up in the server, and the slowness to respond. I understand that software development and testing cycles are tough, but I kind of felt like, for the money (about $15k per year), a quicker fix was in order.

I also recognize that it's a tough decision for them to open source this thing which raises a lot of money for them. No doubt this will spawn some real service competition for Red Hat, as other companies will able to easily implement their own RedHat-derived operating system complete with a centralized management system. It does fix my "using open source software to sell a closed source service" gripe. It's definitely a brave move, so kudos to them.

Oracle? Doh!

[nfsilkey]

Too bad it requires Oracle. Im already jumping from RHEL to CentOS to cut operations costs given my broke higher-ed shop. Hopefully the project's codebase will mature to allow for a db backend which doesnt require me to pump a lot of cash I dont have to Papa Ellison in Redwood City.

Re:Oracle? Doh!

[Ashcrow]

From reading https://fedorahosted.org/spacewalk/wiki/SpacewalkFaq it sounds like they have plans on making it not so oracle-centric.

Landscape

[sciurus0]

I wonder if this will push Canonical to release a version of Landscape, their equivalent service for Ubuntu, as free software. Currently Landscape is hosted by Canonical and costs $150 per node.

Good Points

[Gazzonyx]

Actually, I pushed for Slack at work, but it made my (MSCE trained) boss nervous; I had to give something up as compromise for them allowing me to run Linux... CentOS being RHEL was enough leverage to get it through. Ironically, I prototyped the Samba server using Slack because all I could get together, hardware wise, to mock something up was an old EMachine 600 MHz clunker with a 20Gb 5.25" Quantum Fireball drive. Slack is the only thing (other than BSD) that would run on it.

At home, I'm a distro hopper on the desktop; Fedora-9 now, Sabayon a few months ago. But both my servers are Slackware (well, BlueWhite64 on the 64 bit side). I don't mind the package management, I compile and roll my own packages that I keep in a svn repo. I've even packaged my own PAM because it makes my life easier. On the desktop though, it's just too much work. But when I want a stable, rock solid, lean-and-mean-compiles-it-all-machine, it's Slackware all the way.