echo "

Using cvmanager to automate promotion of content views in Red Hat Satellite 6.2

In the past this was done using a bash script consisting of hammer commands ran once a month. Since this stopped working in Satellite 6.2 and wasn't compatible with composite content views we switched to the katello-cvmanager → https://github.com/RedHatSatellite/katello-cvmanager/

The publish.yaml file should contain all the content views in use (NOT the composite ones)

DEV,yaml;TEST.yaml;UAT.yaml;PROD.yaml should contain all the content views and composite content views used in the appropriate environment.

And once a month the monthly_updates.sh script is triggered through the root cron. This will publish a new content view for every update of the repos underneath and afterwards promote the (composite) content views for the environments. Unused content views are deleted except one.

 We ran into an issue with repos that have never been synced (own content) and opened a ticket for that https://github.com/RedHatSatellite/katello-cvmanager/issues/25

For now this is fixed by this line replacement

-if repo.has_key?('last_sync') and repo['last_sync'].has_key?('ended_at') and repo['last_sync']['ended_at']
+if repo.has_key?('last_sync') and repo['last_sync'].is_a?(::Hash) and repo['last_sync'].has_key?('ended_at') and repo['last_sync']['ended_at']

This is the cron job that I run to publish, promote and clean the content views once every month.

30 05 * * 0 [ $(date +\%d) -le 07 ] && cd /opt/satellite6_scripts/katello-cvmanager/ && /opt/satellite6_scripts/katello-cvmanager/monthly_updates.sh | mail -E -s "Satellite Monthly report: Content view updates" systems@company.com

This is the script that I use to trigger all the actions

==> monthly_updates.sh <==

#!/bin/sh
set -e
#Publish all content views
./cvmanager --config=publish.yaml --wait publish

#Update content views for DEV
./cvmanager --config=DEV.yaml --wait update
./cvmanager --config=DEV.yaml --wait promote

#Update content views for TEST
./cvmanager --config=TEST.yaml --wait update
./cvmanager --config=TEST.yaml --wait promote

#Update content views for UAT
./cvmanager --config=UAT.yaml --wait update
./cvmanager --config=UAT.yaml --wait promote

#Update content views for PROD
./cvmanager --config=PROD.yaml --wait update
./cvmanager --config=PROD.yaml --wait promote

#clean up unused content views
./cvmanager --config=publish.yaml --wait clean

==> PROD.yaml <==

---
:settings:
:user: read_only_user
:pass: *changme*
:uri: https://localhost
:timeout: 300
:org: 1
:lifecycle: 4
:keep: 1
:promote_cvs: true
:checkrepos: true
:cv:
rhel-7-server-x86_64: latest
rhel-6-server-x86_64: latest
capsule-7-x86_64: latest
:promote:
- rhel-7-server-x86_64
- rhel-6-server-x86_64
- capsule-7-x86_64

==> TEST.yaml <==

---
:settings:
:user: read_only_user
:pass: *changme*
:uri: https://localhost
:timeout: 300
:org: 1
:lifecycle: 2
:keep: 1
:promote_cvs: true
:checkrepos: true
:cv:
rhel-7-server-x86_64: latest
rhel-6-server-x86_64: latest
capsule-7-x86_64: latest
cv-repo-remi: latest
:promote:
- rhel-7-server-x86_64
- rhel-6-server-x86_64
- capsule-7-x86_64
- cv-repo-remi

==> UAT.yaml <==

---
:settings:
:user: read_only_user
:pass: *changme*
:uri: https://localhost
:timeout: 300
:org: 1
:lifecycle: 10
:keep: 1
:promote_cvs: true
:checkrepos: true
:cv:
cv-repo-remi: latest
:ccv:
cv-RHEL7-app-php7:
cv-repo-remi: latest
rhel-7-server-x86_64: latest
cv-RHEL6-app-php7:
cv-repo-remi: latest
rhel-6-server-x86_64: latest
:promote:
- cv-repo-remi
- cv-RHEL7-app-php7
- cv-RHEL6-app-php7

==> DEV.yaml <==

---
:settings:
:user: read_only_user
:pass: *changme*
:uri: https://localhost
:timeout: 300
:org: 1
:lifecycle: 9
:keep: 1
:promote_cvs: true
:checkrepos: true
:cv:
rhel-7-server-x86_64: latest
rhel-6-server-x86_64: latest
cv-repo-remi: latest
:ccv:
cv-RHEL7-app-php7:
cv-repo-remi: latest
rhel-7-server-x86_64: latest
cv-RHEL6-app-php7:
cv-repo-remi: latest
rhel-6-server-x86_64: latest
:promote:
- rhel-7-server-x86_64
- rhel-6-server-x86_64
- cv-repo-remi
- cv-RHEL7-app-php7
- cv-RHEL6-app-php7

==> publish.yaml <==

---
:settings:
:user: read_only_user
:pass: *changme*
:uri: https://localhost
:timeout: 300
:org: 1
:lifecycle: 1
:keep: 1
:promote_cvs: true
:checkrepos: true
:publish:
- rhel-7-server-x86_64
- rhel-6-server-x86_64
- capsule-7-x86_64
- cv-repo-remi
- cv-RHEL7-app-php7
- cv-RHEL6-app-php7

 

Use Ansible to report which systems need to reboot

I created this cronjob using an Ansible playbook to see if any of the Ansible managed hosts are up too long or have a newer kernel installed than the one running. This gives us a monthly overview to see which machines should be rebooted. This script is only valid for RPM and Red Hat based systems. Please adapt root on the end of the cron line to match the e-mail address you want to send your report to and make sure the system mail service is configured correctly.

/etc/cron.d/uptime-and-kernel-upgrade-report

# Send a report mail every month with the ansible managed hosts that have an uptime equal or higher than 300 days OR have a newer kernel installed than the one running
0 0 1 * * sysauto /usr/bin/flock -x -n /opt/systems/ansible -c 'cd /opt/systems/ansible/ ; ansible-playbook playbooks/systems/check_uptime_and_kernel_upgrade.yml | grep " has " | sed -e "s/^[ \t]*//" | mail -E -s "Monthly report: Systems that need a reboot" root'

check_uptime_and_kernel_upgrade.yml

- hosts: all
tasks:
- name: "Check for machines that have an uptime that exceeds 300 days"
shell: echo "$(hostname) has been up for $(uptime | cut -d ',' -f 1 | cut -d ' ' -f 4) days"
when: ansible_uptime_seconds > 25920000
register: uptime_exceeded
- name: "Check for machines that aren't running the latest installed kernel"
shell: LAST_KERNEL=$(rpm -q --last kernel | perl -pe 's/^kernel-(\S+).*/$1/' | head -1);CURRENT_KERNEL=$(uname -r);test $LAST_KERNEL = $CURRENT_KERNEL || echo "$(hostname) has a newer kernel installed than the one running"
ignore_errors: true
register: reboot_hint
- debug: var=uptime_exceeded.stdout_lines
- debug: var=reboot_hint.stdout_lines

 

Zimbra to Zimbra migration using Zextras and SSHFS

This is only an extension to a normal installation. So you should have your new Zimbra environment ready to move the data of your current Zimbra environment to it.

In the past we did an in-place upgrade of our Zimbra and the Ubuntu it was residing on. The last upgrade from 8.5.1 on Ubuntu 14.04 to 8.7.1 on Ubuntu 16.04 was such a drama that I started looking for an easier solution that would give me a fresh Zimbra with all my settings, accounts, mails, calendar items ... without too much fuss.

To prevent inconsistency please stop your old Zimbra and afterwards make a snapshot and/or backup before you continue.

/etc/init.d/zimbra stop

OR

su - zimbra -c "zmcontrol stop"

Also stop and disable fetchmail if you're using it

/etc/init.d/fetchmail stop 
sed -i "s/START_DAEMON=yes/START_DAEMON=no/g" /etc/default/fetchmail

Next change the IP because the Zimbra will need to be started again to do the export

sed -i "s/old_ip/temporary_ip/g" /etc/hosts /etc/network/interfaces
reboot

Next on both Zimbras create a folder to store the migration data on

su - zimbra -c "mkdir /opt/zimbra/backup/exports /opt/zimbra/backup/zextras"

Next mount this folder as the user zimbra on the new Zimbra (don't set a password on the zimbra user, just create a key pair and share the SSH public key). This will save you time to move the data.

 sshfs zimbra@temporary_ip:/opt/zimbra/backup/exports/ /opt/zimbra/backup/exports/

Next install the migration tool on the old Zimbra

cd /tmp && wget https://download.zextras.com/zextras_migration_tool-latest.tgz
tar xvzf zextras_migration_tool-*.tgz
cd zextras_migration_tool-*/
./install all

Now open the Zimbra admin page (https://temporary_ip:7071) and start exporting the domains and user you want to keep. Through ZeXtras -> ZxMig -> Start Migration

undefined

undefinedundefined

 Change the folder to the newly created /opt/zimbra/backup/exports

undefined

Select the domains you want to move

undefined

Under ZxNotifications check for any error during the export

undefined

When this finishes you can start importing on the new Zimbra. First install the Zextra suite (this is free for 30 days and we will remove it after we finish to get rid of warnings afterwards)

cd /tmp && wget http://download.zextras.com/zextras_suite-latest.tgz 
tar xvzf zextras_suite-*.tgz
cd zextras_suite-*/
./install all

Open the Zimbra admin page (https://new_ip:7071) and open the ZeXtas -> ZxBackup -> select Import Backup

 undefinedundefinedundefined

Change the path to /opt/zimbra/backup/exports

undefined

Select the domains you want to import

undefinedundefined

Select the accounts you want to import

undefined

And check if the restore started without warnings

undefined

After this finished you can clean up and give your new Zimbra the IP of the old one to start sending and receiving mails again.

If you had an SSL certificate installed now is the time to move that as well. Do this as user zimbra!

On the old zimbra

rsync -au /opt/zimbra/ssl/ zimbra@new_ip:/tmp/ssl/

On the new Zimbra

cp /tmp/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/ 
./zmcertmgr deploycrt comm /tmp/ssl/zimbra/commercial/commercial.crt /tmp/ssl/zimbra/commercial/commercial_ca.crt

In any case I would also enable HTTP -> HTTPS redirection

zmprov ms "FQDN" zimbraReverseProxyMailMode redirect

Let's finish:

FIRST: shutdown the old Zimbra machine and make sure it won't boot by itself. Don't forget to copy any backup settings, fetchmail config, cron jobs, ...

On the new Zimbra

cd /tmp/zextras_suite-*/ 
./install -u all
sed -i "s/new_ip/old_ip/g" /etc/hosts /etc/network/interfaces
reboot

Now your new Zimbra should be available with all the settings, accounts and mails just like it was when you stopped your old Zimbra.

Home ← Older posts