The Unbreakable Linux Network: An Overview

The Unbreakable Linux Network: An Overview An Oracle White Paper January 2007

Unbreakable Linux Network: Overview

Introduction The Unbreakable Linux Network (ULN) is a comprehensive resource for Oracle Unbreakable Linux support subscribers, and offers access to Linux software patches, updates and fixes, along with information on up2date program and support policies. ULN subscribers will find security updates and additional bug fixes for kernel and other packages; they will also be able to download useful extra packages not included in the original distribution. This paper serves as a tutorial for ULN users and describes some of the features of ULN available to Enterprise Linux customers.

The Update Agent (up2date)

ULN subscribers have the option of using the up2date agent to manage their systems. Up2date is a program that allows a machine to be kept in synchronization with the latest versions. Up2date can be used in command line mode or via a GUI interface, and it can monitor your system and do downloads and installs on its own. It provides an applet for the toolbar, called the Alert Notification Tool, which periodically checks for updated packages and indicates whether there are new RPMs available for download. In order to use ULN and up2date, users must register their systems with ULN and subscribe to a ULN channel (it is also possible to subscribe to multiple channels at once, see below for details). There are several ULN channels available and one containing the latest version is automatically chosen upon registration depending on the architecture and OS revision of the system to be managed (see below for a detailed description of the ULN channels). Once started, the up2date program connects to the central ULN server repository and downloads the latest software packaged in RPM format. It then installs such RPMs on the registered machine, maintaining a log. Up2date lets the user choose which packages to update, as it is not necessary that all the newly available packages are installed. Users can get a list of all the available packages and then choose which ones are downloaded. Up2date resolves RPM dependencies for you, by verifying that the required packages are installed. If that's not the case, up2date will download and install them when necessary.

Channels Descriptions and Usage

As of this writing, there are four channels for each hardware architecture supported by ULN. The architectures currently supported are i386 and x86_64. Customers will automatically be subscribed to the channel containing the latest software for the architecture and OS revision of their system. Customers may also choose a specific OS revision that they would like their system to remain at. Customers should subscribe to the appropriate channel corresponding to the architecture of their system and the update level desired. Specific revisions of Oracle Enterprise Linux will have patches and errata issued, but customers will not be forced to upgrade from a given revision level to the next to get these fixes. Current channels are as follows:

i386 Architecture x86_64 Architecture el4_i386_addons el4_x86_64_addons el4_i386_latest el4_x86_64_latest

el4_u4_i386_base el4_u4_x86_64_base el4_u4_i386_patch el4_u4_x86_64_patch

el4_i386_oracle el4_x86_64_oracle The _base channels provide RPMs for the base version of an Oracle Enterprise Linux 4 update as it was initially released in the ISOs, i.e. for all the packages in the initial distribution. Security erratas and bug fixes are not published to these channels. The _patch channels provide RPMs for all and only the packages that have changed since the initial release of a particular update. This could be because of security erratas or bug fixes. If multiple releases are created for the same package, due to multiple vulnerabilities found at different times, these channels will always provide the most recent version of such package. The _latest channels provide RPMs for all the packages in the distribution, including those erratas also provided in the _patch channels (i.e. the version of any RPM downloadable on the _latest channels is always the most recent available). For


some RPMs this corresponds to the same version distributed initially with the original distribution (if no vulnerabilities have been found to date). For others, the version is the same as what provided in the _patch channel for the highest update level. The _addons channels provide RPMs not included in the base distribution, such as, at the moment, RPMs to be used in creating a Yum repository for Oracle Enterprise Linux 4. For more details on how to set up a Yum repository with ULN, see http://www.oracle.com/technology/tech/linux/htdocs/yum-repository-setup.html. The _oracle channels provide distribution for Oracle freely downloadable software (in RPM format) that runs on Linux. For instance, Oracle Instant Client and asmlib. As new update milestones of Oracle Enterprise Linux 4 become available, new channels will be created by Oracle, to distribute the new RPMs. The current el4_u4_<arch>_base and el4_u4_<arch>_patch channels will remain in place and will not include such updates, making it therefore possible for ULN subscribers to not upgrade to the latest update of Oracle Enterprise Linux 4, and receive only the erratas for their specific update level. Every time a new update level is released, two new channels (_base and _patch) will be created for each architecture. The el4_<arch>_latest channels will continue to distribute the highest possible version of any package, and will therefore follow the "head" of the development tree, independent of the update level. For instance when Oracle Enterprise Linux 4 Update 5 will be on ULN, the channel list will look like this:

i386 Architecture x86-64 Architecture el4_i386_addons el4_x86_64_addons el4_i386_latest el4_x86_64_latest

el4_u4_i386_base el4_u4_x86_64_base el4_u4_i386_patch el4_u4_x86_64_patch el4_u5_i386_base el4_u5_x86_64_base el4_u5_i386_patch el4_u5_x86_64_patch

el4_i386_oracle el4_x86_64_oracle In this example, the _latest channels will contain the combination of the u5 _base and _patch channels. Customers who prefer to remain at a certain update level, but are currently subscribed to the el4_<arch>_latest channel (which is the default for ULN registration), need to subscribe to the el4_u<number>_<arch>_patch and el4_u<number>_<arch>_base channels for the desired update level and architecture and then unsubscribe from the _latest channel. This can be done through the web interface as explained in more detail below. Be sure to subscribe to the appropriate architecture for your machine; if there is a mis-match you will never see any updates. Customers might want to subscribe a single system to multiple ULN channels. This is usually done in order to download add ons on top of the regular RPMs included in the distribution.

ULN and up2date Usage Tutorial Now let’s see how to get started with ULN and Oracle Unbreakable Linux 4. Preparation Some preliminary steps are necessary if you are switching a server installed with Red Hat Enterprise Linux AS version 4 from the Red Hat Network to the Unbreakable Linux Network. If you have recently installed Oracle Enterprise Linux on your system, you can skip this section and start reading the Registering with ULN section. Ensure you have a valid Oracle Unbreakable Linux support contract. Support licenses can be purchased through the Oracle Store https://oraclestore.oracle.com/linux/ or from your sales representative. Next, you need to download the Enterprise Linux up2date RPM. To download the Enterprise Linux up2date RPM, go to http://linux.oracle.com and choose the RPM appropriate for your hardware platform (use uname -p on your system to identify i386 or x86_64).


Here is the output of the up2date-config command run on a RHEL4 box (as you can see the URLs point to the RHN site):

# up2date-config --nox 0. adminAddress ['root@localhost'] 1. debug No 2. disallowConfChange ['noReboot','sslCACert','useNoSSLForPackages','noSSLSe3. enableProxy Yes 4. enableProxyAuth No 5. enableRollbacks No 6. fileSkipList [ ] 7. forceInstall No 8. gpgKeyRing /etc/sysconfig/rhn/up2date-keyring.gpg 9. headerCacheSize 40 10. headerFetchCount 10 11. httpProxy www-proxy.us.oracle.com:80 12. isatty Yes 13. keepAfterInstall No 14. networkRetries 5 15. networkSetup Yes 16. noBootLoader No 17. noReboot Yes 18. noReplaceConfig Yes 19. noSSLServerURL http://xmlrpc.rhn.redhat.com/XMLRPC 20. pkgSkipList [ ] 21. pkgsToInstallNotUp 22. proxyPassword 23. proxyUser 24. removeSkipList 25. retrieveOnly No 26. retrieveSource No 27. rhnuuid xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 28. serverURL https://xmlrpc.rhn.redhat.com/XMLRPC 29. showAvailablePacka No 30. sslCACert /usr/share/rhn/RHNS-CA-CERT 31. storageDir /var/spool/up2date 32. systemIdPath /etc/sysconfig/rhn/systemid 33. updateUp2date Yes 34. useGPG Yes 35. useNoSSLForPackage No 36. useRhn Yes 37. versionOverride

You can now install the Oracle Enterprise Linux version of the up2date RPM. Chose the RPM that matches your system’s architecture from the https://linux.oracle.com website. For example, if your system is i386:

# rpm -Uvh up2date-4.4.69-36.i386.rpm Preparing... ########################################### [100%] 1:up2date ########################################### [100%]


Now you need to import Oracle's GPG Key by running the following command as the root user:

# rpm --import /usr/share/rhn/RPM-GPG-KEY Now you can verify that the output of up2date-config is displaying the correct ULN URLs for entries relating to the Server.

# up2date-config 0. adminAddress ['root@localhost'] 1. debug No 2. disallowConfChange ['noReboot', 'sslCACert', 'useNoSSLForPackages', 'noSSLSe 3. enableProxy No 4. enableProxyAuth No 5. enableRollbacks No 6. fileSkipList [ ] 7. forceInstall No 8. gpgKeyRing /etc/sysconfig/rhn/up2date-keyring.gpg 9. headerCacheSize 40 10. headerFetchCount 10 11. httpProxy 12. isatty Yes 13. keepAfterInstall No 14. networkRetries 5 15. networkSetup Yes 16. noBootLoader No 17. noReboot No 18. noReplaceConfig Yes 19. noSSLServerURL http://linux-update.oracle.com/XMLRPC 20. pkgSkipList ['kernel*'] 21. pkgsToInstallNotUp ['kernel', 'kernel-modules', 'kernel-devel'] 22. proxyPassword 23. proxyUser 24. removeSkipList ['kernel*'] 25. retrieveOnly No 26. retrieveSource No 27. rhnuuid xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 28. serverURL https://linux-update.oracle.com/XMLRPC 29. showAvailablePacka No 30. sslCACert /usr/share/rhn/ULN-CA-CERT 31. storageDir /var/spool/up2date 32. systemIdPath /etc/sysconfig/rhn/systemid 33. updateUp2date Yes 34. useGPG Yes 35. useNoSSLForPackage No 36. useRhn Yes 37. versionOverride Enter number of item to edit <return to exit, q to quit without saving>: q

At this point you are ready to register with ULN.

Registering with ULN

Registering a server with the Unbreakable Linux Network (ULN) requires a ULN login. If you are a licensed Oracle customer with active support, you will use your MetaLink login information (email address, password, and valid CSI) to


access ULN. If you don't have a MetaLink login, you may request one via http://metalink.oracle.com. Note that you are only entitled to use MetaLink if you have purchased basic or premier Enterprise Linux support from Oracle. If you have purchased a Network Access license and you do not yet have a ULN login, a new ULN login will created for when you register with ULN for the first time. To register, you need a valid email address and the customer support identifier sent to you by the OracleStore. To register your system, run the command below as the root user in a terminal window or on the command line. Up2date will also collect machine information and upload it to our server.

# up2date --nox –register Executing the above command will choose the default channel of el4_<arch>_latest. (You can specify a different channel using the web interface, after you have registered.) (The next three pages of this white paper include screenshots of the registration process).


The sequence of screens during registration is as follows:

Note: your username should be your email address.


Note: the profile name field can be anything you wish, but the more unique the name – the less likely it is that someone else has already taken that name.


Further examples

Listing available packages

To see what packages are available, use the up2date --list command as root on a ULN registered system. Note that the list will show all the kernel packages as to be skipped. If you look at the output from up2date-config you will see the kernel packages listed in the pkgSkipList.


This is the default configuration, and you can change it via the up2date-config utility:

# up2date --list Fetching Obsoletes list for channel: el4_i386_latest... Fetching rpm headers... ######################################## Name Version Rel ----------------------------------------------------------------------------- ImageMagick 6.0.7.1 16 i386 ImageMagick-c++ 6.0.7.1 16 i386 ImageMagick-c++-devel 6.0.7.1 16 i386 ImageMagick-devel 6.0.7.1 16 i386 ImageMagick-perl 6.0.7.1 16 i386 devhelp 0.10 0.5.el4 i386 devhelp-devel 0.10 0.5.el4 i386 elinks 0.9.2 3.3 i386 firefox 1.5.0.8 0.1.1.el4 i386 gnupg 1.2.6 6 i386 gnutls 1.0.20 3.2.3 i386 The following Packages were marked to be skipped by your configuration: Name Version Rel Reason ------------------------------------------------------------------------------- kernel 2.6.9 42.0.3.0.2.ELPkg name/pattern kernel-devel 2.6.9 42.0.3.0.2.ELPkg name/pattern kernel-doc 2.6.9 42.0.3.0.2.ELPkg name/pattern kernel-hugemem 2.6.9 42.0.3.0.2.ELPkg name/pattern kernel-hugemem-devel 2.6.9 42.0.3.0.2.ELPkg name/pattern kernel-smp 2.6.9 42.0.3.0.2.ELPkg name/pattern kernel-smp-devel 2.6.9 42.0.3.0.2.ELPkg name/pattern The following Packages are obsoleted by newer packages: Name-Version-Release obsoleted by Name-Version-Release ------------------------------------------------------------------------------- ethereal-0.99.0-EL4.3 wireshark-0.99.4-EL4.1.1 ethereal-gnome-0.99.0-EL4.3 wireshark-gnome-0.99.4-EL4.1.1

Changing the list of skipped packages

Note in the above output that the kernel packages are marked as to be skipped when updating the system. Even if newer kernel packages are available, they will not be installed. This is the default behavior of ULN. Of course this can be modified by editing the configuration using up2date-config, selecting entry 20 and clearing its list, similarly for entry 21 (as shown in the output below which continues on the next two pages). # up2date-config 0. adminAddress ['root@localhost'] 1. debug No


2. disallowConfChange ['noReboot', 'sslCACert', 'useNoSSLForPackages', 'noSSLSe3. enableProxy No 4. enableProxyAuth No 5. enableRollbacks No 6. fileSkipList [ ] 7. forceInstall No 8. gpgKeyRing /etc/sysconfig/rhn/up2date-keyring.gpg 9. headerCacheSize 40 10. headerFetchCount 10 11. httpProxy 12. isatty Yes 13. keepAfterInstall No 14. networkRetries 5 15. networkSetup Yes 16. noBootLoader No 17. noReboot No 18. noReplaceConfig Yes 19. noSSLServerURL http://linux-update.oracle.com/XMLRPC 20. pkgSkipList [ ] 21. pkgsToInstallNotUp ['kernel', 'kernel-modules', 'kernel-devel'] 22. proxyPassword 23. proxyUser 24. removeSkipList ['kernel*'] 25. retrieveOnly No 26. retrieveSource No 27. rhnuuid xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 28. serverURL https://linux-update.oracle.com/XMLRPC 29. showAvailablePacka No 30. sslCACert /usr/share/rhn/ULN-CA-CERT 31. storageDir /var/spool/up2date 32. systemIdPath /etc/sysconfig/rhn/systemid 33. updateUp2date Yes 34. useGPG Yes 35. useNoSSLForPackage No 36. useRhn Yes 37. versionOverride Enter number of item to edit <return to exit, q to quit without saving>: 21 Attribute: pkgsToInstallNotUpdate Comment: A list of provides names or package names of packages to install not update Current value: kernel;kernel-modules;kernel-devel; < return for default, C to clear list, items are ';' separated > New Value: C 0. adminAddress ['root@localhost'] 1. debug No 2. disallowConfChange ['noReboot', 'sslCACert', 'useNoSSLForPackages', 'noSSLSe3. enableProxy No 4. enableProxyAuth No 5. enableRollbacks No 6. fileSkipList [ ] 7. forceInstall No 8. gpgKeyRing /etc/sysconfig/rhn/up2date-keyring.gpg 9. headerCacheSize 40 10. headerFetchCount 10 11. httpProxy 12. isatty Yes 13. keepAfterInstall No


14. networkRetries 5 15. networkSetup Yes 16. noBootLoader No 17. noReboot No 18. noReplaceConfig Yes 19. noSSLServerURL http://linux-update.oracle.com/XMLRPC 20. pkgSkipList [ ] 21. pkgsToInstallNotUp [ ] 22. proxyPassword 23. proxyUser 24. removeSkipList ['kernel*'] 25. retrieveOnly No 26. retrieveSource No 27. rhnuuid xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 28. serverURL https://linux-update.oracle.com/XMLRPC 29. showAvailablePacka No 30. sslCACert /usr/share/rhn/ULN-CA-CERT 31. storageDir /var/spool/up2date 32. systemIdPath /etc/sysconfig/rhn/systemid 33. updateUp2date Yes 34. useGPG Yes 35. useNoSSLForPackage No 36. useRhn Yes 37. versionOverride

Updating selected packages only

The following command shows how to upgrade only a few packages among all those available:

# up2date tzdata thunderbird gzip Fetching Obsoletes list for channel: el4_i386_latest... Fetching rpm headers... ######################################## Name Version Rel ------------------------------------------------------------------------------ gzip 1.3.3 16.rhel4 i386 thunderbird 1.5.0.8 0.1.1.el4 i386 tzdata 2006m 3.el4 noarch Testing package set / solving RPM inter-dependencies... ######################################## gzip-1.3.3-16.rhel4.i386.rp ########################## Done. thunderbird-1.5.0.8-0.1.1.e ########################## Done. tzdata-2006m-3.el4.noarch.r ########################## Done. Preparing ########################################### [100%] Installing... 1:tzdata ########################################### [100%] 2:gzip ########################################### [100%] 3:thunderbird ########################################### [100%]

Logs of the up2date activity are stored in /var/log/up2date.


List subscribed channels

To see what channels you are currently subscribed to use the following command:

# up2date --show-channels el4_i386_latest

The ULN Alert Notification Tool You can also obtain this list using the Alert Notification Tool. You should see the Applet on the Toolbar. If it’s not already there, then select Applications->System Tools -> Unbreakable Linux Network Alert Icon and you'll see the ULN Applet added to the Toolbar. By clicking on it, you will see all the packages that are available for download. You can at this point also select which packages to ignore in future updates, if so desired. The Alert Notification Tool periodically connects to the ULN central repository and checks for available packages on the subscribed channel(s), displaying a red warning icon if it finds any. The applet icon reverts to the standard green ULN icon if the system is completely synchronized.

The ULN Web Interface ULN provides also a web interface, through which customers can verify what systems they have registered and what channels they are subscribed to. The web interface is accessed through http://linux.oracle.com, logging in using the Username and Password supplied at the time of registration. Note: you must have registered at least one system before attempting to login to http://linux.oracle.com as the credentials used to register your system are also used as your login information when logging into the Web interface for ULN. Using the Web interface you can see what systems you have registered, and what channels they are subscribed to. For each channel you can see its detailed description, and how many packages are available for download. You can get further information, such as the list of the package names and versions available and for each package you can get additional information about the package, including a description of its functionality, a list of the files included in its RPM, and a list of its dependencies. You can also select to download the sources RPM in addition to the binary RPMs. (The following pages include screenshots of the ULN interface).


This is the entry page for the ULN web. You can navigate using the tabs on the top right corner to get more details on your registered systems and on the available channels.

The channels tab shows a list of all the channels available via ULN, including the ones subscribed to. For each channel it indicates the number of RPMS available for download.


Looking at your registered systems, you’ll see their names as they have been made known to ULN, and a number indicating how many RPMs are available on the subscribed channels that haven’t already being downloaded and installed. The information is gathered from the system profile that up2date and ULN keep.

Here you can see the information that ULN has collected relevant to your system. From this screen you can also subscribe to additional channels. Only the channels listed in this screen are appropriate for subscription given the characteristics of the machine, such as its architecture.


The ULN web interface provides detailed information for each of the available channels.

For each channel you can see a comprehensive listing of each available package. You can also search the list.


Furthermore, you can get many package details including a list of the files that will be installed on the system once the RPM is downloaded, and a list of the other packages that are necessary for this one to be installed. You can also choose to download the source RPM for each of the packages.

Finally, you can get a description (as it is included in the .spec file, though not all information from the spec file is available) of each RPM available on any ULN channel.


Re-synching up2date and ULN Profiles With Your System Status If you have installed or erased RPMs on your own, bypassing ULN and the update agent, the profile of your system stored by ULN will be out of date. For instance, let’s assume that the system is completely up to date. You can verify this by launching up2date from the command line. You will see that no action is taken. # up2date -u Fetching Obsoletes list for channel: el4_i386_latest... Fetching rpm headers... Name Version Rel ---------------------------------------------------------- All packages are currently up to date

It is also possible to verify that the ULN webpage for your system indicates that there are zero updates available.

Let’s assume now that you have changed the gnupg package by reverting it to an older version. Your system shows gnupg-1.2.6-6 as the output of an RPM query, while the most recent version on ULN is gnupg-1.2.6-8. # rpm -q gnupg gnupg-1.2.6-6 However, since the change in version of gnupg RPM installed on your system has been done without using the update agent, ULN still thinks things are correctly up to date.


In order to resynchronize your system profile with the real configuration, you need to run this command: # up2date -p Updating package profile... Updating transaction history... At this point you can verify that the web interface correctly shows that the gnupg package is available for update. Similarly the ULN Notification Tool also shows the package available for download. At this point you can simply launch up2date to reinstall the most recent version of the gnupg, if so desired.

Further Information There are several ways to obtain more information and assistance with the Unbreakable Linux Network:

• If you have purchased Basic or Premier support, you may use OracleMetaLink for technical assistance

• If you have purchased Network support, you may discuss technical issues on the OTN Linux forum

• If you have purchased Network support, you may also file bug reports using Bugzilla

• For any other questions, please send an email to [email protected]

You can access the Unbreakable Linux Network (ULN) at linux.oracle.com

For more information about the Oracle Unbreakable Linux support program, visit oracle.com/linux. Copyright 2007 Oracle. All Rights Reserved. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle, JD Edwards, PeopleSoft, and Retek are registered trademarks of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.


The Unbreakable Linux Network: An Overview

Documents

Transcript of The Unbreakable Linux Network: An Overview