[Spacewalk-list] server hw dimensioning and usage questions

Mgr. Peter Hudec peter.hudec at cnc.sk
Tue Aug 28 09:12:59 UTC 2012


Hello Jan,

thanks for answer. They are mostly as I expected ;)
See my notes bellow.

	Peter

>> 2) system hw info history
>> As the clients will be notebooks, the HDD replacement /form
>> bad HW to new/ could occur. The "Schedule Hardware Refresh"
>> will clean all information from the DB and insert new one. Is
>> there any way how to store the history of the HW without
>> patching the system?
>
> No, I do not know about any. You can either try
> `spacewalk-report inventory` if it contains info you need and
> store these reports regularly. Or HW info can be obtained using
> API call like system.getDevices() and keep these info as well.

Yes, this is one possible way how to do this. The another is to create shadow/backup tables for each db table, where such a informations are stored
and create trigger /after insert/ to insert these information also into this tables. Of course some script for processing these data will be required.
The problem is that this small patch will be probably not accepted by upstream and I'm not very keen on maintain it myself.

>> 4) spacewalk monitoring function
>> Could anyone explain me this function and if it works on
>> debian based clients? I need to get upon request the disk
>> space usage of the notebook. As the notebooks are mobile, the
>> ip address is not fixed, so there is very hard to use
>> monitoring system.
>
> I do not know scope of Debian clients support (-> slukasik or
> msuchy), but I guess monitoring is not supported.
>
> Generally using monitoring you can record status of the client
> system and its services (load, is httpd running?, ping
> response...) and generate graphs and send alert mails based on
> some criteria.

I will try to ask msuchy about debian support. As the clients are mobile  not online 24/7 the only services i need to monitor is disk space and
battery status.


>> 5) client side certificates
>> as the clients are mobile do the spacewalk have possibility to
>> verify the connection based on client ssl certificate? I did
>> not found any configuration directive on 'rhnsd' or 'osad'.
> 
> Not sure what you mean here - which client side certificates?
> rhn_check uses config in /etc/sysconfig/rhn/up2date - there you
> should have serverURL=https://... Services 'rhnsd' and 'osad'
> uses rhn_check to actually get and perform the action.
I ment SSL based authentication using the clients certificates.
You can find it on web based solutions, there the client have imported clients certificates into the browser /or token/
and the web server request the AAA based on this certificate. In apache configuration is you can find directives
--- cut ---
SSLVerifyClient require
SSLVerifyDepth 10
SSLCACertificateFile <path too CA CERT>
--- cut ---
In our case each device will be authenticated by its certificate. In case the of stolen device, we just revoke the certificate.
But I as did small engineering, there isn't configuration option for rhnsd/osad/rhn_check to set the client certificate.

Of course there will applied another security policies such as FDE, home/swap encryption, ....


-- 
Mgr. Peter Hudec
IT/Technical Specialist

CNC a.s.
Strojnícka 33
821 05 Bratislava

web: http://www.cnc.sk/
mail: peter.hudec at cnc.sk
mob: +421 905 997203




More information about the Spacewalk-list mailing list