Managing Servers

Navigation:  KernelCare.ePortal >

Managing Servers

Previous pageReturn to chapter overviewNext page

You can see servers belonging to the key by clicking on the key itself in Managing Keys interface.

 

server_list

The screen shows servers registered under the key, their IP, hostname, effective kernel as well as the time of registration and last check in.

 

Managing Script

 

Note. If scripts do not work on your ePortal, you might need to update ePortal first. To update ePortal, please run the following command:

 

> yum update kcare-eportal

 

To view the list of all servers IDs that are connected to the particular key, do the following:

In the UI go to the page with the list of keys. Then click the particular key. The list of servers connected to this key will be displayed.

 

To view the list of all servers IDs that are not connected to any key, do the following:

In the UI go to the page with the list of keys. Then click Reset filters button.

OR just follow this URL http://EPORTAL_IP/admin/kcserver/.

 

 

Script to unroll patchsets

 

To unroll patchset run:

 

> kc.eportal --unroll 16012017_1

 

Script to determine the number of servers under the management of ePortal, per key

 

To see pairs of key/number of servers run:

 

> kc.eportal --list-servers

 

Count | Key

----- + --------------------------------

  0 | 2shcolu7Y1x6885Q

  2 | 6J89aS44j6OmTr05

 

 

Script to automatically install latest patchsets

 

It determines if latest patches are available and installs them.

 

>kc.eportal --get-latest

 

Unroll patches from UI

 

In the patch-source page, there is a list of available patches. To unroll patches click the button Roll back this patch, and all after it.

Use it to roll back the patch and all the following patches.

 

Show extended check-in statistics in admin UI

 

A new table is added to the starting page. This table displays the following:

Total number of servers.

Number of servers that checked in for the past 48 hours.

 

The number of servers for each key is listed in the Key Inventory table.

 

Ability to create read-only users

 

[root@localhost ~]# kc.eportal -l

Num | Username

--- + --------------------------------

 1 | admin

 2 | user

[root@localhost ~]# kc.eportal -r user

User 'user' is now readonly

 

Feed Management

 

Feeds are intended to manage patchsets on the server, and they provide a possibility to bind a set of patches to a specific key. Possible use cases: for preliminary testing of patches, for applying updates to groups of servers with the similar hardware, etc.

 

To get into Feeds Management interface go to Settings → Feeds:

 

FeedManagement1

 

On this page a user can manage the existing feeds: create, delete, edit.

 

FeedManagement2

 

Available options:

Name — a name of a feed.

Auto update — enable and disable automatic downloading of patches to this feed.

Deploy after X hours — a delay in hours between the moment the patchset is available for deployment and the moment it is installed to the feed.

 

Every 10 minutes ePortal checks for new patches on the main patch server. If a new patch is available, it is uploaded to the ePortal server. Note: it is uploaded but is not deployed. The patch availability time is considered starting from the moment a new patch appears on the ePortal, and that time is taken into account in Deploy after X hours option. So, if a user sets Deploy after X hours = 10, the patch will be deployed to the feed 10 hours after it has been downloaded to the ePortal server.

 

To make the feed auto-update immediately (so that, new patches are loaded to the feed immediately after they are available on ePortal), set Deploy after X hours = 0.

 

A special case is a clean installation when ePortal is installed on a new server (there aren't any downloaded archives with patches and feeds with deployed patchsets, including default feed). In this case, if a user creates a new feed and sets Deployed after X hours option right away, then all patches (from the oldest to the latest available) will be deployed to the feed after the specified X hours. This is because the archives are downloaded from scratch and will be considered as “just appeared on ePortal” — that is, all patches will have the same appearance time on ePortal from which the option Deploy after X hours will repel.

 

FeedManagement3

 

On the main ePortal page, a user can set the corresponding key <> feed pair. This is done in the key creation interface or when editing a key.

 

FeedManagement4

 

By default, a new key is bound to the default feed, alternatively, a user can choose a desired feed from the drop-down menu.

 

FeedManagement5

 

Note that when removing a feed all keys attached to this feed will be moved to the default feed.

 

FeedManagement6

 

Adding extra Tag field

 

To add an extra Tag field for the server, run:

 

kcarectl --tag command

 

where command is a parameter defined by a user. This parameter will be displayed in UI for the server. User could add multiple tags for each server. Each tag should be separated with ‘;’ symbol.

 

Example:

 

kcarectl --tag “env:prod;ubuntu”

 

This server has two tags : env:prod and ubuntu.

 

env:prod is a parameter that has tag name env and the value prod.

 

AddingExtraTagField

 

To remove all tags from a particular server, run:

 

kcarectl --tag ""

 

Where ''" is a parameter to delete the previously defined tag.

 

 

How to setup ePortal to use HTTPS

 

Some assumptions for a server where e-portal is deployed:

 

1. A firewall is disabled for 443 port.

2. Private and public keys are downloaded on the server.

 

Edit ssl configuration template according to your certificates:

 

mv /etc/nginx/eportal.ssl.conf.example /etc/nginx/eportal.ssl.conf
vi /etc/nginx/eportal.ssl.conf

 

Include this configuration into the main one:

 

sed -e '3iinclude eportal.ssl.conf;' -i /etc/nginx/conf.d/eportal.conf

 

Restart nginx:

 

service nginx restart

 

In order to communicate with e-portal, updated to https, you need to modify KernelCare config files on all the servers if they have IPs hardcoded servers settings.

 

To do that, update PATCH_SERVER and REGISTRATION_URL environment variables:

 

vi /etc/sysconfig/kcare/kcare.conf

 

So, after editing your /etc/sysconfig/kcare/kcare.conf should contain updated PATCH_SERVER and REGISTRATION_URL environment variables like in the example below:

 

PATCH_SERVER=https://eportal_domain_name/
REGISTRATION_URL=https://eportal_domain_name/admin/api/kcare

 

The following example demonstrates how to connect new servers to e-portal configured for https:

 

$ export KCARE_PATCH_SERVER=https://eportal_domain_name/
$ export KCARE_REGISTRATION_URL=https://eportal_domain_name/admin/api/kcare
$ export KCARE_MAILTO=admin@mycompany.com
$ curl -s https://repo.cloudlinux.com/kernelcare/kernelcare_install.sh | bash
$ /usr/bin/kcarectl --register key_from_your_eportal