Configuring Errata for Ubuntu with Spacewalk
In my last article I have shown you how to get Ubuntu servers registered and integrated with Spacewalk.
However something important is still missing: Getting Errata into Spacewalk for Ubuntu systems. Errata are security, bugfix, enhancement advisories published by distribution vendors like Debian, CentOS, RHEL, Ubuntu. These Errata can be imported to Spacewalk and show/email which systems/packages are affected along with information like CVE numbers. You can then “apply” the Errata to these systems, triggering a remote update. That way you will always know if your systems lack critical updates.
Unfortunately, there is no general source or feed getting these Errata into Spacewalk. A good source are the security mailing lists of the vendors but you still need to parse them and import via API. For CentOS / RHEL there exist a few scripts:
- https://github.com/liedekef/spacewalk_scripts ( EPEL, CentOS, RedHat, Scientific Linux and Oracle Linux )
- http://cefs.steve-meier.de ( CentOS )
However for Ubuntu there didnt exist such a script so I had to do one myself. Read on where to get and how to integrate it !
Ok so you will need the following files which you can find here https://github.com/philicious/spacewalk-scripts
– parseUbuntu.py parses https://lists.ubuntu.com/archives/ubuntu-security-announce/$DATE.txt.gz into an XML which can be read by errata-import.pl
– errata-import.pl originally by Steve Meier (http://cefs.steve-meier.de/). I just modified it slightly to work with Ubuntu USN.
– errat-import.py By https://github.com/pandujar. Ported version of the previous one. Includes some enhancenments like date, author and better package processing. Its quite faster than the Perl version
– spacewalk-errata.sh is a Bash script which downloads the compressed security announces, calls parseUbuntu.py on them and finally calls errata-import.pl to import the Errata. This script can be run as a Cronjob to automate things.
– errata.py is the missing “action” for rhn_check so it can apply Errata. Its just a copy of https://github.com/spacewalkproject/spacewalk/tree/master/client/rhel/yum-rhn-plugin/actions
git clone https://github.com/philicious/spacewalk-scripts /opt/spacewalk-errata/
# on the clients put errata.py in /usr/share/rhn/actions
In spacewalk-errata.sh you have to edit the hostname and login for your Spacewalk server. You also want to edit “–exclude-channels ubuntu12.04-main” to match your Base channels name.
Install a Cronjob for spacewalk-errata.sh every night.
Thanks to adding the missing errata.py to rhn_check scheduling Errata updates from Spacewalk is also working.