Custom Channels

Custom channels give you the ability to create your own software packages and repositories, which you can use to update your clients. They also allow you to use software provided by third party vendors in your environment.

This section gives more detail on how to create, administer, and delete custom channels. You must have administrator privileges to be able to create and manage custom channels.

1. Creating Custom Channels and Repositories

Before you create a custom channel, determine which base channel you want to associate it with, and which repositories you want to use for content.

If you have custom software packages that you need to install on your client systems, you can create a custom child channel to manage them. You need to create the channel in the SUSE Manager Web UI and create a repository for the packages, before assigning the channel to your systems.

Do not create child channels containing packages that are not compatible with the client system.

You can select a vendor channel as the base channel if you want to use packages provided by a vendor. Alternatively, select none to make your custom channel a base channel.

Procedure: Creating a Custom Channel
  1. In the SUSE Manager Web UI, navigate to Software  Manage  Channels, and click Create Channel.

  2. On the Create Software Channel page, give your channel a name (for example, My Tools SLES 15 SP1 x86_64) and a label (for example, my-tools-sles15sp1-x86_64). Labels must not contain spaces or uppercase letters.

  3. In the Parent Channel drop down, choose the relevant base channel (for example, SLE-Product-SLES15-SP1-Pool for x86_64). Ensure that you choose the compatible parent channel for your packages.

  4. In the Architecture drop down, choose the appropriate hardware architecture (for example, x86_64).

  5. Provide any additional information in the contact details, channel access control, and GPG fields, as required for your environment.

  6. Click Create Channel.

Custom channels sometimes require additional security settings. Many third party vendors secure packages with GPG. If you want to use GPG-protected packages in your custom channel, you need to trust the GPG key which has been used to sign the metadata. You can then check the Has Signed Metadata? check box to match the package metadata against the trusted GPG keys.

If remote channels and repositories are signed with GPG keys, you can import and trust these GPG keys. For example, execute the spacewalk-repo-sync from the command line on the SUSE Manager Server:

/usr/bin/spacewalk-repo-sync -c <channellabelname> -t yum

The underlying zypper call will import the key, if it is available. The Web UI does not offer this feature.

This only works when the repository you want to mirror is set up in a special way and provides the "key" in the repository next to the signature. This is the case for all repositories generated by the Open Build Service (OBS). For other repositories special preparation steps are needed (see below!).

By default, the Enable GPG Check field is checked when you create a new channel. If you would like to add custom packages and applications to your channel, make sure you uncheck this field to be able to install unsigned packages. Disabling the GPG check is a security risk if packages are from an untrusted source.

You can only add a repository to the SUSE Manager with the Web UI if it is a valid software repository. Check in advance that needed repository metadata are available. Tools such as createrepo and reprepro are useful in this regard. mgrpush can help with pushing a single RPM into a channel without creating a repository. For more information, see the man pages for createrepo_c and reprepro.

Procedure: Adding a Software Repository
  1. In the SUSE Manager Web UI, navigate to Software  Manage  Repositories, and click Create Repository.

  2. On the Create Repository page, give your repository a label (for example, my-tools-sles15sp1-x86_64-repo).

  3. In the Repository URL field, provide the path to the directory that contains the repodata file (for example, file:///opt/mytools/). You can use any valid addressing protocol in this field.

  4. Uncheck the Has Signed Metadata? check box.

  5. OPTIONAL: Complete the SSL fields if your repository requires client certificate authentication.

  6. Click Create Repository.

The above procedure only works if the repository you want to mirror provides the "key" in the repository next to the signature. This is the case for all repositories generated by the OBS, but it is typically not the case for repositories of operating systems that are not offered by the OBS.

If the repository you want to use does not have a GPG key you can provide one yourself and import the GPG key into the keyring manually. If you import the key into the /var/lib/spacewalk/gpgdir keyring using the gpg command line tool it would be stored permanently. The key would also persist if the chroot environment would be cleaned.

Procedure: Creating a Software Repository with GPG Key
  1. The command to import a key into the keyring is:

    mgradm gpg add /path/to/gpg.key

Add Debian non-flat repositories using uyuni_suite, uyuni_component, and uyuni_arch query parameters.

uyuni_suite

is mandatory. In Debian documentation, this is also known as distribution. With this parameter you specify the apt source. Without this parameter the original approach is used. If the parameter ends with /, the repository is identified as flat.

uyuni_component

is optional. This parameter can specify only one component. It is not possible to list the components. An apt source entry allows to specify multiple components, but for Uyuni it is not possible. Instead you must create a separate repository for each component.

uyuni_arch

is optional. If omitted the architecture name is calculated with a SQL query for the channel from the database. Specify uyuni_arch explicitly if it does not match the architecture of the channel (sometimes architecture naming is ambiguous).

Here are some examples:

Table 1. Debian Non-flat Repository mapping
Type Source line / URL

apt source line

deb https://pkg.jenkins.io/debian-stable binary/

URL mapping

https://pkg.jenkins.io/debian-stable?uyuni_suite=binary/

 

apt source line

deb https://deb.debian.org/debian/dists stable main

URL mapping

https://deb.debian.org/debian/dists?uyuni_suite=stable&uyuni_component=main

This following information about the Debian repository definition format is based on https://wiki.debian.org/DebianRepository/Format#Overview.

The repository definition format is as follows:

deb uri suite [component1] [component2] [...]

For example:

deb https://deb.debian.org/debian/dists stable main

or

deb https://pkg.jenkins.io/debian-stable binary/

For each pair of suite and component the spezification defines a distinct URL calculated on the base URL + suite + component.

Procedure: Assigning the Repository to a Channel
  1. Assign your new repository to your custom channel by navigating to Software  Manage  Channels, clicking the name of your newly created custom channel.

  2. Navigate to the Repositories tab, and ensure the repository you want to assign to the channel is checked. Click Update Repositories.

  3. By default, the synchronization process starts immediately.

For more information about channel synchronization, see Custom Channel Synchronization.

Procedure: Adding Custom Channels to an Activation Key
  1. In the SUSE Manager Web UI, navigate to Systems  Activation Keys, and select the key you want to add the custom channel to.

  2. On the Details tab, in the Child Channels listing, select the channel to associate. You can select multiple channels, if you need to.

  3. Click Update Activation Key.

2. Custom Channel Synchronization

To avoid missing important updates, SUSE recommends to keep your custom channels up to date with the remote repositories changes.

By default, a synchronization will happen automatically for all custom channels you create. In particular, it will happen:

  • after adding a repository to a channel from the UI or by using spacewalk-common-channels

  • as part of the daily task mgr-sync-refresh-default, which will synchronize all your custom and vendor channels.

To disable this default behaviour, set in /etc/rhn/rhn.conf:

java.unify_custom_channel_management = 0

With this property turned off, no synchronization is performed automatically and, in order to keep a custom channel up to date, you need to:

  • synchronize it manually by navigating to the Sync tab and click Sync Now,

  • set up an automated synchronization schedule from the Repositories tab.

When the process is started, there are several ways to check if a channel has finished synchronizing:

  • In the SUSE Manager Web UI, navigate to Admin  Setup Wizard and select the Products tab. This dialog displays a completion bar for each product when they are being synchronized.

  • In the SUSE Manager Web UI, navigate to Software  Manage  Channels, then click the channel associated to the repository. Navigate to the menu:[Repositories > Sync] tab. The Sync Status is shown next to the repository name.

  • Check the synchronization log file at the command prompt:

    tail -f /var/log/rhn/reposync/<channel-label>.log

    Each child channel generates its own log during the synchronization progress. You need to check all the base and child channel log files to be sure that the synchronization is complete.

The following custom channel synchronization options are available:

Retain packages in channels which have been removed from the repository

This turns off strict mode.

Do not sync errata

Do not synchronize patches.

Sync only latest packages

Synchronize latest package version only.

Create kickstartable tree

This option prepares a directory tree ready for Kickstart auto installation.

Terminate upon any error

Stop synchronizing if an error occurs.

These options will be saved persistently for each channel. The Sync now button also saves the channel options before performing the synchronization.

3. Add Packages and Patches to Custom Channels

When you create a new custom channel without cloning it from an existing channel, it does not contain any packages or patches. You can add the packages and patches you require using the SUSE Manager Web UI.

Custom channels can only include packages or patches that are cloned or custom, and they must match the base architecture of the channel. Patches added to custom channels must apply to a package that exists in the channel.

Procedure: Adding Packages to Custom Channels
  1. In the SUSE Manager Web UI, navigate to Software  Manage  Channels, and go to the Packages tab.

  2. OPTIONAL: See all packages currently in the channel by navigating to the List/Remove tab.

  3. Add new packages to the channel by navigating to the Add tab.

  4. Select the parent channel to provide packages, and click View Packages to populate the list.

  5. Check the packages to add to the custom channel, and click Add Packages.

  6. When you are satisfied with the selection, click Confirm Addition to add the packages to the channel.

  7. OPTIONAL: You can compare the packages in the current channel with those in a different channel by navigating to Software  Manage  Channels, and going to the Packages  Compare tab. To make the two channels the same, click the Merge Differences button, and resolve any conflicts.

Procedure: Adding Patches to a Custom Channel
  1. In the SUSE Manager Web UI, navigate to Software  Manage  Channels, and go to the Patches tab.

  2. OPTIONAL: See all patches currently in the channel by navigating to the List/Remove tab.

  3. Add new patches to the channel by navigating to the Add tab, and selecting what kind of patches you want to add.

  4. Select the parent channel to provide patches, and click View Associated Patches to populate the list.

  5. Check the patches to add to the custom channel, and click Confirm.

  6. When you are satisfied with the selection, click Confirm to add the patches to the channel.

4. Manage Custom Channels

SUSE Manager administrators and channel administrators can alter or delete any channel.

To grant other users rights to alter or delete a channel, navigate to Software  Manage  Channels and select the channel you want to edit. Navigate to the Managers tab, and check the user to grant permissions. Click Update to save the changes.

If you delete a channel that has been assigned to a set of clients, it triggers an immediate update of the channel state for any clients associated with the deleted channel. This is to ensure that the changes are reflected accurately in the repository file.

You cannot delete SUSE Manager channels with the Web UI. Only custom channels can be deleted.

Procedure: Deleting Custom Channels
  1. In the SUSE Manager Web UI, navigate to Software  Manage  Channels, and select the channel you want to delete.

  2. Click Delete software channel.

  3. On the Delete Channel page, check the details of the channel you are deleting, and check the Unsubscribe Systems checkbox to remove the custom channel from any systems that might still be subscribed.

  4. Click Delete Channel.

When channels are deleted, the packages that are part of the deleted channel are not automatically removed. You are not able to update packages that have had their channel deleted.

You can delete packages that are not associated with a channel in the SUSE Manager Web UI. Navigate to Software  Manage  Packages, check the packages to remove, and click Delete Packages.