Section 3.3. ZENworks Linux Management

3.3. ZENworks Linux Management

Novell is selling ZENworks Linux Management (ZLM) as a way to manage the life cycle of Linux systems. Naturally, patch management is a big part of the operating system life cycle, and its functions are integrated into ZLM, formerly known as Red Carpet Enterprise.

Nevertheless, with the skills already described in this chapter, you can still use local mirrors and download patches to help manage Linux computers on your own network. Many of the aforementioned tools can help you manage patches and updates on other Linux distributions. ZLM is a proprietary interface and is also used to manage many non-Linux operating systems. It is feature-rich; full coverage would require an additional book. In this section, you'll learn to install and configure a ZLM 6.6.1 server and client (which was the latest available when this book was drafted).

While this section briefly describes the Web-based interface, more can be done from the command-line interface, using commands such as rug and rcman. I do not provide detailed descriptions of these tools, as that would refocus this book toward a single proprietary solution that would not work for most Linux distributions. For detailed information on ZLM, see the associated administration guide, which you can download from

3.3.1. Supported Clients and Servers

If you want to install a ZLM 6.6.1 server, you'll need a computer with SUSE Linux Enterprise Server 9 for Intel 32- or 64-bit computers. Alternatively, you can install ZLM on Red Hat Enterprise Linux 3 AS or ES for Intel 32-bit computers. As of this writing, ZLM 7 was still under development, and we expect that it will be installable as a server on Red Hat Enterprise Linux 4 and work for updates on SUSE Linux Workstation 9.3 and SUSE Linux 10.0 (along with the other clients distributions listed below). If you do not want to install either distribution on your network, you'll have to use the techniques previously described in this chapter to keep your SUSE computers up to date.

You can use ZLM to manage updates for a number of different clients. ZLM 6.6.1 clients are available for the following distributions:

SUSE Linux Enterprise Server version 8 for 32-bit systems

SUSE Linux Enterprise Server version 9 for 32-bit, many 64-bit, PowerPC, and S/390 systems

SUSE Linux Professional Workstation version 9.1 and 9.2 for 32-bit and many 64-bit systems

Red Hat Enterprise Linux 2.1 Workstation for 32-bit systems

Red Hat Enterprise Linux 3 Workstation for 32-bit and many 64-bit systems

Red Hat Enterprise Linux ES (Entry-level Server) 2.1 for 32-bit systems

Red Hat Enterprise Linux ES 3 for 32-bit and many 64-bit systems

Red Hat Enterprise Linux AS (Advanced Server) 2.1 for 32-bit systems

Red Hat Enterprise Linux AS 3 for 32-bit and many 64-bit systems

3.3.2. Installing the ZLM Server

You'll need a license to operate ZLM. You can download a CD from; then use the search terms: zenworks linux. You can download the latest available version in ISO format, which you can then write to a CD.

When you have a ZLM CD available, you can install the ZLM server on one of the supported distributions. It includes an installation script, rce-install, which you can use to install ZLM server. To install ZENworks, insert and mount the ZLM CD, and then run the rce-install script. If the CD is mounted on the /media/cdrecorder directory, you can run the script with the following command:


As shown in Figure 3-17, the script asks you to accept the license agreement. It asks for your activation code, email address, and any proxy information for your network. It then installs at least the Red Carpet Daemon, rcd, and the Red Carpet command-line client, rug. Support services and packages are also installed, including configuration files that allow you to control the ZLM using a Web server.

Figure 3-17. The ZLM installation process

Make sure that some essential packages are installed, including

zlm-server The core of the ZLM service

zlm-mirror Mirrors packages or channels to ZLM

zlm-server-cli Adds the rcman command, which allows you to administer ZLM from the command line interface.

3.3.3. Configuring the Web interface

When ZLM is installed, you can configure it from the Web interface. It's available through the secure Web protocol, HTTPS. Open the browser of your choice. If the name of the computer with ZLM installed is, navigate to

Your browser should open up At that point, you can configure initial administrative information with

Your name

The email address associated with your Novell account, which also becomes your ZLM username

The password of your choice

You'll also need to configure the server.key file, which you should have gotten with your Novell ZLM license. To find the server.key file, navigate to your Novell account. It should be associated with the information for your ZLM license. Copy it to the /etc/ximian/rcserver/ directory. Make sure the ownership of this file is appropriate. On SUSE, it should be owned by the wwwrun user and www group. On Red Hat, it should be owned by the apache user and apache group.

Now you can open ZLM locally or remotely. The next time you do so, you'll see a login screen where you'll need the username and password.

3.3.4. Configuring Administrators

In all but the smallest networks, there is normally more than one person who needs administrative privileges. It's easy to add another administrator. Log into the ZLM Web-based interface. Click the Admins link on the left side of the menu. This opens the Account Administration menu. You should see your account on the system. Click Create New Administrator. You can now add another ZLM administrative account, using the same information you just used to create your own account. The only difference is that you do not need to use the same email address you used to register ZLM with Novell.

Alternatively, you could set this up from the command line interface. You can add administrators with the rce-init command. For example, if your other administrator's email address is, you'd run

rce-init -U -P password -R "Joe Blow"

3.3.5. Adding Clients

The ZLM CD also includes the software required to set up ZLM clients. RPM packages for each of the aforementioned client distributions are available in the CD redcarpet2/ subdirectory. The packages are straightforward; they include the following:

Red Carpet Daemon and associated modules

Red Carpet software updater and manager

Red Carpet command line client (rug)

There are subdirectories under redcarpet2 for each supported client. The directory names are straightforward. The numbers are associated with version numbers of each distribution, as shown in Table 3-2. These directory names are importantyou'll need to use them when you specify a target for update packages shortly.

Table 3-2. ZENworks Linux Management Client Categories




Red Hat Enterprise Linux 2.1 Advanced Server for 32-bit systems


Red Hat Enterprise Linux 2.1 Entry level Server for 32-bit systems


Red Hat Enterprise Linux 2.1 Workstation for 32-bit systems


Red Hat Enterprise Linux 3 Advanced Server for 32-bit systems


Red Hat Enterprise Linux 3 Advanced Server for 64-bit systems


Red Hat Enterprise Linux 3 Entry level Server for 32-bit systems


Red Hat Enterprise Linux 3 Entry level Server for 64-bit systems


Red Hat Enterprise Linux 3 Workstation for 32-bit systems


Red Hat Enterprise Linux 3 Workstation for 64-bit systems


SUSE Linux Enterprise Server 8 for 32-bit systems


SUSE Linux Enterprise Server 9 for 32-bit systems


SUSE Linux Enterprise Server 9 for Itanium 64-bit systems


SUSE Linux Enterprise Server 9 for Power PCs


SUSE Linux Enterprise Server 9 for IBM S/390 systems


SUSE Linux Enterprise Server 9 for IBM S/390x systems


SUSE Linux Enterprise Server 9 for 64-bit systems


SUSE Linux Professional Workstation 9.1 for 32-bit systems


SUSE Linux Professional Workstation 9.1 for 64-bit systems


SUSE Linux Professional Workstation 9.2 for 32-bit systems


SUSE Linux Professional Workstation 9.2 for 64-bit systems

Additional packages in these directories satisfy associated dependencies. Install the packages from the directory associated with your client distribution, and then start the Red Carpet Daemon with the following command:

/etc/init.d/rcd start

Now ZLM is configured to use verified SSL certificates. For more information, see the associated Linux HOWTO document at If you want to avoid SSL certificates, you can configure your setup as such on each client with the following command:

rug set require-verified-certificates false

Next, let your ZLM server know that you're ready to connect this client. To do so, add a connection to the ZLM server. Assuming the server name is, you'd run the following commands to connect to the local ZLM server and disconnect from the default Red Carpet server:

rug service-add rug service-delete 

You'll also need to activate each client using a key that you can create in the next section. For example, if you've been told that the activation key is rhel-key, you'd run the following command:

rug activate rhel-key

3.3.6. Setting Up Activations

To actually connect a client to ZLM, you'll need to set up an activation key. You can configure a single-use key or one that can be used for a whole group of clients. To create a reusable key from the Web-based interface, click Server in the left-hand pane, and then click the Create New Reusable Activations link. You can then enter the key and description of your choice. No special entries are required; for example, I've created the rhel-key for my Red Hat clients.

Alternatively, you can create a key from the command line interface with the appropriate rcman command:

rcman act-add --key=susewks-key

3.3.7. Creating Groups

After you've installed the ZLM client on a number of computers, you may want to configure some in groups. As you might expect, groups allow you to configure several computers in the same way. While you can create groups in the Web-based interface, it is (in our opinion) simplest using the command-line interface. The following example creates the susewks group:

rcman group-add --desc="SUSE Workstations" susewks

All commands in this section prompt for your username and password. As you might remember, the username is the email address associated with the ZLM administrator. While there are switches that allow you to enter the username and password directly to the command, your password would be exposed in clear text.

Before you add members to a group, you'll want to do a few other things. If you want another administrator to have authority over this group, you can add his account with the following command:

rcman group-addemail susewks all

You're prompted for your authorized username and password. You'll also add the activation key created earlier to the susewks group:

rcman act-addgroup susewks-key susewks

Now it's time to add the computers of your choice to the susewks group. For example, you could add the suse1 computer with the following command:

rcman group-addmachine susewks suse1

You can confirm the results. To list the members of the susewks group, issue this command:

rcman group-listmachines susewks

3.3.8. Configuring Channels

Before you can use ZLM to transfer patches, you need to configure one or more channels. The process is straightforward. For example, to add a PatchMan channel to ZLM, you could run the following command:

rcman channel-add "PatchMan" --desc="PatchManagement"

Add the following key:

rcman act-addchannel susewks-key PatchMan

Strangely enough, the rcman command returns an error when you have a multiple word description, such as "Patch Management." Now you can add gaggles of RPM packages to your channel. Consider the packages download to the YaST Online Update Server. As described earlier, one of the applicable directories on SUSE Linux Enterprise Server is /var/lib/YaST2/you/mnt/i386/update/SUSE-CORE/9/rpm/i586. You could navigate to this directory and then add the download RPMs to your ZLM channel with the following command:

rcman channel-addpkg --targets=suse-9-i586 --desc="PatchUpdates" PatchMan *.rpm 

You don't have to add every RPM package in a directory, but there are advantages to downloads such as those associated with YaST Online Update Server. There is less concern about conflicts and dependencies from such repositories.

3.3.9. Creating Transactions

Now you can configure transactions. First, make sure that your client is active. From the client, if you haven't already done so, add the service associated with your ZLM server.

rug service-add

Activate your system with the encryption key created earlier.

rug activate susewks-key

If you followed the instructions earlier in this chapter, you should have a PatchMan channel available. To see what channels are available on your system, run the following command:

rug channels

Now you can activate the channel of your choice. If PatchMan is the channel you want, you'd run the following command:

rug subscribe PatchMan

Now you can find updates available through your channel. For example, the command shown in Figure 3-18 lists any suggested or urgent updates that may be available through the PatchMan channel.

Figure 3-18. Available updates through a ZLM channel

You can install the packages of your choice. For example, if you want to install the updated version of grip (for recording CDs), just run the following command:

rug install grip

You're prompted to confirm before the download starts. If you confirm, ZLM downloads and then automatically installs the package you selected onto your computer. But this isn't very efficient. You can download and install all updates from subscribed channels with the following command:

rug update

But be careful; if you do not want to install all updates, such as a new Linux kernel, you'll have to remove the associated packages from the channel on the ZLM server.

Linux(r) Patch Management(c) Keeping Linux(r) Systems Up To Date
Linux Patch Management: Keeping Linux Systems Up To Date
ISBN: 0132366754
EAN: 2147483647
Year: 2006
Pages: 80
Authors: Michael Jang © 2008-2017.
If you may any questions please contact us: