OSVDC Series: Configuration and Patch Management with Spacewalk 2.6 on CentOS 7.3.1611 Minimal - rharmonson/richtech GitHub Wiki
Revised: April 9, 2017; add "rhn-satellite start/stop/restart"
Revised: March 13, 2017; add "spacewalk-hostname-rename"
Revised: February 24, 2017; added section "Registration Script"
Revised: February 19, 2017; Updated CentOS 7.3.1611 build guide
Published: February 14, 2017
Article 18 of the Open Source Virtual Data Center Series.
Spacewalk is the upstream project for Red Hat Satellite 5 also known as Satellite Classic. It is a group of services to patch, configure, and monitor Linux hosts.
The purpose of this article is to provide installation instructions on the installation and configuration of a Spacewalk 2.6 server and configuration of clients both using CentOS release 7.3.1611.
For a small business, use a minimum of 2 CPU cores, 2 GB RAM, and 6 GB per channel or repository in addition to 20 GB for the operating system. CPU and RAM resources will grow depending upon how many Linux hosts Spacewalk manages. Storage requirements will increase based on the number of repositories Spacewalk supports. In my experience CentOS 7 and Fedora 25 parent and child channels will need more than 150 GB of storage. I would advise beginning with 200 to 300 GB of storage.
Complete a 7 Minimal installation using, generally, the defaults and update before proceeding.
My CentOS 7 1611 Minimal build follows the installation guide found at the URL below, however, I do depart from a default installation by ripping out NetworkManager and firewalld. If using either of the two, adjust the instructions as necessary.
https://github.com/rharmonson/richtech/wiki/CentOS-7-1611-Minimal-x86_64-Base-Installation-Guide
Building from an oVirt virtual machine template, it is necessary to expand or add additional virtual disk storage for repositories. I extend the Linux LVM root volume using the method described in the link below. A separate storage location from operating system is advisable in large production environments.
The Spacewalk server name must resolve for the Spacewalk server and clients. Update your DNS zone as appropriate or if DNS is not present, edit /etc/hosts to add the Spacewalk server's IP address and host name to all participating systems.
The following repositories are needed for Spacewalk.
Extra Packages for Enterprise Linux.
[root@myhost ~]# yum -y install epel-release
Results
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
epel-release noarch 7-9 extras 14 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 14 k
Installed size: 24 k
Copy and paste to the shell as root to create the jpackage repository.
cat > /etc/yum.repos.d/jpackage-generic.repo << EOF
[jpackage-generic]
name=JPackage generic
#baseurl=http://mirrors.dotsrc.org/pub/jpackage/5.0/generic/free/
mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&type=free&release=5.0
enabled=1
gpgcheck=1
gpgkey=http://www.jpackage.org/jpackage.asc
EOF
Results
[root@myhost ~]# cat /etc/yum.repos.d/jpackage-generic.repo
[jpackage-generic]
name=JPackage generic
#baseurl=http://mirrors.dotsrc.org/pub/jpackage/5.0/generic/free/
mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&type=free&release=5.0
enabled=1
gpgcheck=1
gpgkey=http://www.jpackage.org/jpackage.asc
###Spacewalk Repository
Install the Spacewalk repository package.
[root@myhost ~]# yum install http://yum.spacewalkproject.org/2.6/RHEL/7/x86_64/spacewalk-repo-2.6-0.el7.noarch.rpm
Results
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
spacewalk-repo noarch 2.6-0.el7 /spacewalk-repo-2.6-0.el7.noarch 558
Transaction Summary
================================================================================
Install 1 Package
Total size: 558
Installed size: 558
SELinux was enabled and enforcing for entirety of this guide. However, it is advisable to set SELinux to permissive during the installation and testing then review the audit logs to identify potential problems to correct. Truth is I simply forgot to change SELinux from enforcing to permissive during this guide and got lucky that SELinux didn't steal more hours from my diminishing life span.
[root@myhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
Spacewalk as implemented in this guide has the Firewall requirements for 80, 443, and 5222.
The perspective of the firewalls is from the Spacewalk server so 'inbound' is incoming connections to the Spacewalk server.
- 80 TCP Inbound Web UI and client requests come in via http.
- 443 TCP Inbound Web UI and client requests come in via https.
- 5222 TCP Inbound This port pushes actions to client systems.
Example using firewall-cmd for firewalld.
# firewall-cmd --add-service=http
# firewall-cmd --add-service=https
# firewall-cmd --add-service=xmpp-client
Example using iptables.
iptables -I INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 443 -j ACCEPT
iptables -I INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 5222 -j ACCEPT
Below is a script to configure a Spacewalk server. Note some services are commented out. Remove the comment or "#" if enabling additional Spacewalk features beyond this guide.
#!/bin/bash
#Flush current policies
iptables -F
# Set default chain policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Allow established sessions to receive traffic
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Accept on localhost
iptables -A INPUT -i lo -j ACCEPT
#ICMP Echo (OPTIONAL) / Spacewalk OSA requires echo-request (type 8)
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
# Accept incoming SSH
iptables -I INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 22 -j ACCEPT
#*****Spacewalk:START
# Uncomment services as desired.
##DHCP
#iptables -I INPUT -p udp -m conntrack --ctstate NEW -m udp --dport 67 -j ACCEPT
#iptables -I INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 67 -j ACCEPT
##PXE
#iptables -I INPUT -p udp -m conntrack --ctstate NEW -m udp --dport 69 -j ACCEPT
#iptables -I INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 69 -j ACCEPT
##HTTP/S
iptables -I INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 443 -j ACCEPT
##Monitoring; rhnmd / alternatively, use SSH with keys
#iptables -I INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 4545 -j ACCEPT
##Configuration; rhn_check and osad
iptables -I INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 5222 -j ACCEPT
##Spacewalk Proxy
#iptables -I INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 5269 -j ACCEPT
#*****Spacewalk:END
# Save Changes
service iptables save
# Service
systemctl restart iptables
systemctl status iptables
Results
[root@myhost ~]# iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:5222
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:22
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
References:
- https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/5.6/html/Installation_Guide/sect-Installation_Guide-Additional_Requirements.html
- https://access.redhat.com/solutions/10818
The package installation assumes the use of postgresql that will be configured by the Spacewalk installer. You may install and configured postgressql prior to installation or use an Oracle Database. In large organizations, Spacewalk proxies may be utilized to distribute workloads or to cache data across network links. The installation packages will differ for the alternative installation methods. See the reference below for package details
Reference: https://github.com/spacewalkproject/spacewalk/wiki/HowToInstall.
Install Spacewalk.
[root@myhost ~]# yum install spacewalk-postgresql spacewalk-setup-postgresql
Results
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
spacewalk-postgresql noarch 2.6.1-1.el7 spacewalk 7.4 k
spacewalk-setup-postgresql noarch 2.6.2-1.el7 spacewalk 16 k
Installing for dependencies:
GConf2 x86_64 3.2.6-8.el7 base 1.0 M
PyPAM x86_64 0.5.0-19.el7 base 25 k
ace-editor noarch 1.1.3-3.el7 spacewalk 2.9 M
ant noarch 1.9.2-9.el7 base 1.9 M
antlr-tool noarch 2.7.7-30.el7 base 357 k
apache-commons-beanutils noarch 1.8.3-14.el7 base 213 k
apache-commons-chain noarch 1.2-10.el7 epel 91 k
apache-commons-cli noarch 1.2-13.el7 base 50 k
apache-commons-codec noarch 1.8-7.el7 base 223 k
apache-commons-collections noarch 3.2.1-22.el7_2 base 509 k
apache-commons-daemon x86_64 1.0.13-6.el7 base 54 k
apache-commons-dbcp noarch 1.4-17.el7 base 167 k
apache-commons-digester noarch 1.8.1-19.el7 base 142 k
apache-commons-discovery noarch 2:0.5-9.el7 epel 81 k
apache-commons-fileupload noarch 1.3.1-4.el7 epel 75 k
apache-commons-io noarch 1:2.4-12.el7 base 189 k
apache-commons-lang noarch 2.6-15.el7 base 276 k
apache-commons-logging noarch 1.1.2-7.el7 base 78 k
apache-commons-pool noarch 1.6-9.el7 base 113 k
apache-commons-validator noarch 1.4.0-8.el7 base 170 k
apr x86_64 1.4.8-3.el7 base 103 k
apr-util x86_64 1.5.2-6.el7 base 92 k
asm noarch 1.5.3-7.jpp5 jpackage-generic 217 k
atk x86_64 2.14.0-1.el7 base 251 k
avalon-framework noarch 4.3-10.el7 base 88 k
avalon-logkit noarch 2.1-14.el7 base 87 k
bcel noarch 5.2-18.el7 base 469 k
bea-stax noarch 1.2.0-9.el7 base 176 k
bea-stax-api noarch 1.2.0-9.el7 base 31 k
bootstrap noarch 3.0.0-6.el7 spacewalk 123 k
bootstrap-datepicker noarch 1.3.0-3.el7 spacewalk 17 k
bsf noarch 2.4.0-19.el7 base 106 k
bzip2 x86_64 1.0.6-13.el7 base 52 k
c3p0 noarch 0.9.1.2-2.jpp5 jpackage-generic 583 k
cairo x86_64 1.14.2-1.el7 base 711 k
cal10n noarch 0.7.7-4.el7 base 36 k
cglib noarch 2.1.3-4.jpp5 jpackage-generic 540 k
classpathx-mail noarch 1.1.2-1.jpp5 jpackage-generic 784 k
cobbler20 noarch 2.0.11-62.el7 spacewalk 435 k
concurrent noarch 1.3.4-9.jpp5 jpackage-generic 223 k
copy-jdk-configs noarch 1.2-1.el7 base 14 k
createrepo noarch 0.9.9-26.el7 base 92 k
cups-libs x86_64 1:1.6.3-26.el7 base 356 k
dojo noarch 1.8.3-4.el7 epel 6.7 M
dom4j noarch 1.6.1-20.el7 base 277 k
dwr noarch 3.0rc2-7.el7 spacewalk 1.1 M
dwz x86_64 0.11-3.el7 base 99 k
easymock2 noarch 2.5.2-12.el7 base 92 k
ecj x86_64 1:4.2.1-8.el7 base 1.4 M
elfutils x86_64 0.166-2.el7 base 280 k
excalibur noarch 1:1.0-0.r508111.13.jpp5
jpackage-generic 26 k
excalibur-avalon-framework-api
noarch 1:4.3.1-0.r508111.13.jpp5
jpackage-generic 29 k
excalibur-avalon-framework-impl
noarch 1:4.3.1-0.r508111.13.jpp5
jpackage-generic 59 k
excalibur-avalon-logkit noarch 1:2.2.1-0.r508111.13.jpp5
jpackage-generic 79 k
flac-libs x86_64 1.3.0-5.el7_1 base 169 k
font-awesome noarch 4.0.3-2.el7 spacewalk 231 k
fontconfig x86_64 2.10.95-10.el7 base 229 k
fontpackages-filesystem noarch 1.44-8.el7 base 9.9 k
freemarker noarch 2.3.15-1.jpp5 jpackage-generic 827 k
gdb x86_64 7.6.1-94.el7 base 2.4 M
gdk-pixbuf2 x86_64 2.31.6-3.el7 base 559 k
genisoimage x86_64 1.1.11-23.el7 base 298 k
geronimo-jms noarch 1.1.1-19.el7 base 31 k
geronimo-jms-1.1-api noarch 1.2-13.jpp5 jpackage-generic 32 k
geronimo-jta noarch 1.1.1-17.el7 base 20 k
geronimo-specs-poms noarch 1.2-13.jpp5 jpackage-generic 21 k
geronimo-validation noarch 1.1-11.el7 epel 45 k
giflib x86_64 4.1.6-9.el7 base 40 k
glassfish-jaf noarch 1.1.0-5.jpp5 jpackage-generic 82 k
graphite2 x86_64 1.3.6-1.el7_2 base 112 k
gsm x86_64 1.0.13-11.el7 base 30 k
gtk2 x86_64 2.24.28-8.el7 base 3.4 M
hamcrest noarch 1.3-6.el7 base 124 k
harfbuzz x86_64 0.9.36-1.el7 base 156 k
hibernate3 noarch 3.2.4-1.SP1_CP01.9.jpp5
jpackage-generic 2.0 M
hicolor-icon-theme noarch 0.12-7.el7 base 42 k
hsqldb noarch 1:1.8.1.3-14.el7 base 950 k
http-parser x86_64 2.7.1-3.el7 epel 30 k
httpd x86_64 2.4.6-45.el7.centos base 2.7 M
httpd-tools x86_64 2.4.6-45.el7.centos base 84 k
isorelax noarch 1:0-0.15.release20050331.el7
base 75 k
jabberd x86_64 2.4.0-6.el7 epel 510 k
jabberpy noarch 0.5-0.27.el7 epel 70 k
jakarta-commons-el noarch 1.0-12.jpp5 jpackage-generic 109 k
jakarta-commons-httpclient noarch 1:3.1-16.el7_0 base 241 k
jakarta-oro noarch 2.0.8-16.el7 base 78 k
jakarta-taglibs-standard noarch 1.1.2-14.el7_1 base 303 k
jasper-libs x86_64 1.900.1-29.el7 base 149 k
java-1.7.0-openjdk x86_64 1:1.7.0.121-2.6.8.0.el7_3
updates 230 k
java-1.7.0-openjdk-devel x86_64 1:1.7.0.121-2.6.8.0.el7_3
updates 9.1 M
java-1.7.0-openjdk-headless
x86_64 1:1.7.0.121-2.6.8.0.el7_3
updates 25 M
java-1.8.0-openjdk x86_64 1:1.8.0.121-0.b13.el7_3
updates 232 k
java-1.8.0-openjdk-headless
x86_64 1:1.8.0.121-0.b13.el7_3
updates 31 M
javamail noarch 1.4.6-8.el7 base 758 k
javapackages-tools noarch 3.4.1-11.el7 base 73 k
javassist noarch 3.16.1-10.el7 base 627 k
jaxen noarch 1.1.3-11.el7 base 204 k
jboss-el-2.2-api noarch 1.0.1-0.7.20120212git2fabd8.el7
base 44 k
jboss-jsf-2.1-api noarch 2.0.2-9.1.el7 epel 628 k
jboss-jsp-2.2-api noarch 1.0.1-10.el7 epel 63 k
jboss-jstl-1.2-api noarch 1.0.3-13.el7 epel 416 k
jboss-servlet-3.0-api noarch 1.0.1-9.el7 base 82 k
jcommon noarch 1.0.12-3.jpp5 jpackage-generic 297 k
jdom noarch 1.1.3-6.el7 base 174 k
jline noarch 1.0-8.el7 base 69 k
jpam x86_64 0.4-28.el7 spacewalk 21 k
jquery-timepicker noarch 1.3.3-2.el7 spacewalk 9.0 k
jquery-ui noarch 1.10.4.custom-3.el7 spacewalk 13 k
junit noarch 4.11-8.el7 base 261 k
jython noarch 2.2-0.rc2.1.jpp5 jpackage-generic 1.7 M
libICE x86_64 1.0.9-2.el7 base 65 k
libSM x86_64 1.2.2-2.el7 base 39 k
libX11 x86_64 1.6.3-3.el7 base 606 k
libX11-common noarch 1.6.3-3.el7 base 162 k
libXau x86_64 1.0.8-2.1.el7 base 29 k
libXcomposite x86_64 0.4.4-4.1.el7 base 22 k
libXcursor x86_64 1.1.14-2.1.el7 base 30 k
libXdamage x86_64 1.1.4-4.1.el7 base 20 k
libXext x86_64 1.3.3-3.el7 base 39 k
libXfixes x86_64 5.0.1-2.1.el7 base 18 k
libXfont x86_64 1.5.1-2.el7 base 150 k
libXft x86_64 2.3.2-2.el7 base 58 k
libXi x86_64 1.7.4-2.el7 base 40 k
libXinerama x86_64 1.1.3-2.1.el7 base 14 k
libXrandr x86_64 1.4.2-2.el7 base 26 k
libXrender x86_64 0.9.8-2.1.el7 base 25 k
libXtst x86_64 1.2.2-2.1.el7 base 20 k
libXxf86vm x86_64 1.1.3-2.1.el7 base 17 k
libasyncns x86_64 0.8-7.el7 base 26 k
libdb4 x86_64 4.8.30-13.el7 epel 607 k
libfontenc x86_64 1.1.2-3.el7 base 30 k
libgsasl x86_64 1.8.0-8.el7 epel 131 k
libntlm x86_64 1.3-6.el7 base 44 k
libogg x86_64 2:1.3.0-7.el7 base 24 k
libpng x86_64 2:1.5.13-7.el7_2 base 213 k
libsndfile x86_64 1.0.25-10.el7 base 149 k
libthai x86_64 0.1.14-9.el7 base 187 k
libusal x86_64 1.1.11-23.el7 base 135 k
libvorbis x86_64 1:1.3.3-8.el7 base 204 k
libxcb x86_64 1.11-4.el7 base 189 k
libxshmfence x86_64 1.2-1.el7 base 7.2 k
libxslt x86_64 1.1.28-5.el7 base 242 k
lksctp-tools x86_64 1.0.17-2.el7 base 88 k
log4j noarch 1.2.17-15.el7 base 443 k
lsof x86_64 4.87-4.el7 base 331 k
m2crypto x86_64 0.21.1-17.el7 base 429 k
mailcap noarch 2.1.41-2.el7 base 31 k
mchange-commons noarch 0.2.3.4-4.el7 epel 508 k
mesa-libEGL x86_64 11.2.2-2.20160614.el7 base 85 k
mesa-libGL x86_64 11.2.2-2.20160614.el7 base 162 k
mesa-libgbm x86_64 11.2.2-2.20160614.el7 base 42 k
mesa-libglapi x86_64 11.2.2-2.20160614.el7 base 40 k
mod_ssl x86_64 1:2.4.6-45.el7.centos base 105 k
mod_wsgi x86_64 3.4-12.el7_0 base 76 k
momentjs noarch 2.6.0-4.el7 spacewalk 72 k
msv-xsdlib noarch 1:2013.5.1-7.el7 base 1.1 M
nutch noarch 1.0-0.16.20081201040121nightly.el7
spacewalk 22 M
objectweb-asm noarch 3.3.1-9.el7 base 197 k
osa-common noarch 5.11.74-1.el7 spacewalk 47 k
osa-dispatcher noarch 5.11.74-1.el7 spacewalk 41 k
osa-dispatcher-selinux noarch 5.11.74-1.el7 spacewalk 38 k
oscache noarch 2.4.1-1.jpp5 jpackage-generic 125 k
pango x86_64 1.36.8-2.el7 base 287 k
patch x86_64 2.7.1-8.el7 base 110 k
patternfly1 noarch 1.3.0-1.el7.centos ovirt-4.0-patternfly1-noarch-epel
2.3 M
pcsc-lite-libs x86_64 1.8.8-6.el7 base 34 k
perl x86_64 4:5.16.3-291.el7 base 8.0 M
perl-Authen-PAM x86_64 0.16-16.el7 epel 34 k
perl-Authen-SASL noarch 2.15-10.el7 base 57 k
perl-BerkeleyDB x86_64 0.51-4.el7 epel 148 k
perl-Business-ISBN noarch 2.06-2.el7 base 25 k
perl-Business-ISBN-Data noarch 20120719.001-2.el7 base 24 k
perl-Carp noarch 1.26-244.el7 base 19 k
perl-Class-Load noarch 0.20-3.el7 base 27 k
perl-Class-Singleton noarch 1.4-14.el7 base 18 k
perl-Compress-Raw-Bzip2 x86_64 2.061-3.el7 base 32 k
perl-Compress-Raw-Zlib x86_64 1:2.061-4.el7 base 57 k
perl-DBD-Pg x86_64 2.19.3-4.el7 base 195 k
perl-DBI x86_64 1.627-4.el7 base 802 k
perl-Data-Dumper x86_64 2.145-3.el7 base 47 k
perl-Data-OptList noarch 0.107-9.el7 base 23 k
perl-DateTime x86_64 2:1.04-5.el7 base 112 k
perl-DateTime-Locale noarch 0.45-6.el7 base 1.6 M
perl-DateTime-TimeZone noarch 1.63-2.el7 base 417 k
perl-Digest noarch 1.17-245.el7 base 23 k
perl-Digest-HMAC noarch 1.03-5.el7 base 16 k
perl-Digest-MD5 x86_64 2.52-3.el7 base 30 k
perl-Digest-SHA x86_64 1:5.85-3.el7 base 58 k
perl-Digest-SHA1 x86_64 2.13-9.el7 base 50 k
perl-Encode x86_64 2.51-7.el7 base 1.5 M
perl-Encode-Locale noarch 1.03-5.el7 base 16 k
perl-Exporter noarch 5.68-3.el7 base 28 k
perl-File-Listing noarch 6.04-7.el7 base 13 k
perl-File-Path noarch 2.09-2.el7 base 26 k
perl-File-Temp noarch 0.23.01-3.el7 base 56 k
perl-Filter x86_64 1.49-3.el7 base 76 k
perl-GSSAPI x86_64 0.28-9.el7 base 59 k
perl-Getopt-Long noarch 2.40-2.el7 base 56 k
perl-HTML-Parser x86_64 3.71-4.el7 base 115 k
perl-HTML-Tagset noarch 3.20-15.el7 base 18 k
perl-HTTP-Cookies noarch 6.01-5.el7 base 26 k
perl-HTTP-Daemon noarch 6.01-5.el7 base 20 k
perl-HTTP-Date noarch 6.02-8.el7 base 14 k
perl-HTTP-Message noarch 6.06-6.el7 base 82 k
perl-HTTP-Negotiate noarch 6.01-5.el7 base 17 k
perl-HTTP-ProxyAutoConfig noarch 0.3-8.el7 epel 17 k
perl-HTTP-Tiny noarch 0.033-3.el7 base 38 k
perl-IO-Compress noarch 2.061-2.el7 base 260 k
perl-IO-HTML noarch 1.00-2.el7 base 23 k
perl-IO-Socket-IP noarch 0.21-4.el7 base 35 k
perl-IO-Socket-SSL noarch 1.94-5.el7 base 114 k
perl-LWP-MediaTypes noarch 6.02-2.el7 base 24 k
perl-List-MoreUtils x86_64 0.33-9.el7 base 58 k
perl-Mail-RFC822-Address noarch 0.3-12.el7 spacewalk 9.1 k
perl-Module-Implementation noarch 0.06-6.el7 base 17 k
perl-Module-Runtime noarch 0.013-4.el7 base 19 k
perl-Net-DNS x86_64 0.72-6.el7 base 308 k
perl-Net-Daemon noarch 0.48-5.el7 base 51 k
perl-Net-HTTP noarch 6.06-2.el7 base 29 k
perl-Net-Jabber noarch 2.0-25.el7 epel 137 k
perl-Net-LibIDN x86_64 0.12-15.el7 base 28 k
perl-Net-SSLeay x86_64 1.55-4.el7 base 285 k
perl-Net-XMPP noarch 1.02-21.el7 epel 123 k
perl-Package-DeprecationManager
noarch 0.13-7.el7 base 18 k
perl-Package-Stash noarch 0.34-2.el7 base 34 k
perl-Package-Stash-XS x86_64 0.26-3.el7 base 31 k
perl-Params-Util x86_64 1.07-6.el7 base 38 k
perl-Params-Validate x86_64 1.08-4.el7 base 69 k
perl-PathTools x86_64 3.40-5.el7 base 82 k
perl-PlRPC noarch 0.2020-14.el7 base 36 k
perl-Pod-Escapes noarch 1:1.04-291.el7 base 51 k
perl-Pod-Perldoc noarch 3.20-4.el7 base 87 k
perl-Pod-Simple noarch 1:3.28-4.el7 base 216 k
perl-Pod-Usage noarch 1.63-3.el7 base 27 k
perl-Satcon noarch 2.6.1-1.el7 spacewalk 14 k
perl-Scalar-List-Utils x86_64 1.27-248.el7 base 36 k
perl-Socket x86_64 2.010-4.el7 base 49 k
perl-Storable x86_64 2.45-3.el7 base 77 k
perl-Sub-Install noarch 0.926-6.el7 base 21 k
perl-Text-ParseWords noarch 3.29-4.el7 base 14 k
perl-Thread-Queue noarch 3.02-2.el7 base 17 k
perl-Time-HiRes x86_64 4:1.9725-3.el7 base 45 k
perl-Time-Local noarch 1.2300-2.el7 base 24 k
perl-Time-ParseDate noarch 2015.103-1.el7 epel 39 k
perl-TimeDate noarch 1:2.30-2.el7 base 52 k
perl-Try-Tiny noarch 0.12-2.el7 base 23 k
perl-URI noarch 1.60-9.el7 base 106 k
perl-WWW-RobotRules noarch 6.02-5.el7 base 18 k
perl-XML-LibXML x86_64 1:2.0018-5.el7 base 373 k
perl-XML-NamespaceSupport noarch 1.11-10.el7 base 18 k
perl-XML-Parser x86_64 2.41-10.el7 base 223 k
perl-XML-SAX noarch 0.99-9.el7 base 63 k
perl-XML-SAX-Base noarch 1.08-7.el7 base 32 k
perl-XML-Simple noarch 2.20-5.el7 base 74 k
perl-XML-Stream noarch 1.23-9.el7 epel 78 k
perl-constant noarch 1.27-2.el7 base 19 k
perl-libs x86_64 4:5.16.3-291.el7 base 688 k
perl-libwww-perl noarch 6.05-2.el7 base 205 k
perl-macros x86_64 4:5.16.3-291.el7 base 43 k
perl-parent noarch 1:0.225-244.el7 base 12 k
perl-podlators noarch 2.5.1-3.el7 base 112 k
perl-srpm-macros noarch 1-8.el7 base 4.6 k
perl-threads x86_64 1.87-4.el7 base 49 k
perl-threads-shared x86_64 1.43-6.el7 base 39 k
perl-version x86_64 3:0.99.07-2.el7 base 84 k
pixman x86_64 0.34.0-1.el7 base 248 k
portlet-2.0-api noarch 1.0-9.el7 epel 55 k
postgresql x86_64 9.2.18-1.el7 base 3.0 M
postgresql-contrib x86_64 9.2.18-1.el7 base 551 k
postgresql-jdbc noarch 9.2.1002-5.el7 base 447 k
postgresql-libs x86_64 9.2.18-1.el7 base 232 k
postgresql-pltcl x86_64 9.2.18-1.el7 base 59 k
postgresql-server x86_64 9.2.18-1.el7 base 3.8 M
psmisc x86_64 22.20-11.el7 base 141 k
pulseaudio-libs x86_64 6.0-8.el7 base 581 k
pwstrength-bootstrap noarch 1.0.2-5.el7 spacewalk 7.2 k
pyOpenSSL x86_64 0.13.1-3.el7 base 133 k
pygobject2 x86_64 2.28.6-11.el7 base 226 k
python-debian noarch 0.1.27-3.el7 epel 92 k
python-deltarpm x86_64 3.6-3.el7 base 31 k
python-devel x86_64 2.7.5-48.el7 base 393 k
python-dmidecode x86_64 3.10.13-11.el7 base 82 k
python-gudev x86_64 147.2-7.el7 base 18 k
python-gzipstream noarch 2.3.3-1.el7 spacewalk 53 k
python-hwdata noarch 1.7.3-4.el7 base 32 k
python-javapackages noarch 3.4.1-11.el7 base 31 k
python-lxml x86_64 3.2.1-4.el7 base 758 k
python-netaddr noarch 0.7.5-7.el7 base 983 k
python-psycopg2 x86_64 2.5.1-3.el7 base 132 k
python2-simplejson x86_64 3.10.0-1.el7 epel 188 k
qdox noarch 1.12.1-10.el7 base 170 k
quartz noarch 1.8.4-6.el7 spacewalk 406 k
redhat-rpm-config noarch 9.1.0-72.el7.centos base 78 k
redstone-xmlrpc noarch 1.1_20071120-16.el7 spacewalk 58 k
regexp noarch 1.5-13.el7 base 47 k
relaxngDatatype noarch 1.0-11.el7 base 15 k
rhino noarch 1.7R4-5.el7 base 1.0 M
rhn-client-tools noarch 2.6.8-1.el7 spacewalk 483 k
rhnlib noarch 2.6.3-1.el7 spacewalk 68 k
rhnpush noarch 5.5.101-1.el7 spacewalk 94 k
roboto noarch 1.2-3.el7 spacewalk 386 k
rpm-build x86_64 4.11.3-21.el7 base 145 k
rsync x86_64 3.0.9-17.el7 base 360 k
ruby x86_64 2.0.0.648-29.el7 base 68 k
ruby-irb noarch 2.0.0.648-29.el7 base 89 k
ruby-libs x86_64 2.0.0.648-29.el7 base 2.8 M
rubygem-bigdecimal x86_64 1.2.0-29.el7 base 80 k
rubygem-io-console x86_64 0.4.2-29.el7 base 51 k
rubygem-json x86_64 1.7.7-29.el7 base 76 k
rubygem-psych x86_64 2.0.0-29.el7 base 78 k
rubygem-rdoc noarch 4.0.0-29.el7 base 319 k
rubygems noarch 2.0.14.1-29.el7 base 216 k
saxpath noarch 1.0-3.jpp5 jpackage-generic 34 k
select2 noarch 3.4.5-3.el7 spacewalk 36 k
select2-bootstrap-css noarch 1.3.0-5.el7 spacewalk 6.0 k
servletapi4 noarch 4.0.4-6.jpp5 jpackage-generic 76 k
simple-core noarch 3.1.3-7.el7 spacewalk 206 k
simple-xml noarch 2.6.7-4.el7 spacewalk 336 k
sitemesh noarch 2.4.1-1.jpp5 jpackage-generic 161 k
slf4j noarch 1.7.4-3.el7 base 170 k
spacewalk-admin noarch 2.6.1-1.el7 spacewalk 44 k
spacewalk-backend noarch 2.6.75-1.el7 spacewalk 208 k
spacewalk-backend-app noarch 2.6.75-1.el7 spacewalk 161 k
spacewalk-backend-applet noarch 2.6.75-1.el7 spacewalk 157 k
spacewalk-backend-config-files
noarch 2.6.75-1.el7 spacewalk 157 k
spacewalk-backend-config-files-common
noarch 2.6.75-1.el7 spacewalk 167 k
spacewalk-backend-config-files-tool
noarch 2.6.75-1.el7 spacewalk 160 k
spacewalk-backend-iss noarch 2.6.75-1.el7 spacewalk 155 k
spacewalk-backend-iss-export
noarch 2.6.75-1.el7 spacewalk 169 k
spacewalk-backend-libs noarch 2.6.75-1.el7 spacewalk 185 k
spacewalk-backend-package-push-server
noarch 2.6.75-1.el7 spacewalk 157 k
spacewalk-backend-server noarch 2.6.75-1.el7 spacewalk 530 k
spacewalk-backend-sql noarch 2.6.75-1.el7 spacewalk 176 k
spacewalk-backend-sql-postgresql
noarch 2.6.75-1.el7 spacewalk 158 k
spacewalk-backend-tools noarch 2.6.75-1.el7 spacewalk 370 k
spacewalk-backend-usix noarch 2.6.75-1.el7 spacewalk 153 k
spacewalk-backend-xml-export-libs
noarch 2.6.75-1.el7 spacewalk 210 k
spacewalk-backend-xmlrpc noarch 2.6.75-1.el7 spacewalk 265 k
spacewalk-base noarch 2.6.6-1.el7 spacewalk 75 k
spacewalk-base-minimal noarch 2.6.6-1.el7 spacewalk 88 k
spacewalk-base-minimal-config
noarch 2.6.6-1.el7 spacewalk 75 k
spacewalk-branding noarch 2.5.3-1.el7 spacewalk 327 k
spacewalk-certs-tools noarch 2.5.3-1.el7 spacewalk 89 k
spacewalk-common noarch 2.6.1-1.el7 spacewalk 7.9 k
spacewalk-config noarch 2.6.5-1.el7 spacewalk 34 k
spacewalk-doc-indexes noarch 2.6.2-1.el7 spacewalk 3.7 M
spacewalk-html noarch 2.6.6-1.el7 spacewalk 100 k
spacewalk-java noarch 2.6.49-1.el7 spacewalk 2.6 M
spacewalk-java-config noarch 2.6.49-1.el7 spacewalk 395 k
spacewalk-java-lib noarch 2.6.49-1.el7 spacewalk 7.9 M
spacewalk-java-postgresql noarch 2.6.49-1.el7 spacewalk 390 k
spacewalk-jpp-workaround noarch 2.3.5-1.el7 spacewalk 5.0 k
spacewalk-schema noarch 2.6.16-1.el7 spacewalk 935 k
spacewalk-search noarch 2.6.1-1.el7 spacewalk 3.7 M
spacewalk-selinux noarch 2.3.2-1.el7 spacewalk 19 k
spacewalk-setup noarch 2.6.2-1.el7 spacewalk 102 k
spacewalk-setup-jabberd noarch 2.3.2-1.el7 spacewalk 18 k
spacewalk-taskomatic noarch 2.6.49-1.el7 spacewalk 394 k
stringtree-json noarch 2.0.9-11.el7 spacewalk 12 k
struts noarch 1.3.10-12.el7 epel 956 k
susestudio-java-client noarch 0.1.4-4.el7 spacewalk 54 k
tanukiwrapper x86_64 3.2.3-16.el7 spacewalk 125 k
tcl x86_64 1:8.5.13-8.el7 base 1.9 M
tftp-server x86_64 5.2-13.el7 base 44 k
tomcat noarch 7.0.69-10.el7 base 88 k
tomcat-el-2.2-api noarch 7.0.69-10.el7 base 79 k
tomcat-jsp-2.2-api noarch 7.0.69-10.el7 base 93 k
tomcat-lib noarch 7.0.69-10.el7 base 3.8 M
tomcat-servlet-3.0-api noarch 7.0.69-10.el7 base 210 k
tomcat5-jsp-2.0-api noarch 5.5.27-7.jpp5 jpackage-generic 72 k
tomcat5-servlet-2.4-api noarch 5.5.27-7.jpp5 jpackage-generic 113 k
tomcat6-servlet-2.5-api noarch 6.0.18-9.jpp5 jpackage-generic 83 k
ttmkfdir x86_64 3.0.9-42.el7 base 48 k
tzdata-java noarch 2016j-1.el7 updates 182 k
udns x86_64 0.4-3.el7 epel 60 k
unzip x86_64 6.0-16.el7 base 169 k
uuid x86_64 1.6.2-26.el7 base 55 k
velocity noarch 1.7-10.el7 base 414 k
velocity-dvsl noarch 1.0-2.jpp5 jpackage-generic 39 k
velocity-tools noarch 1.4-1.jpp5 jpackage-generic 145 k
ws-jaxme noarch 0.5.2-10.el7 base 1.1 M
xalan-j2 noarch 2.7.1-23.el7 base 1.9 M
xerces-j2 noarch 2.11.0-17.el7_0 base 1.1 M
xml-commons-apis noarch 1.4.01-16.el7 base 227 k
xml-commons-resolver noarch 1.2-15.el7 base 108 k
xorg-x11-font-utils x86_64 1:7.5-20.el7 base 87 k
xorg-x11-fonts-Type1 noarch 7.5-9.el7 base 521 k
xpp3 noarch 1.1.3.8-11.el7 base 336 k
zip x86_64 3.0-11.el7 base 260 k
Transaction Summary
================================================================================
Install 2 Packages (+389 Dependent packages)
Total download size: 221 M
Installed size: 624 M
To begin the setup of Spacewalk use spacewalk-setup.
[root@myhost ~]# spacewalk-setup
Results
[root@myhost ~]# spacewalk-setup
* Setting up SELinux..
** Database: Setting up database connection for PostgreSQL backend.
** Database: Installing the database:
** Database: This is a long process that is logged in:
** Database: /var/log/rhn/install_db.log
*** Progress: ####
** Database: Installation complete.
** Database: Populating database.
*** Progress: ###########################
* Configuring tomcat.
* Setting up users and groups.
** GPG: Initializing GPG and importing key.
** GPG: Creating /root/.gnupg directory
You must enter an email address.
Admin Email Address? root@localhost
* Performing initial configuration.
* Configuring apache SSL virtual host.
Should setup configure apache's default ssl server for you (saves original ssl.conf) [Y]?
** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave
* Configuring jabberd.
* Creating SSL certificates.
CA certificate password?
Re-enter CA certificate password?
Organization? your.organization
Organization Unit [myhost.mydomain.net]?
Email Address [root@localhost]?
City? mycity
State? mystate
Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? US
** SSL: Generating CA certificate.
** SSL: Deploying CA certificate.
** SSL: Generating server certificate.
** SSL: Storing SSL certificates.
* Deploying configuration files.
* Update configuration in database.
* Setting up Cobbler..
Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y]?
* Restarting services.
Installation complete.
Visit https://myhost.mydomain.net to create the Spacewalk administrator account.
Before proceeding, verify services are operating by starting the services one at a time. Begin with shutting them down using rhn-satellite then systemctl to start and review each service.
[root@myhost ~]# rhn-satellite stop
[root@myhost ~]# systemctl start postgresql.service
[root@myhost ~]# systemctl status postgresql.service
[root@myhost ~]# systemctl start jabberd.service
[root@myhost ~]# systemctl status jabberd.service
[root@myhost ~]# systemctl start tomcat.service
[root@myhost ~]# systemctl status tomcat.service
[root@myhost ~]# systemctl start httpd.service
[root@myhost ~]# systemctl status httpd.service
[root@myhost ~]# systemctl start osa-dispatcher.service
[root@myhost ~]# systemctl status osa-dispatcher.service
[root@myhost ~]# systemctl start rhn-search.service
[root@myhost ~]# systemctl status rhn-search.service
[root@myhost ~]# systemctl start cobblerd
[root@myhost ~]# systemctl status cobblerd
[root@myhost ~]# systemctl start taskomatic.service
[root@myhost ~]# systemctl status taskomatic.service
List of Spacewalk Services
If using systemctl, services are in startup order. To shutdown, reverse the order.
- postgresql.service
- jabberd.service
- tomcat.service
- httpd.service
- osa-dispatcher.service
- rhn-search.service
- cobblerd
- taskomatic.service
See man rhn-satellite for managing the suite of Spacewalk services for general system administration.
osa-dispatcher
The service osa-dispatcher uses jabberd. As of February 2017, I ran into the bug or misconfiguration cited in the URL below. Essentially, osa-dispatcher is starting before jabberd and its dependency have completed their initial load resulting in osa-dispatcher faulting. This will result in Spacewalk's push actions not working.
The solution presented was to add a dependency on jabber-2fs for the osa-dispatcher unit file. It does not work reliably. However, if you review the discussion closely, one of the posters used a timer process to delay the execution of osa-dispatcher for 60 seconds. A solution that does work (for me).
The solution.
[root@myhost ~]# mkdir /etc/systemd/system/osa-dispatcher.service.d
[root@myhost ~]# vi /etc/systemd/system/osa-dispatcher.service.d/10-dependency.conf
Copy+paste
[Service]
ExecStartPre=/bin/sleep 60
Once up and running, backup the system using your established practices. Spacewalk's GitHub has a backup article found here:
https://github.com/spacewalkproject/spacewalk/wiki/SpacewalkBackup
Using CentOS 7 to illustrate the creation of a Channel, we will begin by creating repositories, channels, then an initial repository synchronization.
##Create Repositories
To create a repository
- Logon to the Spacewalk portal
- Select the "Channel" Tab
- Select "Manage Software Channels" menu (left pane)
- Select "Manage Repositories" sub menu
- Select "+ Create Repository"
- Enter Repository Label: "CentOS 7 Base Repo"
- Enter Repository URL: "http://mirror.centos.org/centos/7/os/x86_64/"
- Accept the default Repository Type: yum
- Select "Create Repository" button
Mirrors
Use mirror sites for your repositories that are geographically nearest to you. Typically, a repository nearer to you will perform better. For example, I have several universities in my state or province, so I use them instead of the project's master repositories as shown in my examples.
Repeat the instructions above for CentOS 7 Updates, EPEL, and Spacewalk client repositories using the values given below.
CentOS 7 Updates Repo
- Repository Label: CentOS 7 Updates Repo
- Repository URL: http://mirror.centos.org/centos/7/updates/x86_64/
CentOS 7 Extras Repo
- Repository Label: CentOS 7 Extras Repo
- Repository URL: http://mirror.centos.org/centos/7/extras/x86_64/
EPEL Repo
- Repository Label: EPEL 7 Repo
- Repository URL: http://dl.fedoraproject.org/pub/epel/7/x86_64/
Spacewalk Client Repo
- Repository Label: Spacewalk RHEL 7 Client Repo
- Repository URL: http://yum.spacewalkproject.org/latest-client/RHEL/7/x86_64/
To create the CentOS 7 parent channel
- Logon to the Spacewalk portal
- Select the "Channel" Tab
- Select "Manage Software Channels" menu (left pane)
- Select "+ Create Channel"
- Enter Channel Name: "CentOS 7"
- Enter Channel Label: "centos-7-base"
- Accept the default Parent Channel: None
- Accept the default Architecture: x86_64
- Select Yum Repository Checksum Type: SHA256
- Enter Channel Summary: "CentOS 7 Channel"
- Enter GPG key URL: "http://mirror.centos.org/centos/7/os/x86_64/RPM-GPG-KEY-CentOS-7"
- Enter key ID: "F4A80EB5"
- Enter key Fingerprint: "6341 AB27 53D7 8A78 A7C2 7BB1 24C6 A8A7 F4A8 0EB5"
- Select "Create Channel" button
- Select "Repositories" sub tab
- Select (check) "CentOS 7 Base Repo"
- Select "Update Repositories" button
GPG
How do you obtain the GPG information? The key may exist in /etc/pki/rpm-gpg/, otherwise, copy and paste the URL for the repository in your internet browser. Look for a file starting with 'RPM-GPG-KEY' at the root directory. Sometimes the keys will reside elsewhere, but, typically, they will be at the root or in a parent directory.
Download the file if necessary then execute the following:
[root@myhost rpm-gpg]# gpg --with-fingerprint RPM-GPG-KEY-CentOS-7
pub 4096R/F4A80EB5 2014-06-23 CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>
Key fingerprint = 6341 AB27 53D7 8A78 A7C2 7BB1 24C6 A8A7 F4A8 0EB5
The Key ID is the 8 digit prior to the date which happens to be the last 8 digits of the key fingerprint.
To create children channels for the CentOS 7 parent channel, we repeat the steps used to create the parent channel but change the value for "Parent Channel" from "None" to "CentOS 7" and enter the child channel specific values.
CentOS 7 Updates Child Channel
- Channel Name: CentOS 7 Updates
- Channel Label: centos-7-updates
- Parent Channel: CentOS 7
- Architecture: x86_64
- Yum Repository Checksum Type: SHA256
- Channel Summary: CentOS 7 Updates Channel
- GPG key URL: http://mirror.centos.org/centos/7/os/x86_64/RPM-GPG-KEY-CentOS-7
- GPG key ID: F4A80EB5
- GPG key Fingerprint: 6341 AB27 53D7 8A78 A7C2 7BB1 24C6 A8A7 F4A8 0EB5
- CentOS 7 Update Repo
CentOS 7 Extras Child Channel
- Channel Name: CentOS 7 Extras
- Channel Label: centos-7-extras
- Parent Channel: CentOS 7
- Architecture: x86_64
- Yum Repository Checksum Type: SHA256
- Channel Summary: CentOS 7 Extras Channel
- GPG key URL: http://mirror.centos.org/centos/7/os/x86_64/RPM-GPG-KEY-CentOS-7
- GPG key ID: F4A80EB5
- GPG key Fingerprint: 6341 AB27 53D7 8A78 A7C2 7BB1 24C6 A8A7 F4A8 0EB5
- CentOS 7 Extras Repo
EPEL 7 Child Channel
- Channel Name: EPEL 7
- Channel Label: epel-7
- Parent Channel: CentOS 7
- Architecture: x86_64
- Yum Repository Checksum Type: SHA256
- Channel Summary: Extra Packages for Enterprise Linux 7 Channel
- GPG key URL: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
- GPG key ID: 352C64E5
- GPG key Fingerprint: 91E9 7D7C 4A5E 96F1 7F3E 888F 6A2F AEA2 352C 64E5
- EPEL 7 Repo
Spacewalk Client Child Channel
- Channel Name: Spacewalk RHEL 7 Client
- Channel Label: spacewalk-rhel7-client
- Parent Channel: CentOS 7
- Architecture: x86_64
- Yum Repository Checksum Type: SHA256
- Channel Summary: Spacewalk RHEL 7 Client Channel
- GPG key URL: http://yum.spacewalkproject.org/RPM-GPG-KEY-spacewalk-2015
- GPG key ID: B8002DE1
- GPG key Fingerprint: A5FC 508C DD3C C46D 3C3B 4612 DCC9 81CD B800 2DE1
- Spacewalk RHEL 7 Client Repo
Each parent channel has an activation key associated with it which must be specified when configuring a Spacewalk Client. On creation of an activation key, it will generate a random key or you can specify the key. Each client can only use one parent channel.
- Select "Systems" tab
- Select "Activation Keys" menu
- Select "+ Create Key" in center pane
- Enter a Description: "CentOS 7 Channel Key"
- Either enter a key or leave blank: "centos7key" (results with "1-centos7key" as the key)
- Select Base Channel: CentOS 7
- Select "Create Activiation Key" button
After the creation of a channel, its repository will need to be synchronized prior to use. For the initial synchronization, use the command line for it provides ongoing standard and error output that the web portal does not. After the initial synchronization, schedule regular channel updates and use the portal or command line to synchronize updates to refresh as needed between scheduled synchronizations.
Warning
Initial synchronization of the EPEL repository can take a day or more depending on bandwidth, so use screen or tmux to preserve your SSH sessions. Daniel Miessler has an excellent primer on tmux.
Synchronize using spacewalk-repo-sync --channel <channel_label> --type yum where "channel" is channel label not channel name found for each channel under Channels --> Manage Software Channels.
Execute the following one at a time until they complete successfully. If the synchronization is interrupted, execute again, it will resume after completing a verification. Also, log are found in /var/log/rhn/repo-sync/ using the file name channel_label.log, e.g. centos-7-base.log.
[root@myhost ~]# spacewalk-repo-sync --channel centos-7-base --type yum
[root@myhost ~]# spacewalk-repo-sync --channel centos-7-updates --type yum
[root@myhost ~]# spacewalk-repo-sync --channel centos-7-extras --type yum
[root@myhost ~]# spacewalk-repo-sync --channel epel-7 --type yum
[root@myhost ~]# spacewalk-repo-sync --channel spacewalk-rhel7-client --type yum
Once completed, review the results
- Select "Channels"
- Select "Show All Child Channels"
spacewalk-repo-sync
After initial synch, use the --parent-channel to synchronize parent and its child repositories where "parent-channel" is the parent channel label.
[root@myhost ~]# /usr/bin/spacewalk-repo-sync --parent-channel centos-7-base
Note there is no use of --type with "parent-channel." Also, use --dry-run to test syntax of spacewalk-repo-sync.
The Spacewalk client is a CentOS 7 Minimal virtual machine using, generally, default settings.
The external CentOS 7 repository contains a number of Spacewalk (rhn) client packages. If used, you will likely experience problems and. Not surprising since the Spacewalk server and client would be different versions.
EPEL
The Spacewalk web site calls out that EPEL may have needed dependencies for the Spacewalk-client packages. I didn't see any, but better safe than sorry.
[root@myclient ~]# yum install epel-release
Results
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
epel-release noarch 7-9 extras 14 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 14 k
Installed size: 24 k
Is this ok [y/d/N]:
Spacewalk-client
Install the Spacewalk client repository. Note the client version is 2.6 which is the same for our Spacewalk 2.6 server.
[root@myclient ~]# yum install http://yum.spacewalkproject.org/2.6-client/RHEL/7/x86_64/spacewalk-client-repo-2.6-0.el7.noarch.rpm
Results
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
spacewalk-client-repo
noarch 2.6-0.el7 /spacewalk-client-repo-2.6-0.el7.noarch 426
Transaction Summary
================================================================================
Install 1 Package
Total size: 426
Installed size: 426
Is this ok [y/d/N]:
Clean yum, update, and reboot before proceeding.
[root@myclient ~]# yum clean all && yum -y update && reboot
Spacewalk client packages to register and utilize basic Spacewalk features like registration and Software Channels are listed below.
- m2crypto
- rhn-check
- rhn-client-tools
- rhn-setup
- rhnsd
- yum-rhn-plugin
Install the Spacewalk-client packages.
[root@myclient ~]# yum install m2crypto rhn-check rhn-client-tools rhn-setup rhnsd yum-rhn-plugin
Results
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
m2crypto x86_64 0.21.1-17.el7 base 429 k
rhn-check noarch 2.6.8-1.el7 spacewalk-client 58 k
rhn-client-tools noarch 2.6.8-1.el7 spacewalk-client 483 k
rhn-setup noarch 2.6.8-1.el7 spacewalk-client 94 k
rhnsd x86_64 5.0.25-1.el7 spacewalk-client 47 k
yum-rhn-plugin noarch 2.6.3-1.el7 spacewalk-client 84 k
Installing for dependencies:
libxml2-python x86_64 2.9.1-6.el7_2.3 base 247 k
pyOpenSSL x86_64 0.13.1-3.el7 base 133 k
pygobject2 x86_64 2.28.6-11.el7 base 226 k
python-dmidecode x86_64 3.10.13-11.el7 base 82 k
python-gudev x86_64 147.2-7.el7 base 18 k
python-hwdata noarch 1.7.3-4.el7 base 32 k
rhnlib noarch 2.6.3-1.el7 spacewalk-client 68 k
Transaction Summary
================================================================================
Install 6 Packages (+7 Dependent packages)
Total download size: 2.0 M
Installed size: 8.3 M
Is this ok [y/d/N]:
The Spacewalk server's public certificate is needed to establish a jabber connection from the client in support of osad.
Download the Spacewalk certificate.
[root@myclient rhn]# cd /usr/share/rhn/
[root@myclient rhn]# curl -O http://myhost.mydomain.net/pub/RHN-ORG-TRUSTED-SSL-CERT
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 5471 100 5471 0 0 986 0 0:00:05 0:00:05 --:--:-- 1356
GPG keys are used to validate or authenticate RPM packages. Prior to using Spacewalk repositories, a Spacewalk client must have the GPG keys for each corresponding repository for registered parent and child channels.
Identify what GPG keys are current installed.
[root@myclient rpm-gpg]# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
gpg-pubkey-f4a80eb5-53a7ff4b --> gpg(CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>)
gpg-pubkey-352c64e5-52ae6884 --> gpg(Fedora EPEL (7) <[email protected]>)
gpg-pubkey-fe590cb7-533d77ee --> gpg(oVirt <[email protected]>)
The CentOS 7 Official Signing Key shown above is used for external and Spacewalk centos-7-base and centos-7-updates repositories; the Fedora EPEL 7 key is used for the external and Spacewalk epel-7 repository; and the oVirt key is for the Open Virtualization Project external repository and does not reside on Spacewalk--oVirt's repo is HUGE so I opted to not spacewalk-repo-sync it. However, we are missing the spacewalk-client repository.
My practice is to download the GPG keys for each repository to the registered parent and child channels using curl (or wget) into /etc/pki/rpm-gpg/ then import into the rpm database for each client. Let's retrieve the missing spacewalk-client key and import.
[root@myclient ~]# cd /etc/pki/rpm-gpg/
[root@myclient rpm-gpg]# curl -O http://yum.spacewalkproject.org/RPM-GPG-KEY-spacewalk-2015
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 881 100 881 0 0 1434 0 --:--:-- --:--:-- --:--:-- 1434
[root@myclient rpm-gpg]# ll
total 24
-rw-r--r--. 1 root root 1690 Dec 9 2015 RPM-GPG-KEY-CentOS-7
-rw-r--r--. 1 root root 1004 Dec 9 2015 RPM-GPG-KEY-CentOS-Debug-7
-rw-r--r--. 1 root root 1690 Dec 9 2015 RPM-GPG-KEY-CentOS-Testing-7
-rw-r--r--. 1 root root 1662 Jul 23 2016 RPM-GPG-KEY-EPEL-7
-rw-r--r-- 1 root root 881 Feb 11 06:55 RPM-GPG-KEY-spacewalk-2015
-rw-r--r--. 1 root root 1715 Aug 30 05:50 RPM-GPG-ovirt-4.0
Import key
[root@myclient rpm-gpg]# rpm --import RPM-GPG-KEY-spacewalk-2015
Executing a query against the rpm database will now result with the Spacewalk GPG key.
[root@myclient rpm-gpg]# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
Results
gpg-pubkey-f4a80eb5-53a7ff4b --> gpg(CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>)
gpg-pubkey-352c64e5-52ae6884 --> gpg(Fedora EPEL (7) <[email protected]>)
gpg-pubkey-fe590cb7-533d77ee --> gpg(oVirt <[email protected]>)
gpg-pubkey-b8002de1-553126bd --> gpg(Spacewalk <[email protected]>)
Include adding the keys as part of your system build process.
[root@myclient ~]# rhnreg_ks --serverUrl=http://myspacewalk.mydomain.net/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-centos7key
After registering, the command will exit without a message. From the Spacewalk portal, select "Systems" and "Recently Registered" to view the registered client within Spacewalk's portal. If you stumble, you can remove the system using the Spacewalk portal, then return to the client to execute the command above to register again but you must add the --force option.
Prior to using Spacewalk Channels, conflicting repositories in /etc/yum.repo/ need to be disabled. Change the value of "enabled" from 1 to 0. On CentOS, the CentOS base repository files may not have an "enabled" so just enter enabled=0 at the end of the stanza for each repository to disable them.
For example, revise /etc/yum.repos.d/CentOS-Base.repo and add enabled=0 to disable the repositories.
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
and more..
Next, clean yum and review the repolist before proceeding to the next section.
[root@myclient ~]# yum clean all
[root@myclient ~]# yum repolist
Results
repo id repo name status
centos-7-base CentOS 7 9,363
centos-7-updates CentOS 7 Updates 807
centos-7-extras CentOS 7 Extras #
epel-7 EPEL 7 11,208
spacewalk-rhel7-client Spacewalk RHEL 7 Client 25
The results from yum repolist mirrors our Spacewalk "CentOS 7" parent and child channels.
To utilize the Spacewalk Configuration Channels and initiate push actions.
- osad
- rhncfg
- rhncfg-actions
- rhncfg-client
[root@myclient yum.repos.d]# yum install osad rhncfg rhncfg-actions rhncfg-client
Results
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
osad noarch 5.11.74-1.el7 spacewalk-rhel7-client 45 k
rhncfg noarch 5.10.99-1.el7 spacewalk-rhel7-client 73 k
rhncfg-actions noarch 5.10.99-1.el7 spacewalk-rhel7-client 46 k
rhncfg-client noarch 5.10.99-1.el7 spacewalk-rhel7-client 43 k
Installing for dependencies:
jabberpy noarch 0.5-0.27.el7 epel-7 70 k
osa-common noarch 5.11.74-1.el7 spacewalk-rhel7-client 47 k
spacewalk-backend-usix noarch 2.6.75-1.el7 spacewalk-rhel7-client 153 k
Transaction Summary
================================================================================
Install 4 Packages (+3 Dependent packages)
Total download size: 477 k
Installed size: 850 k
Is this ok [y/d/N]:
Spacewalk's client rhncfg packages initiates (pulls) instructions (actions) from the Spacewalk server every 240 minutes with rhn_check. A very nice feature, but if you want to initiate (push) from the Spacewalk server to systems, you will want to implement osad (next section) as well.
The rhncfg packages were installed above in the section titled Additional Spacewalk client Packages.
[root@myclient ~]# rhn-actions-control --report
deploy is disabled
diff is disabled
upload is disabled
mtime_upload is disabled
run is disabled
[root@myclient ~]# rhn-actions-control --enable-all
[root@myclient ~]# rhn-actions-control --report
deploy is enabled
diff is enabled
upload is enabled
mtime_upload is enabled
run is enabled
After enabling actions on the client, test using the Spacewalk portal. Remember, port 5222/tcp must accept incoming connection from the client to the Spacewalk server.
- Logon to the Spacewalk portal
- Select "Systems" tab
- Select a registered system
- Select "Software" sub tab
- Select "Packages" tab
- Select "Verify" tab
- Select and check mark the first package
- Select "Verify Selected Packages" button (bottom right)
- Select "Confirm" to schedule the action
- Select "Schedule" (top)
- Note the "Package Verify scheduled by admin" and status "Pending"
At this point, actions await for the next scheduled client connection (see the note below). To test, we will force a check from the client.
- Logon to the Spacewalk client
- Execute
rhn_check
Once rhn_check has completed, the bash prompt will return without a message. Return to the Spacewalk portal and refresh the Schedule page. It should now display that the action "Succeeded."
NOTE
The rhnsd service utilizes rhn_check and by default a Spacewalk client will check in every 240 minutes or 4 hours as set in /etc/sysconfig/rhn/rhnsd. The timer can be decreased to a minimum of 60 minutes. From a Spacewalk client, you can execute rhn_check to force a check in during initial testing.
To push actions from the Spacewalker server to a system or a group of systems without waiting for the 240 minutes timer, Spacewalk server utilizes osa-dispatcher and client-side osad processes. These processes communicate using the jabber messaging protocol.
The osad package was installed above in the section titled Additional Spacewalk client Packages. The additional prerequesite, the Spacewalk server certificate, was met in the section titled Certificate.
Next we need to configure osad.
Update osad.conf to use the Spacewalk server's certificate.
[root@myclient ~]# vi /etc/sysconfig/rhn/osad.conf
# Use a different certificate from what up2date is using
# This should point to the satellite certificate for
# server_name
osa_ssl_cert = /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
Enable, start, and check status of the osad service.
[root@myclient ~]# systemctl enable osad
Created symlink from /etc/systemd/system/multi-user.target.wants/osad.service to /usr/lib/systemd/system/osad.service.
[root@myclient ~]# systemctl start osad
[root@myclient ~]# systemctl status osad
● osad.service - OSAD daemon
Loaded: loaded (/usr/lib/systemd/system/osad.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2017-02-11 13:47:48 PST; 38s ago
Process: 3602 ExecStart=/usr/sbin/osad --pid-file /var/run/osad.pid (code=exited, status=0/SUCCESS)
Main PID: 3605 (osad)
CGroup: /system.slice/osad.service
└─3605 /usr/bin/python -s /usr/sbin/osad --pid-file /var/run/osad....
Feb 11 13:47:38 myclient.mydomain.net systemd[1]: Starting OSAD daemon...
Feb 11 13:47:48 myclient.mydomain.net systemd[1]: Started OSAD daemon.
[root@myclient ~]#
Missed Package Dependency?!
If osad fails to start and systemctl status osad.service -l displays the following:
Feb 12 22:57:50 myclient.mydomain.net systemd[1]: Starting OSAD daemon...
Feb 12 22:57:50 myclient.mydomain.net osad[1150]: Unable to load module osad
Feb 12 22:57:50 myclient.mydomain.net osad[1150]: No module named i18n
Feb 12 22:57:50 myclient.mydomain.net systemd[1]: osad.service: control process exited, code=exited status=1
Feb 12 22:57:50 myclient.mydomain.net systemd[1]: Failed to start OSAD daemon.
Feb 12 22:57:50 myclient.mydomain.net systemd[1]: Unit osad.service entered failed state.
Feb 12 22:57:50 myclient.mydomain.net systemd[1]: osad.service failed.
This error was fixed by using the Spacewalk client versus CentOS 7 external repository and yum update.
It may be as simple as updating package rhnlib which provides i18n. Untested. The presence of i18n in the package can be verified using rpm -ql rhnlib | grep i18n.
Repeat the test we used for rhncfg but instead of using rhn_check, the scheduled task should complete within a few minutes.
I am experimenting with the following script to register and complete remaining configuration. It is half-baked, admittedly.
#!/bin/bash
# reg-spacewalk.sh: Spacewalk Registration
# Register
echo "Registering with Spacewalk.."
rhnreg_ks --serverUrl=http://myhost.mydomain.net/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-centos7key
echo "Registration complete?"
echo ""
echo "Registration successfully completed with Check Spacewalk Server?"
read -p "Press enter to continue"
# Yum Clean
echo "Clean yum."
yum clean all
echo "Clean completed."
# Disable External Repos Supported by Spacewalk
echo "Disabling CentOS Repository."
sed -i 's/enabled=1/enabled=0/g' /etc/yum.repos.d/CentOS-Base.repo
echo "Disabling EPEL Repository."
sed -i 's/enabled=1/enabled=0/g' /etc/yum.repos.d/epel.repo
echo "Disabling Spacewalk-client Repository."
sed -i 's/enabled=1/enabled=0/g' /etc/yum.repos.d/spacewalk-client.repo
yum repolist
echo ""
echo "Repositories disabled?"
read -p "Press enter to continue"
# Install rhcfg & osad package
echo "Install rhncfg & osad packages."
yum install osad rhncfg rhncfg-actions rhncfg-client
echo ""
echo "Packages installed?"
read -p "Press enter to continue"
# Enable Actions
echo "Enable all actions"
rhn-actions-control --enable-all
rhn-actions-control --report
echo ""
echo "Actions enabled?"
read -p "Press enter to continue"
# Set osad certificate
echo "Set osad certificate."
sed -i 's/osa_ssl_cert[ ]=/osa_ssl_cert = \/usr\/share\/rhn\/RHN-ORG-TRUSTED-SSL-CERT/g' /etc/sysconfig/rhn/osad.conf
cat /etc/sysconfig/rhn/osad.conf
echo ""
echo "Did osa_ssl_cert update to RHN-ORG-TRUSTED-SSL-CERT?"
read -p "Press enter to continue"
# Start osad
echo "Enable and start osad."
systemctl enable osad
systemctl start osad
systemctl status osad
echo " "
echo "All tasks completed!"
echo ""
echo "Hit enter to reboot or CTRL-c to exit."
read -p "Press enter to continue"
reboot
Using the Spacewalk portal, select on the left menu Admin, Spacewalk Configuration, then in the center pane the Restart tab and button.
Using the command line, execute as root rhn-satellite [start/stop/restart] where "[] is the desired argument.
If you need to change the hostname or IP address, you will need to install spacewalk-utils and use the spacewalk-hostname-rename utility.
# spacewalk-hostname-rename <ip_address>
Reboot Spacewalk, logon to Spacewalk portal.
- Select "Admin"
- Select "Task Engine Status"
- All should read "Finished" however if Cobbler shows failed the likely culprit is name resolution
- Update DNS record for the Spacewalk server
- Update /etc/hosts if using static
- Update client firewalls to permit icmp type 8 (ping) from Spacewalk server.
- Copy RPM-GPG file to /var/www/html/pub/ for ease of retrieval for Fedora hosts that insist on local copies of GPG files.
- If using Spacewalk nighties, the packages are not signed. I will research further, but at this point I will not bother with creating a repo and channels. Pain!
The references given below provide details on the configuration components outside the scope of this article.
LDAP
Content
- https://github.com/spacewalkproject/spacewalk/wiki/UploadContent
- https://github.com/spacewalkproject/spacewalk/wiki/UploadFedoraContent
Client Configuration
- https://github.com/spacewalkproject/spacewalk/wiki/ClientPackages
- https://github.com/spacewalkproject/spacewalk/wiki/RegisteringClients
Monitoring via SSH
OSAD (& jabberd)
- https://github.com/spacewalkproject/spacewalk/wiki/OSADSetup
- https://github.com/spacewalkproject/spacewalk/wiki/OsadHowTo
- https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/5.7/html/Installation_Guide/Enabling_Push_to_Clients.html
- https://access.redhat.com/solutions/327903
- https://github.com/spacewalkproject/spacewalk/pull/462
- https://github.com/spacewalkproject/spacewalk/pull/462/files
Using SSL Certificates
Monitoring
- https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/5.6/html/Reference_Guide/sect-Reference_Guide-Monitoring-Configuring_the_Red_Hat_Network_Monitoring_Daemon_rhnmd.html https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/5.6/html/Reference_Guide/sect-Reference_Guide-Red_Hat_Network_Monitoring_Daemon_rhnmd-Installing_the_SSH_key.html
- https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/5.7/html-single/User_Guide/index.html#chap-Monitoring
- https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/5.7/html-single/User_Guide/index.html#Configuring_SSH
OpenSCAP
SMTP Notifications
Troubleshooting
Red Hat Spacewalk
Next article in the series is Root Certificate Authority (PKI) with Dogtag 10.3 on CentOS 7.3.1611.