SpaceWalk How To on Red Hat and Centos

SpaceWalk How To on Red Hat and Centos

Install Spacewalk

What is Spacewalker?

Spacewalk is an open source package and system management solution for RedHat derivative distributions like CentOS, Scientific Linux and Fedora, developed by the spacewalk community. Spacewalk is the upstream project for the source of ​Red Hat Satellite, It is released under GPLv2 license.

Spacewalk provides the web interface to manage and view the updates for the system that are registered with Spacewalk, we can initiate the task such as install, update, inventory, and so on. Here is the small tutorial about installing Spacewalk on both Centos and RHEL

 

 

Features:

  • Inventory of the systems
  • Install and Update system packages.
  • Configuring Kick-start installation.
  • Deploy and Manage the configuration files from singe location
  • Start / Stop / Configure the guests.
  • Distribute the content across the multiple Geo graphical location using spacewalk proxy.

This posting will provide the steps on how to install Spacewalker on Centos 

Prerequsites

  • Outbound open ports 80, 443
  • Inbound open ports 80, 443, 5222 (only if you want to push actions to client machines) and 5269 (only for push actions to a Spacewalk Proxy), 69 udp if you want to use tftp
  • Storage for database: 250 KiB per client system + 500 KiB per channel + 230 KiB per package in channel (i.e. 1.1GiB for channel with 5000 packages)
  • Storage for packages (default /var/satellite): Depends on what you’re storing; Red Hat recommend 6GB per channel for their channels
  • 2GB RAM minimum, 4GB recommended
  • Underlying (SpaceWalk Server) OS is fully up-to-date.

Setup Repositories:

Before installing Spacewalk on CentOS, we must configure required repositories for Spacewalk setup.

Lets first setup Spacewalk repository, at the time of writing, latest available Spacewalk version was 2.3.

rpm -Uvh http://yum.spacewalkproject.org/2.3/RHEL/7/x86_64/spacewalk-repo-2.3-4.el7.noarch.rpm

Setup Jpackage Repo:

vi /etc/yum.repos.d/jpackage-generic.repo

Add the following.

[jpackage-generic]
name=JPackage generic
#baseurl=http://mirrors.dotsrc.org/pub/jpackage/5.0/generic/free/
mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&type=free&release=5.0
enabled=1
gpgcheck=1
gpgkey=http://www.jpackage.org/jpackage.asc

Setup EPEL repo on CentOS 7.

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Your Spacewalk server should have a resolvable fully-qualified domain name (FQDN) such as “hostname.domain.com”, to do that; edit /etc/hosts file.

vi /etc/hosts

Modify it according to your environment.

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
# Your Spacewalk Server192.168.12.3 server.itzgeek.local server

Configure Firewall:

As said in the prerequisites, we need to have outbound port opened. Run the following on terminal to allow the required ports.

firewall-cmd --permanent --add-service=http ; firewall-cmd --permanent --add-service=https

Add port 5222 if you want to push actions to client machines and 5269 for push actions to a Spacewalk Proxy, 69 udp if you want to use tftp.

Restart firewall service using command

Install Spacewalk on CentOS 7 - Overview of Spacewalk

 

 Reference:

How to Install Spacewalk.
http://www.itzgeek.com/how-tos/linux/centos-how-tos/how-to-install-spacewalk-on-centos-7-rhel-7.html

Spacewalker
http://spacewalk.redhat.com/

Some useful and relevant sites include:

Red Hat Satellite

Spacewalk

Systems Management

  • Cobbler – Provisioning and Kickstarts
  • FreeIPA – Identity, Policy, Audit tool using Kerberos and LDAP
  • Pulp – Software Management
  • Katello – Systems Management
  • The Foreman – Provisioning and Kickstarts
  • Candlepin – Subscription Management

OpenSource- Spacewalk
http://opensourceforu.com/2016/03/patch-management-made-easy-with-spacewalk/

Notes:

1
yum update
1
2
3
4
5
rpm -Uvh <a class="vglnk" href="http://spacewalk.redhat.com/yum/latest/RHEL/6/x86_64/spacewalk-repo-1.7-5.el6.noarch.rpm" rel="nofollow"><span>http</span><span>://</span><span>spacewalk</span><span>.</span><span>redhat</span><span>.</span><span>com</span><span>/</span><span>yum</span><span>/</span><span>latest</span><span>/</span><span>RHEL</span><span>/</span><span>6</span><span>/</span><span>x86</span><span>_</span><span>64</span><span>/</span><span>spacewalk</span><span>-</span><span>repo</span><span>-</span><span>1</span><span>.</span><span>7</span><span>-</span><span>5</span><span>.</span><span>el6</span><span>.</span><span>noarch</span><span>.</span><span>rpm</span></a>
yum install yum-plugin-priorities
rpm -Uvh <a class="vglnk" href="http://www.jpackage.org/jpackage50.repo" rel="nofollow"><span>http</span><span>://</span><span>www</span><span>.</span><span>jpackage</span><span>.</span><span>org</span><span>/</span><span>jpackage50</span><span>.</span><span>repo</span></a>
rpm -Uvh <a class="vglnk" href="http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm" rel="nofollow"><span>http</span><span>://</span><span>dl</span><span>.</span><span>fedoraproject</span><span>.</span><span>org</span><span>/</span><span>pub</span><span>/</span><span>epel</span><span>/</span><span>6</span><span>/</span><span>x86</span><span>_</span><span>64</span><span>/</span><span>epel</span><span>-</span><span>release</span><span>-</span><span>6</span><span>-</span><span>7</span><span>.</span><span>noarch</span><span>.</span><span>rpm</span></a>
rpm -Uvh <a class="vglnk" href="http://spacewalk.redhat.com/yum/1.7-client/RHEL/6/x86_64/spacewalk-client-repo-1.7-5.el6.noarch.rpm" rel="nofollow"><span>http</span><span>://</span><span>spacewalk</span><span>.</span><span>redhat</span><span>.</span><span>com</span><span>/</span><span>yum</span><span>/</span><span>1</span><span>.</span><span>7</span><span>-</span><span>client</span><span>/</span><span>RHEL</span><span>/</span><span>6</span><span>/</span><span>x86</span><span>_</span><span>64</span><span>/</span><span>spacewalk</span><span>-</span><span>client</span><span>-</span><span>repo</span><span>-</span><span>1</span><span>.</span><span>7</span><span>-</span><span>5</span><span>.</span><span>el6</span><span>.</span><span>noarch</span><span>.</span><span>rpm</span></a>

Install PostgresSQL

1
2
3
4
5
6
yum clean all
yum install postgresql postgresql-contrib postgresql-devel postgresql-server
chkconfig postgresql on
service postgresql initdb
service postgresql start
su - postgres -c 'PGPASSWORD=spacepw; createdb spacedb ; createlang plpgsql spacedb ; yes $PGPASSWORD | createuser -P -sDR spaceuser'

Adjust postgres config 

1
vim /var/lib/pgsql/data/pg_hba.conf

Adjust the bottom to resemble :

01
02
03
04
05
06
07
08
09
10
11
12
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# local spacewalk info
local spacedb spaceuser md5
host spacedb spaceuser 127.0.0.1/8 md5
host spacedb spaceuser ::1/128 md5
local spacedb postgres ident
# "local" is for Unix domain socket connections only
local all all ident
# IPv4 local connections:
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident

Install SPACEWALK

1
2
3
4
5
service postgresql reload
yum install spacewalk-postgresql
spacewalk-setup --disconnected
chkconfig osa-dispatcher on
service osa-dispatcher start

NOTES :
You should be done right ? Not so fast. Here are some notes to deal with issues that came up with the install.

After creating channels and syncing repos, and subscribing a few hosts, I could not schedule updates to hosts. The logs complained about a priority constraint in the db. After snooping around some of the tables, here is the ‘patch’. If you have another way to resolve this, please leave a comment.

1
2
psql spacedb spaceuser
ALTER TABLE qrtz_fired_triggers ALTER COLUMN priority SET DEFAULT 10;

Configure SPACEWALK

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
cat > answers.txt << EOF
admin-email = root@spacewalk.fite.cat
ssl-set-org = Spacewalk Org
ssl-set-org-unit = spacewalk
ssl-set-city = Barcelona
ssl-set-state = Catalonia
ssl-set-country = AD
ssl-password = spacewd
ssl-set-email = root@spacewalk.fite.cat
ssl-config-sslvhost = Y
db-backend=postgresql
db-name=spaceschema
db-user=spaceuser
db-password=spacepw
db-host=localhost
db-port=5432
enable-tftp=Y
EOF
spacewalk-setup --disconnected --answer-file=answers.txt

Add IPTABLES RULES

1
2
3
4
5
6
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5222 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5269 -j ACCEPT
iptables -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
service iptables save

Create Default Channels for Spacewalk

1
2
3
4
spacewalk-common-channels -v -u admin -p redhat -a x86_64 -k unlimited 'centos6*'
spacewalk-common-channels -v -u admin -p redhat -a x86_64 -k unlimited 'fedora16*'
spacewalk-common-channels -v -u admin -p redhat -a x86_64 -k unlimited 'epel6'
spacewalk-common-channels -v -u admin -p redhat -a x86_64 -k unlimited 'spacewalk17-client-centos6' 'spacewalk17-client-fedora16'

Sync Channels

1
spacewalk-repo-sync -c <channel label> for i in $(spacewalk-report channels | awk 'BEGIN { FS = "," } ; { print $1 }' | grep -v channel_label); do spacewalk-repo-sync -c $i;

Install osa-dispatcher

1
2
3
yum install osa-dispatcher
chkconfig osa-dispatcher on
service osa-dispatcher start

Client Setup 

1
2
3
rpm -Uvh <a class="vglnk" href="http://spacewalk.redhat.com/yum/1.7/RHEL/6/x86_64/spacewalk-client-repo-1.7-5.el6.noarch.rpm" rel="nofollow"><span>http</span><span>://</span><span>spacewalk</span><span>.</span><span>redhat</span><span>.</span><span>com</span><span>/</span><span>yum</span><span>/</span><span>1</span><span>.</span><span>7</span><span>/</span><span>RHEL</span><span>/</span><span>6</span><span>/</span><span>x86</span><span>_</span><span>64</span><span>/</span><span>spacewalk</span><span>-</span><span>client</span><span>-</span><span>repo</span><span>-</span><span>1</span><span>.</span><span>7</span><span>-</span><span>5</span><span>.</span><span>el6</span><span>.</span><span>noarch</span><span>.</span><span>rpm</span></a>
yum install rhncfg* rhnmd rhn-;
yum install osad

Change osa_ssl_cert in /etc/sysconfig/rhn/osad.conf to:

1
osa_ssl_cert = /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

If you haven’t already, download the trusted cert to your client

1
2
3
4
cd /usr/share/rhn/
wget <a class="vglnk" href="http://space.fccn.pt/pub/RHN-ORG-TRUSTED-SSL-CERT" rel="nofollow"><span>http</span><span>://</span><span>space</span><span>.</span><span>fccn</span><span>.</span><span>pt</span><span>/</span><span>pub</span><span>/</span><span>RHN</span><span>-</span><span>ORG</span><span>-</span><span>TRUSTED</span><span>-</span><span>SSL</span><span>-</span><span>CERT</span></a>
service osad start
chkconfig osad on

Congratulations! The Spacewalk installation is completed! Just visit the Spacewalk website once to create the administrator login.


Leave a Reply

Your email address will not be published. Required fields are marked *