Installing Spacewalk

Tags:

Here's a quick procedure for installing Spacewalk.

Server

  1. You'll need a big partition for /var/satellite to store all the packages for every repository you keep.
  2. Install the Spacewalk RPM: rpm -Uvh http://yum.spacewalkproject.org/2.3/RHEL/7/x86_64/spacewalk-repo-2.3-4.el7.noarch.rpm.
  3. Repos required for server and all client hosts
    cat > /etc/yum.repos.d/jpackage-generic.repo << EOF
    [jpackage-generic]
    name=JPackage generic
    mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&type=free&release=5.0
    enabled=1
    gpgcheck=1
    gpgkey=http://www.jpackage.org/jpackage.asc
    EOF
    
  4. yum install spacewalk-setup-postgresql
  5. yum install spacewalk-postgresql
  6. Spacewalk answer file
    admin-email = ops@example.com
    ssl-set-org = Example
    ssl-set-org-unit = Operations
    ssl-set-city = Toronto
    ssl-set-state = Ontario
    ssl-set-country = CA
    ssl-password = XXXXXXXXXX
    ssl-set-email = ops@example.com
    ssl-config-sslvhost = Y
    db-backend=postgresql
    db-name=spaceschema
    db-user=spaceuser
    db-password=XXXXXXXXXX
    db-host=localhost
    db-port=5432
    enable-tftp=Y
    
  7. spacewalk-setup --disconnected --answer-file=
  8. Point your browser to https://spacewalk.example.com/rhn/YourRhn.do

Client

  1. yum install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin
  2. rhnreg_ks --serverUrl=http://pmanager/XMLRPC --activationkey=1-xxxxxxxxxxxx
  3. Remove all past repositories.

Configuration management fans will automate this!

OSA

OSA is an extra agent that allows for near real time patching.

  1. On client
    rpm --import http://yum.spacewalkproject.org/RPM-GPG-KEY-spacewalk-2014
    rpm -Uvh http://pmanager/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
    yum install osad 
    
  2. On server yum install osa-dispatcher

Spacewalk workflow suggestions

  1. Parent channels are empty and represent testing and production.
  2. All packages are synced in testing child channels.
  3. All packages for production are from cloned testing child channels.

Sign on using external LDAP

  1. Install pam-devel package
  2. Create pam file
    cat << EOF > /etc/pam.d/rhn-satellite
    auth        required      pam_env.so
    auth        sufficient    pam_sss.so 
    auth        required      pam_deny.so
    account     sufficient    pam_sss.so
    account     required      pam_deny.so
    EOF
    
  3. Restart Spacewalk and sign on.

Further reading

  1. http://jensd.be/566/linux/install-and-use-spacewalk-2-3-on-centos-7
  2. https://community.oracle.com/docs/DOC-921379
submit to reddit