July 2008
RedHat SpaceWalk is the Open Source version of RedHat's satellite
software.
Two machines are involved in its istallation:
Following the SpaceWalk HowToInstall, I did the following:
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-2.noarch.rpm
Retrieving http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-2.noarch.rpm
warning: /var/tmp/rpm-xfer.Zy9sSY: Header V3 DSA signature: NOKEY, key ID 217521f6
Preparing... ########################################### [100%]
1:epel-release ########################################### [100%]
Edit /etc/yum.repos.d/spacewalk.repo
to contain:
[spacewalk] name=Spacewalk baseurl=http://spacewalk.redhat.com/yum/rhel/5Server/$basearch/ gpgkey=http://spacewalk.redhat.com/yum/RPM-GPG-KEY-spacewalk enabled=1 gpgcheck=1
yum install spacewalk
<snip>
Error: rhns-app conflicts with specspo
Error: rhns-xp conflicts with specspo
Error: Missing Dependency: oracle-instantclient-basic = 10.2.0.4 is needed by package oracle-lib-compat
Error: Missing Dependency: oracle-instantclient-basic is needed by package perl-DBD-Oracle
Error: Missing Dependency: oracle-instantclient-basic >= 10.2.0 is needed by package rhn-oracle-jdbc
rpm -e specspo
Fetch oracle-instantclient-basic-10.2.0.4-1.i386.rpm
from the Oracle website and install it:
rpm -iv oracle-instantclient-basic-10.2.0.4-1.i386.rpm oracle-instantclient-jdbc-10.2.0.4-1.i386.rpm oracle-instantclient-sqlplus-10.2.0.4-1.i386.rpm oracle-instantclient-devel-10.2.0.4-1.i386.rpm
Preparing packages for installation...
oracle-instantclient-basic-10.2.0.4-1
oracle-instantclient-devel-10.2.0.4-1
oracle-instantclient-jdbc-10.2.0.4-1
oracle-instantclient-sqlplus-10.2.0.4-1
yum install spacewalk
<snip>
Transaction Summary
=============================================================================
Install 227 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 149 M
Is this ok [y/N]: y
<snip>
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 430a1c35
Importing GPG key 0x430A1C35 "Spacewalk <spacewalk-devel@redhat.com>" from http://spacewalk.redhat.com/yum/RPM-GPG-KEY-spacewalk
Is this ok [y/N]: y
<snip>
noarch 0:1.1.3.4.O-2jpp.ep1.1.el5.1
Complete!
export PATH="${PATH}:/usr/lib/oracle/10.2.0.4/client/bin"
ORACLE_HOME=/usr/lib/oracle/10.2.0.4
export LD_LIBRARY_PATH=/usr/lib/oracle/10.2.0.4/client/lib
semanage fcontext -a -t textrel_shlib_t '/usr/lib/oracle/10.2.0/client/lib/*'
restorecon -R /usr/lib/oracle/10.2.0/client/lib
[root@host ~]# spacewalk-setup --disconnected
* Loading answer file: /usr/share/spacewalk/setup/defaults.conf.
* Setting up environment and users.
** GPG: Initializing GPG and importing RHN key.
* Setting up database.
** Database: Setting up database connection.
DB User? username
DB Password?
DB SID? sid
DB hostname? db.host.yourdomain.com
DB port [1521]? 1522
DB protocol [TCP]?
** Database: Testing database connection.
** Database: Populating database.
sh: dbhome: command not found
*** Progress: #
* Performing initial configuration.
* Activating Satellite.
** Loading Satellite Certificate.
** Verifying certificate locally.
There was a problem activating the satellite: Certificate expired.
[root@host ~]# date
Thu Feb 19 12:24:04 CET 2015
ntpdate ip-of-ntp-server
28 Jul 11:48:44 ntpdate[15293]: step time server 129.125.60.251 offset -207106607.716361 sec
[root@host ~]# date
Mon Jul 28 11:48:48 CEST 2008
yum -q install usermode-gtk pyOpenSSL
cp /usr/share/spacewalk/setup/defaults.conf spacewalk-install-answers-2.conf
vi !$
spacewalk-setup --disconnected --answer-file=spacewalk-install-answers-2.conf
[root@host ~]# spacewalk-setup --disconnected --answer-file=spacewalk-install-answers-2.conf
* Loading answer file: spacewalk-install-answers-2.conf.
* Setting up environment and users.
** GPG: Initializing GPG and importing RHN key.
* Setting up database.
** Database: Setting up database connection.
** Database: Testing database connection.
** Database: Populating database.
sh: dbhome: command not found
*** Progress: ##################################################################################
* Performing initial configuration.
* Activating Satellite.
** Loading Satellite Certificate.
** Verifying certificate locally.
** Activating Satellite.
* Enabling Monitoring.
* Creating SSL certificates.
Email Address [j.bokma@cs.rug.nl]?
** SSL: Generating CA certificate.
** SSL: Deploying CA certificate.
** SSL: Generating server certificate.
** SSL: Storing SSL certificates.
Use of uninitialized value in chown at /usr/bin/rhn-generate-pem.pl line 57.
Use of uninitialized value in chown at /usr/bin/rhn-generate-pem.pl line 57.
* Deploying configuration files.
* Update configuration in database.
* Restarting services.
Installation complete.
Visit https://host to create the satellite administrator account.
[root@host ~]#
setenforce 0 To temporarily turn off selinux
and log in to your https://host.service.domain.com to do the rest of the configuration.
We got an “Internal Server Error” message on the Web interfacer and subsequently an e-mail stating that /etc/rhn/cluster.ini
cannot be written.
So we do
chgrp apache /etc/rhn/cluster.ini
chmod go+rw !$
chmod go+rw /etc/rhn/cluster.ini
Now we get An error occurred and your satellite configuration changes could not be stored. Please contact support for more information
and we find in /var/log/secure
: tomcat : sorry, you must have a tty to run sudo
.
So using visudo, in /etc/sudoers
we comment out the string
Defaults requiretty
.
Success. (At least for the “General” config).
Now we first create a certificate (see CertCreation:
Create a keypair:
gpg --gen-key
gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n> = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Thu 10 Sep 2009 02:50:01 PM CEST
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: Jurjen Bokma
Email address: j.bokma@cs.rug.nl
Comment: SpaceWalk-admin
You selected this USER-ID:
"Jurjen Bokma (SpaceWalk-admin) <j.bokma@cs.rug.nl>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
You don't want a passphrase - this is probably a *bad* idea!
I will do it anyway. You can change your passphrase at any time,
using this program with the option "--edit-key".
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++...++++++++++.++++++++++.++++++++++++++++++++++++++++++.++++++++++++++++++++++++++++++++++++++++++++++++++.+++++.++++++++++.++++++++++.+++++>+++++..........+++++
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 284 more bytes)
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
++++++++++++++++++++.+++++++++++++++.++++++++++..+++++.+++++++++++++++++++++++++.+++++.+++++.++++++++++.++++++++++.++++++++++++++++++++.++++++++++.++++++++++>..++++++++++>+++++.............>+++++......................................................................................................................................................................+++++^^^^^
gpg: key 4AD979DD marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2009-09-10
pub 1024D/4AD979DD 2008-09-10 [expires: 2009-09-10]
Key fingerprint = 5A5D FF6E 928C ACA7 AAEB 93E6 94AF C990 4AD9 79DD
uid Jurjen Bokma (SpaceWalk-admin) <j.bokma@cs.rug.nl>
sub 2048g/62457ED7 2008-09-10 [expires: 2009-09-10]
[root@host ~]#
Export the keys:
gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 1024D/E8562897 2007-01-06 [expires: 2017-01-03]
uid CentOS-5 Key (CentOS 5 Official Signing Key) <centos-5-key@centos.org>
sub 1024g/1E9EA3B6 2007-01-06 [expires: 2017-01-03]
pub 1024D/4AD979DD 2008-09-10 [expires: 2009-09-10]
uid Jurjen Bokma (SpaceWalk-admin) <j.bokma@cs.rug.nl>
sub 2048g/62457ED7 2008-09-10 [expires: 2009-09-10]
gpg --list-secret-keys
/root/.gnupg/secring.gpg
------------------------
sec 1024D/4AD979DD 2008-09-10 [expires: 2009-09-10]
uid Jurjen Bokma (SpaceWalk-admin) <j.bokma@cs.rug.nl>
ssb 2048g/62457ED7 2008-09-10
gpg --export 4AD979DD > mycertkey.gpg gpg --export-secret-keys -a 4AD979DD > mysecretkey.gpg
Add the keys to the /etc/webapp-keyring.gpg
keyring (see PGP and GnuPG GPG General Hints, Notes, Howtos for how to do things like these:
gpg --no-default-keyring --keyring /etc/webapp-keyring.gpg --import mycertkey.gpg
gpg: key 4AD979DD: public key "Jurjen Bokma (SpaceWalk-admin) <j.bokma@cs.rug.nl>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2009-09-10
gpg --no-default-keyring --keyring /etc/webapp-keyring.gpg --import mysecretkey.gpg
gpg: key 4AD979DD: already in secret keyring
gpg: Total number processed: 1
gpg: secret keys read: 1
gpg: secret keys unchanged: 1
Fetch the certificate creation script and the template certificate:
wget https://fedorahosted.org/spacewalk/attachment/wiki/CertCreation/gen-oss-sat-cert.pl?format=raw
wget https://fedorahosted.org/spacewalk/attachment/wiki/CertCreation/template-eval.cert?format=raw
mv gen-oss-sat-cert.pl\?format\=raw gen-oss-sat-cert.pl
mv template-eval.cert\?format\=raw template-eval.cert
Copy the template and edit the copy to our liking:
<?xml version="1.0" encoding="UTF-8"?> <rhn-cert version="0.1"> <rhn-cert-field name="product">RHN-SATELLITE-001</rhn-cert-field> <rhn-cert-field name="owner">Rijksuniversiteit Groningen</rhn-cert-field> <rhn-cert-field name="issued">10-sep-2008</rhn-cert-field> <rhn-cert-field name="expires">10-sep-2009</rhn-cert-field> <rhn-cert-field name="slots">2500</rhn-cert-field> <rhn-cert-field name="provisioning-slots">2500</rhn-cert-field> <rhn-cert-field name="monitoring-slots">2500</rhn-cert-field> <rhn-cert-field name="virtualization_host">2500</rhn-cert-field> <rhn-cert-field name="channel-families" quantity="1000" family="rh-ccm-cms-as21"/> <rhn-cert-field name="channel-families" quantity="1000" family="rh-ccm-core-as21"/> <rhn-cert-field name="channel-families" quantity="1000" family="rh-collaboration-suite"/> <rhn-cert-field name="channel-families" quantity="1000" family="rh-ent-portal-server"/> <rhn-cert-field name="channel-families" quantity="2000" family="rhel-client"/> <rhn-cert-field name="channel-families" quantity="2000" family="rhel-client-fastrack"/> <rhn-cert-field name="channel-families" quantity="2000" family="rhel-client-supplementary"/> <rhn-cert-field name="channel-families" quantity="1000" family="rhel-client-workstation"/> <rhn-cert-field name="channel-families" quantity="1000" family="rhel-client-workstation-fastrack"/> <rhn-cert-field name="channel-families" quantity="1000" family="rhel-cluster"/> <rhn-cert-field name="channel-families" quantity="1000" family="rhel-devsuite"/> <rhn-cert-field name="channel-families" quantity="1000" family="rhel-gfs"/> <rhn-cert-field name="channel-families" quantity="1000" family="rhel-rhaps"/> <rhn-cert-field name="channel-families" quantity="500" family="rhel-rhcmsys"/> <rhn-cert-field name="channel-families" quantity="500" family="rhel-rhdirserv"/> <rhn-cert-field name="channel-families" quantity="1000" family="rhel-s390x-fastrack"/> <rhn-cert-field name="channel-families" quantity="1000" family="rhel-s390x-server"/> <rhn-cert-field name="channel-families" quantity="1000" family="rhel-s390x-server-supplementary"/> <rhn-cert-field name="channel-families" quantity="2000" family="rhel-server"/> <rhn-cert-field name="channel-families" quantity="1000" family="rhel-server-cluster"/> <rhn-cert-field name="channel-families" quantity="1000" family="rhel-server-cluster-storage"/> <rhn-cert-field name="channel-families" quantity="2000" family="rhel-server-fastrack"/> <rhn-cert-field name="channel-families" quantity="2000" family="rhel-server-supplementary"/> <rhn-cert-field name="channel-families" quantity="2000" family="rhel-server-vt"/> <rhn-cert-field name="channel-families" quantity="500" family="rhn-proxy"/> <rhn-cert-field name="channel-families" quantity="4500" family="rhn-tools"/> <rhn-cert-field name="channel-families" quantity="500" family="solaris"/> <rhn-cert-field name="channel-families" quantity="500" family="solaris-rhcmsys"/> <rhn-cert-field name="channel-families" quantity="500" family="solaris-rhdirserv"/> <rhn-cert-field name="satellite-version">spacewalk</rhn-cert-field> <rhn-cert-field name="generation">2</rhn-cert-field> <rhn-cert-signature> </rhn-cert-signature> </rhn-cert>
Run the gen-oss-sat-cert.p
script:
./gen-oss-sat-cert.pl --dsn username/passwd@dbname --signer 4AD979DD --resign template-eval.cert
Passphrase:
Channel family 'rh-ccm-cms-as21' not found in database, continuing...
Channel family 'rh-ccm-core-as21' not found in database, continuing...
Channel family 'rh-collaboration-suite' not found in database, continuing...
Channel family 'rh-ent-portal-server' not found in database, continuing...
Channel family 'rhel-client' not found in database, continuing...
Channel family 'rhel-client-fastrack' not found in database, continuing...
Channel family 'rhel-client-supplementary' not found in database, continuing...
Channel family 'rhel-client-workstation' not found in database, continuing...
Channel family 'rhel-client-workstation-fastrack' not found in database, continuing...
Channel family 'rhel-cluster' not found in database, continuing...
Channel family 'rhel-devsuite' not found in database, continuing...
Channel family 'rhel-gfs' not found in database, continuing...
Channel family 'rhel-rhaps' not found in database, continuing...
Channel family 'rhel-rhcmsys' not found in database, continuing...
Channel family 'rhel-rhdirserv' not found in database, continuing...
Channel family 'rhel-s390x-fastrack' not found in database, continuing...
Channel family 'rhel-s390x-server' not found in database, continuing...
Channel family 'rhel-s390x-server-supplementary' not found in database, continuing...
Channel family 'rhel-server' not found in database, continuing...
Channel family 'rhel-server-cluster' not found in database, continuing...
Channel family 'rhel-server-cluster-storage' not found in database, continuing...
Channel family 'rhel-server-fastrack' not found in database, continuing...
Channel family 'rhel-server-supplementary' not found in database, continuing...
Channel family 'rhel-server-vt' not found in database, continuing...
Channel family 'rhn-proxy' not found in database, continuing...
Channel family 'rhn-tools' not found in database, continuing...
Channel family 'solaris' not found in database, continuing...
Channel family 'solaris-rhcmsys' not found in database, continuing...
Channel family 'solaris-rhdirserv' not found in database, continuing...
Signatures signed by Jurjen Bokma (SpaceWalk-admin) <j.bokma@cs.rug.nl> (94AFC9904AD979DD).
Certificate saved as template-eval.cert
Activate the Spacewalk with the certificate:
rhn-satellite-activate --disconnected --rhn-cert=template-eval.cert
16:11:07 WARNING: ignoring unavailable channel family rh-ccm-cms-as21
16:11:07 WARNING: ignoring unavailable channel family rh-ccm-core-as21
16:11:07 WARNING: ignoring unavailable channel family rh-collaboration-suite
16:11:07 WARNING: ignoring unavailable channel family rh-ent-portal-server
16:11:07 WARNING: ignoring unavailable channel family rhel-client
16:11:07 WARNING: ignoring unavailable channel family rhel-client-fastrack
16:11:07 WARNING: ignoring unavailable channel family rhel-client-supplementary
16:11:07 WARNING: ignoring unavailable channel family rhel-client-workstation
16:11:07 WARNING: ignoring unavailable channel family rhel-client-workstation-fastrack
16:11:07 WARNING: ignoring unavailable channel family rhel-cluster
16:11:07 WARNING: ignoring unavailable channel family rhel-devsuite
16:11:07 WARNING: ignoring unavailable channel family rhel-gfs
16:11:07 WARNING: ignoring unavailable channel family rhel-rhaps
16:11:07 WARNING: ignoring unavailable channel family rhel-rhcmsys
16:11:07 WARNING: ignoring unavailable channel family rhel-rhdirserv
16:11:07 WARNING: ignoring unavailable channel family rhel-s390x-fastrack
16:11:07 WARNING: ignoring unavailable channel family rhel-s390x-server
16:11:07 WARNING: ignoring unavailable channel family rhel-s390x-server-supplementary
16:11:07 WARNING: ignoring unavailable channel family rhel-server
16:11:07 WARNING: ignoring unavailable channel family rhel-server-cluster
16:11:07 WARNING: ignoring unavailable channel family rhel-server-cluster-storage
16:11:07 WARNING: ignoring unavailable channel family rhel-server-fastrack
16:11:07 WARNING: ignoring unavailable channel family rhel-server-supplementary
16:11:07 WARNING: ignoring unavailable channel family rhel-server-vt
16:11:07 WARNING: ignoring unavailable channel family rhn-proxy
16:11:07 WARNING: ignoring unavailable channel family rhn-tools
16:11:07 WARNING: ignoring unavailable channel family solaris
16:11:07 WARNING: ignoring unavailable channel family solaris-rhcmsys
16:11:07 WARNING: ignoring unavailable channel family solaris-rhdirserv
![]() | Note |
---|---|
Downloading the obtained |
Now let's create a “channel” and populate it.
Go to the Software Channels Overview page on the Spacewalk server and add a channel.
Install the yum-utils
package:
yum install yum-utils
Create /srv/satellite
:
mkdir /srv/satellite
chown apache:apache /srv/satellite
Make the CentOS packages available on from the fileserver to the SpaceWalk server:
mount fileserver.domain.com:/srv/centos-mirror /mnt/fileserver
Now let's try to upload some:
rhnpush --channel=centos-5.2-i386 --server=http://localhost/APP --dir=/mnt/osis/pub/os/linux/distr/centoslinux/5.2/os/i386/CentOS/
Red Hat Network username: Username
Red Hat Network password: not echoed
That took a bloody long time, but it worked.
Follow the steps to kickstarting Fedora/CentOS and kickstart a machine:
Fetch the make-ks-tree
script:
mkdir make-ks-tree
cd !$
wget https://fedorahosted.org/spacewalk/attachment/wiki/KickstartDistro/make-ks-tree.tar.gz?format=raw
tar -xzf make-ks-tree.tar.gz
mount -o loop,ro /mnt/osis/pub/os/linux/distr/centoslinux/5.2/isos/i386/CentOS-5.2-i386-bin-DVD.iso /mnt/loop
export BASE=/srv/satellite/rhn/kickstart
mkdir -p /srv/satellite/rhn/kickstart
./make-ks-tree.sh --channel centos-5.2-i386 --source /mnt/loop --dsn rugpcdb/hh38sd25@blade --install-type rhel_5 --variant centos --update u2
./make-ks-tree.sh --channel centos-5.2-i386 --source /mnt/loop --dsn rugpcdb/hh38sd25@blade --install-type rhel_5 --variant centos --update u2 --commit
...
Adding: NOTES/RELEASE-NOTES-pt_BR.html... done.
Adding: NOTES/RELEASE-NOTES-U1-pt_BR.html... done.
Adding: NOTES/RELEASE-NOTES-U1-ko.html... done.
... done
![]() | Warning |
---|---|
All of a sudden the SpaceWalk website doesn't update any more, and
So in wrapper.java.classpath.14=/usr/lib/oracle/10.2.0.4/client/lib/ojdbc14.jar
Turns out this wasn't the cause of the failure.
The IPTables rule “iptables -A INPUT -s \! |
Added an “activation key” (using the GUI). Added a kickstart config as well (using the GUI too). Now we've got a running CentOS (virtual) machine, but no “systems” visible in the GUI yet.
To register the system, according to the SpaceWalk Wiki, the package rhel-instnum
must be installed on the server.
So we locate it on RPM Search, fetch and install it:
wget ftp://ftp.pbone.net/mirror/www.startcom.org/ML-5.0.7/os/i386/StartCom/RPMS/rhel-instnum-1.0.7-1.ML5.noarch.rpm
rpm -i rhel-instnum-1.0.7-1.ML5.noarch.rpm
Now we register the system, by doing (on the client):
wget -r -nd http://www-personal.umich.edu/~lrsmith/Spacewalk/rpms/
mkdir - /usr/src/redhat/SOURCES
rpm -Uvh *.rpm
![]() | Warning |
---|---|
This breaks on unresolved dependencies.
Importantly, |
rpm -Uvh rhnsd-4.6.1-1.i386.rpm
rpm -Uvh rhn-check-0.4.17-8.noarch.rpm
rpm -Uvh rhnsd-4.6.1-1.i386.rpm
rpm -Uvh rhn-setup-0.4.17-8.noarch.rpm
rhnreg_ks --force --serverUrl=http://si03.service.rug.nl/XMLRPC --activationkey=1-c923ac0089e38aea0fd0370e42cebb15
![]() | Note |
---|---|
Victory! We 've got a system in the SpaceWalk GUI. |