Notes on spacewalk installation, configuration, usage:¶
Overview:¶
Work’s dictating spacewalk. I need something that will help with patch management and I need it now. So, learn spacewalk.
To-dos:¶
Figure out why osad isn’t working anymore. Even locally, I’m getting errors:
Starting osa-dispatcher: Spacewalk 31373 2015/08/15 22:13:23 -05:00: ('Error connecting to ja
Figure out how to reliably install satellite server. (done)
Figure out how to patch systems
Pull patches from clients:
yum update
(done)Push patches to clients: (done)
How to patch the satellite server itself. (done) Simply register the spacewalk server as a client of itself.
Figure out wtf w/spacewalk client unsigned repos. (done) Pending information not yet discovered, I’m chalking this one up up to a problem with the spacewalk 2.2. When auto-generated, the spacewalk nightly channel has the wrong gpg key. When I generate a new channel with the right gpg key, I still get the same error about unsigned repos.
Figure out auto update of channels. This error may (done) have something to do with it:
# 1425338231634 addons.update-checker WARN Update manifest for {972ce4c6-7e08-4474-a285-3208198ce6fd} did not contain an updates property
Figure out individual channels/repos specific to (done) OS release vresion.
Figure out how to sync individual channels/repos w/o (done) upgrading them to the latest minor version.
Figure out how to backup/restore satellite server (done)
Figure out satellite proxy server
Figure out selinux on satellite server
Install/figure out osad on clients (done)
Figure out how to kick new systems (cobbler/kickstart)
Useful commands:¶
- rhn_check:
Run on client to check the spacewalk server for any pending actions
- rhn-channel –list
Displays channels the client can see.
- spacewalk-common-channels
Automates the process of creating base and child channels as well as creating the repo definitions
- spacewalk-repo-sync
CLI to sync repos. Using the –parent-channel option, can be used to sync the repos that belong to all child repos as well.
- rpm -q gpg-pubkey –qf ‘%{name}-%{version}-%{release} –> %{summary}n’
Displays all gpg keys used by rpm:
# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n' gpg-pubkey-4bd6ec30-4ff1e4fa --> gpg(Puppet Labs Release Key (Puppet Labs Release Key) <info@puppetlabs.com>) gpg-pubkey-c105b9de-4e0fd3a3 --> gpg(CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>) gpg-pubkey-863a853d-4f55f54d --> gpg(Spacewalk <spacewalk-devel@redhat.com>) gpg-pubkey-0608b895-4bd22942 --> gpg(EPEL (6) <epel@fedoraproject.org>) gpg-pubkey-066e5810-53cfcd27 --> gpg(Spacewalk <spacewalk-devel@redhat.com>)
- rpm -e gpg-pubkey-066e5810-53cfcd27
Removes rpm gpg key
- gpg –with-fingerprint ${key_file}
Displays the key ID and fingerprint required for spacewalk software channels. In the example bleo, the key ID is 0608B895:
# gpg --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 pub 4096R/0608B895 2010-04-23 EPEL (6) <epel@fedoraproject.org> Key fingerprint = 8C3B E96A F230 9184 DA5C 0DAE 3B49 DF2A 0608 B895
- db-control backup ${dir}
Backs up the embedded postgres dabase
- db-control examine ${dir}
Examines a backup of the postgres database.
- db-control verify ${dir}
Verifies a postgres db backup.
Logs:¶
- spacewalk:/var/log/rhn/reposync/${channel}:
Logs for syncs of channel repos. Looks like the logs don’t rotate on their own. Will need to do some log rotation.
Lessons learned:¶
Log rotation needed for /var/log/rhn/reposync
rm /etc/sysconfig/rhn/systemid
makes a system believe it is no longer registered to a spacewalk server.Bug in rhnChannel.py that prevents remote command line channel additions. Details of the bug are in the spacewalk archives and the actual patch is available on github as 1122438 I don’t know how to patch the file from github so I just edited the file and removed the extraneous comma at the end of line 1726. File location is: /usr/lib/python2.6/site-packages/spacewalk/server/rhnChannel.py Restart spacewalk for the change to take affect.
Document your login credentials in case you don’t log into the god damned thing for months at a time… admin/3Pizda!!, btw…
Interesting URLs:¶
- https://fedorahosted.org/spacewalk/wiki/UserDocs
Main wikidocs for spacewalk
- https://fedorahosted.org/spacewalk/wiki/SpacewalkWithLDAP
Spacewalk installation w/users/groups in ldap
- http://yum.spacewalkproject.org/
Binary RPMS
Yum repos:¶
Spacewalk server:
Spacewalk client:
rhel5: http://yum.spacewalkproject.org/2.2-client/RHEL/5/x86_64/spacewalk-client-repo-2.2-1.el5.noarch.rpm
rhel6: http://yum.spacewalkproject.org/2.2-client/RHEL/6/x86_64/spacewalk-client-repo-2.2-1.el6.noarch.rpm
rhel7: http://yum.spacewalkproject.org/2.2-client/RHEL/7/x86_64/spacewalk-client-repo-2.2-1.el7.noarch.rpm
Epel repo:
rhel5: http://dl.fedoraproject.org/pub/epel/5/uname -i/epel-release-5-4.noarch.rpm
rhel6: http://dl.fedoraproject.org/pub/epel/6/uname -i/epel-release-6-8.noarch.rpm
rhel7: http://dl.fedoraproject.org/pub/epel/beta/7/uname -i/epel-release-7-0.2.noarch.rpm
Notes:¶
Required ports (inbound -> client):
80: bi-directional
443: bi-directional
4545: outbound for monitoring
5222: inbound (push actions to a client)
5269: inbound, push actions to a spacewalk proxy
DB Storage:
250kb/client
500kb/channel
230kb/pkg/channel
Channel storage: 6gb/channel
Installation:
Ensure OS is up to date.
Set selinux permissve (need to get this working)
Download/install spacewalk yum repo:
Create jpackage repo:
cat > /etc/yum.repos.d/jpackage-generic.repo << EOF [jpackage-generic] name=JPackage generic #baseurl=http://mirrors.dotsrc.org/pub/jpackage/5.0/generic/free/ mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&type=free&release=5.0 enabled=1 gpgcheck=1 gpgkey=http://www.jpackage.org/jpackage.asc EOF
Create epel repo:
Install spacewalk:
yum install spacewalk-postgresql \ spacewalk-setup-postgresql-2.2.2-1.el6.noarch \ spacewalk-utils-2.2.25-1.el6.noarch \ spacewalk-remote-utils-2.2.2-1.el6.noarch
Enable firewall ports: 80, 443, 5222
Configure spacewalk:
spacewalk-setup --disconnected
Installation issue:
Didn’t have spacewalk-setup-postgresql installed:
yum install spacewalk-setup-postgresql-2.2.2-1.el6.noarch
Insufficient space in /var. Created 20 gig fs mounted at /var/lig/pgsql
Incorrect selinux:
restorecon -Rv /var/lib/pgsql
(this is getting old)
Configuration:
Not exactly intuitive. Having problems getting channels and repos identified, created, and synced. More on that later.
Retry: blasted all channels and repos that I managed to get created.
Reconfigured default dir to /ignite/satellite by setting RPM repository mount point under admin->spacewalk configuration -> General. That part’s important.
Spacewalk calls downloading repos ‘uploading’ Big part of the confusion there.
yum install spacewalk-utils-2.2.25-1.el6.noarch
Create the channels by using spacewalk-common-channels:
# spacewalk-common-channels -v -u admin -p '3Pizda!!' \ -a i386,x86_64 -k unlimited 'centos6*' \ 'spacewalk-nightly-client*' Connecting to http://localhost/rpc/api Base channel 'CentOS 6 (i386)' - creating... * Activation key 'centos6-i386' - creating... * Child channel 'CentOS 6 Addons (i386)' - creating... ** Activation key '1-centos6-i386' - adding child channel... * Child channel 'CentOS 6 Plus (i386)' - creating... ** Activation key '1-centos6-i386' - adding child channel... * Child channel 'CentOS 6 Contrib (i386)' - creating... ** Activation key '1-centos6-i386' - adding child channel... * Child channel 'CentOS 6 Extras (i386)' - creating... ** Activation key '1-centos6-i386' - adding child channel... * Child channel 'CentOS 6 FastTrack (i386)' - creating... ** Activation key '1-centos6-i386' - adding child channel... * Child channel 'CentOS 6 Updates (i386)' - creating... ** Activation key '1-centos6-i386' - adding child channel... * Child channel 'Spacewalk Client (N) for CentOS 6 (i386)' - creating... ** Activation key '1-centos6-i386' - adding child channel... Base channel 'CentOS 6 (x86_64)' - creating... * Activation key 'centos6-x86_64' - creating... * Child channel 'CentOS 6 Addons (x86_64)' - creating... ** Activation key '1-centos6-x86_64' - adding child channel... * Child channel 'CentOS 6 Plus (x86_64)' - creating... ** Activation key '1-centos6-x86_64' - adding child channel... * Child channel 'CentOS 6 Contrib (x86_64)' - creating... ** Activation key '1-centos6-x86_64' - adding child channel... * Child channel 'CentOS 6 Extras (x86_64)' - creating... ** Activation key '1-centos6-x86_64' - adding child channel... * Child channel 'CentOS 6 FastTrack (x86_64)' - creating... ** Activation key '1-centos6-x86_64' - adding child channel... * Child channel 'CentOS 6 Updates (x86_64)' - creating... ** Activation key '1-centos6-x86_64' - adding child channel... * Child channel 'Spacewalk Client (N) for CentOS 6 (x86_64)' - creating... ** Activation key '1-centos6-x86_64' - adding child channel...
Fucking SWEET! Looking in the channels on the web page, shows them all.
Syncing the individual repos was a bit of a pain to figure out. The command is
spacewalk-repo-sync --parent-channel centos6-x86_64
. The channel is the channel label not the channel name…Syncing all the channels started at 1143 CST. Still running, 1421. 1/3 of the way through and it’s taken 3 hours. Another 6 hours to complete. nice… Total time for all appropriate 6.5 repos:
base: 8:07:37
update?: 2:28:47
nuther: 20:55
nuther: 0:32
… 0:48
… 0:10
… 2:25
lol: a total of 11:01:12… Fuck me. I have a hunch other repos will take somewhat less time, but it won’t be significantly less time.
Creating an activation key and associating it with a base channel:
Systems->Activation key
Create a new key.
One of the options is to associate it with a base channel.
Registering a client, also a bit of a PITA.
* Install spacewalk client repo: :: * Install epel client repo * Install spacewalk client packages: ::
yum install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin
Install spacewalk server’s CA cert:
rpm -Uvh http://${fqdn}/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
Register client:
rhnreg_ks --serverUrl=https://vmsrv.olearycomputers.com/XMLRPC \ --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT \ --activationkey=1-centos6-x86_64
Patching:
Been having all sorts of problems and not a lot of error messages to provide a search path. Trying to push patches from the spacewalk server was getting me nowhere.
Finally tried yum repolists on the individual clients. They were seeing all old repo information and giving an error that it couldn’t access repomd.xml. After much searching, I found a reference to cleaning out the yum cache. So,
yum clean all && yum repolist
and I can get info on glibc, for instance.Cool! Try another push of patches. No joy. still getting ignored. Why?
Back to client. Try
yum -y update abrt
and I end up with whole bunces of errors:Error Downloading Packages: abrt-cli-2.0.8-26.el6.centos.x86_64: failed to retrieve getPackage/abrt-cli-2.0.8-26.el6.centos.x86_64.rpm from centos6-x86_64 error was [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Another, shorter search, and I find a reference to selinux. Set that to permissive, and
yum -y update abrt
works. Yay me!Another try at the web interface, though, doesn’t seem to be proving effective… I’m going to let it sit for awhile. Maybe there’s some type of polling that’s going on.
I did see another post regarding time… time on my systems is a bit whacked. need to get that synced… Also, remembered that iptables is running on the client. no ports open. That’s probably what’s causing my issue. dropped the firewall and let the scheduler go.
Confirmed: it’s the firewall. came back this morning and the scheduled action was done. looking on the system, I see the package updated.
Enabled port 5222 on caauth and was able to push patches.
In order to force a client to check, execute
rhn_check
. That will run any pending scheduled activities from the satellite server immediately.osad is supposed to circumvent the need for running rhn_check…
02/22/15:¶
No luck today. Still getting the error message stating that spacewalk repos aren’t signed. I asked a question on ITRC and finally sent out an email to the list server. Let’s see what they come up with.
There’s been no joy searching googles…
02/28/15:¶
Restarted from scratch - literally.. rebuilt the vmsrv and starting over on a vm rather than the vmsrv system itself.
Cloning swalk after getting it up on the network, permissive mode, and patched.
Installation:
Ensure OS is up to date.
Set selinux permissve (need to get this working)
Set firewal rules:
for p in 80 443 522 do iptables -I INPUT 5 -m state --state NEW -p tcp \ -m tcp --dport ${p} -j ACCEPT done service iptables save
Download/install spacewalk yum repo:
rpm -Uvh http://yum.spacewalkproject.org/2.2/RHEL/6/x86_64/spacewalk-repo-2.2-1.el6.noarch.rpm
Create jpackage repo:
cat > /etc/yum.repos.d/jpackage-generic.repo << EOF [jpackage-generic] name=JPackage generic #baseurl=http://mirrors.dotsrc.org/pub/jpackage/5.0/generic/free/ mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&type=free&release=5.0 enabled=1 gpgcheck=1 gpgkey=http://www.jpackage.org/jpackage.asc EOF
Create epel repo:
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/`uname -i`/epel-release-6-8.noarch.rpm
Create 20g /var/lib/pgsql
Create 20g /var/satellite
Install spacewalk:
yum install spacewalk-postgresql \ spacewalk-setup-postgresql-2.2.2-1.el6.noarch \ spacewalk-utils-2.2.25-1.el6.noarch \ spacewalk-remote-utils-2.2.2-1.el6.noarch \ spacewalk-dobby # needed for db-control cmd
Configure spacewalk:
spacewalk-setup --disconnected
When it errors out, check the displayed log file and it’s complaining about selinux.
restorecon -Rv /var/lib/pgsql
restorecon -Rv /var/satellite
Create the channels by default. Need to figure this shit out manually.
spacewalk-common-channels -v -u admin -p '3Pizda!!' -a x86_64 \ -k unlimited 'centos6*' 'spacewalk-nightly-client*'
Sync the repos:
spacewalk-repo-sync --parent-channel centos6-x86_64
This is going to take a long fucking time…
03/01/15:¶
Sync still running; probably got another 2 hours or so left.
Activation keys handled by the spacewalk-common-channels command.
Client registration:
Install spacewalk client repo:
Install epel client repo:
Install spacewalk client packages:
yum install rhn-client-tools rhn-check \ rhn-setup rhnsd m2crypto yum-rhn-plugin
Install spacewalk server’s CA cert:
yum -y install \ http://${fqdn}/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
Backup and move old repos:
cd /etc/yum.repos.d mkdir backup && mv *.repo backup
Register client:
rhnreg_ks --serverUrl=https://swalk/XMLRPC \ --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT \ --activationkey=1-centos6-x86_64
yum clean all
Verify connectivity by executing
rhn-channel --list
on each client.
Well, that’s frustrating. Got everything set, pretty much as vanilla as possible, no special locations, no special details, selinux set in permissive mode, and I’m still getting the spacewalk client isn’t signed. <sigh>
After much wrestling, I’m finally disabling the spacewalk client software channels. Those things are borked. Even creating them from scratch using straight repos and gpg key information didn’t work. I do believe the problem’s on their end.
I did set up the channel to auto sync as of 0300 every morning. Check that over the next few days and see if anything’s come out.
03/07/15:¶
Checked on updates; all systems still showed green. bummer. Checked on the sync schedule and updates was turned off. I turned it back on again and verified that it should run tonight. I imagine there’ll be a few new updates tomorrow.
03/08/15:¶
Goals for the day:
Verify updates channel actually updated. (done)
Figure out individual channels/repos specific to OS release vresion.
Figure out how to sync individual channels/repos w/o (N/A) upgrading them to the latest minor version.
Figure out how to backup/restore satellite server
Verified that the updates channel is updating now. Good deal. Only 5 packages since 03/01/15. Bit surprising, that. But still, verification!
#3, figure out how to sync individual channes/repos w/o upgrading them seems to be a non-starter. Turns out redhat officially doesn’t support any minor versions prior to the current one. Meaning rhel5.11 or rhel6.6. I posted a question to oracle support asking them; however, I really don’t see how they can provide support for older point releases if redhat’s not doing so.
Actually, I think I found out how Sue limits the updates. Basically, she doesn’t include them. Just the base url for the linux version:
http://mirror.centos.org/centos/5.7/os/x86_64/
Note: the above won’t work w/centos as they’re a bit more sticky about not supporting (or supplying) non-current point releases.
As for #2: the process for creating a new repo and software channel is:
Channels -> manage s/w channels -> manage repositories
create new repository. Fill in menu required menu items, then create repository.
Channels -> manage s/w channels, then create new channel. Fill in the menu items:
channel name: human readable channel name
channel label: label for use w/spacewalk-repo-sync
Find a url for the repo gpg signing key. Paste it in
gpg key url:
.ID key id and fingerprinter. Paste information into appropriate boxes. See gpg command above.
create channel
On that same menu (Channels -> manage s/w channels), select the repositories tab. Check the radio box for the repository that you created in #2. Update repositories.
On that same menu (Channels -> manage s/w channels), select the sync tab. Specify an appropriate time for automatic sync. Select schedule. Then, if so desired, select sync now. Monitor progress on the satellite server at /var/log/rhn/reposync/${channel}.log
03/10/15:¶
Goals for the day:
Figure out how to backup/restore satellite server
Clone a repo from gui and command line.
Directions from spacewalk wiki:
Stop spacewalk:
spacewalk-service stop
Back up the following directories:
/var/satellite |
14G |
contains all the pushed packages |
/var/lib/cobbler |
592K |
all the cobbler configuration |
/etc |
56M |
Standard |
/root/ssl-build |
148K |
with the package containing your SSL certificate |
/home/nocpulse |
? |
Doesn’t exit |
/var/lib/rhn/ |
37M |
which contains all the kickstart files |
Restart service.
Backup the database. DB won’t back up if it’s not running.
su - postgres pg_dumpall > \ /var/lib/pgsql/backups/full_postgres_backup-`date +%Y%m%d`.sql'Regardless, both started/stopped, backups failed.
Another search showed db-control. This one seems to work.
yum -y install spacewalk-dobby db-control backup ${root_writable_dir} # cmd must be run as root
Restore, using the process that works:
db-control restore ${dir}
Osad install is just as easy as the docs say:
Install osa-dispatcher on server if not already there.
Install osad (epel repo) on client
Update /etc/sysconfig/rhn/osad.conf, osad_ssl_cert with location of the spacewalk server cert: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
Start osad.
May need to force spacewalk to acknowledge the osad status on the system details, right side, osad, ping host.
Once done, installs went immediately without having to do rhn_checks.
Minor issue: apparently, my epel repo sync didn’t work. Kicked it off again at 2105. Need to check on that tomorrow. May have been a full disk issue. just increased /var/satellite to 25 gig.
03/1[1-3]/15:¶
Reset the environment for a startup from scratch. I got the swalk server patched and puppet applied to all nodes.
Install spacewalk server:¶
Ensure hosts resolve FQDN firs and that
hostname
on the spacewalk server shows the fqdn. This will save you a boat-load of ssl problems later in the process.Ensure OS on spacewalk server is up to date.
Set selinux permissve (need to get this working) on spacewalk server
Ensure appropriate space is available to the appropriate directories and/or they’re linked to sufficiently sized filesystems. For my test environment, 20g postgres db filesystem and 50g repo storage area will results in ~50% allocation when centos6, epel, and rpmforge repos are fully synced.
Create 20g /var/lib/pgsql
Create 50g /var/satellite
Set firewal rules on spacealk server:
# show input Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited for p in 5222 443 80 do iptables -I INPUT 5 -m state --state NEW -p tcp \ -m tcp --dport ${p} -j ACCEPT done # show input Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5222 8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited service iptables save
Configure requisite repos:
Download/install epel and spacewalk yum repo:
yum -y install http://yum.spacewalkproject.org/2.2/RHEL/6/x86_64/spacewalk-repo-2.2-1.el6.noarch.rpm yum -y install http://dl.fedoraproject.org/pub/epel/6/`uname -i`/epel-release-6-8.noarch.rpm
Create jpackage repo:
cat > /etc/yum.repos.d/jpackage-generic.repo << EOF [jpackage-generic] name=JPackage generic #baseurl=http://mirrors.dotsrc.org/pub/jpackage/5.0/generic/free/ mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&type=free&release=5.0 enabled=1 gpgcheck=1 gpgkey=http://www.jpackage.org/jpackage.asc EOF
Install spacewalk:
yum -y install spacewalk-postgresql \ spacewalk-setup-postgresql-2.2.2-1.el6.noarch \ spacewalk-utils-2.2.25-1.el6.noarch \ spacewalk-remote-utils-2.2.2-1.el6.noarch \ spacewalk-dobby # needed for db-control cmd
Set selinux contexts. Required even though we set the selinux policy to permissive above.
restorecon -Rv /var/lib/pgsql restorecon -Rv /var/satellite
Configure spacewalk:
spacewalk-setup --disconnected
USE FQDN for spacewalk serverConfigure the primary admin account by accessing the system’s web server:
https://swalk
Create the channels by default. Need to figure this shit out manually.
spacewalk-common-channels -v -u admin -p '3Pizda!!' -a x86_64 \ -k unlimited 'centos6*' 'spacewalk-nightly-client*'
Set up epel, rpmforge and spacewalk client channels:
Use the repo files in /etc/yum.repos.d for the required information. $basearch can be determined by running
uname -m
spacewalk client repo, at least for me, is required because I can’t get the spacewalk-nightly-client-centos6-x86_64 to work. Every time I try to load a package from it, it errors out saying its unsigned.
URLs to note:
epel gpg keys available at https://dl.fedoraproject.org/pub/epel/
rpmforge gpg key available at http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
Process:
Channels -> manage s/w channels -> manage repositories
create new repository. Fill in menu required menu items, then create repository.
Channels -> manage s/w channels, then create new channel. Fill in the menu items:
channel name: human readable channel name
channel label: label for use w/spacewalk-repo-sync
Find a url for the repo gpg signing key. Paste it in
gpg key url:
.ID key id and fingerprinter. Paste information into appropriate boxes. See gpg command above.
create channel
On that same menu (Channels -> manage s/w channels), select the repositories tab. Check the radio box for the repository that you created in #2. Update repositories.
On that same menu (Channels -> manage s/w channels), select the sync tab. Specify an appropriate time for automatic sync. Select schedule. Then, if so desired, select sync now. Monitor progress on the satellite server at /var/log/rhn/reposync/${channel}.log
Sync the repos:
Command:
spacewalk-repo-sync --parent-channel centos6-x86_64
This will take a very long time. In excess of 24 hours… Ensure you run the command via tmux or an at job such that it can’t be interrupted.
Global reposync started at 07:44:34 on 03/12/15
epel:
Started:
07:44:37
03/12/15
Ended:
15:49:11
03/13/15
Total time:
32:04:34
You can track progress by examining the appropirate log file under ${satellite}:/var/log/rhn/reposync
Create a activation key that clients will use for their initial regsitration.
Systems -> activation keys -> create new key
Enter appropriate information. Select universal default
In the child channels tab, select the appropriate channels. Ensure epel is selected as it’ll be needed later. Also, ensure the spacewalk client we manually entered is selected and not the default spacewalk client(n) for centos..
Install and register spacewalk clients:¶
Execute the following process on all existing clients:
Install spacewalk client repo:
Install epel client repo:
Install spacewalk client packages:
yum install rhn-client-tools rhn-check \ rhn-setup rhnsd m2crypto yum-rhn-plugin
Install spacewalk server’s CA cert:
yum -y install \ http://${fqdn}/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
Backup and move old repos:
cd /etc/yum.repos.d mkdir backup && mv *.repo backup
Register client:
rhnreg_ks --serverUrl=https://swalk/XMLRPC \ --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT \ --activationkey=1-centos6-x86_64
yum clean all
Verify connectivity by executing
rhn-channel --list
on each client.