Notes on spacewalk installation, configuration, usage:

Overview:

Work’s dictating spacewalk. I need something that will help with patch management and I need it now. So, learn spacewalk.

To-dos:

  • Figure out why osad isn’t working anymore. Even locally, I’m getting errors:

    Starting osa-dispatcher: Spacewalk 31373 2015/08/15 22:13:23 -05:00: ('Error connecting to ja

  • Figure out how to reliably install satellite server. (done)

  • Figure out how to patch systems

    • Pull patches from clients: yum update (done)

    • Push patches to clients: (done)

    • How to patch the satellite server itself. (done) Simply register the spacewalk server as a client of itself.

    • Figure out wtf w/spacewalk client unsigned repos. (done) Pending information not yet discovered, I’m chalking this one up up to a problem with the spacewalk 2.2. When auto-generated, the spacewalk nightly channel has the wrong gpg key. When I generate a new channel with the right gpg key, I still get the same error about unsigned repos.

  • Figure out auto update of channels. This error may (done) have something to do with it:

    # 1425338231634 addons.update-checker   WARN    Update manifest for {972ce4c6-7e08-4474-a285-3208198ce6fd} did not contain an updates property

  • Figure out individual channels/repos specific to (done) OS release vresion.

  • Figure out how to sync individual channels/repos w/o (done) upgrading them to the latest minor version.

  • Figure out how to backup/restore satellite server (done)

  • Figure out satellite proxy server

  • Figure out selinux on satellite server

  • Install/figure out osad on clients (done)

  • Figure out how to kick new systems (cobbler/kickstart)

Useful commands:

rhn_check:

Run on client to check the spacewalk server for any pending actions

rhn-channel –list

Displays channels the client can see.

spacewalk-common-channels

Automates the process of creating base and child channels as well as creating the repo definitions

spacewalk-repo-sync

CLI to sync repos. Using the –parent-channel option, can be used to sync the repos that belong to all child repos as well.

rpm -q gpg-pubkey –qf ‘%{name}-%{version}-%{release} –> %{summary}n’

Displays all gpg keys used by rpm:

# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
gpg-pubkey-4bd6ec30-4ff1e4fa --> gpg(Puppet Labs Release Key (Puppet Labs Release Key) <info@puppetlabs.com>)
gpg-pubkey-c105b9de-4e0fd3a3 --> gpg(CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>)
gpg-pubkey-863a853d-4f55f54d --> gpg(Spacewalk <spacewalk-devel@redhat.com>)
gpg-pubkey-0608b895-4bd22942 --> gpg(EPEL (6) <epel@fedoraproject.org>)
gpg-pubkey-066e5810-53cfcd27 --> gpg(Spacewalk <spacewalk-devel@redhat.com>)
rpm -e gpg-pubkey-066e5810-53cfcd27

Removes rpm gpg key

gpg –with-fingerprint ${key_file}

Displays the key ID and fingerprint required for spacewalk software channels. In the example bleo, the key ID is 0608B895:

# gpg --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
pub  4096R/0608B895 2010-04-23 EPEL (6) <epel@fedoraproject.org>
      Key fingerprint = 8C3B E96A F230 9184 DA5C  0DAE 3B49 DF2A 0608 B895
db-control backup ${dir}

Backs up the embedded postgres dabase

db-control examine ${dir}

Examines a backup of the postgres database.

db-control verify ${dir}

Verifies a postgres db backup.

Logs:

spacewalk:/var/log/rhn/reposync/${channel}:

Logs for syncs of channel repos. Looks like the logs don’t rotate on their own. Will need to do some log rotation.

Lessons learned:

  • Log rotation needed for /var/log/rhn/reposync

  • rm /etc/sysconfig/rhn/systemid makes a system believe it is no longer registered to a spacewalk server.

  • Bug in rhnChannel.py that prevents remote command line channel additions. Details of the bug are in the spacewalk archives and the actual patch is available on github as 1122438 I don’t know how to patch the file from github so I just edited the file and removed the extraneous comma at the end of line 1726. File location is: /usr/lib/python2.6/site-packages/spacewalk/server/rhnChannel.py Restart spacewalk for the change to take affect.

  • Document your login credentials in case you don’t log into the god damned thing for months at a time… admin/3Pizda!!, btw…

Interesting URLs:

https://fedorahosted.org/spacewalk/wiki/UserDocs

Main wikidocs for spacewalk

https://fedorahosted.org/spacewalk/wiki/SpacewalkWithLDAP

Spacewalk installation w/users/groups in ldap

http://yum.spacewalkproject.org/

Binary RPMS

Yum repos:

Notes:

  • Required ports (inbound -> client):

    • 80: bi-directional

    • 443: bi-directional

    • 4545: outbound for monitoring

    • 5222: inbound (push actions to a client)

    • 5269: inbound, push actions to a spacewalk proxy

  • DB Storage:

    • 250kb/client

    • 500kb/channel

    • 230kb/pkg/channel

  • Channel storage: 6gb/channel

  • Installation:

    • Ensure OS is up to date.

    • Set selinux permissve (need to get this working)

    • Download/install spacewalk yum repo:

    • Create jpackage repo:

      cat > /etc/yum.repos.d/jpackage-generic.repo << EOF
[jpackage-generic]
name=JPackage generic
#baseurl=http://mirrors.dotsrc.org/pub/jpackage/5.0/generic/free/
mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&type=free&release=5.0
enabled=1
gpgcheck=1
gpgkey=http://www.jpackage.org/jpackage.asc
EOF

    • Create epel repo:

    • Install spacewalk:

      yum install spacewalk-postgresql \
    spacewalk-setup-postgresql-2.2.2-1.el6.noarch \
    spacewalk-utils-2.2.25-1.el6.noarch \
    spacewalk-remote-utils-2.2.2-1.el6.noarch

    • Enable firewall ports: 80, 443, 5222

    • Configure spacewalk: spacewalk-setup --disconnected

  • Installation issue:

    • Didn’t have spacewalk-setup-postgresql installed:

      yum install spacewalk-setup-postgresql-2.2.2-1.el6.noarch

    • Insufficient space in /var. Created 20 gig fs mounted at /var/lig/pgsql

    • Incorrect selinux: restorecon -Rv /var/lib/pgsql (this is getting old)

  • Configuration:

    • Not exactly intuitive. Having problems getting channels and repos identified, created, and synced. More on that later.

  • Retry: blasted all channels and repos that I managed to get created.

    • Reconfigured default dir to /ignite/satellite by setting RPM repository mount point under admin->spacewalk configuration -> General. That part’s important.

    • Spacewalk calls downloading repos ‘uploading’ Big part of the confusion there.

    • yum install spacewalk-utils-2.2.25-1.el6.noarch

    • Create the channels by using spacewalk-common-channels:

      #  spacewalk-common-channels -v -u admin -p '3Pizda!!' \
    -a i386,x86_64 -k unlimited 'centos6*' \
    'spacewalk-nightly-client*'
Connecting to http://localhost/rpc/api
Base channel 'CentOS 6 (i386)' - creating...
* Activation key 'centos6-i386' - creating...
* Child channel 'CentOS 6 Addons (i386)' - creating...
** Activation key '1-centos6-i386' - adding child channel...
* Child channel 'CentOS 6 Plus (i386)' - creating...
** Activation key '1-centos6-i386' - adding child channel...
* Child channel 'CentOS 6 Contrib (i386)' - creating...
** Activation key '1-centos6-i386' - adding child channel...
* Child channel 'CentOS 6 Extras (i386)' - creating...
** Activation key '1-centos6-i386' - adding child channel...
* Child channel 'CentOS 6 FastTrack (i386)' - creating...
** Activation key '1-centos6-i386' - adding child channel...
* Child channel 'CentOS 6 Updates (i386)' - creating...
** Activation key '1-centos6-i386' - adding child channel...
* Child channel 'Spacewalk Client (N) for CentOS 6 (i386)' - creating...
** Activation key '1-centos6-i386' - adding child channel...

Base channel 'CentOS 6 (x86_64)' - creating...
* Activation key 'centos6-x86_64' - creating...
* Child channel 'CentOS 6 Addons (x86_64)' - creating...
** Activation key '1-centos6-x86_64' - adding child channel...
* Child channel 'CentOS 6 Plus (x86_64)' - creating...
** Activation key '1-centos6-x86_64' - adding child channel...
* Child channel 'CentOS 6 Contrib (x86_64)' - creating...
** Activation key '1-centos6-x86_64' - adding child channel...
* Child channel 'CentOS 6 Extras (x86_64)' - creating...
** Activation key '1-centos6-x86_64' - adding child channel...
* Child channel 'CentOS 6 FastTrack (x86_64)' - creating...
** Activation key '1-centos6-x86_64' - adding child channel...
* Child channel 'CentOS 6 Updates (x86_64)' - creating...
** Activation key '1-centos6-x86_64' - adding child channel...
* Child channel 'Spacewalk Client (N) for CentOS 6 (x86_64)' - creating...
** Activation key '1-centos6-x86_64' - adding child channel...

      Fucking SWEET! Looking in the channels on the web page, shows them all.

    • Syncing the individual repos was a bit of a pain to figure out. The command is spacewalk-repo-sync --parent-channel centos6-x86_64. The channel is the channel label not the channel name…

    • Syncing all the channels started at 1143 CST. Still running, 1421. 1/3 of the way through and it’s taken 3 hours. Another 6 hours to complete. nice… Total time for all appropriate 6.5 repos:

      • base: 8:07:37

      • update?: 2:28:47

      • nuther: 20:55

      • nuther: 0:32

      • … 0:48

      • … 0:10

      • … 2:25

      lol: a total of 11:01:12… Fuck me. I have a hunch other repos will take somewhat less time, but it won’t be significantly less time.

    • Creating an activation key and associating it with a base channel:

      • Systems->Activation key

      • Create a new key.

      • One of the options is to associate it with a base channel.

    • Registering a client, also a bit of a PITA.

      *   Install spacewalk client repo: ::
*   Install epel client repo
*   Install spacewalk client packages: ::

      yum install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin

      • Install spacewalk server’s CA cert:

        rpm -Uvh http://${fqdn}/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm

      • Register client:

        rhnreg_ks --serverUrl=https://vmsrv.olearycomputers.com/XMLRPC \
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT \
--activationkey=1-centos6-x86_64

  • Patching:

    • Been having all sorts of problems and not a lot of error messages to provide a search path. Trying to push patches from the spacewalk server was getting me nowhere.

    • Finally tried yum repolists on the individual clients. They were seeing all old repo information and giving an error that it couldn’t access repomd.xml. After much searching, I found a reference to cleaning out the yum cache. So, yum clean all && yum repolist and I can get info on glibc, for instance.

    • Cool! Try another push of patches. No joy. still getting ignored. Why?

    • Back to client. Try yum -y update abrt and I end up with whole bunces of errors:

      Error Downloading Packages:
abrt-cli-2.0.8-26.el6.centos.x86_64: failed to retrieve getPackage/abrt-cli-2.0.8-26.el6.centos.x86_64.rpm from centos6-x86_64
error was [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"

    • Another, shorter search, and I find a reference to selinux. Set that to permissive, and yum -y update abrt works. Yay me!

    • Another try at the web interface, though, doesn’t seem to be proving effective… I’m going to let it sit for awhile. Maybe there’s some type of polling that’s going on.

    • I did see another post regarding time… time on my systems is a bit whacked. need to get that synced… Also, remembered that iptables is running on the client. no ports open. That’s probably what’s causing my issue. dropped the firewall and let the scheduler go.

    • Confirmed: it’s the firewall. came back this morning and the scheduled action was done. looking on the system, I see the package updated.

    • Enabled port 5222 on caauth and was able to push patches.

    • In order to force a client to check, execute rhn_check. That will run any pending scheduled activities from the satellite server immediately.

    • osad is supposed to circumvent the need for running rhn_check…

02/22/15:

  • No luck today. Still getting the error message stating that spacewalk repos aren’t signed. I asked a question on ITRC and finally sent out an email to the list server. Let’s see what they come up with.

  • There’s been no joy searching googles…

02/28/15:

  • Restarted from scratch - literally.. rebuilt the vmsrv and starting over on a vm rather than the vmsrv system itself.

  • Cloning swalk after getting it up on the network, permissive mode, and patched.

  • Installation:

    • Ensure OS is up to date.

    • Set selinux permissve (need to get this working)

    • Set firewal rules:

      for p in 80 443 522
do
    iptables -I INPUT 5 -m state --state NEW -p tcp \
        -m tcp --dport ${p} -j ACCEPT
done
service iptables save

    • Download/install spacewalk yum repo:

      rpm -Uvh http://yum.spacewalkproject.org/2.2/RHEL/6/x86_64/spacewalk-repo-2.2-1.el6.noarch.rpm

    • Create jpackage repo:

      cat > /etc/yum.repos.d/jpackage-generic.repo << EOF
[jpackage-generic]
name=JPackage generic
#baseurl=http://mirrors.dotsrc.org/pub/jpackage/5.0/generic/free/
mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&type=free&release=5.0
enabled=1
gpgcheck=1
gpgkey=http://www.jpackage.org/jpackage.asc
EOF

    • Create epel repo:

      rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/`uname -i`/epel-release-6-8.noarch.rpm

    • Create 20g /var/lib/pgsql

    • Create 20g /var/satellite

    • Install spacewalk:

      yum install spacewalk-postgresql \
    spacewalk-setup-postgresql-2.2.2-1.el6.noarch \
    spacewalk-utils-2.2.25-1.el6.noarch \
    spacewalk-remote-utils-2.2.2-1.el6.noarch \
    spacewalk-dobby # needed for db-control cmd

    • Configure spacewalk: spacewalk-setup --disconnected

    • When it errors out, check the displayed log file and it’s complaining about selinux. restorecon -Rv /var/lib/pgsql

    • restorecon -Rv /var/satellite

    • Create the channels by default. Need to figure this shit out manually.

      spacewalk-common-channels -v -u admin -p '3Pizda!!' -a x86_64 \
-k unlimited 'centos6*' 'spacewalk-nightly-client*'

    • Sync the repos:

      spacewalk-repo-sync --parent-channel  centos6-x86_64

      This is going to take a long fucking time…

03/01/15:

  • Sync still running; probably got another 2 hours or so left.

  • Activation keys handled by the spacewalk-common-channels command.

  • Client registration:

    • Install spacewalk client repo:

    • Install epel client repo:

    • Install spacewalk client packages:

      yum install rhn-client-tools rhn-check \
rhn-setup rhnsd m2crypto yum-rhn-plugin

    • Install spacewalk server’s CA cert:

      yum -y install \
http://${fqdn}/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm

    • Backup and move old repos:

      cd /etc/yum.repos.d
mkdir backup && mv *.repo backup

    • Register client:

      rhnreg_ks --serverUrl=https://swalk/XMLRPC \
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT \
--activationkey=1-centos6-x86_64

    • yum clean all

    • Verify connectivity by executing rhn-channel --list on each client.

  • Well, that’s frustrating. Got everything set, pretty much as vanilla as possible, no special locations, no special details, selinux set in permissive mode, and I’m still getting the spacewalk client isn’t signed. <sigh>

  • After much wrestling, I’m finally disabling the spacewalk client software channels. Those things are borked. Even creating them from scratch using straight repos and gpg key information didn’t work. I do believe the problem’s on their end.

  • I did set up the channel to auto sync as of 0300 every morning. Check that over the next few days and see if anything’s come out.

03/07/15:

  • Checked on updates; all systems still showed green. bummer. Checked on the sync schedule and updates was turned off. I turned it back on again and verified that it should run tonight. I imagine there’ll be a few new updates tomorrow.

03/08/15:

  • Goals for the day:

    • Verify updates channel actually updated. (done)

    • Figure out individual channels/repos specific to OS release vresion.

    • Figure out how to sync individual channels/repos w/o (N/A) upgrading them to the latest minor version.

    • Figure out how to backup/restore satellite server

  • Verified that the updates channel is updating now. Good deal. Only 5 packages since 03/01/15. Bit surprising, that. But still, verification!

  • #3, figure out how to sync individual channes/repos w/o upgrading them seems to be a non-starter. Turns out redhat officially doesn’t support any minor versions prior to the current one. Meaning rhel5.11 or rhel6.6. I posted a question to oracle support asking them; however, I really don’t see how they can provide support for older point releases if redhat’s not doing so.

  • Actually, I think I found out how Sue limits the updates. Basically, she doesn’t include them. Just the base url for the linux version:

    http://mirror.centos.org/centos/5.7/os/x86_64/

    Note: the above won’t work w/centos as they’re a bit more sticky about not supporting (or supplying) non-current point releases.

  • As for #2: the process for creating a new repo and software channel is:

    1. Channels -> manage s/w channels -> manage repositories

    2. create new repository. Fill in menu required menu items, then create repository.

    3. Channels -> manage s/w channels, then create new channel. Fill in the menu items:

      • channel name: human readable channel name

      • channel label: label for use w/spacewalk-repo-sync

      • Find a url for the repo gpg signing key. Paste it in gpg key url:.

      • ID key id and fingerprinter. Paste information into appropriate boxes. See gpg command above.

      • create channel

    4. On that same menu (Channels -> manage s/w channels), select the repositories tab. Check the radio box for the repository that you created in #2. Update repositories.

    5. On that same menu (Channels -> manage s/w channels), select the sync tab. Specify an appropriate time for automatic sync. Select schedule. Then, if so desired, select sync now. Monitor progress on the satellite server at /var/log/rhn/reposync/${channel}.log

03/10/15:

  • Goals for the day:

    • Figure out how to backup/restore satellite server

    • Clone a repo from gui and command line.

  • Directions from spacewalk wiki:

    • Stop spacewalk: spacewalk-service stop

    • Back up the following directories:

/var/satellite

14G

contains all the pushed packages

/var/lib/cobbler

592K

all the cobbler configuration

/etc

56M

Standard

/root/ssl-build

148K

with the package containing your SSL certificate

/home/nocpulse

?

Doesn’t exit

/var/lib/rhn/

37M

which contains all the kickstart files

  • Restart service.

  • Backup the database. DB won’t back up if it’s not running.

    su - postgres
pg_dumpall > \
/var/lib/pgsql/backups/full_postgres_backup-`date +%Y%m%d`.sql'

  • Regardless, both started/stopped, backups failed.

  • Another search showed db-control. This one seems to work.

    yum -y install spacewalk-dobby
db-control backup ${root_writable_dir}  # cmd must be run as root

  • Restore, using the process that works:

    db-control restore ${dir}

  • Osad install is just as easy as the docs say:

    • Install osa-dispatcher on server if not already there.

    • Install osad (epel repo) on client

    • Update /etc/sysconfig/rhn/osad.conf, osad_ssl_cert with location of the spacewalk server cert: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

    • Start osad.

    • May need to force spacewalk to acknowledge the osad status on the system details, right side, osad, ping host.

    • Once done, installs went immediately without having to do rhn_checks.

  • Minor issue: apparently, my epel repo sync didn’t work. Kicked it off again at 2105. Need to check on that tomorrow. May have been a full disk issue. just increased /var/satellite to 25 gig.

03/1[1-3]/15:

Reset the environment for a startup from scratch. I got the swalk server patched and puppet applied to all nodes.

Install spacewalk server:

  • Ensure hosts resolve FQDN firs and that hostname on the spacewalk server shows the fqdn. This will save you a boat-load of ssl problems later in the process.

  • Ensure OS on spacewalk server is up to date.

  • Set selinux permissve (need to get this working) on spacewalk server

  • Ensure appropriate space is available to the appropriate directories and/or they’re linked to sufficiently sized filesystems. For my test environment, 20g postgres db filesystem and 50g repo storage area will results in ~50% allocation when centos6, epel, and rpmforge repos are fully synced.

    • Create 20g /var/lib/pgsql

    • Create 50g /var/satellite

  • Set firewal rules on spacealk server:

    # show input
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

for p in 5222 443 80
do
    iptables -I INPUT 5 -m state --state NEW -p tcp \
        -m tcp --dport ${p} -j ACCEPT
done

# show input
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:5222
8    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

service iptables save

  • Configure requisite repos:

    • Download/install epel and spacewalk yum repo:

      yum -y install http://yum.spacewalkproject.org/2.2/RHEL/6/x86_64/spacewalk-repo-2.2-1.el6.noarch.rpm
yum -y install http://dl.fedoraproject.org/pub/epel/6/`uname -i`/epel-release-6-8.noarch.rpm

    • Create jpackage repo:

      cat > /etc/yum.repos.d/jpackage-generic.repo << EOF
[jpackage-generic]
name=JPackage generic
#baseurl=http://mirrors.dotsrc.org/pub/jpackage/5.0/generic/free/
mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&type=free&release=5.0
enabled=1
gpgcheck=1
gpgkey=http://www.jpackage.org/jpackage.asc
EOF

  • Install spacewalk:

    yum -y install spacewalk-postgresql \
    spacewalk-setup-postgresql-2.2.2-1.el6.noarch \
    spacewalk-utils-2.2.25-1.el6.noarch \
    spacewalk-remote-utils-2.2.2-1.el6.noarch \
    spacewalk-dobby # needed for db-control cmd

  • Set selinux contexts. Required even though we set the selinux policy to permissive above.

    restorecon -Rv /var/lib/pgsql restorecon -Rv /var/satellite

  • Configure spacewalk: spacewalk-setup --disconnected USE FQDN for spacewalk server

  • Configure the primary admin account by accessing the system’s web server:

    https://swalk

  • Create the channels by default. Need to figure this shit out manually.

    spacewalk-common-channels -v -u admin -p '3Pizda!!' -a x86_64 \
-k unlimited 'centos6*' 'spacewalk-nightly-client*'

  • Set up epel, rpmforge and spacewalk client channels:

    • Use the repo files in /etc/yum.repos.d for the required information. $basearch can be determined by running uname -m

    • spacewalk client repo, at least for me, is required because I can’t get the spacewalk-nightly-client-centos6-x86_64 to work. Every time I try to load a package from it, it errors out saying its unsigned.

    • URLs to note:

    • Process:

      1. Channels -> manage s/w channels -> manage repositories

      2. create new repository. Fill in menu required menu items, then create repository.

      3. Channels -> manage s/w channels, then create new channel. Fill in the menu items:

        • channel name: human readable channel name

        • channel label: label for use w/spacewalk-repo-sync

        • Find a url for the repo gpg signing key. Paste it in gpg key url:.

        • ID key id and fingerprinter. Paste information into appropriate boxes. See gpg command above.

        • create channel

      4. On that same menu (Channels -> manage s/w channels), select the repositories tab. Check the radio box for the repository that you created in #2. Update repositories.

      5. On that same menu (Channels -> manage s/w channels), select the sync tab. Specify an appropriate time for automatic sync. Select schedule. Then, if so desired, select sync now. Monitor progress on the satellite server at /var/log/rhn/reposync/${channel}.log

  • Sync the repos:

    • Command: spacewalk-repo-sync --parent-channel  centos6-x86_64

    • This will take a very long time. In excess of 24 hours… Ensure you run the command via tmux or an at job such that it can’t be interrupted.

      • Global reposync started at 07:44:34 on 03/12/15

      • epel:

        Started:

        07:44:37

        03/12/15

        Ended:

        15:49:11

        03/13/15

        Total time:

        32:04:34

    • You can track progress by examining the appropirate log file under ${satellite}:/var/log/rhn/reposync

  • Create a activation key that clients will use for their initial regsitration.

    • Systems -> activation keys -> create new key

    • Enter appropriate information. Select universal default

    • In the child channels tab, select the appropriate channels. Ensure epel is selected as it’ll be needed later. Also, ensure the spacewalk client we manually entered is selected and not the default spacewalk client(n) for centos..

Install and register spacewalk clients:

Execute the following process on all existing clients:

  • Install spacewalk client repo:

  • Install epel client repo:

  • Install spacewalk client packages:

    yum install rhn-client-tools rhn-check \
rhn-setup rhnsd m2crypto yum-rhn-plugin

  • Install spacewalk server’s CA cert:

    yum -y install \
http://${fqdn}/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm

  • Backup and move old repos:

    cd /etc/yum.repos.d
mkdir backup && mv *.repo backup

  • Register client:

    rhnreg_ks --serverUrl=https://swalk/XMLRPC \
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT \
--activationkey=1-centos6-x86_64

  • yum clean all

  • Verify connectivity by executing rhn-channel --list on each client.