Spacewalk is the upstream-project for Redhat Satellite. It’s a tool which is mainly used to list, deploy and manage packages and updates to Fedora, CentOS, SLES and even Debian installations. Recently a new version, 2.4, came out, so let’s have a look at the installation procedure and how to perform some basic Spacewalk actions
This post is an edited update to an older post (Spacewalk 2.2 installation on CentOS 7) and replaces the information provided to install Spacewalk 2.2 on CentOS 7. Altough not officially supported, it was possible. Since the release of Spacewalk 2.3 there is no need to search for workarounds or absent dependencies and Spacewalk can be installed “out-of-the-box”. Since 2.4 only brings minor changes in the installation process, I decided to update this post, originally for 2.3.
We’re starting with a minimal, updated, CentOS 7.1 installation. Spacewalk requires a lot of packages that are not in the official repositories so the first step is to add all necessary sources for those packages:
[jensd@spacewalk ~]$ sudo yum install epel-release -y ... Complete!
[jensd@spacewalk ~]$ cat | sudo tee /etc/yum.repos.d/jpackage-generic.repo << EOF [jpackage-generic] name=JPackage generic #baseurl=http://mirrors.dotsrc.org/pub/jpackage/5.0/generic/free/ mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&type=free&release=5.0 enabled=1 gpgcheck=1 gpgkey=http://www.jpackage.org/jpackage.asc EOF
[jensd@spacewalk ~]$ sudo yum install http://yum.spacewalkproject.org/2.4/RHEL/7/x86_64/spacewalk-repo-2.4-3.el7.noarch.rpm -y ... Complete!
There are various options in regards to information storage for Spacewalk. The most popular is PostgreSQL and for this post, I’ll use the option to use an embedded PostgreSQL-server.
[jensd@spacewalk ~]$ sudo yum install spacewalk-setup-postgresql -y ... Complete!
Before we will be able to connect to our newly configured Spacewalk-server, we need to make sure that the firewall doesn’t block access:
[jensd@spacewalk ~]$ sudo firewall-cmd --add-service=https --permanent success [jensd@spacewalk ~]$ sudo firewall-cmd --add-service=http --permanent success [jensd@spacewalk ~]$ sudo firewall-cmd --reload success
Make sure that the system can resolve it’s own hostname. Tomcat will try to do this and fails to start if it can’t resolve it’s own hostname.
[jensd@spacewalk ~]$ ping $(hostname -f) -c1 PING spacewalk (192.168.202.101) 56(84) bytes of data. 64 bytes from spacewalk (192.168.202.101): icmp_seq=1 ttl=64 time=0.065 ms --- spacewalk ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.065/0.065/0.065/0.000 ms
In case the above fails, simply add an entry to /etc/hosts with your hostname and IP-address.
Finally everything is ready to install the packages related to Spacewalk itself.
[jensd@spacewalk ~]$ sudo yum install spacewalk-postgresql -y ... Complete!
After the package-installation, let’s setup Spacewalk:
[jensd@spacewalk ~]$ sudo spacewalk-setup --disconnected * Setting up SELinux.. ** Database: Setting up database connection for PostgreSQL backend. ** Database: Installing the database: ** Database: This is a long process that is logged in: ** Database: /var/log/rhn/install_db.log *** Progress: ### ** Database: Installation complete. ** Database: Populating database. *** Progress: ############################ * Configuring tomcat. * Setting up users and groups. ** GPG: Initializing GPG and importing key. ** GPG: Creating /root/.gnupg directory You must enter an email address. Admin Email Address? email@example.com * Performing initial configuration. * Activating Spacewalk. ** Loading Spacewalk Certificate. ** Verifying certificate locally. ** Activating Spacewalk. * Configuring apache SSL virtual host. Should setup configure apache's default ssl server for you (saves original ssl.conf) [Y]? ** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave * Configuring jabberd. * Creating SSL certificates. CA certificate password? Re-enter CA certificate password? Organization? test Organization Unit [spacewalk]? Email Address [firstname.lastname@example.org]? City? City? testcity State? WVL Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? BE ** SSL: Generating CA certificate. ** SSL: Deploying CA certificate. ** SSL: Generating server certificate. ** SSL: Storing SSL certificates. * Deploying configuration files. * Update configuration in database. * Setting up Cobbler.. Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y]? n * Restarting services. Installation complete. Visit https://spacewalk to create the Spacewalk administrator account.
At this point, Spacewalk is installed, configured and ready to use. Refer to the next section to get started with Spacewalk.
Spacewalk basic setup and use
Finally, our spacewalk server is up and running. All that’s left to do is use your browser and navigate to the IP or hosntame of your server.
The first time, you will get the possibility to create a new spacewalk user and log in with it:
Using channels in spacewalk
Spacewalk uses the concept of channels. For a Spacewalk client, a membership to a channel can be seen as an installed and enabled package repository. A channel is a logical collection of packages, usually linked to a “normal” (yum) repository. Channels can be customized, cloned, synced, etc…
My best practice is to configure a base channel for every major OS release and stage (for example: CentOS 6 prod or CentOS 7 test) and a child channel for every real repository which we can use as a source of packages. The child-channels in test are synced on a daily basis with the real repositories and from time to time, we do a staging from the newer packages in the test-channels to the prod-channels. This way, there is a fixed, stable, point to which the systems get updated and baselined.
Add a base channel
A base channel is the channel that a client gets registered to. The client can use all child-channels associated to the base channel it’s registered to. A good practice is to not add any packages directly to the base channel but to add those only to specific child-channels. So for my example, I will create a base channel but I will not link it to any repository. It’s just used as a logical group container. After creating the base channel, I’ll create a repository and child channel linked to this base channel.
A base channel has a registration key. This key is used by the client to register itself to the base channel.
To add a base channel, navigate to: Channels (top menu) -> Manage Software Channels (left pane) -> Create Channel
Fill in the basic fields and click on “Create Channel”
After creating the base channel, we need to generate a key for it in order to be able to register clients (systems) to this base channel.
To do so, navigate to: Systems (top menu) -> Activation Keys (left pane) -> Create key
Leave the key field blank to generate a key and select the base channel which you just created from the dropdown-list:
Click on “Create Activation Key” to generate and create the key.
The easiest path from here is to first add all normal repositories which you plan to use to the list of repositories in Spacewalk. You can do this by navigating to:
Channels (top menu) -> Manage Software Channels (left pane) -> Manage Repositories (left pane) -> Create Repository
As an example, I’ll add the PostgreSQL Yum repository for version 9.4. Choose a name for the repository, add the URL and click on “Create Repository”:
In a standard setup you would start with creating repositories for you base OS and update repositories.
Add a child channel
Now, for every repository you added, create a child channel related to the base architecture you specified in you base channels.
Navigate to: Channels (top menu) -> Manage Software Channels (left pane) -> Create Channel
Name the channel and choose the base channel from the dropdown:
Click “Create Channel” and navigate to Manage Software Channels again. Select the newly created child channel and click on “Repositories”. Select the earlier created repo from the list and click “Update repositories”:
Synchronize the child channel with it’s repository
At this point, the setup is complete but the child channel needs to sync it’s packages with the repository. This can be done with the GUI by navigating to: Channels (top menu) -> Manage Software Channels (left pane) -> <child channel> -> Repositories -> Sync -> Sync Now.
Make sure that there is enough space in the filesystem containing /var/satellite to contain all the packages in the repo.
More interesting is to run the synchronization from the CLI and add create a script to sync with the source repository on a daily basis. This can be done as follows:
[jensd@spacewalk ~]$ sudo spacewalk-repo-sync --channel test_centos_7_postgresql_94 --type yum ====================================== | Channel: test_centos_7_postgresql_94 ====================================== Repo URL: http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/ Packages in repo: 276 Packages already synced: 0 Packages to sync: 276 1/276 : plr94-22.214.171.124-1.rhel7-0.x86_64 2/276 : mongo_fdw94-debuginfo-3.0-1.rhel7-0.x86_64 3/276 : emaj-debuginfo-1.1.0-1.rhel7-0.x86_64 ... 276/276 : gdal-doc-1.11.0-3.rhel7-0.noarch Linking packages to channel. Repo http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/ has comps file comps.xml. Repo http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/ has 0 errata. Sync completed. Total time: 0:19:12
After the sync, the channel can be used on a client which is registered to the base and child channel.
Install and registering a client to Spacewalk
The following actions need to be done on the systems that you want to make a Spacewalk client and want to use the packages from Spacewalk.
Clients require some packages in order to become a Spacewalk client. Install the following packages. CentOS 7 has these packages available by default:
[jensd@client ~]$ sudo yum -y install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin ... Complete!
In case the packages can’t be found or you want to install the newest client packages, you should add the EPEL and Spacewalk-client repositories to the system and then install the client utils:
[jensd@client ~]$ sudo yum -y install epel-release http://yum.spacewalkproject.org/2.4-client/RHEL/7/x86_64/spacewalk-client-repo-2.4-3.el7.noarch.rpm ... Complete! [jensd@client ~]$ sudo yum -y install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin ... Complete!
When the client has the necessary packages installed, we can register the system to the base channel which we created earlier. The activation key which we generated determines which base channel we’ll register to:
[jensd@client ~]$ sudo rhnreg_ks --serverUrl=http://192.168.202.101/XMLRPC --activationkey=1-47e170d3b82d2265a222b3b8f7b8f8d1 [jensd@client ~]$
After the registration, we can see in the web interface that the system has registered successfully:
Subscribe the system to child-channels on the client
Now, before we can use packages in one of the child channels associated to the base channel which we registered to, we need to enable those child-channels for that system.
This can be done with the GUI by navigating to Systems -> <client> -> Software -> Software Channels -> Software Channel Subscriptions:
It’s also possible to register to a child channel from the client itself by using the CLI:
To see the child channels that a client is already registered to:
[root@client ~]# spacewalk-channel -l test_centos_7
To list the child channels that are available:
[root@client ~]# spacewalk-channel -L Username: admin Password: test_centos_7_postgresql_94
To subscribe to one of the channels listed:
[root@client ~]# spacewalk-channel -a -c test_centos_7_postgresql_94 Username: admin Password: [root@client ~]# spacewalk-channel -l test_centos_7 test_centos_7_postgresql_94
If you want to avoid the client from searching, downloading and installing packages from the “normal”, non-spacewalk repositories, you can disable them as follows:
[root@client ~]# sed -i 's/enabled=1/enabled=0/g' /etc/yum.repos.d/* [root@client ~]# sed -i '/name=/a enabled=0' /etc/yum.repos.d/*
After subscribing to one or more child channels, packages can be installed as they would be normally:
[jensd@client ~]$ sudo yum install postgresql94 Loaded plugins: fastestmirror, rhnplugin This system is receiving updates from RHN Classic or Red Hat Satellite. Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package postgresql94.x86_64 0:9.4.1-1PGDG.rhel7 will be installed --> Processing Dependency: postgresql94-libs = 9.4.1-1PGDG.rhel7 for package: postgresql94-9.4.1-1PGDG.rhel7.x86_64 --> Processing Dependency: libpq.so.5()(64bit) for package: postgresql94-9.4.1-1PGDG.rhel7.x86_64 --> Running transaction check ---> Package postgresql94-libs.x86_64 0:9.4.1-1PGDG.rhel7 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: postgresql94 x86_64 9.4.1-1PGDG.rhel7 test_centos_7_postgresql_94 1.0 M Installing for dependencies: postgresql94-libs x86_64 9.4.1-1PGDG.rhel7 test_centos_7_postgresql_94 202 k Transaction Summary ======================================================================================================== Install 1 Package (+1 Dependent package) Total download size: 1.2 M Installed size: 6.0 M Is this ok [y/d/N]:
As you can see, the packages in from the child channel are found and will get downloaded from the child-channel test_centos_7_postgresql_94.