Spacewalk is the upstream-project for Redhat Satellite. It’s a tool which is mainly used to list, deploy and manage packages and updates to Fedora, CentOS, SLES and even Debian installations. Recently a new version, 2.4, came out, so let’s have a look at the installation procedure and how to perform some basic Spacewalk actions
Previous information
This post is an edited update to an older post (Spacewalk 2.2 installation on CentOS 7) and replaces the information provided to install Spacewalk 2.2 on CentOS 7. Altough not officially supported, it was possible. Since the release of Spacewalk 2.3 there is no need to search for workarounds or absent dependencies and Spacewalk can be installed “out-of-the-box”. Since 2.4 only brings minor changes in the installation process, I decided to update this post, originally for 2.3.
Preparation
We’re starting with a minimal, updated, CentOS 7.1 installation. Spacewalk requires a lot of packages that are not in the official repositories so the first step is to add all necessary sources for those packages:
EPEL-REPOSITORY
Installation:
[jensd@spacewalk ~]$ sudo yum install epel-release -y ... Complete!
JPACKAGE-REPOSITORY
Installation:
[jensd@spacewalk ~]$ cat | sudo tee /etc/yum.repos.d/jpackage-generic.repo << EOF [jpackage-generic] name=JPackage generic #baseurl=http://mirrors.dotsrc.org/pub/jpackage/5.0/generic/free/ mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&type=free&release=5.0 enabled=1 gpgcheck=1 gpgkey=http://www.jpackage.org/jpackage.asc EOF
SPACEWALK-REPOSITORY
Installation:
[jensd@spacewalk ~]$ sudo yum install http://yum.spacewalkproject.org/2.4/RHEL/7/x86_64/spacewalk-repo-2.4-3.el7.noarch.rpm -y ... Complete!
POSTGRESQL DATABASE
There are various options in regards to information storage for Spacewalk. The most popular is PostgreSQL and for this post, I’ll use the option to use an embedded PostgreSQL-server.
[jensd@spacewalk ~]$ sudo yum install spacewalk-setup-postgresql -y ... Complete!
FIREWALL
Before we will be able to connect to our newly configured Spacewalk-server, we need to make sure that the firewall doesn’t block access:
[jensd@spacewalk ~]$ sudo firewall-cmd --add-service=https --permanent success [jensd@spacewalk ~]$ sudo firewall-cmd --add-service=http --permanent success [jensd@spacewalk ~]$ sudo firewall-cmd --reload success
Hostname
Make sure that the system can resolve it’s own hostname. Tomcat will try to do this and fails to start if it can’t resolve it’s own hostname.
[jensd@spacewalk ~]$ ping $(hostname -f) -c1 PING spacewalk (192.168.202.101) 56(84) bytes of data. 64 bytes from spacewalk (192.168.202.101): icmp_seq=1 ttl=64 time=0.065 ms --- spacewalk ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.065/0.065/0.065/0.000 ms
In case the above fails, simply add an entry to /etc/hosts with your hostname and IP-address.
Spacewalk installation
Finally everything is ready to install the packages related to Spacewalk itself.
[jensd@spacewalk ~]$ sudo yum install spacewalk-postgresql -y ... Complete!
After the package-installation, let’s setup Spacewalk:
[jensd@spacewalk ~]$ sudo spacewalk-setup --disconnected * Setting up SELinux.. ** Database: Setting up database connection for PostgreSQL backend. ** Database: Installing the database: ** Database: This is a long process that is logged in: ** Database: /var/log/rhn/install_db.log *** Progress: ### ** Database: Installation complete. ** Database: Populating database. *** Progress: ############################ * Configuring tomcat. * Setting up users and groups. ** GPG: Initializing GPG and importing key. ** GPG: Creating /root/.gnupg directory You must enter an email address. Admin Email Address? jensd@jensd.be * Performing initial configuration. * Activating Spacewalk. ** Loading Spacewalk Certificate. ** Verifying certificate locally. ** Activating Spacewalk. * Configuring apache SSL virtual host. Should setup configure apache's default ssl server for you (saves original ssl.conf) [Y]? ** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave * Configuring jabberd. * Creating SSL certificates. CA certificate password? Re-enter CA certificate password? Organization? test Organization Unit [spacewalk]? Email Address [jensd@jensd.be]? City? City? testcity State? WVL Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? BE ** SSL: Generating CA certificate. ** SSL: Deploying CA certificate. ** SSL: Generating server certificate. ** SSL: Storing SSL certificates. * Deploying configuration files. * Update configuration in database. * Setting up Cobbler.. Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y]? n * Restarting services. Installation complete. Visit https://spacewalk to create the Spacewalk administrator account.
At this point, Spacewalk is installed, configured and ready to use. Refer to the next section to get started with Spacewalk.
Spacewalk basic setup and use
Finally, our spacewalk server is up and running. All that’s left to do is use your browser and navigate to the IP or hosntame of your server.
First login
The first time, you will get the possibility to create a new spacewalk user and log in with it:
Using channels in spacewalk
Spacewalk uses the concept of channels. For a Spacewalk client, a membership to a channel can be seen as an installed and enabled package repository. A channel is a logical collection of packages, usually linked to a “normal” (yum) repository. Channels can be customized, cloned, synced, etc…
My best practice is to configure a base channel for every major OS release and stage (for example: CentOS 6 prod or CentOS 7 test) and a child channel for every real repository which we can use as a source of packages. The child-channels in test are synced on a daily basis with the real repositories and from time to time, we do a staging from the newer packages in the test-channels to the prod-channels. This way, there is a fixed, stable, point to which the systems get updated and baselined.
Managing channels
Add a base channel
A base channel is the channel that a client gets registered to. The client can use all child-channels associated to the base channel it’s registered to. A good practice is to not add any packages directly to the base channel but to add those only to specific child-channels. So for my example, I will create a base channel but I will not link it to any repository. It’s just used as a logical group container. After creating the base channel, I’ll create a repository and child channel linked to this base channel.
A base channel has a registration key. This key is used by the client to register itself to the base channel.
To add a base channel, navigate to: Channels (top menu) -> Manage Software Channels (left pane) -> Create Channel
Fill in the basic fields and click on “Create Channel”
After creating the base channel, we need to generate a key for it in order to be able to register clients (systems) to this base channel.
To do so, navigate to: Systems (top menu) -> Activation Keys (left pane) -> Create key
Leave the key field blank to generate a key and select the base channel which you just created from the dropdown-list:
Click on “Create Activation Key” to generate and create the key.
Add repositories
The easiest path from here is to first add all normal repositories which you plan to use to the list of repositories in Spacewalk. You can do this by navigating to:
Channels (top menu) -> Manage Software Channels (left pane) -> Manage Repositories (left pane) -> Create Repository
As an example, I’ll add the PostgreSQL Yum repository for version 9.4. Choose a name for the repository, add the URL and click on “Create Repository”:
In a standard setup you would start with creating repositories for you base OS and update repositories.
Add a child channel
Now, for every repository you added, create a child channel related to the base architecture you specified in you base channels.
Navigate to: Channels (top menu) -> Manage Software Channels (left pane) -> Create Channel
Name the channel and choose the base channel from the dropdown:
Click “Create Channel” and navigate to Manage Software Channels again. Select the newly created child channel and click on “Repositories”. Select the earlier created repo from the list and click “Update repositories”:
Synchronize the child channel with it’s repository
At this point, the setup is complete but the child channel needs to sync it’s packages with the repository. This can be done with the GUI by navigating to: Channels (top menu) -> Manage Software Channels (left pane) -> <child channel> -> Repositories -> Sync -> Sync Now.
Make sure that there is enough space in the filesystem containing /var/satellite to contain all the packages in the repo.
More interesting is to run the synchronization from the CLI and add create a script to sync with the source repository on a daily basis. This can be done as follows:
[jensd@spacewalk ~]$ sudo spacewalk-repo-sync --channel test_centos_7_postgresql_94 --type yum ====================================== | Channel: test_centos_7_postgresql_94 ====================================== Repo URL: http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/ Packages in repo: 276 Packages already synced: 0 Packages to sync: 276 1/276 : plr94-8.3.0.16-1.rhel7-0.x86_64 2/276 : mongo_fdw94-debuginfo-3.0-1.rhel7-0.x86_64 3/276 : emaj-debuginfo-1.1.0-1.rhel7-0.x86_64 ... 276/276 : gdal-doc-1.11.0-3.rhel7-0.noarch Linking packages to channel. Repo http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/ has comps file comps.xml. Repo http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/ has 0 errata. Sync completed. Total time: 0:19:12
After the sync, the channel can be used on a client which is registered to the base and child channel.
Spacewalk Clients
Install and registering a client to Spacewalk
The following actions need to be done on the systems that you want to make a Spacewalk client and want to use the packages from Spacewalk.
Clients require some packages in order to become a Spacewalk client. Install the following packages. CentOS 7 has these packages available by default:
[jensd@client ~]$ sudo yum -y install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin ... Complete!
In case the packages can’t be found or you want to install the newest client packages, you should add the EPEL and Spacewalk-client repositories to the system and then install the client utils:
[jensd@client ~]$ sudo yum -y install epel-release http://yum.spacewalkproject.org/2.4-client/RHEL/7/x86_64/spacewalk-client-repo-2.4-3.el7.noarch.rpm ... Complete! [jensd@client ~]$ sudo yum -y install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin ... Complete!
When the client has the necessary packages installed, we can register the system to the base channel which we created earlier. The activation key which we generated determines which base channel we’ll register to:
[jensd@client ~]$ sudo rhnreg_ks --serverUrl=http://192.168.202.101/XMLRPC --activationkey=1-47e170d3b82d2265a222b3b8f7b8f8d1 [jensd@client ~]$
After the registration, we can see in the web interface that the system has registered successfully:
Subscribe the system to child-channels on the client
Now, before we can use packages in one of the child channels associated to the base channel which we registered to, we need to enable those child-channels for that system.
This can be done with the GUI by navigating to Systems -> <client> -> Software -> Software Channels -> Software Channel Subscriptions:
It’s also possible to register to a child channel from the client itself by using the CLI:
To see the child channels that a client is already registered to:
[root@client ~]# spacewalk-channel -l test_centos_7
To list the child channels that are available:
[root@client ~]# spacewalk-channel -L Username: admin Password: test_centos_7_postgresql_94
To subscribe to one of the channels listed:
[root@client ~]# spacewalk-channel -a -c test_centos_7_postgresql_94 Username: admin Password: [root@client ~]# spacewalk-channel -l test_centos_7 test_centos_7_postgresql_94
If you want to avoid the client from searching, downloading and installing packages from the “normal”, non-spacewalk repositories, you can disable them as follows:
[root@client ~]# sed -i 's/enabled=1/enabled=0/g' /etc/yum.repos.d/* [root@client ~]# sed -i '/name=/a enabled=0' /etc/yum.repos.d/*
After subscribing to one or more child channels, packages can be installed as they would be normally:
[jensd@client ~]$ sudo yum install postgresql94 Loaded plugins: fastestmirror, rhnplugin This system is receiving updates from RHN Classic or Red Hat Satellite. Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package postgresql94.x86_64 0:9.4.1-1PGDG.rhel7 will be installed --> Processing Dependency: postgresql94-libs = 9.4.1-1PGDG.rhel7 for package: postgresql94-9.4.1-1PGDG.rhel7.x86_64 --> Processing Dependency: libpq.so.5()(64bit) for package: postgresql94-9.4.1-1PGDG.rhel7.x86_64 --> Running transaction check ---> Package postgresql94-libs.x86_64 0:9.4.1-1PGDG.rhel7 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: postgresql94 x86_64 9.4.1-1PGDG.rhel7 test_centos_7_postgresql_94 1.0 M Installing for dependencies: postgresql94-libs x86_64 9.4.1-1PGDG.rhel7 test_centos_7_postgresql_94 202 k Transaction Summary ======================================================================================================== Install 1 Package (+1 Dependent package) Total download size: 1.2 M Installed size: 6.0 M Is this ok [y/d/N]:
As you can see, the packages in from the child channel are found and will get downloaded from the child-channel test_centos_7_postgresql_94.
Hi Jensd,
Tried the flash installation Spacewalk 2.3 on both CentOS & OEL 7.1, they both reported following dependencies are missing:
Requires: mvn(commons-digester:commons-digester)
Requires: apache-commons-validator
Requires: mvn(org.apache.bsf:bsf)
Requires: jboss-servlet-3.0-api
Requires: apache-commons-beanutils
Requires: jboss-el-2.2-api
Requires: apache-commons-digester
Requires: mvn(commons-validator:commons-validator)
Requires: mvn(commons-digester:commons-digester)
Requires: jboss-el-2.2-api
Requires: jboss-servlet-3.0-api
Requires: mvn(commons-beanutils:commons-beanutils)
Requires: jboss-el-2.2-api
Requires: python-pygments
Requires: mvn(commons-beanutils:commons-beanutils)
Wonder did you got similar issues as well?
Thanks!
You’ve probably forgot to add JPACKAGE-REPOSITORY, had the same problem when i missed that part of instruction
If you are using RHEL7, you have to enable optional repo:
subscription-manager repos –enable=rhel-7-server-optional-rpms
Great Documentation!!!! Everything worked fine as explained.
Questions:
1. Every time I login using browser, it shows me screen for “Create Kickstart Distribution”. I did copied Distribution directory from another server to new one and created distrbution, but it still shows the “Create Kickstart Distribution”.
2. When I click on “Create Kickstart Profile”; it shows that “Base Channel*: No Kickstartable Channels found.” even though the Channel exist.
Any help is appreciated. Thank You.
Nice tutorial, was able to follow it without any issues updating some of the latest rpms, thanks!
Quick question, it seems that you cannot scan systems for updates as it is missing spacewalk_oscap which does not exist under http://yum.spacewalkproject.org/2.3/RHEL/7/x86_64/.
I tried installing the one for Redhat and it did not work as it has other dependencies and will break the system apparently.
Also I added a few servers and according to the system page they are OK with a green check mark, but if I do yum update they all have pending updates.
Any ideas how to check it with the GUI or the oscap is the issue?
Regards,
Paul
Nice one !!
Can we pull packages from the bitbucket repo ?
Kindly advice ?
Thanks.
Hi
As far as I know there is no easy solution for that. I used to spend some time looking to do the same but I remeber I didn’t find any (easy,good) solution.
Nice article. However, I find that creating a parent channel with no repo URL fails to create any repo data, which causes yum to fail on the client with a “Cannot retrieve repository metadata” error. Did you not run into this issue?
Nevermind. It seems that repo data on the server was corrupted somehow. Clearing the cache and restarting the service seems to have resolved the problem. Wacky.
Thanks.
Spacewalk, and especially task-o-matic sometimes behaves a litlle “wacky” as you describe it. Usually waiting a little or restart the task-o-matic service (if you’re impatient) resolves the weirdness :)
Followed the guide but get:
[root@spacewalk ~]# sudo spacewalk-repo-sync –channel test_centos_7_base –type yum
Channel test_centos_7_base Channel has no URL associated
What am I missing?
Hi, I think you missed this step:
“Click “Create Channel” and navigate to Manage Software Channels again. Select the newly created child channel and click on “Repositories”. Select the earlier created repo from the list and click “Update repositories”:”
Hello,
I have the following problem when I want to sync the repository. I followed all steps as they are in the tutorial.
[root@test ~]# spacewalk-repo-sync –channel test_centos_7_postgresql_94 –type=yum
======================================
| Channel: test_centos_7_postgresql_94
======================================
Traceback (most recent call last):
File “/usr/bin/spacewalk-repo-sync”, line 215, in
sys.exit(abs(main() or 0))
File “/usr/bin/spacewalk-repo-sync”, line 207, in main
sync_kickstart=options.sync_kickstart)
File “/usr/lib/python2.7/site-packages/spacewalk/satellite_tools/reposync.py”, line 163, in __init__
self.repo_plugin = self.load_plugin(repo_type)
File “/usr/lib/python2.7/site-packages/spacewalk/satellite_tools/reposync.py”, line 230, in load_plugin
mod = __import__(‘spacewalk.satellite_tools.repo_plugins’, globals(), locals(), [name])
File “/usr/lib/python2.7/site-packages/spacewalk/satellite_tools/repo_plugins/__init__.py”, line 18, in
from spacewalk.server import rhnPackageUpload
File “/usr/lib/python2.7/site-packages/spacewalk/server/rhnPackageUpload.py”, line 20, in
from spacewalk.common import rhn_mpm, rhn_deb, rhn_pkg
File “/usr/lib/python2.7/site-packages/spacewalk/common/rhn_deb.py”, line 23, in
from debian import debfile
File “/usr/lib/python2.7/site-packages/debian/debfile.py”, line 27, in
from debian.deb822 import Deb822
File “/usr/lib/python2.7/site-packages/debian/deb822.py”, line 1481, in
@six.add_metaclass(_ClassInitMeta)
AttributeError: ‘module’ object has no attribute ‘add_metaclass’
Any Ideas?
Hi,
I am able to launch spacewalk GUI successfully.
But if do sync of repo with channel using the below command:
03/4305 : xorg-x11-drv-ati-7.2.0-9.20140113git3213df1.el7-0.x86_64
Downloaded package xorg-x11-drv-ati-7.2.0-9.20140113git3213df1.el7.x86_64, from rhel7_x86_64, but it was invalid.
4304/4305 : texlive-passivetex-svn15878.0-32.el7-2.noarch
Downloaded package 2:texlive-passivetex-svn15878.0-32.el7.noarch, from rhel7_x86_64, but it was invalid.
4305/4305 : unixODBC-devel-2.3.1-10.el7-0.x86_64
Downloaded package unixODBC-devel-2.3.1-10.el7.x86_64, from rhel7_x86_64, but it was invalid.
Linking packages to channel.
Repo file:///rhel7repo has comps file comps.xml.
Repo file:///rhel7repo has 0 errata.
Sync completed.
Kindly help for the same.
Regards,
Srishti Kalra
Hi,
Seeing by the name you gave the repo, it’s probably a RHEL7 repo. Spacewalk officially doesn’t support RHEL although it’s the upstream project (or was) for Red Hat’s Satellite.
Awesome guide. The 1st i’ve found without dependency errors
any info on creating a local repo on the spacewalk server for clients without internet access?
Great guide, and everything works just great until I attempt to register a client, I get the following error;
An error has occurred:
rhn-plugin: Error communicating with server. The message was:
Internal Server Error
See /var/log/up2date for more information
When I cat the log file I get this;
[Wed Aug 24 15:03:37 2016] up2date A protocol error occurred: Not Found , attempt #1,
[Wed Aug 24 15:03:37 2016] up2date Could not find URL, spacewalk.reisys.com /RPC2
[Wed Aug 24 15:03:37 2016] up2date Check server name and/or URL, then retry
[Wed Aug 24 15:03:37 2016] up2date
Traceback (most recent call last):
File “/usr/sbin/rhnreg_ks”, line 217, in
cli.run()
File “/usr/share/rhn/up2date_client/rhncli.py”, line 96, in run
sys.exit(self.main() or 0)
File “/usr/sbin/rhnreg_ks”, line 95, in main
rhnreg.getCaps()
File “/usr/share/rhn/up2date_client/rhnreg.py”, line 264, in getCaps
s.capabilities.validate()
File “/usr/share/rhn/up2date_client/rhnserver.py”, line 185, in __get_capabilities
self.registration.welcome_message()
File “/usr/share/rhn/up2date_client/rhnserver.py”, line 67, in __call__
return rpcServer.doCall(method, *args, **kwargs)
File “/usr/share/rhn/up2date_client/rpcServer.py”, line 290, in doCall
raise_with_tb(up2dateErrors.CommunicationError(e.errmsg))
File “/usr/share/rhn/up2date_client/rpcServer.py”, line 214, in doCall
ret = method(*args, **kwargs)
File “/usr/lib64/python2.6/xmlrpclib.py”, line 1199, in __call__
return self.__send(self.__name, args)
File “/usr/share/rhn/up2date_client/rpcServer.py”, line 48, in _request1
ret = self._request(methodname, params)
File “/usr/lib/python2.6/site-packages/rhn/rpclib.py”, line 394, in _request
self._handler, request, verbose=self._verbose)
File “/usr/lib/python2.6/site-packages/rhn/transports.py”, line 177, in request
headers, fd = req.send_http(host, handler)
File “/usr/lib/python2.6/site-packages/rhn/transports.py”, line 739, in send_http
response.status, response.reason, response.msg)
: rhn-plugin: Error communicating with server. The message was:
Not Found
Hello,
I was not able to run the spacewalk-setup command –It says “command not found?”
It seems your installation had some errors, please paste previous steps lines.
Hello,
I exactly followed the steps, but in final step it is throwing error: “Tomcat failed to start properly or the installer ran out of tries.” Can you suggest something here ?
Thanks,
Hi Team,
We have the same issue with Red Hat 7.4, we followed above procedure step by steps but it thronging “Tomcat failed to start properly or the installer ran out of tries.”
and there are lot of dependency with spacewalk packages.
It will be great help to provide steps for RedHat 7 and spacewalk package dependency. Thanks in advance
Nice article. However, I find that creating a parent channel with no repo URL fails to create any repo data, which causes yum to fail on the client with a “Cannot retrieve repository metadata” error. Did you not run into this issue?