How to install Spacewalk on CentOS 7

There are many articles on this subject, but you need to read many articles to complete a successful Spacewalk installation.  There are fewer articles that tackle Spacewalk beyond the installation.  Hopefully, this will fill in some of those blanks.

What it is.

Spacewalk is an open source Linux systems management solution. Spacewalk is the upstream community project from which the Red Hat Satellite product is derived.

Preparation

This article will make this assumption, that the following conditions are met.

  • CentOS 7 (minimal install, latest) on 24-32 GB HD.
  • 4 GB RAM
  • 2 CPU
  • /var/lib/pgsql (16GB) mount. (12 GB minimum to get started, resize later)
  • /var/satellite (128GB) mount. (12 GB minimum to get started, resize later)
  • The server has a FQDN and is registered in your DNS.

Install Spacewalk

# Not required, but useful
yum install -y nmap bind-utils
yum install -y yum-plugin-tmprepo

yum install -y spacewalk-repo --tmprepo=https://copr-be.cloud.fedoraproject.org/results/%40spacewalkproject/spacewalk-2.9/epel-7-x86_64/repodata/repomd.xml --nogpg
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
 
# Install Spacewalk with embedded PostgreSQL
yum -y install spacewalk-setup-postgresql spacewalk-postgresql
 
# Add Firewall Rules
firewall-cmd --permanent --add-service={http,https}
firewall-cmd --permanent --add-port={5222,5269}/tcp
firewall-cmd --permanent --add-port=69/udp
firewall-cmd --reload

# Create an answer file to semi-automate the install
cat << 'EOF' | tee /root/spacewalk-answers
admin-email = admin@example.com
ssl-set-org = ExampleCompany
ssl-set-org-unit = IT
ssl-set-city = Richmond
ssl-set-state = VA
ssl-set-country = US
ssl-password = spacewalk
ssl-set-email = admin@example.com
ssl-config-sslvhost = Y
db-backend=postgresql
db-name=spaceschema
db-user=spacewalkdbusername
db-password=spacewalkdbpassword
db-host=localhost
db-port=5432
enable-tftp=Y
EOF

# Run the setup
spacewalk-setup --answer-file=/root/spacewalk-answers
 
# Install Command Line Utility to Manage Spacewalk
yum -y install spacecmd

cat << 'EOF' | ~/.spacecmd/config 
spacecmd] 
server=spacewalk.asti-usa.com 
username=spacewalkusername 
password=spacewalkpassword 
EOF 

echo "alias spacecmd='spacecmd -q'" >> ~/.bashrc

Configuration

Logon to the website with the account you created in the steps above at https://fqdn.example.com and perform first logon.  Create an account and Organization (ie. MyOrg).

Create Channels

This is a fine piece of scripting that I wrote and evolved over the past five or six years. It greatly simplifies the creation of channels without having to do so in the GUI.  This script is quite flexible.  You can add additional base_channels, like centos6 and their respective child_channels.

#!/bin/bash
# Author: Paul Combs

# Create Base Channels
base_channel=(
'centos7|http://mirror.centos.org/centos/7/os/x86_64/'
)
 
# Create Child Channels
child_channel=(
'centos7|centos7-spacewalk29-client|https://copr-be.cloud.fedoraproject.org/results/%40spacewalkproject/spacewalk-2.9-client/epel-7-x86_64/'
'centos7|centos7-epel|https://dl.fedoraproject.org/pub/epel/7/x86_64/'
'centos7|centos7-updates|http://mirror.centos.org/centos/7/updates/x86_64/'
'centos7|centos7-extras|http://mirror.centos.org/centos/7/extras/x86_64/'
)
 
######################################
# MAIN PROGRAM
######################################
 
for i in ${base_channel[@]}
do
spacecmd -- softwarechannel_create $(echo "$i" | cut -d"|" -f1) -a x86_64 -n $(echo "$i" | cut -d"|" -f1) -l $(echo "$i" | cut -d"|" -f1) -c sha1
spacecmd -- repo_create -n $(echo "$i" | cut -d"|" -f1) -u $(echo "$i" | cut -d"|" -f2)
spacecmd -- softwarechannel_addrepo $(echo "$i" | cut -d"|" -f1) $(echo "$i" | cut -d"|" -f1)
spacecmd -- activationkey_create -n $(echo "$i" | cut -d"|" -f1) -d $(echo "$i" | cut -d"|" -f1) -b $(echo "$i" | cut -d"|" -f1) -e virtualization_host
done
for j in ${child_channel[@]}
do
spacecmd -- softwarechannel_create -n $(echo "$j" | cut -d"|" -f2) -l $(echo "$j" | cut -d"|" -f2) -p $(echo "$j" | cut -d"|" -f1) -a x86_64 -c sha1
spacecmd -- repo_create -n $(echo "$j" | cut -d"|" -f2) -u $(echo "$j" | cut -d"|" -f3)
spacecmd -- softwarechannel_addrepo $(echo "$j" | cut -d"|" -f2) $(echo "$j" | cut -d"|" -f2)
spacecmd -- softwarechannel_syncrepos $(echo "$j" | cut -d"|" -f2)
spacecmd -- "softwarechannel_setsyncschedule $(echo "$j" | cut -d"|" -f2) 0 5 2 ? \* \*"
done

Another Version (untested completely)

#!/bin/bash
# Author: Paul Combs

######################################
# Define Software Channels
######################################

# Base Channels
base_channels=(
  'centos7|http://mirror.centos.org/centos/7/os/x86_64/'
)

# Child Channels
child_channels=(
  'centos7|centos7-spacewalk29-client|https://copr-be.cloud.fedoraproject.org/results/%40spacewalkproject/spacewalk-2.9-client/epel-7-x86_64/'
  'centos7|centos7-epel|https://dl.fedoraproject.org/pub/epel/7/x86_64/'
  'centos7|centos7-updates|http://mirror.centos.org/centos/7/updates/x86_64/'
  'centos7|centos7-extras|http://mirror.centos.org/centos/7/extras/x86_64/'
)

######################################
# MAIN PROGRAM
######################################

# Process Base Channels
for channel in "${base_channels[@]}"; do
  IFS='|' read -r base_name base_url <<< "$channel"
  
  echo "Creating base channel: $base_name"
  spacecmd -- softwarechannel_create "$base_name" -a x86_64 -n "$base_name" -l "$base_name" -c sha1
  spacecmd -- repo_create -n "$base_name" -u "$base_url"
  spacecmd -- softwarechannel_addrepo "$base_name" "$base_name"
  spacecmd -- activationkey_create -n "$base_name" -d "$base_name" -b "$base_name" -e virtualization_host
  
  if [ $? -ne 0 ]; then
    echo "Error processing base channel: $base_name"
    exit 1
  fi
done

# Process Child Channels
for channel in "${child_channels[@]}"; do
  IFS='|' read -r parent_name child_name child_url <<< "$channel"
  
  echo "Creating child channel: $child_name"
  spacecmd -- softwarechannel_create -n "$child_name" -l "$child_name" -p "$parent_name" -a x86_64 -c sha1
  spacecmd -- repo_create -n "$child_name" -u "$child_url"
  spacecmd -- softwarechannel_addrepo "$child_name" "$child_name"
  spacecmd -- softwarechannel_syncrepos "$child_name"
  spacecmd -- softwarechannel_setsyncschedule "$child_name" 0 5 2 ? * *
  
  if [ $? -ne 0 ]; then
    echo "Error processing child channel: $child_name"
    exit 1
  fi
done

echo "All channels processed successfully."

Errata Data

CentOS does not handle errata. There is a script to handle errata that is managed by a third-party.  Without this errata data, automatic updates pushed to the end points will not occur.

Support and install available here: http://cefs.steve-meier.de/

SeLinux

May or may not be necessary, but will require the spacewalk-selinux-enable to be successful.

setenforce 0
cat /var/log/audit/audit.log | grep avc | audit2allow -M mypatch
spacewalk-selinux-enable
semodule -i mypatch.pp
setenforce 1

Client Installations

Out of scope of this article.

Source(s)

  • https://spacewalkproject.github.io/
  • http://cefs.steve-meier.de/
  • https://docs.oracle.com/en/operating-systems/spacewalk/
  • https://docs.oracle.com/cd/E92593_01/E64608/html/swk22-ngf_zws_hs.html
  • https://docs.oracle.com/cd/E92593_01/E64608/html/swk22-ox2_2xs_hs.html