Configuring Spacewalk Server Revision as of Sunday, 20 December 2015 at 19:56 UTC

Configuring Channels and Repositories

Configure channels and repositories as described on this
page
.

The command executed when you schedule a sync is (for example):

 /usr/bin/python -u /usr/bin/spacewalk-repo-sync --channel epel-i386 --type yum

Syncing repositories manually

Scheduling syncs via the Spacewalk server will almost always require you
to tail files in /var/log/rhn/reposync and will produce a strange
directory structure (see sections below). However, if you wanted to do
these things yourself, you could try this:

 # Sync repositories to a local folder
 reposync –arch=x86_64 -p /var/www/html/pub/CentOS5-x86_64 -d -l -g -n -q –repoid=base64       > /dev/null
 reposync –arch=x86_64 -p /var/www/html/pub/CentOS5-x86_64 -d -l -g -n -q –repoid=updates64    > /dev/null
 reposync –arch=x86_64 -p /var/www/html/pub/CentOS5-x86_64 -d -l -g -n -q –repoid=extras64     > /dev/null
 reposync –arch=x86_64 -p /var/www/html/pub/CentOS5-x86_64 -d -l -g -n -q –repoid=centosplus64 > /dev/null
 reposync –arch=x86_64 -p /var/www/html/pub/CentOS5-x86_64 -d -l -g -n -q –repoid=epel64       > /dev/null
 reposync –arch=x86_64 -p /var/www/html/pub/CentOS5-x86_64 -d -l -g -n -q –repoid=spacewalk-client-tools64 > /dev/null
 
 # Make the Spacewalk server aware of synced repos
 rhnpush –channel=centos5basex86_64          –username=rhnusername –password=rhnpassword –server=http://localhost/APP –dir=/var/www/html/pub/CentOS5-x86_64/base/CentOS 
 rhnpush –channel=centos5updates64           –username=rhnusername –password=rhnpassword –server=http://localhost/APP –dir=/var/www/html/pub/CentOS5-x86_64/updates/RPMS
 rhnpush –channel=centos5extrasx86-64        –username=rhnusername –password=rhnpassword –server=http://localhost/APP –dir=/var/www/html/pub/CentOS5-x86_64/extras/RPMS
 rhnpush –channel=centos5plusx86_64          –username=rhnusername –password=rhnpassword –server=http://localhost/APP –dir=/var/www/html/pub/CentOS5-x86_64/centosplus/RPMS
 rhnpush –channel=spacewalkclienttoolsx86_64 –username=rhnusername –password=rhnpassword –server=http://localhost/APP –dir=/var/www/html/pub/CentOS5-x86_64/spacewalk-client-tools
 rhnpush –channel=epel5x86_64                –username=rhnusername –password=rhnpassword –server=http://localhost/APP –dir=/var/www/html/pub/CentOS5-x86_64/epel

Determing GPG information

Adding a channel requires the key URL, ID and fingerprint. This is easy
to determine:

 wget http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing
 gpg --import RPM-GPG-KEY-CentOS-testing
 gpg --list-public-keys --fingerprint

This will produce output like:

 /root/.gnupg/pubring.gpg
 ------------------------
 pub   1024D/F24F1B08 2002-04-23 [expired: 2004-04-22]
       Key fingerprint = D8CC 06C2 77EC 9C53 372F  C199 B1EE 1799 F24F 1B08
 uid                  Red Hat, Inc (Red Hat Network) rhn-feedback@redhat.com
 
 pub   2048R/C236FD2B 2010-12-20 [expires: 2011-12-20]
       Key fingerprint = 8E05 7113 DF16 CB7A E7A5  0422 A8E4 0177 C236 FD2B
 uid                  Nikhil Anand anand.nikhil@gmail.com
 
 pub   1024D/910620BF 2010-05-12
       Key fingerprint = B3B6 A608 6012 F724 52C3  03F4 D085 AAC6 9106 20BF
 uid                  Nicolai nicolai@chocolatine.org
 sub   4096g/29673670 2010-05-12
 
 pub   1024D/7203F491 2005-11-19
       Key fingerprint = BCD0 0AEB A3C0 39D7 25E0  663C 5C37 C0B1 7203 F491
 uid                  CentOS-testing (CentOS Developers testing key) centos@centos.org
 sub   2048g/537F5CB3 2005-11-19

7203F491 is your key ID.

Local repositories and Log files

RPMs are staged in /var/cache/reposync and then moved to
/var/satellite/redhat. The directory structure looks like this:

 [root@spacewalk /var/satellite/redhat/1]# tree 62c
 62c
 |-- hmaccalc
 |   `-- 0.9.6-3.el5
 |       `-- i386
 |           `-- 62cdfcfe805ee49082434653625f84f4
 |               `-- hmaccalc-0.9.6-3.el5.i386.rpm
 |-- python-docs
 |   `-- 2.4.3-1.1
 |       `-- noarch
 |           `-- 62cbc246046f1cb5306758842f738725
 |               `-- python-docs-2.4.3-1.1.noarch.rpm
 `-- tkinter
     `-- 2.4.3-27.el5
         `-- i386
             `-- 62c1a8dc30931e7ec0d947dbef6db2d7
                 `-- tkinter-2.4.3-27.el5.i386.rpm

Log files are stored in /var/log/rhn. When you schedule a sync action,
you’ll see log files appear in /var/log/rhn/reposync. For other
actions, use rhn_taskomatic_daemon.log (use ls -ltr to see which log
files have changed after you’ve done something!)

Syncing Errata

This page has a
fantastic Python script that goes through mail archives, digests and
mailing list websites for errata and pushes them to the Spacewalk
server. It does have a few limitations you should be aware of (on the
download page). It takes care of duplicates and takes a considerable
amount of time.

Also remember that you won’t get the current month’s errata this way.
The gzipped archives are only available at the end of every month from
the CentOS lists.

The script attempts to pull information on a given package using its ID.
If this fails, it looks at package_dir (see below). The problem is
that it expects package_dir to be a flat directory with all the RPMs
in it. This is not the default case.

I run this command daily. Not appending the --password option results
in the script asking for a RHN password.

 /opt/spacewalk-errata/centos-errata.py --config=/opt/spacewalk-errata/centos-errata.cfg \
 --password="XXXXXXXXX" \
 --format=mail-archive.com

You can also write a small script that gunzip’s archive files from
the actual mailing
list
. Here’s a
sample script:

 #!/bin/sh
 # Processes CentOS Errata and imports it into Spacewalk
 
 DATE=`date +"%Y-%B" +d '1 month ago'`
 
 # Fetch and uncompress errata data from the CentOS lists
 wget -P /opt/spacewalk-errata/errata http://lists.centos.org/pipermail/centos-announce/$DATE.txt.gz
 gunzip -f /opt/spacewalk-errata/errata/$DATE.txt.gz
 
 # Processes and imports the errata.
 cd /opt/spacewalk-errata/ && \
 /opt/spacewalk-errata/centos-errata.py --format=archive /opt/spacewalk-errata/errata/$DATE.txt \
 --config=/opt/spacewalk-errata/centos-errata.cfg >> /var/log/centos-errata.log

I don’t know why you have to supply your password; it should already be
in the config file (/opt/spacewalk-errata/centos-errata.cfg). Speaking
of, here’s what mine looks like:

 [centos errata]
 #Required to identify applicable messages on the centos-announce mailing list
 version=5
 
 #Useful for interpolation below, not used by tool itself
 release=6
 
 #If true the script will attempt to use the Redhat Network to populate the errata description
 scrape_rhn=False
 
 # I only set spacewalk and not "dir" since I want the script to rely on Spacewalk 
 # exclusively to get package signatures
 search_strategies=spacewalk
 
 #Maximum number of errata to process at once. Only relevant to format 'mail-archive.com'
 #max_errata
 
 [spacewalk]
 server=spacewalk.eng.uiowa.edu
 login=admin
 #The tool will prompt you if you don't specify a password
 password=XXXXXXXX
 
 [i386]
 # Enter the name of the channel that the errata will link to.
 channel=centos-5.5-i386-updates
 
 [x86_64]
 # Enter the name of the channel that the errata will link to.
 channel=centos-5.5-x86_64-updates

(Stateful) Firewall Rules

You’ll have to accept incoming connections on port 443 (HTTPS) for basic
functionality. If you want to push configs to clients, here are the
relevant stateful iptables rules. Port 5222 shows up in
/etc/services as “xmpp-client”.

 # On server
 iptables -A INPUT -p tcp --dport 5222 -m state --state NEW -j ACCEPT
 iptables -A INPUT -p udp --dport 5222 -m state --state NEW -j ACCEPT
 
 # If you're filtering outputs on client
 iptables -A OUTPUT -d $SPACEWALK_SERVER -p tcp --dport 5222 -m state --state NEW -j ACCEPT
 iptables -A OUTPUT -d $SPACEWALK_SERVER -p udp --dport 5222 -m state --state NEW -j ACCEPT

Error with repodata.xml with EPEL

For some reason /var/cache/rhn/repodata/epel-i386 doesn’t have the
repodata.xml file. The source I configured the repository with doesn’t
have it either. I had to manually download it:

 wget -P /var/cache/rhn/repodata/epel-i386/ http://linux.mirrors.es.net/fedora-epel/5/i386/repodata/repomd.xml

Pertinent services

 Monitoring      
 MonitoringScout 
 cobblerd        
 jabberd         
 oracle-xe       
 osa-dispatcher  
 rhn-search      
 taskomatic      
 tomcat5         

xinetd and tftpd need to be started if you plan on kickstarting
nodes. jabberd is very essential to push configs to nodes.

Enable Monitoring

Now you need to configure each client. See the appropriate section in
the client config page for how to do this. Essentially, you’ll use a
keyless SSH login as user nocpulse (a company acquired by Red
Hat
)
to get metrics from clients.

Although the default port for NOCpulse is 4545, you can monitor via port
22 as well. Just look for the port option when creating a probe. You can
test a connection by issuing this from the RHN server:

 ssh -l nocpulse -p 4545 -i /var/lib/nocpulse/.ssh/nocpulse-identity client.com

Getting ready to register clients

Working with the Oracle XE Database

Some quick points:

 $ORACLE_HOME/config/scripts/backup.sh

 $ORACLE_HOME/config/scripts/backupdatabase.sh

You can do a:

I personally do a ‘cold’ backup since I couldn’t get startup mount to
work with setting up backup.sh.

Weird Fonts in History Graphs

Spacewalk uses jFreeChart for graphing. jFreeChart relies on the JVM for
font configuration. This is found in the $JAVAHOME/lib/fontconfig.*
files (there’s more
information

on this).

Basically, you need to install the
DejaVu
font package on your
server if you see weird, cursive fonts:

 yum -y install dejavu-lgc-fonts

Cleaning your log files

reposync generates a lot of logs and doesn’t have a logrotate
configuration. So I added this to crontab to prevent things from
getting out of control:

 # Clean the log directory every day at noon
 0 0 * * * /usr/bin/find /var/log/rhn/reposync/ -type f -ctime +0 | xargs rm -rf

Sources

Category:Installation Logs
Category:Nikhil’s Notes
Category:From a past sysadmin
life