Installing Spacewalk


Preliminary Notes

I tested SpaceWalk on a 64-bit CentOS 5.5 system as the server and a 32-bit CentOS 5.4 system as the client.


Some Pre-requisites

rpm -ivh
rpm -ivh
wget -P /etc/yum.repos.d
yum -y install bc glibc libaio httpd-devel tomcat5-webapps tomcat5-admin-webapps  
yum -y install rlwrap --enablerepo=epel

Import the RedHat GPG Key

wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

Install and Configure Oracle XE

You’ll need Oracle XE and the InstantClient. Oracle thankfully provides a 32-bit version of InstantClient as well.

Then execute /etc/init.d/oracle-xe configure. I used defaults (port 8080 for Oracle Application Express, port 1521 for the database listener.) You can now go to to access the database; use system for the username and the password you specified at install.

Errors with sqlplus

Please note that sqlplus is sqlplus64 on (drumroll) 64-bit systems. This being said, you’ll get the following error when you try connecting to the DB via a terminal:

[root@support spacewalk]# sqlplus64 'sys/password@//localhost/XE as sysdba'  
sqlplus64: error while loading shared libraries: cannot open shared object file: No such file or directory

The issue is that you need to add to PATH:

[root@support spacewalk]# updatedb  
[root@support spacewalk]# locate  
[root@support ~]# # Add the above to PATH  
[root@support ~]# export PATH="${PATH}:/usr/lib/oracle/11.2/client64/bin"  
[root@support ~]# ORACLE_HOME=/usr/lib/oracle/11.2  
[root@support ~]# export LD_LIBRARY_PATH=/usr/lib/oracle/11.2/client64/lib

Now retry the connection. It should work.

Add the SpaceWalk user

# sqlplus 'sys/YOUR_PASSWORD@//localhost/XE as sysdba'  
SQL> create user spacewalk identified by spacewalk default tablespace users;  
SQL> grant dba to spacewalk;  
SQL> quit

Test this; you should get a login.

sqlplus spacewalk/spacewalk@//localhost/XE

Increase the number of simultaneous connections to the DB

The Oracle XE installation guide has an explanation of why this is necessary.

SQL> alter system set processes = 400 scope=spfile;   
SQL> alter system set "_optimizer_filter_pred_pullup"=false scope=spfile;   
SQL> alter system set "_optimizer_cost_based_transformation"=off scope=spfile;   
SQL> quit

Restart the Oracle XE service by issuing /sbin/service oracle-xe restart. If you get any errors, see the installation guide linked to above.

Add the Oracle Service Definition

Add this to /etc/tnsnames.ora

XE =
       (ADDRESS_LIST =  
          (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))  
       (CONNECT_DATA =  
          (SERVICE_NAME = xe)  

Install and Verify Tomcat

If you think the installation’s going peachy right now, you’re wrong.

Install the mod_jk module

Apache needs to be configured with the mod_jk module. mod_jk is available from the jpackage-rhel repo. However, version 2.0 of mod_jk will not work with version 2.2 of Apache. Yay OSS!

This means that it will need to be compiled. I grabbed version 1.2.31 and compiled it. Keep in mind that you need to do this with ./configure --with-apxs=/usr/sbin/apxs else it will complain about not finding “apache” or “netscape”. Compilation will install mod_jk in /usr/lib64/httpd/modules/ I’ve also archived the 32 and 64-bit versions.

Now add this to /etc/httpd/conf/httpd.conf and restart Apache.

LoadModule jk_module modules/

Modifying Tomcat’s Default Port

Consider Tomcat’s default ports:

Port Purpose
8005 “Shutdown”¬†port
8007 Replies to AJP 12 requests
8009 Replies to AJP 13 requests (SpaceWalk needs this)
8080 Standard HTTP connector

But we configured port 8080 for the Oracle XE database! If you tailed the output of /var/log/tomcat5/catalina.out, you’ll see a “8080 already in use” message (sort of). To change this port to something like 8081, edit /etc/tomcat5/server.xml, search for 8080 and change it:

<Connector port="8081" maxHttpHeaderSize="8192" maxThreads="150"....

Now stop Apache, restart Tomcat, and check the output of netstat:

[root@support ~]# netstat -tulpn | grep java | grep LISTEN  
tcp        0      0   *                   LISTEN      3763/java             
tcp        0      0 ::ffff:       :::*                        LISTEN      5871/java             
tcp        0      0 ::ffff:       :::*                        LISTEN      5871/java             
tcp        0      0 ::ffff:       :::*                        LISTEN      3763/java             
tcp        0      0 ::ffff:       :::*                        LISTEN      5871/java

Yay! Now stop Apache, restart Tomcat, start Apache, and you should be good to go. If you didn’t change this, you’d see an error like:

[Tue Feb 22 11:49:09 2011] [error] (111)Connection refused: proxy: AJP: attempt to connect to (*) failed

Install SpaceWalk

yum install spacewalk-oracle

This will pull down everything necessary to run SpaceWalk. If you get depsolving errors, try enabling the EPEL repo (if you’ve disabled it.)

yum install spacewalk-oracle --enablerepo=epel

Grab a cup of tea. This will take a while. Then run the setup binary:

spacewalk-setup --disconnected

Use “XE” (sans quotes) for the database SID and spacewalk/spacewalk for the username/password. Don’t set up cobbler to use tftp and xinetd just yet. Once installation is complete, navigate to the ‘https version of your site to launch SpaceWalk. Remember that SpaceWalk requires a FQDN all to itself (on port 443 at least).


Oracle XE Errors

Oracle XE is probably the jankiest part of your Spacewalk install. You might see these errors when trying the sqlplus command with the spacewalk or sys users:

ORA-12516: TNS:listener could not find available handler with matching protocol  
ORA-12514: TNS:listener does not currently know of service requested in connect  
ORA-12541: TNS: no listener

I couldn’t find anything pertinent other than the formatting and permissions of the /etc/tnsnames.ora file. Shutting down the Oracle XE instance, Tomcat and Apache, and then starting them up (in that order) seemed to help. Sometimes, a mere restart of the oracle-xe service seemed to help. Also:

To reconfigure the Oracle instance:

service oracle-xe stop  
rm -rf /etc/sysconfig/oracle-xe /var/tmp/.oracle  
rpm2cpio oracle-xe-univ- | \  
  ( cd / && cpio -iud ./usr/lib/oracle/xe/app/oracle/product/10.2.0/server/config/scripts/ \  
                      ./usr/lib/oracle/xe/app/oracle/product/10.2.0/server/config/scripts/postDBCreation.sql \  
                      ./usr/lib/oracle/xe/app/oracle/product/10.2.0/server/config/scripts/ \  
                      ./usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/admin/listener.ora \  
                      ./usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/admin/tnsnames.ora \  
                      ./usr/lib/oracle/xe/app/oracle/product/10.2.0/server/config/seeddb/xeseed.dfb )  
/etc/init.d/oracle-xe configure

If nothing else read this page thoroughly.

Changing the SSL certificate

As you probably know, Spacewalk requires a FQDN all to itself on port 443 (you can run other stuff on port 80). During install, you’ll see a CA generation and certificate signing process for the https:// site. This is a change made to /etc/httpd/conf.d/ssl.conf.

Since I use my own root CA to sign certificates, I tried generating a certificate for the Spacewalk site and editing ssl.conf to use this certificate. This, however, caused problems on Spacewalk clients which rejected the certificate.

Moral of the story: Don’t mess with ssl.conf.


ARCH=$(uname -i)

# Uncomment to remove Oracle XE
echo -e ">>> Removing Oracle" && sleep 2
service oracle-xe stop
rpm -e oracle-instantclient11.2-basic-$ARCH --nodeps
rpm -e oracle-instantclient11.2-sqlplus-$ARCH --nodeps
rpm -e oracle-xe-univ- --nodeps
rm -rf /usr/lib/oracle
rm -rf /var/tmp/.oracle
rm -rf /root/oradiag_root/
rm -rf /etc/tnsnames.ora
rm -rf /etc/sysconfig/oracle-xe
rm -rf /etc/*
echo "" > /etc/oratab
userdel oracle
groupdel dba

echo -e ">>> Stopping the Spacewalk Service" && sleep 2
/usr/sbin/spacewalk-service stop

echo -e ">>> Removing Spacewalk" && sleep 2
rpm -e spacewalk-repo
rpm -e spacewalk-client-repo
yum -y remove *spacewalk* jabberd *oracle*
rm -rf /var/www/html/pub
rm -rf /root/ssl-build
rm -Rf /var/lib/jabberd/db/*
rm -rf /etc/yum.repos.d/*jpackage*
rm -rf /etc/jabberd/*

echo -e ">>> Miscellaneous (EPEL, logfiles)" && sleep 2
rpm -e epel-release
rm -Rf /var/log/rhn/*

echo -e ">>> Done!"
echo -e ">>> Please clean up your crontab\n"

Miscellaneous Notes (from May 2009)

Bolting down Tomcat

Did yum install tomcat5-webapps tomcat5-admin-webapps This enabled the administration and management interfaces. User profiles found in $CATALINA_HOME/conf/tomcat-users.xml You need to change this file AND INCLUDE THE ADMIN ROLE to access the “Tomcat Administration” page AND THE MANAGER ROLE to access the “Tomcat Manager” page

<role rolename="admin" />  
<role rolename="manager"/>  
    <user name="admin" password="t0mcaaat" roles="admin,manager" />