Installing Spacewalk


Preliminary Notes

I tested SpaceWalk on a 64-bit CentOS 5.5 system as the server and a
32-bit CentOS 5.4 system as the client.


Some Pre-requisites

rpm -ivh
rpm -ivh
wget -P /etc/yum.repos.d
yum -y install bc glibc libaio httpd-devel tomcat5-webapps tomcat5-admin-webapps  
yum -y install rlwrap --enablerepo=epel

Import the RedHat GPG Key

wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

Install and Configure Oracle XE

You’ll need Oracle XE
and the InstantClient.
Oracle thankfully provides a 32-bit version of InstantClient
as well.

Then execute /etc/init.d/oracle-xe configure. I used defaults (port
8080 for Oracle Application Express, port 1521 for the database
listener.) You can now go to to access the
database; use system for the username and the password you specified
at install.

Errors with sqlplus

Please note that sqlplus is sqlplus64 on (drumroll) 64-bit
systems. This being said, you’ll get the following error when you try
connecting to the DB via a terminal:

[root@support spacewalk]# sqlplus64 'sys/password@//localhost/XE as sysdba'  
sqlplus64: error while loading shared libraries: cannot open shared object file: No such file or directory

The issue is that you need to add to PATH:

[root@support spacewalk]# updatedb  
[root@support spacewalk]# locate  
[root@support ~]# # Add the above to PATH  
[root@support ~]# export PATH="${PATH}:/usr/lib/oracle/11.2/client64/bin"  
[root@support ~]# ORACLE_HOME=/usr/lib/oracle/11.2  
[root@support ~]# export LD_LIBRARY_PATH=/usr/lib/oracle/11.2/client64/lib

Now retry the connection. It should work.

Add the SpaceWalk user

# sqlplus 'sys/YOUR_PASSWORD@//localhost/XE as sysdba'  
SQL> create user spacewalk identified by spacewalk default tablespace users;  
SQL> grant dba to spacewalk;  
SQL> quit

Test this; you should get a login.

sqlplus spacewalk/spacewalk@//localhost/XE

Increase the number of simultaneous connections to the DB

The Oracle XE installation guide has an explanation of why this is

SQL> alter system set processes = 400 scope=spfile;   
SQL> alter system set "_optimizer_filter_pred_pullup"=false scope=spfile;   
SQL> alter system set "_optimizer_cost_based_transformation"=off scope=spfile;   
SQL> quit

Restart the Oracle XE service by issuing /sbin/service oracle-xe restart. If
you get any errors, see the installation guide linked to above.

Add the Oracle Service Definition

Add this to /etc/tnsnames.ora

XE =
       (ADDRESS_LIST =  
          (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))  
       (CONNECT_DATA =  
          (SERVICE_NAME = xe)  

Install and Verify Tomcat

If you think the installation’s going peachy right now, you’re wrong.

Install the mod_jk module

Apache needs to be configured with the mod_jk module. mod_jk is
available from the jpackage-rhel repo.
However, version 2.0 of mod_jk will not work with version 2.2 of Apache.
Yay OSS!

This means that it will need to be compiled. I grabbed version 1.2.31
and compiled it. Keep in mind that you need to do this with
./configure --with-apxs=/usr/sbin/apxs else it will complain about not
finding “apache” or “netscape”. Compilation will install mod_jk in
/usr/lib64/httpd/modules/ I’ve also archived the 32 and
64-bit versions

Now add this to /etc/httpd/conf/httpd.conf and restart Apache.

LoadModule jk_module modules/

Modifying Tomcat’s Default Port

Consider Tomcat’s default ports:

Port Purpose
8005 “Shutdown”¬†port
8007 Replies to AJP 12 requests
8009 Replies to AJP 13 requests (SpaceWalk needs this)
8080 Standard HTTP connector

But we configured port 8080 for the Oracle XE database! If you tailed
the output of /var/log/tomcat5/catalina.out, you’ll see a “8080
already in use” message (sort of). To change this port to something like
8081, edit /etc/tomcat5/server.xml, search for 8080 and change it:

<Connector port="8081" maxHttpHeaderSize="8192" maxThreads="150"....

Now stop Apache, restart Tomcat, and check the output of netstat:

[root@support ~]# netstat -tulpn | grep java | grep LISTEN  
tcp        0      0   *                   LISTEN      3763/java             
tcp        0      0 ::ffff:       :::*                        LISTEN      5871/java             
tcp        0      0 ::ffff:       :::*                        LISTEN      5871/java             
tcp        0      0 ::ffff:       :::*                        LISTEN      3763/java             
tcp        0      0 ::ffff:       :::*                        LISTEN      5871/java

Yay! Now stop Apache, restart Tomcat, start Apache, and you should be
good to go. If you didn’t change this, you’d see an error like:

[Tue Feb 22 11:49:09 2011] [error] (111)Connection refused: proxy: AJP: attempt to connect to (*) failed

Install SpaceWalk

yum install spacewalk-oracle

This will pull down everything necessary to run SpaceWalk. If you get
depsolving errors, try enabling the EPEL repo (if you’ve disabled it.)

yum install spacewalk-oracle --enablerepo=epel

Grab a cup of tea. This will take a while. Then run the setup binary:

spacewalk-setup --disconnected

Use “XE” (sans quotes) for the database SID and spacewalk/spacewalk for
the username/password. Don’t set up cobbler to use tftp and xinetd
just yet. Once installation is complete, navigate to the ‘https
version of your site to launch SpaceWalk. Remember that SpaceWalk
requires a FQDN all to itself (on port 443 at least).


Oracle XE Errors

Oracle XE is probably the jankiest part of your Spacewalk install. You
might see these errors when trying the sqlplus command with the
spacewalk or sys users:

ORA-12516: TNS:listener could not find available handler with matching protocol  
ORA-12514: TNS:listener does not currently know of service requested in connect  
ORA-12541: TNS: no listener

I couldn’t find anything pertinent other than the formatting and
permissions of the /etc/tnsnames.ora file. Shutting down the Oracle XE
instance, Tomcat and Apache, and then starting them up (in that order)
seemed to help. Sometimes, a mere restart of the oracle-xe service
seemed to help. Also:

To reconfigure the Oracle instance:

service oracle-xe stop  
rm -rf /etc/sysconfig/oracle-xe /var/tmp/.oracle  
rpm2cpio oracle-xe-univ- | \  
  ( cd / && cpio -iud ./usr/lib/oracle/xe/app/oracle/product/10.2.0/server/config/scripts/ \  
                      ./usr/lib/oracle/xe/app/oracle/product/10.2.0/server/config/scripts/postDBCreation.sql \  
                      ./usr/lib/oracle/xe/app/oracle/product/10.2.0/server/config/scripts/ \  
                      ./usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/admin/listener.ora \  
                      ./usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/admin/tnsnames.ora \  
                      ./usr/lib/oracle/xe/app/oracle/product/10.2.0/server/config/seeddb/xeseed.dfb )  
/etc/init.d/oracle-xe configure

If nothing else read this page

Changing the SSL certificate

As you probably know, Spacewalk requires a FQDN all to itself on port
(you can run other stuff on port 80). During install, you’ll see a
CA generation and certificate signing process for the https:// site.
This is a change made to /etc/httpd/conf.d/ssl.conf.

Since I use my own root CA to sign certificates, I tried generating a
certificate for the Spacewalk site and editing ssl.conf to use this
certificate. This, however, caused problems on Spacewalk clients which
rejected the certificate.

Moral of the story: Don’t mess with ssl.conf.


ARCH=$(uname -i)

# Uncomment to remove Oracle XE
echo -e ">>> Removing Oracle" && sleep 2
service oracle-xe stop
rpm -e oracle-instantclient11.2-basic-$ARCH --nodeps
rpm -e oracle-instantclient11.2-sqlplus-$ARCH --nodeps
rpm -e oracle-xe-univ- --nodeps
rm -rf /usr/lib/oracle
rm -rf /var/tmp/.oracle
rm -rf /root/oradiag_root/
rm -rf /etc/tnsnames.ora
rm -rf /etc/sysconfig/oracle-xe
rm -rf /etc/*
echo "" > /etc/oratab
userdel oracle
groupdel dba

echo -e ">>> Stopping the Spacewalk Service" && sleep 2
/usr/sbin/spacewalk-service stop

echo -e ">>> Removing Spacewalk" && sleep 2
rpm -e spacewalk-repo
rpm -e spacewalk-client-repo
yum -y remove *spacewalk* jabberd *oracle*
rm -rf /var/www/html/pub
rm -rf /root/ssl-build
rm -Rf /var/lib/jabberd/db/*
rm -rf /etc/yum.repos.d/*jpackage*
rm -rf /etc/jabberd/*

echo -e ">>> Miscellaneous (EPEL, logfiles)" && sleep 2
rpm -e epel-release
rm -Rf /var/log/rhn/*

echo -e ">>> Done!"
echo -e ">>> Please clean up your crontab\n"

Miscellaneous Notes (from May 2009)

Bolting down Tomcat

Did yum install tomcat5-webapps tomcat5-admin-webapps This enabled the
administration and management interfaces. User profiles found in
$CATALINA_HOME/conf/tomcat-users.xml You need to change this file AND
INCLUDE THE ADMIN ROLE to access the “Tomcat Administration” page AND
THE MANAGER ROLE to access the “Tomcat Manager” page

<role rolename="admin" />  
<role rolename="manager"/>  
    <user name="admin" password="t0mcaaat" roles="admin,manager" />