1.2 Installing and Configuring a Spacewalk Server

1.2.1 Oracle Linux Requirements
1.2.2 Database Requirements
1.2.3 Storage Requirements
1.2.4 Network Requirements
1.2.5 Setting up a Spacewalk Server
1.2.6 Configuring Software Channels Using Public Yum
1.2.7 Configuring Software Channels Using ULN
1.2.8 Synchronizing Software Channels
1.2.9 Creating Activation Keys for Spacewalk Clients

1.2.1 Oracle Linux Requirements

Spacewalk provided by Oracle is only supported on Oracle Linux 6 (x86_64).

You should install Oracle Linux 6 using the Minimal or Basic Server software set. If you select additional package groups during installation, you must remove the jta package before installing Spacewalk, as this package causes Spacewalk services to fail to start.

Only install Spacewalk using the packages provided by Oracle from the Oracle Public Yum repository at http://public-yum.oracle.com.

No third‑party package repositories are required to install Spacewalk on Oracle Linux 6. All the required packages are available in the Oracle Linux Spacewalk repository.

As a minimum, a Spacewalk server should have 8GB RAM. If the Spacewalk server also runs the database for the Spacewalk data, this memory requirement is in addition to what is required to run the database.

1.2.2 Database Requirements

A database is required to store the Spacewalk data. The database options are:

  • Oracle Database

  • Oracle Database Express Edition (Oracle Database XE)

  • PostgreSQL

Oracle only supports Oracle Database for use with Spacewalk. Oracle Database XE and PostgreSQL are not supported.

Oracle does not provide any tools for migrating from an unsupported database.

Oracle Database Requirements

You must have an Oracle Database server installed and available before you install Spacewalk.

Only Oracle Database 11gR2, release 11.2.0.3 or later, is supported. Oracle Database 12c is not supported. To obtain the correct Oracle Database 11gR2 release, you must download the software from My Oracle Support (MOS) at https://support.oracle.com.

Documentation for Oracle database is available at http://www.oracle.com/pls/db112/homepage.

The database must be configured as follows:

  • The database must use the AL32UTF8 character set.

  • The database must have a user named spacewalk.

  • The spacewalk user must have the CONNECT and RESOURCE roles.

  • The spacewalk user must have the ALTER SESSION, CREATE SYNONYM, CREATE TABLE, CREATE TRIGGER, CREATE VIEW and UNLIMITED TABLESPACE system privileges.

To create the spacewalk user with a password of "password" using SQL, the following SQL*Plus commands can be used:

SQL> create user spacewalk identified by password;
SQL> grant connect,resource to spacewalk;
SQL> grant alter session, create synonym, create table, create trigger, create view to spacewalk; 
SQL> grant unlimited tablespace to spacewalk; 

To connect to an Oracle Database, Oracle Instant Client release 11.2.0.3 or later must be installed on the Spacewalk server. The Spacewalk server configuration fails if these packages are missing.

You can download the packages from:

http://www.oracle.com/technetwork/topics/linuxx86-64soft-092277.html

The following are the required packages:

  • Instant Client Package - Basic (oracle‑instantclient11.2‑basic)

  • Instant Client Package - SQL*Plus (oracle‑instantclient11.2‑sqlplus)

Once you have installed the Oracle Instant Client, you must add the library path to ldconfig as follows:

# echo /usr/lib/oracle/11.2/client64/lib > /etc/ld.so.conf.d/oracle‑instantclient11.2.conf 
# ldconfig

1.2.3 Storage Requirements

To ensure that errata mapping is maintained for all versions of each package, Spacewalk mirrors all available versions of all available packages. As a result, the storage requirements for a Spacewalk server can be significant, based on the number of major versions and architectures you chose to support. As a guide, the Oracle Linux binary repositories require approximately 50GB for each architecture, with an extra 30-40GB required for source packages.

Caution

Packages are never removed from Oracle Linux repositories, so the space required for each repository only ever increases. You should actively monitor the available disk space on the Spacewalk server.

1.2.4 Network Requirements

You must configure the Spacewalk server with a fully-qualified domain name (FQDN). Spacewalk does not consider .local and .localdomain to be valid domain names. Clients must be able to resolve the FQDN in DNS (forward and reverse lookups). If these conditions are not met, PXE booting does not work and clients do not register with the Spacewalk server.

The following table shows the required network ports depending on the configuration of the Spacewalk server.

Port and Protocol

Purpose

69/udp

tftp for PXE provisioning support

80/tcp

Spacewalk web access

443/tcp

Spacewalk web access

5222/tcp

Spacewalk client push support

5269/tcp

Spacewalk proxy push support

If the Spacewalk server needs to connect though a proxy, you can configure the proxy in the following places:

  • The /etc/rhn/rhn.conf file.

  • The Spacewalk web interface.

    Go to Overview, then Configure Spacewalk, and then General.

1.2.5 Setting up a Spacewalk Server

  1. Ensure that the jta package is not installed and prevent it from being installed when you install Spacewalk.

    To check if the jta package is installed:

    # yum list installed | grep jta

    To remove the jta package:

    # yum remove jta

    To prevent the jta package from being installed when you install Spacewalk, either disable the Oracle Linux 6 Add ons [ol6_addons] channel, or add the jta package to the exclude directive in the yum configuration file /etc/yum.conf, for example:

    exclude=jta*
  2. Enable access to the Spacewalk Server repository.

    Spacewalk is installed from the Oracle Public Yum server at http://public-yum.oracle.com.

    Download the latest the Oracle public yum repository configuration file (http://public-yum.oracle.com/public-yum-ol6.repo) to the yum repositories directory (by default /etc/yum.repos.d) and enable the ol6_spacewalk20_server repository in that file.

    Alternatively, you can create a yum repository configuration file, for example /etc/yum.repos.d/spacewalk20.repo, with the following content:

    [ol6_spacewalk20_server]
    name=Spacewalk Server 2.0 for Oracle Linux 6 ($basearch)
    baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL6/spacewalk20/server/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
    gpgcheck=1
    enabled=1
  3. Install Spacewalk.

    # yum install spacewalk-oracle
  4. Configure Spacewalk.

    If you are using an Oracle database, either on the same server or on a remote server, use the following command:

    # spacewalk-setup --disconnected --external-db

    Otherwise, use the following command:

    # spacewalk-setup --disconnected

    The following example shows an interactive configuration:

    # spacewalk-setup --disconnected --external-db
     * Setting up Oracle environment.
     * Setting up database.
     ** Database: Setting up database connection for Oracle backend.
     Database service name (SID)? <orcl.domain.com>
     Database hostname [localhost]? <spacewalk-db.domain.com>
     Username? <spacewalk-db-user>
     Password? ** 
     Database: Testing database connection. 
     ** Database: Populating database. 
     *** Progress: ############################################################ 
     * Setting up users and groups. 
     ** GPG: Initializing GPG and importing key. 
     ** GPG: Creating /root/.gnupg directory 
     You must enter an email address. 
     Admin Email Address? <your.email@domain.com> 
     * Performing initial configuration. 
     * Activating Spacewalk. 
     ** Loading Spacewalk Certificate. 
     ** Verifying certificate locally. 
     ** Activating Spacewalk. 
     * Enabling Monitoring. 
     * Configuring apache SSL virtual host. 
     Should setup configure apache's default ssl server for you (saves original ssl.conf) [Y]? 
     ** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave 
     * Configuring tomcat. 
     ** /etc/sysconfig//tomcat6 has been backed up to tomcat6-swsave 
     ** /etc/tomcat6//server.xml has been backed up to server.xml-swsave 
     ** /etc/tomcat6//web.xml has been backed up to web.xml-swsave 
     * Configuring jabberd. 
     * Creating SSL certificates. 
     CA certificate password? 
     Re-enter CA certificate password?
     Organization? <Oracle Demo>
     Organization Unit [spacewalk.domain.com]? 
     Email Address [your.email@domain.com]? 
     City? <Redwood Shores>
     State? <CA>
     Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? <US>
     ** SSL: Generating CA certificate. 
     ** SSL: Deploying CA certificate. 
     ** SSL: Generating server certificate. 
     ** SSL: Storing SSL certificates. 
     * Deploying configuration files. 
     * Update configuration in database. 
     * Setting up Cobbler.. 
     Processing /etc/cobbler/modules.conf 
     `/etc/cobbler/modules.conf' -> `/etc/cobbler/modules.conf-swsave' 
     Processing /etc/cobbler/settings `/etc/cobbler/settings' -> `/etc/cobbler/settings-swsave' 
     cobblerd does not appear to be running/accessible 
     Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality.
     Enable these services [Y]? 
     cobblerd does not appear to be running/accessible 
     * Restarting services. 
     Installation complete. 
     Visit https://spacewalk.domain.com to create the Spacewalk administrator account.

1.2.6 Configuring Software Channels Using Public Yum

Oracle Linux channels can be configured using the spacewalk‑common‑channels tool provided in the spacewalk‑utils package. This tool can automatically configure the required software channels, public yum repositories, GPG keys and activation keys for both Oracle Linux 5 and 6.

The following channels can be created using the spacewalk-common-channels command:

  • For Oracle Linux 6 (i386 and x86_64):

    oraclelinux6 (base channel)

    oraclelinux6-addons

    oraclelinux6-uek

    oraclelinux6-mysql

    oraclelinux6-playground

    oraclelinux6-spacewalk20-client

    oraclelinux6-spacewalk20-server

  • For Oracle Linux 5 (i386 and x86_64):

    oraclelinux5 (base channel)

    oraclelinux5-addons

    oraclelinux5-oracle-addons

    oraclelinux5-unsupported

    oraclelinux5-uek

    oraclelinux5-spacewalk20-client

For example, to create all the 32‑bit and 64‑bit software channels for Oracle Linux 6, install the spacewalk‑utils package and then run the spacewalk‑common‑channels tool, as follows:

# yum install spacewalk‑utils  
# spacewalk‑common‑channels -v -u <admin> -p <password> -a i386,x86_64 -k unlimited ‘oraclelinux6*’

Use the spacewalk‑common‑channels -h command to see full usage information.

1.2.7 Configuring Software Channels Using ULN

The Oracle version of Spacewalk contains ULN plug-in for the spacewalk-repo-sync tool. The plug-in enables you to synchronize ULN channels directly into Spacewalk channels without requiring the Spacewalk server to be registered with ULN.

Note

The ULN plug-in was not included with the initial release of Spacewalk from Oracle. Depending on the configuration of your Spacewalk server, you might need to update the Spacewalk packages.

To configure the ULN plug-in, edit the /etc/rhn/spacewalk-repo-sync/uln.conf file and add login credentials for ULN. By default, this file is read-only by root.

[main] 
username = <ULN SSO username> 
password = <ULN SSO password>

After you edit the configuration file, ensure that the file permissions are read-only (0400) by root. This is an important security step to protect the ULN credentials.

Once the ULN plug-in is configured, you create the Spacewalk software channels and repositories in the normal way using the Spacewalk web interface. When you specify the URL for a ULN repository, use a URL in the following format:

uln:///<ULN channel label>

Note

The URL must contain three forward slash (/) characters.

For example:

uln:///ol6_x86_64_latest

You can get a list of available ULN channel labels by logging in to ULN (https://linux.oracle.com) and selecting the Channels tab.

1.2.8 Synchronizing Software Channels

Once you have configured the software channels, you can synchronize the software either by performing an immediate manual synchronization or by scheduling a recurring synchronization job.

As a minimum, Oracle recommends that you update the Oracle Linux 5 and Oracle Linux 6 latest channels daily.

The initial synchronization of the Oracle Linux 5 and Oracle Linux 6 channels can take several days to complete. Oracle recommends that you perform an initial manual synchronization to populate the channels, and then configure a recurring job to keep them updated.

Synchronizing Software Channels Using the Spacewalk Web Interface

  1. Go to Channels, then Software Channels, and select the required channel.

  2. Select Repositories, and then Sync.

  3. Synchronize the software.

    To perform an immediate manual synchronization, click the Sync Now button.

    To schedule a recurring synchronization job, select the preferred schedule, and click the Schedule button.

Synchronizing Software Channels Using the Command Line

Use the spacewalk-repo-sync tool to synchronize software channels. You must be root to use this tool. You can run the tool manually or in a cron job. See the man page for spacewalk-repo-sync for full details of the options. If you run the tool in a cron job, remember to include the -q or --quiet option.

In order to synchronize a channel, the key information is the channel label and the URL of the repository. Use the spacewalk-repo-sync -l command to display this information.

To synchronize a channel with a ULN repository, use the following format:

# spacewalk-repo-sync -t uln -c <Spacewalk channel label> -u uln:///<ULN channel label> 

For example:

# spacewalk-repo-sync -t uln -c oraclelinux6_x86_64_latest -u uln:///ol6_x86_64_latest 

To synchronize a channel with an Oracle Public Yum repository, use the following format:

# spacewalk-repo-sync -c <Spacewalk channel label> -u http://<repo URL> 

For example:

# spacewalk-repo-sync -c oraclelinux6_x86_64_latest \
-u http://public-yum.oracle.com/repo/OracleLinux/OL6/latest/x86_64/ 

1.2.9 Creating Activation Keys for Spacewalk Clients

After you have configured and synchronized the software channels, you must create an activation key so that servers can register to those channels.

Create an activation key for each base channel and architecture you configured. If you configured all the channels, you need four activation keys, two for Oracle Linux 5 (i386 and x86_64) and two for Oracle Linux 6 (i386 and x86_64).

You synchronize software as follows:

  1. In the Spacewalk web interface, go to Systems, and then Activation Keys.

  2. Click Create New Key.

    Oracle recommends that you do not use the generate function to create an activation key. Instead, create a key with a label that is easy to understand, for example based on the version number and architecture (oraclelinux6-x86_64), or based on the server type (webserver or appserver). Spacewalk automatically adds a number to the activation key label. For example, if you select oraclelinux-x86_64 as the label, the key that is actually created might be called 1-oraclelinux-x86_64. This enables you to create multiple activation keys for the same base channel, each with different configuration options. The name you use is presented during Spacewalk client registration and creating your own key labels helps you to select the right key.