The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.
To install the Spacewalk proxy software:
Ensure that the
jta
package is not installed and prevent it from being installed when you install Spacewalk.To check if the
jta
package is installed:#
yum list installed | grep jta
To remove the
jta
package:#
yum remove jta
To prevent the
jta
package from being installed, either disable the Oracle Linux 6 Add-ons channel ([ol6_addons]
), or add thejta
package to theexclude
directive in the yum configuration file/etc/yum.conf
, for example:exclude=jta*
Configure the system firewall, for example:
#
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
#iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
#iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 5222 -j ACCEPT
#iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 5269 -j ACCEPT
#iptables -I OUTPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
#iptables -I OUTPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
#iptables -I OUTPUT -p tcp -m state --state NEW -m tcp --dport 4545 -j ACCEPT
#service iptables save
Register the system as a client of the Spacewalk server for which it will act as a Spacewalk proxy:
Enable access to the Spacewalk Client 2.2 repository on the Oracle Linux yum server.
Download the latest the yum repository configuration file from https://yum.oracle.com/ and save it to the yum repositories directory (by default
/etc/yum.repos.d
). Edit the configuration file and enable theol6_spacewalk22_client
repository.Alternatively, you can create a
/etc/yum.repos.d/spacewalk22-client.repo
file with the following content:[ol6_spacewalk22_client] name=Spacewalk Client 2.2 for Oracle Linux 6 ($basearch) baseurl=https://yum.oracle.com/repo/OracleLinux/OL6/spacewalk22/client/$basearch/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle gpgcheck=1 enabled=1
Install the Spacewalk Client 2.2 software.
#
yum install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin
NoteIf you previously registered the system with ULN, this command unregisters the system from ULN.
Register the system with the Spacewalk server by using the rhnreg_ks command.
#
rhnreg_ks --serverUrl=http://
spacewalk_server
/XMLRPC --activationkey=activation_key
The registration process downloads the Spacewalk server’s SSL certificate (
RHN-ORG-TRUSTED-SSL-CERT
) to the/usr/share/rhn
directory and configures settings in/etc/sysconfig/rhn/up2date
.Disable access to the Spacewalk Client repository in the yum repository configuration file or delete the Spacewalk Client
.repo
file.
If not already present on the Spacewalk server, create software channels for Spacewalk 2.2 Client and Spacewalk Server 2.2 and subscribe the Spacewalk proxy system to these channels:
Create a Spacewalk Client 2.2 channel as a child of the Oracle Linux 6 base channel.
Create a Spacewalk Client 2.2 repository that access the Spacewalk Client 2.2 channel on the Oracle Linux yum server (
https://yum.oracle.com/repo/OracleLinux/OL6/spacewalk22/client/x86_64/
), using the same GPG settings as for Oracle Linux 6.Associate the Spacewalk Client 2.2 repository with the Spacewalk Client 2.2 channel and synchronize the repository's packages from the Oracle Linux yum server.
Create a Spacewalk Server 2.2 channel as a child of the Oracle Linux 6 base channel.
Create a Spacewalk Server 2.2 repository that access the Spacewalk Server 2.2 channel on the Oracle Linux yum server (
https://yum.oracle.com/repo/OracleLinux/OL6/spacewalk22/server/x86_64/
), using the same GPG settings as for Oracle Linux 6.Associate the Spacewalk Server 2.2 repository with the Spacewalk Server 2.2 channel and synchronize the repository's packages from the Oracle yum server.
Change the channel subscription of the Spacewalk server in Spacewalk from the Spacewalk Server 2.0 channel to the Spacewalk Server 2.2 channel.
Subscribe the Spacewalk proxy to the Spacewalk Client 2.2 and Spacewalk Server 2.2 channels.
Install the
openssh-clients
andrhn-client-tools
packages.#
yum install openssh-clients rhn-client-tools
Create the directory
/root/ssl-build
.#
mkdir /root/ssl-build
Install the Spacewalk proxy installer package.
#
yum install spacewalk-proxy-installer
Configure the Spacewalk proxy by running the configure-proxy.sh script.
The following example shows an interactive configuration.
NoteThis example does not enable monitoring. Monitoring is a deprecated feature that will be removed in a future release.
#
configure_proxy.sh
Proxy version to activate [2.2]:[Enter]
Traceback email []:my.email@mydom.com
Use SSL [Y/n]:Y
HTTP Proxy []:[Enter]
Regardless of whether you enabled SSL for the connection to the Spacewalk Parent Server, you will be prompted to generate an SSL certificate. This SSL certificate will allow client systems to connect to this Spacewalk Proxy securely. Refer to the Spacewalk Proxy Installation Guide for more information. Organization []:Oracle Demo
Organization Unit [swkproxy.us.mydom.com]:[Enter]
Common Name [swkproxy.us.mydom.com]:[Enter]
City []:Redwood Shores
State []:CA
Country code []:US
Email [my.email@mydom.com]:[Enter]
Cname aliases (separated by space) []:[Enter]
Spacewalk Proxy successfully activated. Loaded plugins: rhnplugin This system is receiving updates from RHN Classic or Red Hat Satellite. Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package spacewalk-proxy-management.noarch 0:2.2.10-1.el6 will be installed ... Transaction Summary ================================================================================ Install 42 Package(s) Total download size: 13 M Installed size: 32 M Is this ok [y/N]:y
Downloading Packages: (1/42): apr-1.3.9-5.el6_2.x86_64.rpm | 122 kB 00:00 ... You do not have monitoring installed. Do you want to install monitoring scout? Will run 'yum install spacewalk-proxy-monitoring'. [Y/n]:n
... Using CA key at /root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY. Generating distributable RPM for CA public certificate: Copying CA public certificate to /var/www/html/pub for distribution to clients: Generating SSL key and public certificate: CA password:
Installing SSL certificate for Apache and Jabberd: Preparing packages for installation... rhn-org-httpd-ssl-key-pair-swkproxy-1.0-1 Create and populate configuration channel rhn_proxy_config_1000010040? [Y/n]:cert_passwd
Y
RHN username: []:
Password:swadmin
Using server name swksvr.mydom.com Creating config channel rhn_proxy_config_1000010040 Config channel rhn_proxy_config_1000010040 created Using server name swksvr.mydom.com Pushing to channel rhn_proxy_config_1000010040: Local file /etc/httpd/conf.d/ssl.conf -> remote file /etc/httpd/conf.d/ssl.conf Local file /etc/rhn/rhn.conf -> remote file /etc/rhn/rhn.conf Local file /etc/rhn/cluster.ini -> remote file /etc/rhn/cluster.ini Local file /etc/squid/squid.conf -> remote file /etc/squid/squid.conf Local file /etc/httpd/conf.d/cobbler-proxy.conf -> remote file /etc/httpd/conf.d/cobbler-proxy.conf Local file /etc/httpd/conf/httpd.conf -> remote file /etc/httpd/conf/httpd.conf Local file /etc/jabberd/c2s.xml -> remote file /etc/jabberd/c2s.xml Local file /etc/jabberd/sm.xml -> remote file /etc/jabberd/sm.xml Enabling Spacewalk Proxy. Shutting down rhn-proxy... Terminating jabberd processes ... ... Done. Starting rhn-proxy... init_cache_dir /var/spool/squid... Starting squid: .[ OK ] Starting httpd: [ OK ] Initializing jabberd processes ... Starting router: [ OK ] Starting sm: [ OK ] Starting c2s: [ OK ] Starting s2s: [ OK ] [ OK ] Done. There were some answers you had to enter manually. Would you like to have written those into file formatted as answers file? [Y/n]:swadmin_passwd
Y
Writing proxy-answers.txt.NtM1YThe RHN user name and password (
swadmin
andswadmin_passwd
) are the administrator's user name and password for the Spacewalk server.The information that you enter is recorded in a file named
proxy-answers.txt.
, whereUID
UID
is a unique identifier. You can use this file to automate the configuration of a Spacewalk proxy, for example:#
configure-proxy.sh --non-interactive --answer-file=proxy-answers.txt.NtM1Y
If you want to use third-party CA-signed SSL certificate instead of the self-signed SSL certificate, follow the procedure given in Chapter 3, Replacing SSL Certificates on Spacewalk Servers or Spacewalk Proxies.
NoteOracle recommends that you replace the self-signed SSL certificate before registering any clients. Otherwise, you must log on separately to each existing client and configure it to use the new SSL certificate. You cannot do this from the Spacewalk server.
To check that the Spacewalk proxy is running correctly, specify the URL of the proxy when registering a Spacewalk client, for example:
#
rhnreg_ks --serverUrl=http://
spacewalk_proxy
/XMLRPC --activationkey=activation_key
After registering the client, subscribe it to software channels on the server and verify that you can update packages from the client.