The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.

2.4 Installing a Spacewalk Proxy

To install the Spacewalk proxy software:

  1. Ensure that the jta package is not installed and prevent it from being installed when you install Spacewalk.

    To check if the jta package is installed: 

    # yum list installed | grep jta

    To remove the jta package: 

    # yum remove jta

    To prevent the jta package from being installed, either disable the Oracle Linux 6 Add-ons channel ([ol6_addons]), or add the jta package to the exclude directive in the yum configuration file /etc/yum.conf, for example: 

    exclude=jta*

  2. Configure the system firewall, for example: 

    # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 5222 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 5269 -j ACCEPT
# iptables -I OUTPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
# iptables -I OUTPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
# iptables -I OUTPUT -p tcp -m state --state NEW -m tcp --dport 4545 -j ACCEPT
# service iptables save

  3. Register the system as a client of the Spacewalk server for which it will act as a Spacewalk proxy:

    1. Enable access to the Spacewalk Client 2.2 repository on the Oracle Linux yum server.

      Download the latest the yum repository configuration file from https://yum.oracle.com/ and save it to the yum repositories directory (by default /etc/yum.repos.d). Edit the configuration file and enable the ol6_spacewalk22_client repository.

      Alternatively, you can create a /etc/yum.repos.d/spacewalk22-client.repo file with the following content: 

      [ol6_spacewalk22_client]
name=Spacewalk Client 2.2 for Oracle Linux 6 ($basearch)
baseurl=https://yum.oracle.com/repo/OracleLinux/OL6/spacewalk22/client/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1

    2. Install the Spacewalk Client 2.2 software. 

      # yum install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin
      Note

      If you previously registered the system with ULN, this command unregisters the system from ULN.

    3. Register the system with the Spacewalk server by using the rhnreg_ks command. 

      # rhnreg_ks --serverUrl=http://spacewalk_server/XMLRPC --activationkey=activation_key

      The registration process downloads the Spacewalk server’s SSL certificate (RHN-ORG-TRUSTED-SSL-CERT) to the /usr/share/rhn directory and configures settings in /etc/sysconfig/rhn/up2date.

    4. Disable access to the Spacewalk Client repository in the yum repository configuration file or delete the Spacewalk Client .repo file.

  4. If not already present on the Spacewalk server, create software channels for Spacewalk 2.2 Client and Spacewalk Server 2.2 and subscribe the Spacewalk proxy system to these channels:

    1. Create a Spacewalk Client 2.2 channel as a child of the Oracle Linux 6 base channel.

    2. Create a Spacewalk Client 2.2 repository that access the Spacewalk Client 2.2 channel on the Oracle Linux yum server (https://yum.oracle.com/repo/OracleLinux/OL6/spacewalk22/client/x86_64/), using the same GPG settings as for Oracle Linux 6.

    3. Associate the Spacewalk Client 2.2 repository with the Spacewalk Client 2.2 channel and synchronize the repository's packages from the Oracle Linux yum server.

    4. Create a Spacewalk Server 2.2 channel as a child of the Oracle Linux 6 base channel.

    5. Create a Spacewalk Server 2.2 repository that access the Spacewalk Server 2.2 channel on the Oracle Linux yum server (https://yum.oracle.com/repo/OracleLinux/OL6/spacewalk22/server/x86_64/), using the same GPG settings as for Oracle Linux 6.

    6. Associate the Spacewalk Server 2.2 repository with the Spacewalk Server 2.2 channel and synchronize the repository's packages from the Oracle yum server.

    7. Change the channel subscription of the Spacewalk server in Spacewalk from the Spacewalk Server 2.0 channel to the Spacewalk Server 2.2 channel.

    8. Subscribe the Spacewalk proxy to the Spacewalk Client 2.2 and Spacewalk Server 2.2 channels.

  5. Install the openssh-clients and rhn-client-tools packages. 

    # yum install openssh-clients rhn-client-tools

  6. Create the directory /root/ssl-build. 

    # mkdir /root/ssl-build

  7. Install the Spacewalk proxy installer package. 

    # yum install spacewalk-proxy-installer

  8. Configure the Spacewalk proxy by running the configure-proxy.sh script.

    The following example shows an interactive configuration.

    Note

    This example does not enable monitoring. Monitoring is a deprecated feature that will be removed in a future release. 

    # configure_proxy.sh
Proxy version to activate [2.2]: [Enter]
Traceback email []: my.email@mydom.com
Use SSL [Y/n]: Y
HTTP Proxy []: [Enter]
Regardless of whether you enabled SSL for the connection to the Spacewalk Parent
Server, you will be prompted to generate an SSL certificate.
This SSL certificate will allow client systems to connect to this Spacewalk Proxy
securely. Refer to the Spacewalk Proxy Installation Guide for more information.
Organization []: Oracle Demo
Organization Unit [swkproxy.us.mydom.com]: [Enter]
Common Name [swkproxy.us.mydom.com]: [Enter]
City []: Redwood Shores
State []: CA
Country code []: US
Email [my.email@mydom.com]: [Enter]
Cname aliases (separated by space) []: [Enter]
Spacewalk Proxy successfully activated.
Loaded plugins: rhnplugin
This system is receiving updates from RHN Classic or Red Hat Satellite.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package spacewalk-proxy-management.noarch 0:2.2.10-1.el6 will be installed
...
Transaction Summary
================================================================================
Install      42 Package(s)

Total download size: 13 M
Installed size: 32 M
Is this ok [y/N]: y
Downloading Packages:
(1/42): apr-1.3.9-5.el6_2.x86_64.rpm                     | 122 kB     00:00
...
You do not have monitoring installed.
Do you want to install monitoring scout?
Will run 'yum install spacewalk-proxy-monitoring'. [Y/n]: n
...
Using CA key at /root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY.
Generating distributable RPM for CA public certificate:
Copying CA public certificate to /var/www/html/pub for distribution to clients:
Generating SSL key and public certificate:
CA password: cert_passwd
Installing SSL certificate for Apache and Jabberd:
Preparing packages for installation...
rhn-org-httpd-ssl-key-pair-swkproxy-1.0-1
Create and populate configuration channel rhn_proxy_config_1000010040? [Y/n]: Y
RHN username: []: swadmin
Password: swadmin_passwd
Using server name swksvr.mydom.com
Creating config channel rhn_proxy_config_1000010040
Config channel rhn_proxy_config_1000010040 created
Using server name swksvr.mydom.com
Pushing to channel rhn_proxy_config_1000010040:
Local file /etc/httpd/conf.d/ssl.conf -> remote file /etc/httpd/conf.d/ssl.conf
Local file /etc/rhn/rhn.conf -> remote file /etc/rhn/rhn.conf
Local file /etc/rhn/cluster.ini -> remote file /etc/rhn/cluster.ini
Local file /etc/squid/squid.conf -> remote file /etc/squid/squid.conf
Local file /etc/httpd/conf.d/cobbler-proxy.conf -> remote file 
           /etc/httpd/conf.d/cobbler-proxy.conf
Local file /etc/httpd/conf/httpd.conf -> remote file /etc/httpd/conf/httpd.conf
Local file /etc/jabberd/c2s.xml -> remote file /etc/jabberd/c2s.xml
Local file /etc/jabberd/sm.xml -> remote file /etc/jabberd/sm.xml
Enabling Spacewalk Proxy.
Shutting down rhn-proxy...
Terminating jabberd processes ...
...
Done.
Starting rhn-proxy...
init_cache_dir /var/spool/squid... Starting squid: .[ OK ]
Starting httpd: [ OK ]
Initializing jabberd processes ...
Starting router: [ OK ]
Starting sm: [ OK ]
Starting c2s: [ OK ]
Starting s2s: [ OK ]
[ OK ]
Done.
There were some answers you had to enter manually.
Would you like to have written those into file
formatted as answers file? [Y/n]: Y
Writing proxy-answers.txt.NtM1Y

    The RHN user name and password (swadmin and swadmin_passwd) are the administrator's user name and password for the Spacewalk server.

    The information that you enter is recorded in a file named proxy-answers.txt.UID, where UID is a unique identifier. You can use this file to automate the configuration of a Spacewalk proxy, for example: 

    # configure-proxy.sh --non-interactive --answer-file=proxy-answers.txt.NtM1Y

  9. If you want to use third-party CA-signed SSL certificate instead of the self-signed SSL certificate, follow the procedure given in Chapter 3, Replacing SSL Certificates on Spacewalk Servers or Spacewalk Proxies.

    Note

    Oracle recommends that you replace the self-signed SSL certificate before registering any clients. Otherwise, you must log on separately to each existing client and configure it to use the new SSL certificate. You cannot do this from the Spacewalk server.

  10. To check that the Spacewalk proxy is running correctly, specify the URL of the proxy when registering a Spacewalk client, for example: 

    # rhnreg_ks --serverUrl=http://spacewalk_proxy/XMLRPC --activationkey=activation_key

    After registering the client, subscribe it to software channels on the server and verify that you can update packages from the client.

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. Legal Notices