The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.

1.5 Installing a Spacewalk Server

Before you install the Spacewalk server software, you must do the following:

  • Install the Oracle Database and ensure that it is up and running.

    For specific instructions on installing and configuring Oracle Database, consult with your Oracle database administrator. See also the product documentation at https://docs.oracle.com/en/database/database.html.

  • Meet all of the requirements and perform any of the prerequisite tasks that are described in this document, as well as those that are specified in the product documentation.

    In particular, make sure that you have met the following networking requirements:

    Configured a FQDN for the Spacewalk server, as described in Section 1.4, “Networking Requirements”. The /etc/hosts file should have an FQDN entry for the Spacewalk server.

    Caution

    The Spacewalk server and clients must be able to resolve the Spacewalk server's FQDN for both forward and reverse lookups in DNS. If these conditions are not met, neither certificate validation nor PXE booting work. In addition, clients cannot register with the Spacewalk server. In particular, a lack of reverse DNS lookup on the Spacewalk server or the clients causes Inter-Server Synchronization (ISS) to fail.

Follow these steps to install the Spacewalk server software:

  1. Install Oracle Instant Client release 11.2.0.4 or later.

    1. Download the following Instant Client packages. You can find out more about the Instant Client from:

      https://www.oracle.com/database/technologies/instant-client.html

      • Instant Client Package (Basic)

      • Instant Client Package (SQL*Plus)

      Note

      Do not download the packages for release 12.1 or later, as these releases are not supported.

    2. Install the Instant Client packages. 

      # rpm -ihv oracle-instantclient11.2-basic-11.2.0.4.0-1.x86_64.rpm \
oracle-instantclient11.2-sqlplus-11.2.0.4.0-1.x86_64.rpm

    3. Add the library path to ldconfig. 

      # echo /usr/lib/oracle/11.2/client64/lib > /etc/ld.so.conf.d/oracle-instantclient11.2.conf 
# ldconfig
    Note

    The Spacewalk server configuration fails if the Instant Client is missing. Oracle recommends that you install the latest 11gR2 release of the Instant Client.

  2. Ensure that the jta package is not installed and prevent it from being installed when you install Spacewalk.

    Check whether the jta package is installed as followed: 

    # yum list installed | grep jta

    To remove the jta package: 

    # yum remove jta

    To prevent the jta package from being installed later, do one of the following:

    • Disable the Oracle Linux 6 or Oracle Linux 7 addons channels ([ol6_addons] or [ol7_addons]).

    • Add the jta package to the exclude directive in the /etc/yum.conf file as follows: 

      exclude=jta*

  3. Configure the system firewall.

    For Oracle Linux 6, you would configure the system firewall as follows: 

    # iptables -I INPUT -p udp -m udp --dport 69 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 5222 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 5269 -j ACCEPT
# iptables -I OUTPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
# iptables -I OUTPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
# service iptables save

    For Oracle Linux 7, you would configure the system firewall as follows: 

    # firewall-cmd --permanent --add-port=69/udp
# firewall-cmd --permanent --add-port=80/tcp
# firewall-cmd --permanent --add-port=443/tcp
# firewall-cmd --permanent --add-port=5222/tcp
# firewall-cmd --permanent --add-port=5269/tcp
# firewall-cmd --reload

  4. Enable access to the repositories that contain the Spacewalk Server 2.4 and dependent packages on the Oracle Linux yum server at https://yum.oracle.com.

    For Oracle Linux 6:

    1. Download the latest the yum repository configuration file (https://yum.oracle.com/public-yum-ol6.repo to the yum repositories directory (by default /etc/yum.repos.d).

    2. Enable the ol6_spacewalk24_server repository in the repository configuration file.

    For Oracle Linux 7:

    1. Download the latest the yum repository configuration file https://yum.oracle.com/public-yum-ol7.repo to the yum repositories directory (by default /etc/yum.repos.d).

    2. Enable the ol7_optional_latest and ol7_spacewalk24_server repositories in the repository configuration file.

    Alternatively, you can create a yum repository configuration file, for example /etc/yum.repos.d/spacewalk24.repo, with content similar to the following examples.

    For Oracle Linux 6: 

    [ol6_spacewalk24_server]
name=Spacewalk Server 2.4 for Oracle Linux 6 ($basearch)
baseurl=https://yum.oracle.com/repo/OracleLinux/OL6/spacewalk24/server/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1

    For Oracle Linux 7: 

    [ol7_optional_latest]
name=Oracle Linux 7 Optional Latest ($basearch)
baseurl=https://yum.oracle.com/repo/OracleLinux/OL7/optional/latest/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1

[ol7_spacewalk24_server]
name=Spacewalk Server 2.4 for Oracle Linux 7 ($basearch)
baseurl=https://yum.oracle.com/repo/OracleLinux/OL7/spacewalk24/server/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1

  5. Install the Spacewalk server packages that are configured to use Oracle Database: 

    # yum install spacewalk-oracle

    Optionally, you can also install the spacewalk-utils and spacecmd packages if you want to use commands such as spacecmd, spacewalk-common-channels, spacewalk-hostname-rename, or spacewalk-sync-setup. 

    # yum install spacewalk-oracle spacewalk-utils spacecmd

    spacecmd allows you to administer Spacewalk from the command line. You can manage activation keys, configuration channels, Kickstarts, software channels, systems, and users.

    spacewalk-common-channels allows you to configure the software channels, Oracle yum server repositories, GPG keys, and activation keys for Oracle Linux from the command line.

    spacewalk-hostname-rename allows you to regenerate the SSL certificate if you change the system's host name.

    spacewalk-sync-setup allows you configure a master-slave relationship between two Spacewalk servers that you want to use in an Inter-Server Synchronization (ISS) configuration. See Chapter 4, Configuring Inter-Server Synchronization.

    You can safely ignore any SELinux restorecon messages that are displayed when the packages are installed.

    Alternatively, you can install the additional packages at a later time if you register the Spacewalk server as a client of itself and subscribe it to the appropriate Spacewalk Server 2.4 channel.

  6. Configure Spacewalk to use the Oracle database by running spacewalk-setup --disconnected --external-oracle.

    The following example shows an interactive configuration.

    Note

    The value that you specify for Organization Unit must be the FQDN of the server in DNS, which must be the same as the system's host name.

    sw_user and sw_passwd are the Spacewalk user name and password that you configured for Oracle Database.

    The value expected for the database service name (SID) is the global database name and not the value of ORACLE_SID. 

    # spacewalk-setup --disconnected --external-oracle
* Setting up SELinux..
* Setting up Oracle environment.
* Setting up database.
** Database: Setting up database connection for Oracle backend.
Global Database Name or SID (requires tnsnames.ora)? orcl.mydom.com
Database hostname [localhost]? spacewalk-db.mydom.com
Username? sw_user
Password? sw_passwd 
Database: Testing database connection. 
** Database: Populating database. 
*** Progress: ############################################################ 
* Configuring tomcat.
* Setting up users and groups.
** GPG: Initializing GPG and importing key.
** GPG: Creating /root/.gnupg directory
You must enter an email address. 
Admin Email Address? my.email@mydom.com 
* Performing initial configuration. 
* Activating Spacewalk. 
** Loading Spacewalk Certificate. 
** Verifying certificate locally. 
** Activating Spacewalk. 
* Enabling Monitoring. 
* Configuring apache SSL virtual host. 
Should setup configure apache's default ssl server for you
                                        (saves original ssl.conf) [Y]? y 
** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave 
* Configuring jabberd.
* Creating SSL certificates.
CA certificate password? cert_passwd
Re-enter CA certificate password? cert_passwd
Organization? Oracle Demo
Organization Unit [swksvr.mydom.com]? swksvr.mydom.com
Email Address [your.email@domain.com]? my.email@mydom.com
City? Redwood Shores
State? CA
Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? US
** SSL: Generating CA certificate. 
** SSL: Deploying CA certificate. 
** SSL: Generating server certificate. 
** SSL: Storing SSL certificates. 
* Deploying configuration files. 
* Update configuration in database. 
* Setting up Cobbler..
Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality.
Enable these services [Y]? y
* Restarting services. 
Installation complete. 
Visit https://swksvr.mydom.com to create the Spacewalk administrator account.

  7. Verify that the Spacewalk services are running correctly. 

    # /usr/sbin/spacewalk-service status
router (pid 5097) is running...
sm (pid 5105) is running...
c2s (pid 5113) is running...
s2s (pid 5121) is running...
tomcat6 (pid 5193) is running...                           [  OK  ]
httpd (pid  5303) is running...
osa-dispatcher (pid  5331) is running...
rhn-search is running (5353).
cobblerd (pid 5392) is running...
RHN Taskomatic is running (5419).

    The process IDs on your system are likely to be different from those shown in this example.

  8. Point a browser at the Spacewalk server URL mentioned in the output and create the Spacewalk administrator account.

  9. If you want to use third-party CA-signed SSL certificate instead of the self-signed SSL certificate, follow the procedure given in Chapter 3, Replacing SSL Certificates on Spacewalk Servers or Spacewalk Proxies.

Note

Oracle makes the following recommendations for configuring a newly installed Spacewalk server:

  • Define at least one Spacewalk organization as soon as you have installed the Spacewalk server, even if you think your deployment does not require organizations. It is difficult to retrofit organizations into a Spacewalk implementation after you have configured the default organization.

  • Replace the self-signed SSL certificate before registering any clients. Otherwise, you must log on separately to each existing client and configure it to use a new SSL certificate. You cannot do this from the Spacewalk server.

  • Register the Spacewalk server as a client of itself after you have set up the software channels. Include the Spacewalk Server 2.4 channel in the list of software channels to which the server is subscribed.

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. Legal Notices