CentOS 6 Spacewalk 1.5 (RHN Satellite) With PostgreSQL - Quick & Dirty

This paper is an overview of the commands needed to setup a working spacewalk (satellite) server on CentOS 6. SELinux with the current version on CentOS seems to have some problems during installation which can be fixed by installing the src RPM's as described.

I'm not going into much detail on how to use the Satellite server once it is installed, though I have left some notes for different configurations in the 'Links & Notes' section. 

  • Edit /etc/hosts and add your Spacewalk server 

% vi /etc/hosts

192.168.4.151	spacewalk.localdomain.com spacewalk


  • Add the following ports to /etc/sysconfig/iptables

% vi /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m tcp -p tcp --dport 69 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5222 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5432 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25150 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 25150 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25151 -j ACCEPT

% service iptables restart


  • Install and add the Spacewalk, JPackage, and EPEL repos respectively.

% rpm -Uvh http://spacewalk.redhat.com/yum/1.5/RHEL/6/i386/\
spacewalk-repo-1.5-1.el6.noarch.rpm

% vi /etc/yum.repos.d/jpackage-generic.repo
[jpackage-generic]
name=JPackage generic
baseurl=http://mirrors.dotsrc.org/jpackage/5.0/generic/free/
enabled=1
gpgcheck=1
gpgkey=http://www.jpackage.org/jpackage.asc

% rpm -Uvh http://download.fedora.redhat.com/pub/epel/6/i386/\
epel-release-6-5.noarch.rpm


  • Normally at this point you could: yum install spacewalk-postgresql; however
doing so now will cause the following error during installation on CentOS 6.

Error: Package: spacewalk-common-1.5.1-1.el6.noarch (spacewalk)
           Requires: selinux-policy-base >= 3.7.19-93
           Installed: selinux-policy-targeted-3.7.19-54.el6.noarch \
(@anaconda-centos-201106051823.i386/6.0)
               selinux-policy-base = 3.7.19-54.el6
           Available: selinux-policy-minimum-3.7.19-54.el6.noarch (localrepo)
               selinux-policy-base = 3.7.19-54.el6
           Available: selinux-policy-mls-3.7.19-54.el6.noarch (localrepo)
               selinux-policy-base = 3.7.19-54.el6
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

To fix this you need to download the source RPM's for selinux and compile 
them as shown below.


  • Install tools for compiling and installing the selinux src.rpm, 
compile from the .spec file. Install the PostgreSQL database. Install 
Spacewalk with PostgreSQL. 

% yum install policycoreutils-python gcc gcc-c++ rpmdevtools postgresql-*

% rpm -ivh ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/\
SRPMS/selinux-policy-3.7.19-93.el6.src.rpm

% cd rpmbuild/SPECS

% rpmbuild -ba selinux-policy.spec

% cd rpmbuild/RPMS/noarch

% yum localinstall * --nogpgcheck

% yum install spacewalk-postgresql

% chkconfig postgresql on

% service postgresql initdb

% service postgresql start


  • Configure PostgreSQL and create the database.

% su - postgres
$ psql template1
template1=# CREATE LANGUAGE plpgsql;
template1=# CREATE DATABASE spacewalk;
template1=# \q

% vi /var/lib/pgsql/data/pg_hba.conf
append: host all all 192.168.4.0 255.255.255.0 trust
(substitute your network for 192.168.4.0)

% vi /var/lib/pgsql/data/postgresql.conf
change: listen_addresses = 'localhost' to listen_addresses = '*'

% service postgresql restart


  • Setup the Spacewalk database connection.

% spacewalk-setup

** Database: Setting up database connection for PostgreSQL backend.
Hostname (leave empty for local)? 192.168.4.151
Port [5432]? 
Database? spacewalk
Username? postgres
Password? <root password>
** Database: Populating database.
*** Progress: ####
* Setting up users and groups.
** GPG: Initializing GPG and importing key.
** GPG: Creating /root/.gnupg directory


  • Your Spacewalk server should now be accessible at:

% https://spacewalk.localdomain.com

    • Links & Notes

  • Spacewalk Installation Instructions
  • Spacewalk CentOS Wiki
  • Post-Installation Guides
  • RHN Satellite Server Installation Program 
  • Log file location.
/var/log/rhn/


  • Setting selinux for a new Spacewalk repo RPM location.
% semanage fcontext -a -t spacewalk_data_t "/rpm(/.*)?"
% restorecon -R -v /rpm


  • Client Install notes.
Temporarily enable the EPEL repo

% vi /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 5 - $basearch
#baseurl=http://download.fedora.redhat.com/pub/epel/5/$basearch
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=\
$basearch
failovermethod=priority
gpgkey=http://download.fedora.redhat.com/pub/epel/RPM-GPG-KEY-EPEL
gpgcheck=1
enabled=1

Install the Spacewalk repo.
% rpm -Uvh http://spacewalk.redhat.com/yum/1.5/RHEL/6/i386/\
spacewalk-client-repo-1.5-1.el6.noarch.rpm

Install the client packages.
% yum install rhn-setup yum-rhn-plugin python-dmidecode

Register the client to the server.
% rhnreg_ks --serverUrl=http://spacewalk.example.com/XMLRPC\
 --activationkey=<default-activation-key>

After the client has been connected to the Spacewalk server disable the repos in /etc/yum.repos.d/ 
by changing enabled=1 to enabled=0 in the repo files.

ERRORS Like the following with yum installation.
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID\
 c105b9de: NOKEY
Solution: Disable GPG checks on the client.
% vi /etc/yum/pluginconf.d/rhnplugin.conf
gpgcheck = 0


  • Kickstart Notes
Spacewalk server must have a valid DNS name and be resolvable.

/etc/dhcpd.conf must have the below entries.
allow booting;
allow bootp;
filename "pxelinux.0";
next-server <spacewalk server IP address>;

Download the pxlinux.0 boot file.
% cobbler get-loaders

Check for errors with cobbler.
% cobbler check

tftp directory is: /var/lib/tftpboot
cobbler directory is: /var/lib/cobbler

Mount the distribution ISO to an html accessible location:
% mount -o loop /mnt/CentOS-6.0-i386-bin-DVD.iso /var/www/html/distros/\
CentOS_6_i386

% service xinetd start

% cobbler get-loaders

% cd /var/lib/cobbler/loaders

% cp * /var/lib/tftpboot/


Channels -> Manage Software Channels -> Create New Channel
Create a new Channel named CentOS 6 Base - i386

Systems -> Kickstart -> Distributions -> Create New Distribution
Create a new kickstart distro with the tree path as: /var/www/html/distros/\
CentOS_6_i386
Base Channel: CentOS 6 Base - i386

Systems -> Kickstart -> Profiles -> Create New Kickstart Profile

Channels -> Manage Software Channels -> Manage Repositories -> 
Create New Repository
Create a new spacewalk client repository, point the Repository URL to:
http://spacewalk.redhat.com/yum/1.5-client/RHEL/6/i386/

Channels -> Manage Software Channels -> Create New Channel
Create a new Spacewalk Client channel (child channel) with a parent channel 
of CentOS 6 Base.
Click repositories and 'check' the spacewalk client then sync the repository.