======Spacewalk server with own default organization on CentOS 6======
=====Installation=====
====Repositories====
rpm -Uvh http://yum.spacewalkproject.org/2.2/RHEL/6/x86_64/spacewalk-repo-2.2-1.el6.noarch.rpm
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[jpackage-generic]
name=JPackage generic
#baseurl=http://mirrors.dotsrc.org/pub/jpackage/5.0/generic/free/
mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&type=free&release=5.0
enabled=1
gpgcheck=1
gpgkey=http://www.jpackage.org/jpackage.asc
====Installation of the packages====
yum install spacewalk-setup-embedded-postgresql
yum install spacewalk-postgresql
yum install perl-TermReadKey
=====Configuration=====
====Iptables====
.
.
-A INPUT -m state --state NEW -m tcp -p tcp --dport 69 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5222 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5432 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25150 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 25150 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25151 -j ACCEPT
.
.
service iptables restart
====GPG====
gpg --gen-key
gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 2048R/B06EB1AF 2013-04-22
uid Helux
sub 2048R/B8F3F932 2013-04-22
gpg --list-secret-keys
/root/.gnupg/secring.gpg
------------------------
sec 2048R/B06EB1AF 2013-04-22
uid Helux
ssb 2048R/B8F3F932 2013-04-22
gpg --export -a B06EB1AF > /var/tmp/heluxkey.gpg
gpg --export-secret-keys -a B06EB1AF > /var/tmp/heluxsecretkey.gpg
Only when the keys are not on the system anymore
gpg --import /var/tmp/heluxkey.gpg
gpg --allow-secret-key-import --import /var/tmp/heluxsecretkey.gpg
Change organization name
vi /usr/share/spacewalk/setup/spacewalk-public.cert
====First setup run====
spacewalk-setup --disconnected
You will get the following error:
.
.
There was a problem activating the satellite: Could not parse certificate file.
====Create a new certificate signed by our own key====
gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 2048R/B06EB1AF 2013-04-22
uid Helux
sub 2048R/B8F3F932 2013-04-22
pub 1024D/F24F1B08 2002-04-23 [expired: 2004-04-22]
uid Red Hat, Inc (Red Hat Network)
Download the magic script {{:gen-oss-sat-cert.pl.gz|}}. Unpack it.
./gen-oss-sat-cert.pl --signer B06EB1AF --resign /usr/share/spacewalk/setup/spacewalk-public.cert
====Second setup run====
spacewalk-setup --disconnected --skip-db-install
====PAM authentication====
#%PAM-1.0
auth required /lib64/security/pam_env.so
auth sufficient /lib64/security/pam_ldap.so no_user_check
auth required /lib64/security/pam_deny.so
account required /lib64/security/pam_ldap.so no_user_check
pam_auth_service = rhn-satellite
====Cobbler/TFTP====
cobbler get-loaders
cd /var/lib/cobbler/loaders
cp * /var/lib/tftpboot/
{{tag>centos}}