User Tools

Site Tools

Trace: spacewalk_centos6
spacewalk_centos6

Table of Contents

Spacewalk server with own default organization on CentOS 6

Installation

Repositories

rpm -Uvh http://yum.spacewalkproject.org/2.2/RHEL/6/x86_64/spacewalk-repo-2.2-1.el6.noarch.rpm
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
/etc/yum.repos.d/jpackage-generic.repo
[jpackage-generic]
name=JPackage generic
#baseurl=http://mirrors.dotsrc.org/pub/jpackage/5.0/generic/free/
mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&type=free&release=5.0
enabled=1
gpgcheck=1
gpgkey=http://www.jpackage.org/jpackage.asc

Installation of the packages

yum install spacewalk-setup-embedded-postgresql
yum install spacewalk-postgresql 
yum install perl-TermReadKey

Configuration

Iptables

/etc/sysconfig/iptables
.
.
-A INPUT -m state --state NEW -m tcp -p tcp --dport 69 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5222 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5432 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25150 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 25150 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25151 -j ACCEPT
.
.
service iptables restart

GPG

gpg --gen-key
gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/B06EB1AF 2013-04-22
uid                  Helux <info@helux.nl>
sub   2048R/B8F3F932 2013-04-22
gpg --list-secret-keys
/root/.gnupg/secring.gpg
------------------------
sec   2048R/B06EB1AF 2013-04-22
uid                  Helux <info@helux.nl>
ssb   2048R/B8F3F932 2013-04-22
gpg --export -a B06EB1AF > /var/tmp/heluxkey.gpg
gpg --export-secret-keys -a B06EB1AF > /var/tmp/heluxsecretkey.gpg

Only when the keys are not on the system anymore 

gpg --import /var/tmp/heluxkey.gpg
gpg --allow-secret-key-import --import /var/tmp/heluxsecretkey.gpg

Change organization name 

vi /usr/share/spacewalk/setup/spacewalk-public.cert

First setup run

spacewalk-setup --disconnected

You will get the following error: 

.
.
There was a problem activating the satellite: Could not parse certificate file.

Create a new certificate signed by our own key

gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/B06EB1AF 2013-04-22
uid                  Helux <info@helux.nl>
sub   2048R/B8F3F932 2013-04-22

pub   1024D/F24F1B08 2002-04-23 [expired: 2004-04-22]
uid                  Red Hat, Inc (Red Hat Network) <rhn-feedback@redhat.com>

Download the magic script gen-oss-sat-cert.pl.gz. Unpack it. 

./gen-oss-sat-cert.pl --signer B06EB1AF --resign /usr/share/spacewalk/setup/spacewalk-public.cert

Second setup run

spacewalk-setup --disconnected --skip-db-install

PAM authentication

/etc/pam.d/rhn-satellite
#%PAM-1.0
auth		required	/lib64/security/pam_env.so
auth		sufficient	/lib64/security/pam_ldap.so no_user_check
auth		required	/lib64/security/pam_deny.so
account		required	/lib64/security/pam_ldap.so no_user_check
/etc/rhn/rhn.conf
pam_auth_service = rhn-satellite

Cobbler/TFTP

cobbler get-loaders
cd /var/lib/cobbler/loaders
cp * /var/lib/tftpboot/
spacewalk_centos6.txt · Last modified: by herwarth

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki