Spacewalk

Spacewalk is the upstream community project from which the Red Hat Network Satellite product is derived. It provides a management interface for software content across registered servers and desktops.

1. References

This howto is based on the documents which can be found at the Spacewalk official website, to create a basic walkthrough for CentOS users.

Spacewalk official website
Official documentation
Screenshots and overview of the Spacewalk project

2. Server requirements

• CentOS 5 (i386 or x86_64)
• 1024 MB of swap space
• 20 GB of free space, 80 GB recommended
• A fully qualified domain name (FQDN) - ex.: spacewalk.domain.com

3. SELinux

The Oracle database server required by the Spacewalk server does not play well with SELinux. Edit /etc/sysconfig/selinux and set SELinux in permissive mode:

SELINUX=permissive

Restart the server to enforce this change.

4. Firewall

The following inbound TCP ports should be open on the Spacewalk server:

• 69: TFTP (PXE provisioning)
• 80: Spacewalk web interface
• 443: Spacewalk web interface (SSL)
• 5222: If you plan to push actions to client systems
• 5269: If you push actions to a Spacewalk Proxy Server
• 9000: Oracle XE web access

5. Oracle Database

In this guide Spacewalk will be installed with an Oracle 10g database server; supporting PostgreSQL as backend is a work in progress and we will update here whenever will be a viable option. Oracle Express Edition server works fine even if it has some limitations:

• 1 GB memory (max) - even if more is available
• 4 GB disk space (max)
• 1 database (max)
• 1 cpu (max) - processing resources equivalent to one CPU will be consumed at peak even if more than one CPU is available
• Oracle does not like SELinux. Therefore SELinux should, unfortunately, be disabled.

5.1. Installation

The following packages are required by the Oracle database:

yum install binutils compat-libstdc++-33 elfutils-libelf elfutils-libelf-devel
yum install glibc-common glibc-devel glibc-headers gcc gcc-c++ libaio libaio-devel
yum install libgcc libstdc++ libstdc++-devel make sysstat unixODBC unixODBC-devel

Download Oracle XE from the Oracle website. You will need to register in order to download the RPMS. Choose the Oracle Database 10g Express Edition (Universal):

• oracle-xe-univ-10.2.0.1-1.0.i386.rpm

You will also need a client to access the database. Download the Oracle Instant Client: i386 client or x86_64 according to the architecture of your server. Download all four (4) of the following RPMS:

• oracle-instantclient-basic-10.2.0.4-1.*.rpm
• oracle-instantclient-jdbc-10.2.0.4-1.*.rpm
• oracle-instantclient-devel-10.2.0.4-1.*.rpm
• oracle-instantclient-sqlplus-10.2.0.4-1.*.rpm

Install the downloaded RPM on the Spacewalk server:

rpm -Uvh oracle-xe-univ-10.2.0.1-1.0.i386.rpm
rpm -Uvh oracle-instantclient-basic-10.2.0.4-1.*.rpm oracle-instantclient-devel-10.2.0.4-1.*.rpm
rpm -Uvh oracle-instantclient-jdbc-10.2.0.4-1.*.rpm oracle-instantclient-sqlplus-10.2.0.4-1.*.rpm

Configure the Oracle database:

/etc/init.d/oracle-xe configure

The default values are fine except for the HTTP port. Use 9000 instead of 8080.

5.2. Client configuration

We need to put the Oracle clients on the default path and configure the ORACLE_HOME environment variable:

  ln -s /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/bin/oracle_env.sh /etc/profile.d/oracle_env.sh
  . /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/bin/oracle_env.sh

We also need to configure the tns names entry for our database. Edit /etc/tnsnames.ora:

XE =
    (DESCRIPTION =
       (ADDRESS_LIST =
          (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
       )
       (CONNECT_DATA =
          (SERVICE_NAME = xe)
       )
    )

Test the connection with the Oracle database server:

sqlplus system@xe

Enter the password for the system user when prompted. You should see the following message:

SQL*Plus: Release 10.2.0.1.0 - Production on Wed Dec 17 09:41:18 2008
Copyright (c) 1982, 2005, Oracle.  All rights reserved.
Connected to:
Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
SQL>

Type "quit" to exit the client interface.

5.3. Web access

The Oracle XE web interface is only accessible from localhost by default. To allow remote web access, we need to modify the listener configuration. Point your web browser to the Oracle XE web interface at http://localhost:9000/apex:

1. login: sys
2. select the "Administration" icon
3. under Tasks, click "Manage HTTP Access"
4. select "Available from local server and remove clients"
5. click "Apply Changes"

If you don't have a graphical web browser installed on the Oracle database server, you can allow remote web access via the command line:

sqlplus system@xe
SQL> EXEC DBMS_XDB.SETLISTENERLOCALACCESS(FALSE);

5.4. Setup

Point your web browser to the Oracle XE web interface at http://spacewalk.domain.com:9000/apex:

1. login: sys
2. select the "Administration" icon
3. select the "Database Users" icon

4. click on the "Create >" button
   # username: spacewalk
   # password: <passwd>
   # Give spacewalk user all system privileges (check All and add DBA role)
   

5. click on the "Create" button

5.5. Additional configuration

Spacewalk needs more simultaneous connections to its database than what is allowed by default (40). The recommended setting by the Spacewalk developers is 400. Also, a bug in Oracle XE might cause Internal Server Error (500) in Spacewalk. The following configuration changes solve these issues:

sqlplus spacewalk@xe
SQL> alter system set processes = 400 scope=spfile;
System altered.
SQL> alter system set "_optimizer_filter_pred_pullup"=false scope=spfile;
System altered.
SQL> alter system set "_optimizer_cost_based_transformation"=off scope=spfile;
System altered.
SQL> quit

Restart the Oracle database:

/etc/init.d/oracle-xe restart

6. Yum

6.1. EPEL

Spacewalk requires packages available from the EPEL repository. Edit /etc/yum.repos.d/epel.repo:

[epel]
name=Extra Packages for Enterprise Linux 5 - $basearch
#baseurl=http://download.fedora.redhat.com/pub/epel/5/$basearch
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
failovermethod=priority
gpgkey=http://download.fedora.redhat.com/pub/epel/RPM-GPG-KEY-EPEL
gpgcheck=1
enabled=1
includepkgs=bea-stax* cobbler gc gc-devel git* jabberd jabberpy* jakarta-commons-cli jcommon jfreechart \
            libapreq2 libgsasl* libntlm* libyaml perl-Algorithm-Diff perl-Apache-DBI perl-BerkeleyDB    \
            perl-Cache-Cache perl-Class-MethodMaker perl-Class-Singleton perl-Convert-BinHex            \
            perl-Config-IniFiles perl-Crypt-DES perl-Crypt-GeneratePassword perl-DateTime               \
            perl-DateTime-Format-Mail perl-DateTime-Format-W3CDTF perl-Error perl-FreezeThaw            \
            perl-Frontier-RPC perl-GD perl-Git perl-Math-FFT perl-HTML-TableExtract perl-IO-Capture     \
            perl-IO-stringy perl-IPC-ShareLite perl-libapreq2 perl-MIME-Lite perl-MIME-tools            \
            perl-Net-SNMP perl-Params-Validate perl-Proc-Daemon perl-SOAP-Lite perl-TermReadKey         \
            perl-Text-Diff perl-Unix-Syslog perl-XML-RSS perl-version perlAlgorithm-Diff python-cheetah \
            python-netaddr PyYAML python-simplejson rhino tzdata-java udns*

6.2. Spacewalk

The following yum repository contains the core components of Spacewalk version 0.6. Edit /etc/yum.repos.d/spacewalk.repo:

[spacewalk]
name=Spacewalk version 0.6 for Enterprise Linux - $basearch
baseurl=http://spacewalk.redhat.com/yum/0.6/RHEL/5/$basearch/os/
gpgkey=http://spacewalk.redhat.com/yum/RPM-GPG-KEY-spacewalk
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-former
enabled=1
gpgcheck=1

6.3. Additional yum repositories

If you want to use your Spacewalk server to manage additional yum repositories, we recommend to create a file named /etc/reposync.conf. Below is an example file used to manage the RPMforge repository. We strongly recommend using the includepkgs directive to protect the base distro packages and limit the occupied disk space:

[rpmforge]
name = RPMforge for Enterprise Linux 5 - $basearch
#baseurl = http://apt.sw.be/redhat/el5/en/$basearch/dag
mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge
gpgkey = http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
gpgcheck=1
includepkgs=amavisd-new arc cabextract clamav* clamd freeze lha lzop nomarch perl-Archive-Zip perl-Convert-TNEF \
            perl-Convert-UUlib perl-MailTools perl-Net-Server ripole unarj zoo

6.4. GPG keys

By default, Spacewalk will refuse to distribute unsigned RPMS or RPMS signed with an unknown key. We make sure we have all the relevant GPG keys installed:

wget http://download.fedora.redhat.com/pub/epel/RPM-GPG-KEY-EPEL
mv RPM-GPG-KEY-EPEL /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
wget http://www.redhat.com/security/db42a60e.txt
mv db42a60e.txt /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-former
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-former
wget http://www.redhat.com/security/37017186.txt
mv 37017186.txt /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
wget http://spacewalk.redhat.com/yum/RPM-GPG-KEY-spacewalk
mv RPM-GPG-KEY-spacewalk /etc/pki/rpm-gpg/RPM-GPG-KEY-spacewalk
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-spacewalk
wget http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
mv RPM-GPG-KEY.dag.txt /etc/pki/rpm-gpg/RPM-GPG-KEY-dag
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-dag

7. Spacewalk Server

7.1. Installation

Remove the specspo package if present since it conflicts with Spacewalk.

rpm -e specspo

We use yum to fetch the rather long list of dependencies for the Spacewalk software:

yum install spacewalk
yum update

7.2. Configuration

Configure the Spacewalk application:

LANG=C; spacewalk-setup --disconnected
Available database backends:
   oracle
   postgresql
Database? oracle
* Setting up Oracle environment.
* Setting up database.
** Database: Setting up database connection.
DB User? spacewalk
DB Password?
DB SID? xe
DB hostname? localhost
DB port [1521]?
DB protocol [TCP]?
** Database: Testing database connection.
** Database: Populating database.
*** Progress: #############################################
* Setting up users and groups.
** GPG: Initializing GPG and importing key.
** GPG: Creating /root/.gnupg directory
You must enter an email address.
Admin Email Address? webmaster@domain.com
* Performing initial configuration.
* Activating Spacewalk.
** Loading Spacewalk Certificate.
** Verifying certificate locally.
** Activating Spacewalk.
* Enabling Monitoring.
* Configuring apache SSL virtual host.
Should setup configure apache's default ssl server for you (saves original ssl.conf) y/n? y
** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave
* Creating SSL certificates.
CA certificate password?
Re-enter CA certificate password?
Organization? domain.com
Organization Unit [opaplnx30.intra.azosp.vr.it]? spacewalk.domain.com
Email Address [webmaster@domain.com]?
City? Verona
State? Italy
Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? IT
** SSL: Generating CA certificate.
** SSL: Deploying CA certificate.
** SSL: Generating server certificate.
** SSL: Storing SSL certificates.
* Deploying configuration files.
* Update configuration in database.
* Setting up Cobbler..
Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services (y/n, default = 'y')?y
* Restarting services.
Installation complete.
Visit https://spacewalk.domain.com to create the Spacewalk administrator account.

Point your web browser at https://spacewalk.domain.com to create the satellite administrator account.

7.2.1. Activation Key

Using the Spacewalk web interface, create a default activation key to register your systems. Navigate to Systems -> Activation keys and click on "create new key".

• Description: default key
• Universal default: checked

7.2.2. Channel configuration

In order to use Spacewalk to manage CentOS servers and desktop, we need to configure and populate software channels. As of Spacewalk 0.6, it is now possible to directly fetch the content of yum repositories with the spacewalk-repo-sync utility. By default, packages are pushed to the /var/satellite directory. Navigate to Admin -> Spacewalk Configuration -> General if you want to change this value.

mkdir /var/satellite
chown apache:root /var/satellite

It is now time to create a channel inside the Spacewalk web interface. Navigate to Channels -> Manage Software Channels and click on "create new channel".

7.2.2.1. CentOS 5 Base for i386

Here is a configuration example for the CentOS 5 Base i386 channel:

Basic Channel Details
 * Channel Name: CentOS 5 Base - i386
 * Channel Label: centos5-base-i386
 * Parent Channel: None
 * Parent Channel Architecture: IA-32
 * Yum Repository Checksum Type: sha1
 * Channel Summary: CentOS 5 Base for i386 architecture
Associated yum repository
 * Repository URL: http://mirror.centos.org/centos/5/os/i386/
 * Label: centos5-base-i386
 * Sync Repo: enabled
Security: GPG
 * GPG key URL: http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
 * GPG key ID: E8562897
 * GPG key Fingerprint: 473D 66D5 2122 71FD 51CC 17B1 A8A4 47DC E856 2897

Edit /etc/cron.daily/spacewalk_sync.cron:

#!/bin/sh
# try to create the lock and check the outcome
LOCKFILE=/var/run/spacewalk_sync.lock
lockfile -r 0 ${LOCKFILE} 1>/dev/null 2>&1
status=$?
if [ ${status} -ne 0 ] ;then
        echo "Another instance already running. Aborting."
        exit 1
fi
trap "rm ${LOCKFILE}" EXIT
/usr/bin/spacewalk-repo-sync --channel centos5-base-i386 \
                             --url http://mirror.centos.org/centos/5/os/i386/ \
                             --type yum --label centos5-base-i386 > /dev/null

chmod 700 /etc/cron.daily/spacewalk_sync.cron
chown root:root /etc/cron.daily/spacewalk_sync.cron

7.2.2.2. CentOS 5 Updates for i386

Here is a configuration example for the CentOS 5 Updates i386 channel:

Basic Channel Details
 * Channel Name: CentOS 5 Updates - i386
 * Channel Label: centos5-updates-i386
 * Parent Channel: CentOS 5 Base - i386
 * Parent Channel Architecture: IA-32
 * Yum Repository Checksum Type: sha1
 * Channel Summary: CentOS 5 Updates for i386 architecture
Associated yum repository
 * Repository URL: http://mirror.centos.org/centos/5/updates/i386/
 * Label: centos5-updates-i386
 * Sync Repo: enabled
Security: GPG
 * GPG key URL: http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
 * GPG key ID: E8562897
 * GPG key Fingerprint: 473D 66D5 2122 71FD 51CC 17B1 A8A4 47DC E856 2897

Edit /etc/cron.daily/spacewalk_sync.cron and add these lines:

/usr/bin/spacewalk-repo-sync --channel centos5-updates-i386 \
                             --url http://mirror.centos.org/centos/5/updates/i386/ \
                             --type yum --label centos5-updates-i386 > /dev/null

7.2.2.3. Spacewalk for i386

Here is a configuration example for the Spacewalk i386 channel:

Basic Channel Details
 * Channel Name: Spacewalk - i386
 * Channel Label: spacewalk-i386
 * Parent Channel: CentOS 5 Base - i386
 * Parent Channel Architecture: IA-32
 * Yum Repository Checksum Type: sha1
 * Channel Summary: Spacewalk for i386 architecture
Associated yum repository
 * Repository URL: http://spacewalk.redhat.com/yum/0.6/RHEL/5/i386/os/
 * Label: spacewalk-i386
 * Sync Repo: enabled
Security: GPG
 * GPG key URL: http://spacewalk.redhat.com/yum/RPM-GPG-KEY-spacewalk
 * GPG key ID: 430A1C35
 * GPG key Fingerprint:

Edit /etc/cron.daily/spacewalk_sync.cron and add these lines:

/usr/bin/spacewalk-repo-sync --channel spacewalk-i386 \
                             --url http://spacewalk.redhat.com/yum/0.6/RHEL/5/i386/os/ \
                             --type yum --label spacewalk-i386 > /dev/null

7.2.2.4. Extra Packages Enterprise Linux 5 for i386

Here is a configuration example for the Extra Packages Enterprise Linux 5 i386 channel:

Basic Channel Details
 * Channel Name: EPEL5 - i386
 * Channel Label: epel5-i386
 * Parent Channel: CentOS 5 Base - i386
 * Parent Channel Architecture: IA-32
 * Yum Repository Checksum Type: sha1
 * Channel Summary: Extra Packages Enterprise Linux 5 for i386 architecture
Associated yum repository
 * Repository URL: http://download.fedora.redhat.com/pub/epel/5/i386/
 * Label: epel5-i386
 * Sync Repo: disabled
Security: GPG
 * GPG key URL: http://download.fedora.redhat.com/pub/epel/RPM-GPG-KEY-EPEL
 * GPG key ID: 217521F6
 * GPG key Fingerprint:

For this channel, we do not want to fetch the whole yum repository. Instead, we would like to fetch the packages listed in its yum configuration file under the 'includepkg' directive. To do so, we will need to use the reposync utility. With the reposync command, we will download the EPEL packages and create a local yum repository. The spacewalk-repo-sync command will then be used to fetch the packages from this local yum repository.

yum install yum-utils createrepo

Create the placeholder for the local yum repository:

mkdir -p /var/www/html/pub/CentOS5-i386

Edit /etc/cron.daily/spacewalk_sync.cron and add these lines:

reposync --arch=i686 --repoid=epel -p /var/www/html/pub/CentOS5-i386 -d -l -g -n -q > /dev/null
cd /var/www/html/pub/CentOS5-i386/epel
createrepo /var/www/html/pub/CentOS5-i386/epel > /dev/null
/usr/bin/spacewalk-repo-sync --channel epel5-i386 \
                             --url file:///var/www/html/pub/CentOS5-i386/epel/ \
                             --type yum --label epel5-i386 > /dev/null

7.2.2.5. RPMforge Enterprise Linux 5 for i386

Here is a configuration example for the RPMforge Enterprise Linux 5 i386 channel:

Basic Channel Details
 * Channel Name: RPMforge EL5 - i386
 * Channel Label: rpmforge-el5-i386
 * Parent Channel: CentOS 5 Base - i386
 * Parent Channel Architecture: IA-32
 * Yum Repository Checksum Type: sha1
 * Channel Summary: RPMforge Enterprise Linux 5 for i386 architecture
Associated yum repository
 * Repository URL: http://apt.sw.be/redhat/el5/en/i386/dag/
 * Label: rpmforge-el5-i386
 * Sync Repo: disabled
Security: GPG
 * GPG key URL: http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
 * GPG key ID: 6B8D79E6
 * GPG key Fingerprint:

For this channel, we do not want to fetch the whole yum repository. Instead, we would like to fetch the packages listed in its yum configuration (/etc/reposync.conf) file under the 'includepkg' directive.

Edit /etc/cron.daily/spacewalk_sync.cron and add these lines:

reposync --arch=i686 --repoid=rpmforge -c /etc/reposync.conf -p /var/www/html/pub/CentOS5-i386 -d -l -g -n -q > /dev/null
cd /var/www/html/pub/CentOS5-i386/rpmforge
createrepo /var/www/html/pub/CentOS5-i386/rpmforge > /dev/null
/usr/bin/spacewalk-repo-sync --channel epel5-i386 \
                             --url file:///var/www/html/pub/CentOS5-i386/rpmforge/ \
                             --type yum --label rpmforge-el5-i386 > /dev/null

7.2.2.6. GPG keys

For Spacewalk clients convenience, we place all the public GPG keys of the managed packages on the web server. The keys will be available from http://spacewalk.domain.com/pub.

cp /etc/pki/rpm-gpg/RPM-GPG-KEY-* /var/www/html/pub/

7.3. Upgrade

You will need to update the yum configuration file /etc/yum.repos.d/spacewalk.repo and the cron script /etc/cron.daily/spacewalk_sync.cron in order to upgrade from a previous version of Spacewalk.

8. Spacewalk Client (simple configuration)

Each client must be configured to use the Spacewalk server as its source for RPM packages. We configure the Spacewalk repository on the client machine to fetch the required packages. Edit /etc/yum.repos.d/spacewalk.repo:

[spacewalk]
name=Spacewalk version 0.6 for Enterprise Linux - $basearch
baseurl=http://spacewalk.redhat.com/yum/0.6/RHEL/5/$basearch/os/
gpgkey=http://spacewalk.redhat.com/yum/RPM-GPG-KEY-spacewalk
enabled=1
gpgcheck=1

We are now ready to download the required packages:

yum install rhn-setup yum-rhn-plugin

We now register the client to the Spacewalk server:

rhnreg_ks --serverUrl=http://spacewalk.domain.com/XMLRPC --activationkey=<default-activation-key>

On the Spacewalk web interface, navigate to Systems -> Overview. Your client system should now be present in the list. Select it and click on "Alter Channel Subscriptions" link below the "System Info" section. In the "Base Software Channel" section, select the CentOS 5 Base - i386 channel and click on the Confirm button. You can subscribe your system to child channels once you are back to the Software Channel management page.

You can now safely disable your locally configured yum repositories if a corresponding Spacewalk channel has been configured. Edit repo files in /etc/yum.repos.d and make sure relevant sections contains the string:

enabled=0

9. Using Cobbler to manage Spacewalk Clients

Cobbler is bundled in Spacewalk since version 0.4. Cobbler is an installation service and is used to simplify server provisioning tasks. We will demonstrate how you can use Cobbler inside Spacewalk to provision a new server into your existing network.

In the previous steps, we outlined how to create a CentOS 5 - i386 distribution. We will now explain how to use Cobbler for provisioning a new server with CentOS 5 - i386.

9.1. Populating the distribution tree

The Spacewalk server must contain the entire kickstart tree for the distribution. This tree includes the kernel, initrd, and repo information. This directory should be readable by the apache and tomcat users.

mkdir -p /var/iso-images /var/distro-trees

Download the first binary ISO image of the distribution as /var/iso-images/CentOS-5-i386-bin-1.iso. This file contains the required files.

mount -o loop /var/iso-images/CentOS-5-i386-bin-1.iso /var/distro-trees/CentOS-5-i386

We also edit /etc/fstab to automatically mount the ISO image at boot time:

/var/iso-images/CentOS-5-i386-bin-1.iso  /var/distro-trees/CentOS-5-i386 iso9660  rw,loop=/dev/loop0 0 0

9.2. Create a new distribution

Navigate in the Spacewalk interface and select Systems -> Kickstart -> Distributions. Click on the 'create a new distribution' link.

Distribution Label: CentOS-5-i386
Tree Path: /var/distro-trees/CentOS-5-i386
Base Channel: CentOS 5 Base - i386
Installer Generation: Red Hat Enterprise Linux 5

Click on the 'Create Kickstart Distribution' button.

9.3. Create a new kickstart profile

In order to successfully install our distribution, we need a kickstart file. This is a simple text file containing a list of items, each identified by a keyword, that answers the questions from the anaconda installer.

Navigate in the Spacewalk interface and select Systems -> Kickstart. Click on the 'create a new kickstart profile' link.

Label: CentOS-5-i386
Channel Base: CentOS 5 Base - i386
Kickstartable Tree: CentOS-5-i386
Virtualization Type: None

Click on the 'Next' button.

On the next screens, leave the default download location and pick a password for the root user.

Navigate in the Spacewalk interface and select Systems -> Kickstart -> Profiles. Select the 'CentOS-5-i386' profile. Under the 'Operating System' tab, activate both 'centos5-updates-i386' and 'spacewalk-i386' channels. Other child channels can be activated too.

9.4. TFTP server

The kickstart profile is exposed to the network via TFTP. Edit the TFTP service configuration file (/etc/xinetd.d/tftp) and change the value of "disabled" to "no". Then, make sure the xinetd service is running:

/etc/init.d/xinetd start
chkconfig xinetd on

The TFTP port (69) on your Spacewalk server will need to accept connections from the network.

9.5. Network configuration

You need a DHCP server that sets filename and next-server variables correctly. If you are using the dhcp daemon, edit /etc/dhcpd.conf and add these options to your configuration:

        filename "pxelinux.0";
        next-server <spacewalk server IP address>;

You will need to reload the DHCP service to enforce this change.

The servers you are provisionning should be able to resolve the hostname of your Spacewalk server. Make sure there is an entry for your Spacewalk server hostname in the relevant DNS server(s).

9.6. Client server

While a server without an OS will cycle through the possible ways to boot until it reaches the PXE boot method, a server with an already installed OS may not reach the PXE boot method. Place the PXE boot method at the top of the list of boot methods in the server BIOS to make sure the server will have the opportunity to be controlled via PXE.

Upon booting, the client server will be presented with a screen where the 'CentOS-5-i386' option is presented. Select it to start the automated installation of the client server.

After the client server installation, log into the server with the root password you configured previously. Disable your locally configured yum repositories by editing the repo files in /etc/yum.repos.d. Make sure relevant sections contains the string:

enabled=0

Then, navigate in the Spacewalk interface and select Systems. Pick the newly installed client server. In the Details -> Overview screen, click on the 'Alter Channel Subscriptions' link. Set the appropriate channels for your newly managed server.

This wiki is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.