, 2 Guests, 1 Bot


Print This Post Print This Post

Spacewalk Configuration for Red Hat Packages


A few months ago I build a Spacewalk server to automate patching of Linux machines. Well after a lot of banging my head against the wall I finally got the system work and auto updating. Depending on what you what you are looking for in your Spacewalk server will have an impact on what you really need to do. I was trying to get Red Hat patches to auto download and import into Spacewalk so when it came time to patch they were there and read to go. So here is what I did.

My first mistake was while testing the registering of systems I registered the Spacewalk server to itself. While this does work, to get Red Hat patches you need a system that is registered with Red Hat. So we did a little copy and replace to get the machine back to using the RHN network. Once this was done and it was registered we were ready to get started. We already had Mrepo installed so we could build a repos for the packages. Spacewalk doesn’t interact with Red Hat directly, if you want that you have to buy Red Hat Satellite. It is the Red Hat version of Spacewalk and come ready to go, unfortunately it was not in the card for me. So back to Mrepo. I used the rpm file I got from RPM Here is the link to the Mrepo files. Click here.  Simple install and it is ready for configuration.

There are a few files you will need to look at.  Then mrepo.conf file is located in etc and has login info for a Red Hat account, which you will need.  The version I installed used /etc/mrepo.conf.d as the place to configure your channels to download from.  The configuration of theses file is pretty straight forward and really doesn’t need my spin.  But you will need one for each channel that you plan to download.  Whether it be from Red Hat, CentOS, or Fedora.  I am working with Red Hat so things are different, if you anted CentOS you don’t need mrepo at all.  You can just download them straight into Spacewalk.  I need the mrepo work around because you have to login to RHN to get these patches.  Here is what the base channel config looks like.


srcdir = /var/mrepo
wwwdir = /var/www/mrepo
confdir = /etc/mrepo.conf.d
arch = i386

mailto = root@localhost
smtp-server = localhost

#rhnlogin = username:password

Channel files in /etc/mrepo.conf.d

name = Distribution example $release ($arch)
release = 2
arch = i386 i586 i686 x86_64
metadata = repomd
os = rsync://$release/$arch/$repo/
updates = rsync://$release/$arch/$repo/

You can customize a lot of these settings for location of files and what all you want to be in the repo.  Anyway if you have not messed with Mrepo here is the basic config.

Next you will need to generate system IDs for each channel that you plan to download.  This is simple and you just run the following command for each architecture.  The following command is just a guide but you will need to know where you want to store the systemid file and you will need it to download from Red Hat.  I stored mine in the /var/satellite directory.  This is the default Spacewalk package storeage point as well.

 gensystemid -u redhatuser -p password –release=5Server –arch=x86_64 /var/satellite/mrepo/5Server-x86_64/


gensystemid -u redhatuser -p password –release=5Workstation –arch=i386 /var/satellite/mrepo/5Workstation-i386/

Now that we have system IDs for each channel we will register with Red Hat for each channel.  Once you register you will need to go into the RHN website and check the permissions for each registration so you can download what you need.  So if you wanted Supplementary or optional packages you would check that box.  You should know that each registration take 1 Red Hat license.

With that out of the way we will set up the mrepo download process.  I had problems with Mrepo throwing an error I decided to run the download command manually.  The command is a log string but it worked great for me.  After it is done you would just run the mrepo generate command to build the repo.  I built the system on RHEL 6 so maybe there are some problems with compatibility, but most likely I needed to install something to fix the problem.  So if mrepo work fine you just run mrepo -ugvvv.  It will update and build you repos.  With my errors I did it this way.

rhnget -v -v -v -v -v –delete –systemid=”/var/satellite/mrepo/5Server-x86_64/systemid” –release=”5Server” –username=”redhatuser” –password=”password” ‘rhns:////rhel-x86_64-server-5’ ‘/var/satellite/mrepo/5Server-x86_64/updates’

 mrepo -gvvv

This will take a while if it is the first time.  It will pull down a few thousand packages.  So I wrote a script that put this command in for each channel I wanted to download and then run the mrepo command at the end.  This gives me all the package and you can check it by going to the mrepo webpage that will be hosted from you Spacewalk server.

With all of the packages downloaded I had to import then into Spacewalk.  This was pretty easy and just required a command that you would of  jumped to if you had CentOS or Fedora.  This command imports and write the packages to the Spacewalk db.  Spacewalk stores the packages in directory after directory so digging through /var/satellite/”channel name”  will be a little on the crazy side.  Anyhow, you need to have your channels configured in Spacewalk for each architecture you are going to have packages for.  So in Spacewalk go to channels and create channel.  You will want to put some thought into how you want to do this because it would require deleting and reimporting everything for any changes you wan to make.  So the import command is the following.

rhnpush -vvv –newest –channel=rhel5_x86_64_local –server=http://localhost/APP –dir=/var/satellite/mrepo/5Server-x86_64/updates 

Let me break this command down a little.  My channels are all OS and arch,  rhel5_x86_64_local.  You will have to have the –server=http://localhost/APP statement in hte command for Spacewalk.  It will fail without it.  Finally the dir is the location you plan to pull the packages from.  So if this was a repo on the internet that you could download from, you would just put the url here.  This will also take a while to run for the first time.  Once this is completed and runs correctly, you will have a channel in Spacewalk with a few thousand packages.  

I also needed to get the Errata information for my Spacewalk server.  For this I used some scripts that I found on the Internet.  It is called  You can go to the Github for the script by clicking HERE.  If you are using Red Hat like I am you will use the file.  When you open it you will have to do a little configuration to set it up for the channels you need.    This give you all the Errata imported into Spacewalk as long as the channels are updated.  If you are missing packages it will not upload that particular Errata.  But it works and I have all the Errata I need.  Here is an example of the config.

/(path to scripts)/ –server localhost –channel rhel-i386-server-5 –os-version 5 –publish –redhat –startfromprevious twoweeks –quiet

There is a ya-errata-import.cfg file that will need some user account information so you can download and upload the Errata.

Now that we have all of the part working I just tied it together in two scripts. I grouped the mrepo stuf together and the Spacewalk stuff together.
This was to help if part of it error-ed out I could troubleshoot and it would not kill the entire process. So here are my two scripts that I put
together. Now the scripts my not be perfect but they work.


###This script will pull down the updates from Red Hat for each OS

### RHEL 5 Svr x86_64 ###
rhnget -v -v -v -v -v –delete –systemid=”/var/satellite/mrepo/5Server-x86_64/systemid” –release=”5Server” –username=”redhatuser” –password=”password” ‘rhns:////rhel-x86_64-server-5’ ‘/var/satellite/mrepo/5Server-x86_64/updates’ || rhnget -v -v -v -v -v –delete  –systemid=”/var/satellite/mrepo/5Server-x86_64/systemid” –release=”5Server” –username=”redhatuser” –password=”password” ‘rhns:////rhel-x86_64-server-5’ ‘/var/satellite/mrepo/5Server-x86_64/updates’
### RHEL 5 Svr i386 ###
rhnget -v -v -v -v -v –delete –systemid=”/var/satellite/mrepo/5Server-i386/systemid” –release=”5Server” –username=”redhatuser” –password=”password”  ‘rhns:////rhel-i386-server-5’ ‘/var/satellite/mrepo/5Server-i386/updates’ || rhnget -v -v -v -v -v –delete –systemid=”/var/satellite/mrepo/5Server-i386/systemid” –release=”5Server” –username=”redhatuser” –password=”password” ‘rhns:////rhel-i386-server-5’ ‘/var/satellite/mrepo/5Server-i386/updates’

### RHEL 6 Svr x86_64 ###
rhnget -v -v -v -v -v –delete –systemid=”/etc/sysconf/rhn/systemid” –release=”6Server” –username=”redhatuser” –password=”password” ‘rhns:////rhel-x86_64- server-6’ ‘/var/satellite/mrepo/rhel6es-x86_64/updates’ || rhnget -v -v -v -v -v –delete –systemid=”/etc/sysconf/rhn/systemid” –release=”6Server” –username=”redhatuser” –password=”password” ‘rhns:////rhel-x86_64-server-6’  ‘/var/satellite/mrepo/rhel6es-x86_64/updates’
### RHEL 6 WS x86_64 ###
rhnget -v -v -v -v -v –delete –systemid=”/var/satellite/mrepo/rhel6ws-x86_64/systemid” –release=”6Workstation” –username=”redhatuser” –password=”password” ‘rhns:////rhel-x86_64-workstation-6’ ‘/var/satellite/mrepo/rhel6ws-x86_64/updates’ || rhnget -v -v -v -v -v –delete –systemid=”/var/satellite/mrepo/rhel6ws-x86_64/systemid” –release=”6Workstation” –username=”redhatuser” –password=”password” ‘rhns:////rhel-x86_64-workstation-6’ ‘/var/satellite/mrepo/rhel6ws-x86_64/updates’

mrepo -gv > /var/log/mrepo.log

I added the fail over with the second part of the command. If it is pulling down a lot of packages it would time out about half way through.
This seems to take care of it. Then once it downloads all of the packages it will build the repos for each channel. I have it log to a file
and have the exit code for each piece of the script. Then I can check the log and see if it ran ok or error-ed out.

The next part it the Spacewalk portion. This uploads to all of the packages from mrepo to Spacewalk channels. Then it imports the Errata.
You can set how far back you want it to go for the Errata download. I have it do a week after I imported the past year. Here is the Spacewalk
portion of the update scripts.


### updates packages from mrepo to spacewalk

###### RHEL 5 i386 ########
rhnpush -vvv  –newest –username=spacewalkuser –password=”users password” –channel=rhel5_i386_local –server=http://localhost/APP –dir=/var/satellite/mrepo/5Server-i386/updates

###### RHEL 5 x86_64 ######
rhnpush -vvv  –newest –username=spacewalkuser –password=”users password” –channel=rhel5_x86_64_local –server=http://localhost/APP –dir=/var/satellite/mrepo/5Server-x86_64/updates

###### RHEL 6 Server x86_64 ######
rhnpush -vvv  –newest –username=spacewalkuser –password=”users password” –channel=rhel6_x86_66_local –server=http://localhost/APP –dir=/var/satellite/mrepo/rhel6es-x86_64/updates

###### RHEL 6 WS x86_64 ######
rhnpush -vvv  –newest –username=spacewalkuser –password=”users password” –channel=rhel6-ws-x86_64 –server=http://localhost/APP –dir=/var/satellite/mrepo/rhel6ws-x86_64/updates

###Get Errata for everything

Now with the scripts put togetther I placed them in a folder in roots account.  Then I changed the permissions to 700 on everything for the root account.  That way only root could see the files due to password being in them.  You can do security on these scripts anyway you want as long as the user that will run create the cron can have access to them.  Finally you need to setup the cron jobs to have them run when ever you want them too.  I have them run everyday at 0200 in the morning.   This way my Spacewalk server is up-to-date at all times and ready to push out patches.  So this a shot, it my help you or it may not.  But it is a good start for someone who is starting from scratch.  Good luck.

Print This Post Print This Post

Linux Management with Spacewalk


I recently built a Spacewalk 2.1 server to automate certain administration functions for my Linux machines. Installation was pretty straight forward as long as you don’t have any problems. However once I got it running it was really a great way to manage my systems. First let’s get a little info on the product.

Spacewalk is an open source Linux systems management solution. Spacewalk is the upstream community project from which the Red Hat Satellite product is derived. Spacewalk manages software content updates for Red Hat derived distributions such as Fedora, CentOS, and Scientific Linux, within your firewall. You can stage software content through different environments, managing the deployment of updates to systems and allowing you to view at which update level any given system is at across your deployment. A central web interface allows viewing of systems, their associated software update status, and initiating update actions. Spacewalk provides provisioning and monitoring capabilities, allowing you to manage your systems throughout their lifecycle. Via Provisioning, Spacewalk enables you to kickstart provision systems and manage and deploy configuration files. The monitoring feature allows you to view the status off your systems alongside their software update status.

Here is a pic of the WebUI.


With all of that out of the way I can talk about the installation process. You will need a base OS, for this I used CentOS 6 with no GUI. This help lower the overhead and you will not have much of a need for a GUI on the OS. However if you want one you can. Here is the link to the wiki that has the install information and any additional stuff you may need to research.

First you will need to add the Spacewalk and EPEL repos to the server. The Spacewalk repo is located at if you want to download the packages and do this manually. So to install the repo enter the following command.

rpm -Uvh

rpm -Uvh

You will also need to add the jpackage repo with the following command. The link to the repo is

cat > /etc/yum.repos.d/jpackage-generic.repo << EOF
name=JPackage generic

Now you need to decide what type of database you want to use. You can use Oracle XE or PostgreSQL. I have built this server using Oracle 11g and with PostgreSQL. If you use a separate Oracle server you need to make sure the database permissions are set just as Spacewalk says. If not you will run into all kinds of problems right from the get go. Oracle setup can be found at the following link: But for this we will use PostgreSQL because it is easier to setup and you can use yum without downloading the Oracle packages.

yum install spacewalk-setup-postgresql

Now that the database server is installed we can move on to installing Spacewalk itself. For PostgreSQL we will use the following command

yum install spacewalk-postgresql

This will install the Spacewalk packages and set it up to use PostgreSQL. Spacewalk will need to have a FQDN that resolves. So you can use the hosts file or DNS to accomplish this. Once this is complete you will need to start the Spacewalk install and configuration. Start by entering the following command.

spacewalk-setup –disconnected

You will see output similar to the following. However the example below used Oracle.

* Setting up Oracle environment.
* Setting up database.
** Database: Setting up database connection for Oracle backend.
Database service name (SID)? XE
Username? spacewalk
** Database: Testing database connection.
** Database: Populating database.
*** Progress: ####
* Setting up users and groups.
** GPG: Initializing GPG and importing key.
** GPG: Creating /root/.gnupg directory
You must enter an email address.
Admin Email Address? root@localhost
* Performing initial configuration.
* Activating Spacewalk.
** Loading Spacewalk Certificate.
** Verifying certificate locally.
** Activating Spacewalk.
* Enabling Monitoring.
* Configuring apache SSL virtual host.
Should setup configure apache’s default ssl server for you (saves original ssl.conf) [Y]?
** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave
* Configuring tomcat.
** /etc/tomcat5/tomcat5.conf has been backed up to tomcat5.conf-swsave
** /etc/tomcat5/server.xml has been backed up to server.xml-swsave
** /etc/tomcat5/web.xml has been backed up to web.xml-swsave
* Configuring jabberd.
* Creating SSL certificates.
CA certificate password?
Re-enter CA certificate password?
Organization? Fedora
Organization Unit []? Spacewalk Unit
Email Address [root@localhost]?
City? Brno
State? CZ
Country code (Examples: “US”, “JP”, “IN”, or type “?” to see a list)? CZ
** SSL: Generating CA certificate.
** SSL: Deploying CA certificate.
** SSL: Generating server certificate.
** SSL: Storing SSL certificates.
* Deploying configuration files.
* Update configuration in database.
* Setting up Cobbler..
Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y/n]?
cobblerd does not appear to be running/accessible
* Restarting services.
Installation complete.
Visit to create the Spacewalk administrator account.
Once this is complete you will be able to access the Spacewalk web page. There is still some more stuff that needs to be done. One is setting up the iptables for the system, unless you decide to disable iptables altogether. Here is the commands you need to open the ports.
iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 443 -j ACCEPT
iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 5222 -j ACCEPT
iptables -A OUTPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
iptables -A OUTPUT -m state –state NEW -m tcp -p tcp –dport 443 -j ACCEPT
iptables -A OUTPUT -m state –state NEW -m tcp -p tcp –dport 4545 -j ACCEPT
iptables -A OUTPUT -m state –state NEW -m tcp -p tcp –dport 1521 -j ACCEPT
iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 1521 -j ACCEPT
iptables save

Outbound open ports 80, 443, 4545 (only if you want to enable monitoring) Inbound open ports 80, 443, 5222 (only if you want to push actions to client machines) and 5269 (only for push actions to a Spacewalk Proxy), 69 udp if you want to use tftp.

The server is functional but you will need to do several more things to make it useful. You will need to configure users that can be accomplished in the Users tab. Also you will need to create channels for the packages. Creating channels is easy, but you need to decide if you want repos for these channels. This is accomplished in the channels tab by going to Manage Software Channels. You will need to create at least one channel. However I would create a channel for each OS and architecture you will be managing. Then create repos for each mirror repo you plan to have on the server. Then you can click on the channel and assign the repos to the channels you want them attached to. This is done by clicking on the channel, go to repositories, and check the box. Then you can select sync and Spacewalk will download the packages for you. This will take some time depending on size of the repo and when Spacewalk picks up the task.

Another way you can upload packages is using the physical media or ISO of the OS. You would mount it to the operating system. Spacewalk will not connect directly to RedHat so if you manage RHEL systems you will have to upload packages using this method. So if my DVD is mounted in media and is RedHat 6 I would use the following command.

rhnpush -vvv –channel=rhel6_x86_64 –server=http://localhost –dir=/media/Packages

The only things you would change is the channel name and the exact directory the packages are located. The switch –vvv give you a very verbose execution and http://localhost is required to work correctly. This process will take a long time depending on the number of packages and speed of the system.

Now that we have packages and users we will want to register systems to the Spacewalk server. You will need to create an activation key using the Spacewalk WebUI. On the overview screen click on manage activation keys. Then create new key. You can have it auto generate or enter a string yourself. I would create your own and enter something simple. The auto generated key is a long alphanumeric string. Now we will install the Spacewalk client repo, install some packages, and register the systems. This is done with the following commands. Remember to change the link based on the type of OS you are using.

rpm -Uvh

There are two dependancies that may or may not be present. They are jabberpy and python-hashlib for RHEL 5 based OSes and just jabberpy for RHEL 6 based systems. You can install them as part of the YUM entry if they are in a repo you have installed or as standalone RPM files. Enter the following command to install the client packages.

yum install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin osad

Once the packages are installed you can register the system using the following command.

rhnreg_ks –serverUrl=http://<yourSpacewalkserveraddress>/XMLRPC –activationkey=1-<youractivationkey>

Then check in the Spacewalk WebUI to see if the system shows up.

We now have system and packages so you can try to install something to see if it is working. The following are some CLI commands that can be used to accomplish certain tasks.

Spacewalk-service — can be used with start|stop|status to control the Spacewalk service.

rhn_check —     this command forces the OS to check in with the Spacewalk server. Spacewalk  monitored systems check in around every 4 hours. So if you want    something done know you need to run this command. Also using the –vvv switch will help you in troubleshooting any problems.

spacewalk-repo-sync –channel <yourchannel> –url <repo to sync to url>  —   This command will sync now instead of waiting for Spacewalk.

Rhnmd This command will force monitoring task to run now.

This is a good start for building your Spacewalk server. There are tons of features that can be added to make the server monitor systems resources, run Open SCAP scans on the systems, configuration management, and have Errata for different OSes. I had to stumble my way through a great deal of the setup because there is no show all document out there. So I hope this helps you on your way and good luck. I use this server every day and it makes takes so much easier. Good luck.

Print This Post Print This Post

Hyper-V 2012 Server Core


I have been studying for my upgrade test for Microsoft Server 2012 and ran across Hyper-V 2012 Server Core.  So I down loaded it and set up a little lab that I could test it features and functionality.  I used 2 HP 8400 Workstations as the servers and a Dell M90 as the domain controller  with another laptop to use for access to the Hyper-V Servers.

The download was about 2 Gigs and installed really quickly.  So in about 30 minutes I had two virtual servers.  The DC was Windows Server 2012 and you will really need a domain to make some of the features work correctly.  With the domain up and the servers all connected I began the task of finishing configuration but if you have ever used a Windows Core server there is no real interface.  So to make this process a great deal easier you should download a tool called Corefig.  You can download it by clicking here.   This adds an easy to use interface that makes using a Core server a great deal easier.  Here is a pic of the interface.


This makes it a lot easier if you don’t want to run this on a domain, but you will still have some problems.  Anyhow, once you get the machines built and the basic configuration out of the way you can proceed with the building of you virtual machines.  Using ISO files makes this a great deal easier but physical media will be fine but you will need to put them in the server CD drive.  You will also need a Windows machine to access the Hyper V Manager so you can control the VMs with a GUI interface.  I used Windows 8 for this but Window 7 will work but you will have to download the remote administrations tools from Microsoft and install Hyper V Manager.

With all of that complete you can simply connect to the Hyper V servers and start the process of building the VMs.  I’m not going to go through building the VMs because it is pretty straight forward and easy to do.  The things I really like about Hyper V 3 is the replication and fail over features that are built in.  First I will go over replication.  It is also pretty easy to do.  The machines I am using are not part of a cluster and they don’t have any kind of shared storage.  But you can simply click on your VM and select replication.  My machines are on a domain so this process my or my not work with two standalone machines.  The replication menu will is also easy to use.  You just enter the Hyper V server to replicate to and it will begin.    After the initial replication of the VM it will update the VM copy on the other machine every few minutes.  If you had a large number of VMs replication this may take a little bit but I didn’t see any lag from this process.  Once the replication precess is up and working you can click on the replication tab and select failover.  This will make sure the replicated VM is up-to-date and power that machine on.  So if a server fails or you just need to do some work on a server you can move VMs back and forth with very little effort.  This feature is usually not part of a free Hypervisor.  Here is a pic of the replication menu on the Hyper V Manager.


Another feature is the ability to move the VMs from one server to another while they are still running without shared storage.  This one takes a little more setup time and will not work without a domain.  The first thing I did was create a security group and add my Hyper V servers to it.  Then I added two delegations to the Hyper V computers in Active directory.  On each of the Hyper V servers in Active Directory I selected properties and then delegation.  I the delegation menus I selected Trust this computer to trusted delegation service only and selected the Use Kerberos only radio button.  Then in the delegated service box I selected add and added the following services for the other server you will be moving VMs to:

  • cifs
  • Microsoft Virtual System Migration Service

With these delegations added you should no be able to move live VMs from one server to another.  The tab looks like the following.


Now with everything set up you should be able to right click on the VM in Hyper V Manager and select move.  It will ask you which server to move it to along with a few other questions on how you want this to be performed.  These are questions about moving the VM if you have shared storage or not, what you want to do with the VM files, and what drive on the other server you want to move the VM to.  Once you answer these questions you select finish and it will begin moving the machine to the other server.  If you wan to see that it is still live just log into the VM and you can see that it remains functional.  It will also close the RDP window and open it again for the other server once it is complete.  All in all this is a nice feature that the average person can use and makes it a lot easier for the maintenance and update to be installed on servers without any down time.

So this version of Hyper V is really a big step forward in features and reliability.  I was not a fan of the previous versions but Hyper V 3 is really something to take a look at.  I have also considered moving my test lab over to this platform for the replication feature.  Finally to wrap everything up I have been playing around with Altero’s Hyper V Backup.  They have  a free edition and would make a test lab complete with Hyper V’s failover features and the ability to backup VMs for the just in case scenario.  If you wanted to use shared storage Hyper V supports iSCSI and is suppose to work with SMB 3.0.  So you could add a inexpensive NAS to the servers to truly make the system have high availability function.  So check it out you just might like it, I know I have.