Spacewalk Configuration for Red Hat Packages

spacewalk-wallpaper-1024x768

A few months ago I build a Spacewalk server to automate patching of Linux machines. Well after a lot of banging my head against the wall I finally got the system work and auto updating. Depending on what you what you are looking for in your Spacewalk server will have an impact on what you really need to do. I was trying to get Red Hat patches to auto download and import into Spacewalk so when it came time to patch they were there and read to go. So here is what I did.

My first mistake was while testing the registering of systems I registered the Spacewalk server to itself. While this does work, to get Red Hat patches you need a system that is registered with Red Hat. So we did a little copy and replace to get the machine back to using the RHN network. Once this was done and it was registered we were ready to get started. We already had Mrepo installed so we could build a repos for the packages. Spacewalk doesn’t interact with Red Hat directly, if you want that you have to buy Red Hat Satellite. It is the Red Hat version of Spacewalk and come ready to go, unfortunately it was not in the card for me. So back to Mrepo. I used the rpm file I got from RPM find.net. Here is the link to the Mrepo files. Click here.  Simple install and it is ready for configuration.

There are a few files you will need to look at.  Then mrepo.conf file is located in etc and has login info for a Red Hat account, which you will need.  The version I installed used /etc/mrepo.conf.d as the place to configure your channels to download from.  The configuration of theses file is pretty straight forward and really doesn’t need my spin.  But you will need one for each channel that you plan to download.  Whether it be from Red Hat, CentOS, or Fedora.  I am working with Red Hat so things are different, if you anted CentOS you don’t need mrepo at all.  You can just download them straight into Spacewalk.  I need the mrepo work around because you have to login to RHN to get these patches.  Here is what the base channel config looks like.

 mrepo.conf

[main]
srcdir = /var/mrepo
wwwdir = /var/www/mrepo
confdir = /etc/mrepo.conf.d
arch = i386

mailto = root@localhost
smtp-server = localhost

#rhnlogin = username:password

Channel files in /etc/mrepo.conf.d

[dist2]
name = Distribution example $release ($arch)
release = 2
arch = i386 i586 i686 x86_64
metadata = repomd
os = rsync://rsync.dist2.org/pub/dist/$release/$arch/$repo/
updates = rsync://rsync.dist2.org/pub/dist/$release/$arch/$repo/

You can customize a lot of these settings for location of files and what all you want to be in the repo.  Anyway if you have not messed with Mrepo here is the basic config.

Next you will need to generate system IDs for each channel that you plan to download.  This is simple and you just run the following command for each architecture.  The following command is just a guide but you will need to know where you want to store the systemid file and you will need it to download from Red Hat.  I stored mine in the /var/satellite directory.  This is the default Spacewalk package storeage point as well.

 gensystemid -u redhatuser -p password –release=5Server –arch=x86_64 /var/satellite/mrepo/5Server-x86_64/

or

gensystemid -u redhatuser -p password –release=5Workstation –arch=i386 /var/satellite/mrepo/5Workstation-i386/

Now that we have system IDs for each channel we will register with Red Hat for each channel.  Once you register you will need to go into the RHN website and check the permissions for each registration so you can download what you need.  So if you wanted Supplementary or optional packages you would check that box.  You should know that each registration take 1 Red Hat license.

With that out of the way we will set up the mrepo download process.  I had problems with Mrepo throwing an error I decided to run the download command manually.  The command is a log string but it worked great for me.  After it is done you would just run the mrepo generate command to build the repo.  I built the system on RHEL 6 so maybe there are some problems with compatibility, but most likely I needed to install something to fix the problem.  So if mrepo work fine you just run mrepo -ugvvv.  It will update and build you repos.  With my errors I did it this way.

rhnget -v -v -v -v -v –delete –systemid=”/var/satellite/mrepo/5Server-x86_64/systemid” –release=”5Server” –username=”redhatuser” –password=”password” ‘rhns:////rhel-x86_64-server-5’ ‘/var/satellite/mrepo/5Server-x86_64/updates’

 mrepo -gvvv

This will take a while if it is the first time.  It will pull down a few thousand packages.  So I wrote a script that put this command in for each channel I wanted to download and then run the mrepo command at the end.  This gives me all the package and you can check it by going to the mrepo webpage that will be hosted from you Spacewalk server.

With all of the packages downloaded I had to import then into Spacewalk.  This was pretty easy and just required a command that you would of  jumped to if you had CentOS or Fedora.  This command imports and write the packages to the Spacewalk db.  Spacewalk stores the packages in directory after directory so digging through /var/satellite/”channel name”  will be a little on the crazy side.  Anyhow, you need to have your channels configured in Spacewalk for each architecture you are going to have packages for.  So in Spacewalk go to channels and create channel.  You will want to put some thought into how you want to do this because it would require deleting and reimporting everything for any changes you wan to make.  So the import command is the following.

rhnpush -vvv –newest –channel=rhel5_x86_64_local –server=http://localhost/APP –dir=/var/satellite/mrepo/5Server-x86_64/updates 

Let me break this command down a little.  My channels are all OS and arch,  rhel5_x86_64_local.  You will have to have the –server=http://localhost/APP statement in hte command for Spacewalk.  It will fail without it.  Finally the dir is the location you plan to pull the packages from.  So if this was a repo on the internet that you could download from, you would just put the url here.  This will also take a while to run for the first time.  Once this is completed and runs correctly, you will have a channel in Spacewalk with a few thousand packages.  

I also needed to get the Errata information for my Spacewalk server.  For this I used some scripts that I found on the Internet.  It is called ya-errata-import.pl.  You can go to the Github for the script by clicking HERE.  If you are using Red Hat like I am you will use the redhat-clone-errata.sh file.  When you open it you will have to do a little configuration to set it up for the channels you need.    This give you all the Errata imported into Spacewalk as long as the channels are updated.  If you are missing packages it will not upload that particular Errata.  But it works and I have all the Errata I need.  Here is an example of the redhat-clone-errata.sh config.

/(path to scripts)/ya-errata-import.pl –server localhost –channel rhel-i386-server-5 –os-version 5 –publish –redhat –startfromprevious twoweeks –quiet

There is a ya-errata-import.cfg file that will need some user account information so you can download and upload the Errata.

Now that we have all of the part working I just tied it together in two scripts. I grouped the mrepo stuf together and the Spacewalk stuff together.
This was to help if part of it error-ed out I could troubleshoot and it would not kill the entire process. So here are my two scripts that I put
together. Now the scripts my not be perfect but they work.

Mrepo
#!/bin/bash

###This script will pull down the updates from Red Hat for each OS

### RHEL 5 Svr x86_64 ###
rhnget -v -v -v -v -v –delete –systemid=”/var/satellite/mrepo/5Server-x86_64/systemid” –release=”5Server” –username=”redhatuser” –password=”password” ‘rhns:////rhel-x86_64-server-5’ ‘/var/satellite/mrepo/5Server-x86_64/updates’ || rhnget -v -v -v -v -v –delete  –systemid=”/var/satellite/mrepo/5Server-x86_64/systemid” –release=”5Server” –username=”redhatuser” –password=”password” ‘rhns:////rhel-x86_64-server-5’ ‘/var/satellite/mrepo/5Server-x86_64/updates’
### RHEL 5 Svr i386 ###
rhnget -v -v -v -v -v –delete –systemid=”/var/satellite/mrepo/5Server-i386/systemid” –release=”5Server” –username=”redhatuser” –password=”password”  ‘rhns:////rhel-i386-server-5’ ‘/var/satellite/mrepo/5Server-i386/updates’ || rhnget -v -v -v -v -v –delete –systemid=”/var/satellite/mrepo/5Server-i386/systemid” –release=”5Server” –username=”redhatuser” –password=”password” ‘rhns:////rhel-i386-server-5’ ‘/var/satellite/mrepo/5Server-i386/updates’

### RHEL 6 Svr x86_64 ###
rhnget -v -v -v -v -v –delete –systemid=”/etc/sysconf/rhn/systemid” –release=”6Server” –username=”redhatuser” –password=”password” ‘rhns:////rhel-x86_64- server-6’ ‘/var/satellite/mrepo/rhel6es-x86_64/updates’ || rhnget -v -v -v -v -v –delete –systemid=”/etc/sysconf/rhn/systemid” –release=”6Server” –username=”redhatuser” –password=”password” ‘rhns:////rhel-x86_64-server-6’  ‘/var/satellite/mrepo/rhel6es-x86_64/updates’
### RHEL 6 WS x86_64 ###
rhnget -v -v -v -v -v –delete –systemid=”/var/satellite/mrepo/rhel6ws-x86_64/systemid” –release=”6Workstation” –username=”redhatuser” –password=”password” ‘rhns:////rhel-x86_64-workstation-6’ ‘/var/satellite/mrepo/rhel6ws-x86_64/updates’ || rhnget -v -v -v -v -v –delete –systemid=”/var/satellite/mrepo/rhel6ws-x86_64/systemid” –release=”6Workstation” –username=”redhatuser” –password=”password” ‘rhns:////rhel-x86_64-workstation-6’ ‘/var/satellite/mrepo/rhel6ws-x86_64/updates’

mrepo -gv > /var/log/mrepo.log

I added the fail over with the second part of the command. If it is pulling down a lot of packages it would time out about half way through.
This seems to take care of it. Then once it downloads all of the packages it will build the repos for each channel. I have it log to a file
and have the exit code for each piece of the script. Then I can check the log and see if it ran ok or error-ed out.

The next part it the Spacewalk portion. This uploads to all of the packages from mrepo to Spacewalk channels. Then it imports the Errata.
You can set how far back you want it to go for the Errata download. I have it do a week after I imported the past year. Here is the Spacewalk
portion of the update scripts.

#!/bin/bash

### updates packages from mrepo to spacewalk

###### RHEL 5 i386 ########
rhnpush -vvv  –newest –username=spacewalkuser –password=”users password” –channel=rhel5_i386_local –server=http://localhost/APP –dir=/var/satellite/mrepo/5Server-i386/updates

###### RHEL 5 x86_64 ######
rhnpush -vvv  –newest –username=spacewalkuser –password=”users password” –channel=rhel5_x86_64_local –server=http://localhost/APP –dir=/var/satellite/mrepo/5Server-x86_64/updates

###### RHEL 6 Server x86_64 ######
rhnpush -vvv  –newest –username=spacewalkuser –password=”users password” –channel=rhel6_x86_66_local –server=http://localhost/APP –dir=/var/satellite/mrepo/rhel6es-x86_64/updates

###### RHEL 6 WS x86_64 ######
rhnpush -vvv  –newest –username=spacewalkuser –password=”users password” –channel=rhel6-ws-x86_64 –server=http://localhost/APP –dir=/var/satellite/mrepo/rhel6ws-x86_64/updates

###Get Errata for everything
./redhat-errata.sh

Now with the scripts put togetther I placed them in a folder in roots account.  Then I changed the permissions to 700 on everything for the root account.  That way only root could see the files due to password being in them.  You can do security on these scripts anyway you want as long as the user that will run create the cron can have access to them.  Finally you need to setup the cron jobs to have them run when ever you want them too.  I have them run everyday at 0200 in the morning.   This way my Spacewalk server is up-to-date at all times and ready to push out patches.  So this a shot, it my help you or it may not.  But it is a good start for someone who is starting from scratch.  Good luck.

You may also like...

1 Response

  1. avatar vito says:

    Hi, I used your guide and It was very useful for me, thank you very much for your work!!!

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.