如何在CentOS上安装Spacewalk

Spacewalk在防火墙后面管理Red Hat衍生发行版（例如Fedora，CentOS和Scientific Linux）的软件内容更新。这是RedHat satellite 5的开源版本。我们确实有RedHat satellite 6，开源版本是katello。我将在我的下一个教程中详细介绍如何配置它。当管理基础架构时，Spacewalk是一个非常强大的工具，它确实稳定且构建良好。

我将通过Spacewalk进行安装，并将向您详细介绍如何将其配置为可投入生产，以及我们可以使用的所有功能。我要进行嵌入式Postgres安装。

在本教程中，我将使用3台服务器：

192.168.1.20 spacewalk Server centos 7 192.168.1.21 spacewalk client centos 6 192.168.1.22 space walk client centos 7

最低安装的CentOS 7：

cat /etc/redhat-release

结果：

CentOS Linux release 7.3.1611(Core)

强制模式下的SELinux：

sestatus

SELinux status: enabled 

SELinuxfs mount: /sys/fs/selinux

SELinux rootdirectory: /etc/selinux 

Loaded policy name: targeted 

Current mode:enforcing 

Mode from config file: enforcing 

Policy MLS status: enabled

Policy deny_unknown status: allowed 

Max kernel policy version: 28

[root@spacewalk ~]#

添加主机条目/ etc / hosts

192.168.1.20 spacewalk.sunil.cc spacewalk

Spacewalk服务器的安装

安装Spacewalk CentOS存储库。

rpm -Uvh http://yum.spacewalkproject.org/2.6/RHEL/7/x86_64/spacewalk-repo-2.6-0.el7.noarch.rpm

cat /etc/yum.repos.d/jpackage-generic.repo EOF

[jpackage-generic]

name=JPackage generic

baseurl=http://vesta.informatik.rwth-aachen.de/ftp/pub/comp/Linux/jpackage/5.0/generic/free/

#mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic type=free release=5.0

enabled=1

gpgcheck=1

gpgkey=http://www.jpackage.org/jpackage.asc

EOF

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

为太空行走安装PostgreSQL：

yum install -y spacewalk-setup-postgresql spacewalk-postgresql

添加防火墙规则。

firewall-cmd --add-service=http --permanent; firewall-cmd --add-service=https --permanent; firewall-cmd --add-port=5222/tcp --permanent;firewall-cmd --add-port=5269/tcp --permanent;firewall-cmd --add-port=69 â??permanent; firewall-cmd --add-port=5222/udp --permanent;firewall-cmd --add-port=5269/udp --permanent

并重新加载防火墙。

firewall-cmd --reload

启用防火墙。

systemctl enable firewalld

systemctl restart firewalld

配置PostgreSQL服务器。

在这里，我给数据库名称是spacewalk，用户名是spacewalkuser，密码是spacewalkuser。

spacewalk-setup-postgresql create --db spacewalk --user spacewalkuser --password spacewalkuser

/usr/bin/spacewalk-setup-postgresql: line 87: isSUSE: command not found

/usr/bin/spacewalk-setup-postgresql: line 100: isSUSE: command not found

Note: Forwarding request to systemctl enable postgresql.service.

Created symlink from /etc/systemd/system/multi-user.target.wants/postgresql.service to /usr/lib/systemd/system/postgresql.service.

Hint: the preferred way to do this is now "postgresql-setup initdb"

Initializing database ... OK

/usr/bin/spacewalk-setup-postgresql: line 154: [: 018446744073692774399: integer expression expected

Redirecting to /bin/systemctl start postgresql.service

Redirecting to /bin/systemctl reload postgresql.service

设置Spacewalk服务器。

spacewalk-setup --skip-db-install

* Setting up SELinux..

** Database: Setting up database connection for PostgreSQL backend.

** Database: Embedded database installation SKIPPED.

Could not connect to the database. Your connection information may be incorrect. Error: DBI connect(dbname=rhnschema,rhnuser,...) failed: FATAL: no pg_hba.conf entry for host "[local]", user "rhnuser", database "rhnschema", SSL off at /usr/share/perl5/vendor_perl/Spacewalk/Setup.pm line 1686.

Hostname (leave empty for local)?

Database? spacewalk

Username? spacewalkuser

Password?

** Database: Populating database.

*** Progress: ###########################

* Configuring tomcat.

* Setting up users and groups.

** GPG: Initializing GPG and importing key.

** GPG: Creating /root/.gnupg directory

You must enter an email address.

Admin Email Address? it@sunil.cc

* Performing initial configuration.

* Configuring apache SSL virtual host.

Should setup configure apaches default ssl server for you (saves original ssl.conf) [Y]?

** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave

* Configuring jabberd.

* Creating SSL certificates.

CA certificate password?

You must enter a password.

CA certificate password?

Re-enter CA certificate password?

Organization? IT

Organization Unit [spacewalk.sunil.cc]?

Email Address [it@sunil.cc]?

City? Den Haag

State?

State? Zuid-Holland

Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? NL

** SSL: Generating CA certificate.

** SSL: Deploying CA certificate.

** SSL: Generating server certificate.

** SSL: Storing SSL certificates.

* Deploying configuration files.

* Update configuration in database.

* Setting up Cobbler..

Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y]? Y

* Restarting services.

Installation complete.

Visit https://spacewalk.sunil.cc to create the Spacewalk administrator account.

[root@spacewalk ~]#

重新启动Spacewalk。

spacewalk-service restart

Shutting down spacewalk services...

Redirecting to /bin/systemctl stop taskomatic.service

Stopping cobblerd (via systemctl): [ OK ]

Redirecting to /bin/systemctl stop rhn-search.service

Redirecting to /bin/systemctl stop osa-dispatcher.service

Redirecting to /bin/systemctl stop httpd.service

Redirecting to /bin/systemctl stop tomcat.service

Redirecting to /bin/systemctl stop jabberd.service

Redirecting to /bin/systemctl stop postgresql.service

Done.

Starting spacewalk services...

Redirecting to /bin/systemctl start postgresql.service

Redirecting to /bin/systemctl start jabberd.service

Redirecting to /bin/systemctl start tomcat.service

Waiting for tomcat to be ready ...

Redirecting to /bin/systemctl start httpd.service

Redirecting to /bin/systemctl start osa-dispatcher.service

Redirecting to /bin/systemctl start rhn-search.service

Starting cobblerd (via systemctl): [ OK ]

Redirecting to /bin/systemctl start taskomatic.service

Done.

[root@spacewalk ~]#

配置用户Spacewalk

从浏览器http://192.168.1.20访问URL

填写组织详细信息。

Spacewalk已成功安装。

Spacewalk频道创建

点击频道- 管理软件频道- 创建频道

创建一个父频道- centos6.8-parent

现在我们需要创建子渠道

频道- 管理频道- 创建频道

选择父频道为centos-6.8-parent

现在我们将为centos 6.8创建仓库

将仓库链接到我们之前创建的子频道

需要在centos 7中复制相同的步骤以创建通道。

现在我们需要从仓库中下载软件包。我们可以通过命令行或从仪表板进行操作。

命令行

[root@spacewalk ~]# spacewalk-repo-sync --list

00:01:23 ======================================

00:01:23 | Channel Label | Repository |

00:01:23 ======================================

00:01:23 centos-7-child | http://mirror.centos.org/centos/7.3.1611/os/x86_64/

00:01:23 centos-6.8 | http://mirror.centos.org/centos/6.8/os/x86_64/

00:01:23 centos-7 | No repository set

00:01:23 centos-6.8-parent | No repository set

[root@spacewalk ~]#

[root@spacewalk ~]# spacewalk-repo-sync -c centos-6.8

00:02:18 ======================================

00:02:18 | Channel: centos-6.8

00:02:18 ======================================

00:02:18 Sync of channel started.

00:02:18 Repo URL: http://mirror.centos.org/centos/6.8/os/x86_64/

00:02:30 Packages in repo: 6696

00:02:40 Packages already synced: 0

00:02:40 Packages to sync: 6696

00:02:40 1/6696 : 389-ds-base-1.2.11.15-74.el6-0.x86_64

00:02:43 2/6696 : 389-ds-base-devel-1.2.11.15-74.el6-0.i686

00:02:43 3/6696 : 389-ds-base-devel-1.2.11.15-74.el6-0.x86_64

00:02:44 4/6696 : 389-ds-base-libs-1.2.11.15-74.el6-0.i686

00:02:45 5/6696 : 389-ds-base-libs-1.2.11.15-74.el6-0.x86_64

00:02:46 6/6696 : ConsoleKit-0.4.1-6.el6-0.x86_64

00:02:47 7/6696 : ConsoleKit-devel-0.4.1-6.el6-0.x86_64

一旦完成，它将看起来像这样

[root@spacewalk ~]# spacewalk-repo-sync -c centos-6.8

08:44:57 ======================================

08:44:57 | Channel: centos-6.8

08:44:57 ======================================

08:44:57 Sync of channel started.

08:44:57 Repo URL: http://mirror.centos.org/centos/6.8/os/x86_64/

08:44:58 Packages in repo: 6696

08:45:47 No new packages to sync.

08:45:47 Repo http://mirror.centos.org/centos/6.8/os/x86_64/ has comps file comps.xml.

08:45:47 Repo http://mirror.centos.org/centos/6.8/os/x86_64/ has 0 errata.

08:45:47 Sync of channel completed in 0:00:49.

08:45:47 Total time: 0:00:49

[root@spacewalk ~]#

从网络浏览器

您还可以在此页面中安排每天或每周进行同步以进行自动同步，也可以选择仅同步最新软件包

为Centos 6和centos 7主机创建激活密钥以使用Spacewalk服务器进行身份验证

转到系统- 激活密钥- 创建密钥

现在我们需要为centos 6创建密钥，在这里我将密钥用作centos-6并选择之前创建的centos-6.8-parent的父通道

对centos 7做同样的事情

您应该看到两个键，一个用于centos 6，另一个用于centos 7

客户端配置

在本章中，我将向您展示如何使用Spacewalk服务器安装和配置客户端。

Cento6-192.168.1.21

Cento7-192.168.1.22

配置yum客户端仓库

Centos 6

[ root @ centos6〜]＃rpm -Uvh http://yum.spacewalkproject.org/2.6-client/RHEL/6/x86_64/spacewalk-client-repo-2.6-0.el6.noarch.rpm

Centos 7

[ root @ centos7〜]＃rpm -Uvh http://yum.spacewalkproject.org/2.6-client/RHEL/7/x86_64/spacewalk-client-repo-2.6-0.el7.noarch.rpm

安装所需的软件包。

Centos 6

在centos6和centos7节点上安装epel repo和以下软件包。

启用epel仓库

[ root @ centos6〜] ＃yum 安装epel-release -y 

[root@centos6 ~]# yum install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin osad rhncfg-actions rhncfg-management -y

向Spacewalk服务器注册

在连接Spacewalk服务器之前，我们需要从Spacewalk服务器下载ssl证书。

[root@centos6 ~]# wget -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT http://spacewalk.sunil.cc/pub/RHN-ORG-TRUSTED-SSL-CERT

--2017-03-04 21:54:16-- http://spacewalk.sunil.cc/pub/RHN-ORG-TRUSTED-SSL-CERT

Resolving spacewalk.sunil.cc... 192.168.1.20

Connecting to spacewalk.sunil.cc|192.168.1.20|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 5291 (5.2K)

Saving to: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

100%[=================================================================================================================== ] 5,291 --.-K/s in 0s

2017-03-04 21:54:17 (630 MB/s) - /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT saved [5291/5291]

[root@centos6 ~]#

现在，我们需要与我们前面创建的激活密钥注册，我们创造了1 centos6为centos6和1 centos7的centos7。

Centos 6

[root@centos6 ~]# rhnreg_ks --force --activationkey="1-centos6" --serverUrl=http://spacewalk.sunil.cc/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --profilename=$HOSTNAME

Centos 7

[root@centos7 ~]# rhnreg_ks --force --activationkey="1-centos7" --serverUrl=http://spacewalk.sunil.cc/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --profilename=$HOSTNAME

将配置文件与spacewalk同步，在centos6和centos7节点上运行它。

[root@centos7 ~]# rhn-profile-sync

这可用于从spacewalk运行远程命令和文件传输，以及使用spacewalk服务器的很酷的功能之一。

[root@centos6 ~]# chkconfig osad on

[root@centos6 ~]# service osad restart

Shutting down osad: [ OK ]

Starting osad: [ OK ]

[root@centos6 ~]# rhn-actions-control --enable-all

[root@centos6 ~]#

[root@centos7 ~]# systemctl enable osad

Created symlink from /etc/systemd/system/multi-user.target.wants/osad.service to /usr/lib/systemd/system/osad.service.

[root@centos7 ~]# systemctl restart osad

[root@centos7 ~]# rhn-actions-control --enable-all

[root@centos7 ~]#

现在我们可以进行个人资料同步。

[root@centos6 ~]# rhn-profile-sync

Updating package profile...

Updating hardware profile...

[root@centos6 ~]#

[root@centos7 ~]# rhn-profile-sync

Updating package profile...

Updating hardware profile...

[root@centos7 ~]#

现在可以在Spacewalk仪表板上进行检查。

通过Spacewalk运行远程命令并管理文件。

在本章中，我们将了解在运行远程命令和管理配置文件方面，Spacewalk有多么强大。

要运行“远程命令”，请登录到spacewalk仪表板并搜索需要在其中运行远程命令的主机。

单击远程命令，然后键入执行所需的命令。

计划后，您可以转到计划选项卡并检查状态。

单击主机以查看结果。

从spacewalk运行远程命令。

我们将需要安装spacecmd才能运行远程命令。

[ root @ spacewalk〜]＃yum安装spacecmd -y

我们将首先使用ssm添加系统，然后才能登录，您可以使用与前端相同的凭据。

[root@spacewalk ~]# spacecmd

Welcome to spacecmd, a command-line interface to Spacewalk.

Type: help for a list of commands

 help  for command-specific help

 quit to quit

Spacewalk Username: administrator

Spacewalk Password:

INFO: Connected to https://spacewalk.sunil.cc/rpc/api as administrator

spacecmd {SSM:0} system_list

centos6.sunil.cc

centos7.sunil.cc

centos7test.sunil.cc

spacecmd {SSM:0} ssm_add centos6.sunil.cc

spacecmd {SSM:1} ssm_list

centos6.sunil.cc

spacecmd {SSM:1} exit

创建一个名称任意的脚本，在这里我将其命名为ff.sh。

[root@spacewalk ~]# cat ff.sh

#!/bin/bash

cat /etc/redhat-release

[root@spacewalk ~]#

现在运行远程命令。

[root@spacewalk ~]# spacecmd -y system_runscript "ssm -f ff.sh"

INFO: Connected to https://spacewalk.sunil.cc/rpc/api as administrator

User: root

Group: root

Timeout: 600 seconds

Start Time: 20170305T12:16:17

Script Contents

---------------

#!/bin/bash

cat /etc/redhat-release

Systems

-------

centos6.sunil.cc

INFO: Action ID: 33

INFO: Scheduled: 1 system(s)

[root@spacewalk ~]#

要检查输出，您可以运行以下命令。

[root@spacewalk ~]# spacecmd schedule_getoutput 33

INFO: Connected to https://spacewalk.sunil.cc/rpc/api as administrator

System: centos6.sunil.cc

Start Time: 20170305T12:16:19

Stop Time: 20170305T12:16:19

Return Code: 0

Output

------

CentOS release 6.8 (Final)

[root@spacewalk ~]#

如果您看到命令长时间处于暂挂状态，可以执行以下步骤来解决此问题。

确保osa-dispatcher在Spacewalk服务器上运行。

[root@spacewalk ~]# systemctl status osa-dispatcher

? osa-dispatcher.service - OSA Dispatcher daemon

 Loaded: loaded (/usr/lib/systemd/system/osa-dispatcher.service; enabled; vendor preset: disabled)

 Active: active (running) since Sun 2017-03-05 09:59:55 CET; 2h 21min ago

 Process: 3470 ExecStart=/usr/sbin/osa-dispatcher --pid-file /var/run/osa-dispatcher.pid (code=exited, status=0/SUCCESS)

 Process: 3469 ExecStartPre=/bin/rm -f /var/run/osa-dispatcher.pid (code=exited, status=0/SUCCESS)

 Main PID: 3474 (osa-dispatcher)

 CGroup: /system.slice/osa-dispatcher.service

 ??3474 /usr/bin/python -s /usr/sbin/osa-dispatcher --pid-file /var/run/osa-dispatcher.pid

Mar 05 09:59:55 spacewalk.sunil.cc systemd[1]: Starting OSA Dispatcher daemon...

Mar 05 09:59:55 spacewalk.sunil.cc systemd[1]: PID file /var/run/osa-dispatcher.pid not readable (yet?) after start.

Mar 05 09:59:55 spacewalk.sunil.cc systemd[1]: Started OSA Dispatcher daemon.

[root@spacewalk ~]#

如果它没有运行，请重新启动Spacewalk服务。

 [ root @ spacewalk〜]＃spacewalk-service重新启动

确保为5222打开了防火墙端口。

请在客户端执行以下步骤。

[root@centos7test ~]# systemctl stop osad

[root@centos7test ~]# rm -rf /etc/sysconfig/rhn/osad-auth.conf

[root@centos7test ~]# rhn_check -vvv

[root@centos7test ~]# systemctl start osad

[root@centos7test ~]# systemctl status osad

? osad.service - OSAD daemon

 Loaded: loaded (/usr/lib/systemd/system/osad.service; enabled; vendor preset: disabled)

 Active: active (running) since Sun 2017-03-05 13:54:46 CET; 26s ago

 Process: 18696 ExecStart=/usr/sbin/osad --pid-file /var/run/osad.pid (code=exited, status=0/SUCCESS)

 Main PID: 18697 (osad)

 CGroup: /system.slice/osad.service

 ??18697 /usr/bin/python -s /usr/sbin/osad --pid-file /var/run/osad.pid

Mar 05 13:54:46 centos7test.sunil.cc systemd[1]: Starting OSAD daemon...

Mar 05 13:54:46 centos7test.sunil.cc systemd[1]: PID file /var/run/osad.pid not readable (yet?) after start.

Mar 05 13:54:46 centos7test.sunil.cc systemd[1]: Started OSAD daemon.

[root@centos7test ~]# netstat -aunltp|grep 5222

tcp 1698 0 192.168.1.23:48127 192.168.1.20:5222 ESTABLISHED 18697/python

[root@centos7test ~]#

通过Spacewalk部署文件。

在此示例中，我将更改centos 6服务器的motd。

我将首先创建一个配置通道。

创建具有以下内容的文件。

现在，我们需要订阅需要将其部署到的服务器的通道。

可以从客户端提取文件。

[root@centos6 ~]# rhncfg-client channels

Using server name spacewalk.sunil.cc

Config channels:

Label Name

----- ----

motd-change motd

[root@centos6 ~]#

[root@centos6 ~]# rhncfg-client get

Using server name spacewalk.sunil.cc

Deploying /etc/motd

[root@centos6 ~]#

[root@centos6 ~]# ls -l /etc/motd

-rw-r--r-- 1 root root 760 Mar 5 14:29 /etc/motd

[root@centos6 ~]# cat /etc/motd

********************************************************************

* This system is for the use of authorized users only. Usage of *

* this system may be monitored and recorded by system personnel. *

* Anyone using this system expressly consents to such monitoring *

* and is advised that if such monitoring reveals possible *

* evidence of criminal activity, system personnel may provide the *

* evidence from such monitoring to law enforcement officials. *

********************************************************************

[root@centos6 ~]#

原创文章，作者：ItWorker，如若转载，请注明出处：https://blog.ytso.com/32195.html

apachecentoslinuxphppythonTomcat开源