Normally, I perform my OS upgrades by way of a clean install. This time round though, I thought I’d give the upgrade process a try, given Fedora are pushing it quite a lot this time round.
The actually process took about 30-35 minutes on my machine, and that’s including the time required to download the software updates in the first place.
The upgrade process was started from the Software GUI. Clicking the install button results in the PC rebooting and then running in “no mans land” for a while whilst the updates are applied. During the process all you really have to watch is a small bit of text in the upper left corner of your screen.
Once the upgrade has completed, the PC reboots.
The first thing you notice is that grub now has a new kernel version to boot from. Admittedly not overly note worthy for me this time around as I’m just upgrading my day to day machine and don’t really need to consider what new features there are in the kernel on this occasion. And if it breaks something then I will enhance my knowledge whilst fixing whatever goes wrong.
Next up I have the usual prompt for my disk encryption password and then shortly after that the login prompt.
Upon entering my password, my screen flickered, the screen went grey and the mouse pointer was relocated right into the centre of my screen. At this point my PC locked up. Awesome! Just what I wanted.
So, it looks like it is my fault, well sort of. I happen to have installed the EasyScreenCast Gnome plugin and this seems to upset things. Well sort of. I left that enabled and installed, however I removed (as advised in the F25 bugs page) the package “clutter-gst2”.
A quick reboot and my issue was resolved! Yay google and the Fedora wiki to the rescue. And now to have a look at what has changed.
Spacewalk utilises a database back end to store the required information about your environment. The two options are PostgreSQL and Oracle. Neither would be my preference but I always opt for the lesser of two evils – PostgreSQL.
The installation is a piece of cake, and can be performed by issuing the following command at the command line;
yum install spacewalk-setup-postgresql -y
During the process you should be prompted to accept the Spacewalk GPG key. You will need to enter “y” to accept!
Now things have been made pretty easy for you so far. And we wont stop now. To install all of the required packages for spacewalk just run the following;
yum install spacewalk-postgresql
And let it download everything you need. In all (at the time of writing) there were 379 packages totalling 563M.
Again you will likely be prompted to import the Fedora EPEL (7) GPG key. This is necessary so just type “y” and give that Enter key a gentle tap.
And.. you will also be prompted to import the JPackage Project GPG key. Same process as above – “y” followed by Enter.
During the installation you will see a lot of text scrolling up the screen. This will be a mix of general package installation output from yum and some commands that the RPM package will initiate to set and define such things as SELinux contexts.
The key thing is you should see right at the end “Complete!”. You know you are in a good place at this point.
Security: Setting up the firewall rules
CentOS 7 and (for that matter) Red Hat Enterprise Linux 7 ship with firewalld as standard. Now I’m not complete sure of firewalld but I’m sticking with it, but should you decide you want to use iptables (and you have taken steps to make sure it is enabled), then I have provided the firewall rules required for both;
Note. Make sure you have double dashes/hyphens if you copy and paste as I have seen the pasted text only using a single hyphen.
Skip to section after iptables if you have applied the above configuration!
Now as iptables can be configured in all manor or ways, I’m just going to provide the basics, if your set-up is typically more customised than the default, then you probably don’t need me telling you how to setup iptables.
I will just make one assumption though. That the default INPUT policy is set to DROP and than you do not have any DROP, REJECT lines at the end of your INPUT chain.
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
And don’t forget to save your firewall rules;
# service iptables save
Right then, still with me? Awesome, so lets continue with getting Spacewalk up and running. At this point there is one fundamental thing you need…
You must have a resolvable Fully Qualified Domain Name (FQDN). For my installation I have fudged it and added the FQDN to the host file, as I intend to build the rest of my new lab environment using Spacewalk.
So assuming you have followed everything above we can now simply run the following;
Note.The above assumes you have the embedded PostgreSQL database and not a remote DB, or the Oracle DB option. Just saying.
So you should see something like the following (it may take quite some time for many of the tasks to be completed so bare with it);
[root@spacewalk ~]# spacewalk-setup
* Setting up SELinux..
** Database: Setting up database connection for PostgreSQL backend.
** Database: Installing the database:
** Database: This is a long process that is logged in:
** Database: /var/log/rhn/install_db.log
*** Progress: ###
** Database: Installation complete.
** Database: Populating database.
*** Progress: ###########################
* Configuring tomcat.
* Setting up users and groups.
** GPG: Initializing GPG and importing key.
** GPG: Creating /root/.gnupg directory
You must enter an email address.
Admin Email Address? firstname.lastname@example.org
* Performing initial configuration.
* Configuring apache SSL virtual host.
Should setup configure apache's default ssl server for you (saves original ssl.conf) [Y]?
** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave
* Configuring jabberd.
* Creating SSL certificates.
CA certificate password?
Re-enter CA certificate password?
Organization? Toby Heywood
Organization Unit [spacewalk]?
Email Address [email@example.com]?
Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? GB
** SSL: Generating CA certificate.
** SSL: Deploying CA certificate.
** SSL: Generating server certificate.
** SSL: Storing SSL certificates.
* Deploying configuration files.
* Update configuration in database.
* Setting up Cobbler..
Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y]? y
* Restarting services.
Visit https://spacewalk to create the Spacewalk administrator account.
Now at this point you are almost ready to break open a beer and give yourself a pat on the back. But lets finalise the installation first.
Creating your Organisation
(that’s Organization for the Americans)
Setting up your organisation requires only a few simple things to be provided.
Click the Create Organization button and you should finally see a similar screen to the following;
The last thing to do now you have your shiny new installation of Spacewalk is to perform a few sanity checks;
Navigate to Admin > Task Engine Status and confirm that everything looks health and that the Scheduling Service is showing as “ON”
You can also take a look at my earlier blog post – spacewalk sanity checking – about some steps I previously took to make sure everything was running.