Re: [Spacewalk-list] Spacewalk 2.9 and Ubuntu clients Part 2 of 2
So if I understand this correctly, I already have the packages installed
for the client in question. Using this script will both install the
packages and register the client?
Respectfully,
James
--
--
James W. Krych
CCNP, CCNA, Net+, Security+, A+, Linux+
Mobile: 843-847-1446
james.w.kr...@gmail.com
On Tue, Jan 29, 2019 at 2:07 PM Paul-Andre Panon <
paul-andre.pa...@avigilon.com> wrote:
> On Tue, 29 Jan 2019 13:22:30 -0500, James Krych
> wrote:
> >>For Ubuntu / Debian, these default bootstrap scripts do not work. You
> have to create your own."
>
> >Is there a source of these scripts for use with Debian clients?
>
> >Very respectfully,
>
> >James
>
> We use something like the script below. You will want to adjust it for
> your environment. It has the advantage that you can use it on CentOS or
> Ubuntu clients, so you can just put it in /var/www/html/pub/ on your
> spacewalk server and have people download and run it.
>
> You will need to customize it to use your activation key names (and set up
> the activation keys to add your preferred channels for each distribution).
> It also needs a few more files set up on the spacewalk server in the
> /var/www/html/pub directory: the packages for Ubuntu 18.04 (in
> pub/bionic-debs), and a stub configuration file for the
> https://bugzilla.redhat.com/show_bug.cgi?id=1187189 workaround. It might
> need a few more tweaks but it should be enough to get you started.
>
> #!/bin/bash
> #
> # Install the SpaceWalk client on three possible O/S targets, CentOS 7,
> Ubuntu 14.04, and Ubuntu 16.04
> # Register the client with the Avigilon Spacewalk server
> #
> spacewalkserver="yourspacewalkserver.yourdomain"
>
> install_centos7_client() {
> echo Installing Spacewalk client for CentOS 7.X
> rpm -Uvh
> http://yum.spacewalkproject.org/2.6-client/RHEL/7/x86_64/spacewalk-client-
> repo-2.6-0.el7.noarch.rpm
>
> wget https://muug.ca/mirror/fedora-epel/RPM-GPG-KEY-EPEL-7
> rpm --import ./RPM-GPG-KEY-EPEL-7
> BASEARCH=$(uname -i)
> rpm -Uvh
> http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
> yum -y install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto
> yum-rhn-plugin
> rpm -Uvh
> http://$spacewalkserver/pub/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm
> rhnreg_ks --serverUrl=https://$spacewalkserver/XMLRPC
> --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
> --activationkey=1-centos7-x86_64
> # enable osad
> yum install osad
> /bin/perl -pi -e "s/osa_ssl_cert =/osa_ssl_cert =
> \/usr\/share\/rhn\/RHN-ORG-TRUSTED-SSL-CERT/" /etc/sysconfig/rhn/osad.conf
> /bin/systemctl enable osad
> /bin/systemctl osad start
> # enable openscap
> yum install openscap-scanner spacewalk-oscap
> wget
> https://copr-be.cloud.fedoraproject.org/results/openscapmaint/openscap-lat
> est/epel-7-x86_64/00482175-scap-security-guide/scap-security-guide-0.1.31
> -2.el7.centos.noarch.rpm
>
> rpm -ivh scap-security-guide-0.1.31-2.el7.centos.noarch.rpm
> yum history sync
> }
>
> install_ubuntu14.04_client() {
> echo Installing Spacewalk client for Ubuntu 14.04
>
> if [ -n "`which rhnreg_ks`" ] ; then echo rhnreg_ks is already
> installed. Aborting; exit; fi
>
> # Install some pre-requisites before our packages
> apt-get -y install python-dbus python-newt python-dmidecode python-gudev
> python-dbus-dev python-support python-libxml2 python-gobject python-gi
> python-g object-2 python-ethtool python-jabber
> apt-get -y install apt-transport-spacewalk python-rhn rhn-client-tools
> rhnsd
> wget "https://$spacewalkserver/pub/spacewalk.gpg.pubkey";
> apt-key add spacewalk.gpg.pubkey
> # Now set up and register with our Spacewalk server
> mkdir /var/lock/subsys
> wget https://$spacewalkserver/pub/RHN-ORG-TRUSTED-SSL-CERT -O
> /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
> rhnreg_ks --force --serverUrl=https://$spacewalkserver/XMLRPC
> --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
> --activationkey=1-avo-ubuntu-trusty-key
> # Take updates and security patches for main and universe from spacewalk
> echo "deb spacewalk://$spacewalkserver/XMLRPC channels: main
> trusty-updates trusty-backports trusty-security" >
> /etc/apt/sources.list.d/spacewalk.list
> cp /etc/apt/sources.list /etc/apt/sources.list.bak
> # and not from the standard repositories
> perl -pi -e 's/^deb([-src]*) (.*) trusty main/#deb$1 $2 trusty main/'
> /etc/apt/sources.list
> perl -pi -e 's/^deb([-src]*) (.*) trusty-updates ([m|u][^u])/#deb$1 $2
> trusty-updates $3/' /etc/apt/sources.list
> perl -pi -e 's/^deb([-src]*) (.*) trusty-security ([m|u][^u])/#deb$1 $2
> trusty-security $3/' /etc/apt/sources.list
> perl -pi -e 's/^deb([-src]*) (.*) trusty-backports/#deb$1 $2
> trusty-backpo
Re: [Spacewalk-list] Spacewalk 2.9 and Ubuntu clients Part 2 of 2
Thank you so very much!
Since I have two types of clients, Ubuntu 16.04 and 18.04, do I need two
different activation keys? I currently do have one setup.
Respectfully,
James
--
--
James W. Krych
CCNP, CCNA, Net+, Security+, A+, Linux+
Mobile: 843-847-1446
james.w.kr...@gmail.com
On Tue, Jan 29, 2019 at 2:07 PM Paul-Andre Panon <
paul-andre.pa...@avigilon.com> wrote:
> On Tue, 29 Jan 2019 13:22:30 -0500, James Krych
> wrote:
> >>For Ubuntu / Debian, these default bootstrap scripts do not work. You
> have to create your own."
>
> >Is there a source of these scripts for use with Debian clients?
>
> >Very respectfully,
>
> >James
>
> We use something like the script below. You will want to adjust it for
> your environment. It has the advantage that you can use it on CentOS or
> Ubuntu clients, so you can just put it in /var/www/html/pub/ on your
> spacewalk server and have people download and run it.
>
> You will need to customize it to use your activation key names (and set up
> the activation keys to add your preferred channels for each distribution).
> It also needs a few more files set up on the spacewalk server in the
> /var/www/html/pub directory: the packages for Ubuntu 18.04 (in
> pub/bionic-debs), and a stub configuration file for the
> https://bugzilla.redhat.com/show_bug.cgi?id=1187189 workaround. It might
> need a few more tweaks but it should be enough to get you started.
>
> #!/bin/bash
> #
> # Install the SpaceWalk client on three possible O/S targets, CentOS 7,
> Ubuntu 14.04, and Ubuntu 16.04
> # Register the client with the Avigilon Spacewalk server
> #
> spacewalkserver="yourspacewalkserver.yourdomain"
>
> install_centos7_client() {
> echo Installing Spacewalk client for CentOS 7.X
> rpm -Uvh
> http://yum.spacewalkproject.org/2.6-client/RHEL/7/x86_64/spacewalk-client-
> repo-2.6-0.el7.noarch.rpm
>
> wget https://muug.ca/mirror/fedora-epel/RPM-GPG-KEY-EPEL-7
> rpm --import ./RPM-GPG-KEY-EPEL-7
> BASEARCH=$(uname -i)
> rpm -Uvh
> http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
> yum -y install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto
> yum-rhn-plugin
> rpm -Uvh
> http://$spacewalkserver/pub/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm
> rhnreg_ks --serverUrl=https://$spacewalkserver/XMLRPC
> --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
> --activationkey=1-centos7-x86_64
> # enable osad
> yum install osad
> /bin/perl -pi -e "s/osa_ssl_cert =/osa_ssl_cert =
> \/usr\/share\/rhn\/RHN-ORG-TRUSTED-SSL-CERT/" /etc/sysconfig/rhn/osad.conf
> /bin/systemctl enable osad
> /bin/systemctl osad start
> # enable openscap
> yum install openscap-scanner spacewalk-oscap
> wget
> https://copr-be.cloud.fedoraproject.org/results/openscapmaint/openscap-lat
> est/epel-7-x86_64/00482175-scap-security-guide/scap-security-guide-0.1.31
> -2.el7.centos.noarch.rpm
>
> rpm -ivh scap-security-guide-0.1.31-2.el7.centos.noarch.rpm
> yum history sync
> }
>
> install_ubuntu14.04_client() {
> echo Installing Spacewalk client for Ubuntu 14.04
>
> if [ -n "`which rhnreg_ks`" ] ; then echo rhnreg_ks is already
> installed. Aborting; exit; fi
>
> # Install some pre-requisites before our packages
> apt-get -y install python-dbus python-newt python-dmidecode python-gudev
> python-dbus-dev python-support python-libxml2 python-gobject python-gi
> python-g object-2 python-ethtool python-jabber
> apt-get -y install apt-transport-spacewalk python-rhn rhn-client-tools
> rhnsd
> wget "https://$spacewalkserver/pub/spacewalk.gpg.pubkey";
> apt-key add spacewalk.gpg.pubkey
> # Now set up and register with our Spacewalk server
> mkdir /var/lock/subsys
> wget https://$spacewalkserver/pub/RHN-ORG-TRUSTED-SSL-CERT -O
> /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
> rhnreg_ks --force --serverUrl=https://$spacewalkserver/XMLRPC
> --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
> --activationkey=1-avo-ubuntu-trusty-key
> # Take updates and security patches for main and universe from spacewalk
> echo "deb spacewalk://$spacewalkserver/XMLRPC channels: main
> trusty-updates trusty-backports trusty-security" >
> /etc/apt/sources.list.d/spacewalk.list
> cp /etc/apt/sources.list /etc/apt/sources.list.bak
> # and not from the standard repositories
> perl -pi -e 's/^deb([-src]*) (.*) trusty main/#deb$1 $2 trusty main/'
> /etc/apt/sources.list
> perl -pi -e 's/^deb([-src]*) (.*) trusty-updates ([m|u][^u])/#deb$1 $2
> trusty-updates $3/' /etc/apt/sources.list
> perl -pi -e 's/^deb([-src]*) (.*) trusty-security ([m|u][^u])/#deb$1 $2
> trusty-security $3/' /etc/apt/sources.list
> perl -pi -e 's/^deb([-src]*) (.*) trusty-backports/#deb$1 $2
> trusty-backports/' /etc/apt/sour
Re: [Spacewalk-list] Spacewalk 2.9 and Ubuntu clients Part 2 of 2
On Tue, 29 Jan 2019 13:22:30 -0500, James Krych
wrote:
>>For Ubuntu / Debian, these default bootstrap scripts do not work. You
have to create your own."
>Is there a source of these scripts for use with Debian clients?
>Very respectfully,
>James
We use something like the script below. You will want to adjust it for
your environment. It has the advantage that you can use it on CentOS or
Ubuntu clients, so you can just put it in /var/www/html/pub/ on your
spacewalk server and have people download and run it.
You will need to customize it to use your activation key names (and set up
the activation keys to add your preferred channels for each distribution).
It also needs a few more files set up on the spacewalk server in the
/var/www/html/pub directory: the packages for Ubuntu 18.04 (in
pub/bionic-debs), and a stub configuration file for the
https://bugzilla.redhat.com/show_bug.cgi?id=1187189 workaround. It might
need a few more tweaks but it should be enough to get you started.
#!/bin/bash
#
# Install the SpaceWalk client on three possible O/S targets, CentOS 7,
Ubuntu 14.04, and Ubuntu 16.04
# Register the client with the Avigilon Spacewalk server
#
spacewalkserver="yourspacewalkserver.yourdomain"
install_centos7_client() {
echo Installing Spacewalk client for CentOS 7.X
rpm -Uvh
http://yum.spacewalkproject.org/2.6-client/RHEL/7/x86_64/spacewalk-client-
repo-2.6-0.el7.noarch.rpm
wget https://muug.ca/mirror/fedora-epel/RPM-GPG-KEY-EPEL-7
rpm --import ./RPM-GPG-KEY-EPEL-7
BASEARCH=$(uname -i)
rpm -Uvh
http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum -y install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto
yum-rhn-plugin
rpm -Uvh
http://$spacewalkserver/pub/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm
rhnreg_ks --serverUrl=https://$spacewalkserver/XMLRPC
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
--activationkey=1-centos7-x86_64
# enable osad
yum install osad
/bin/perl -pi -e "s/osa_ssl_cert =/osa_ssl_cert =
\/usr\/share\/rhn\/RHN-ORG-TRUSTED-SSL-CERT/" /etc/sysconfig/rhn/osad.conf
/bin/systemctl enable osad
/bin/systemctl osad start
# enable openscap
yum install openscap-scanner spacewalk-oscap
wget
https://copr-be.cloud.fedoraproject.org/results/openscapmaint/openscap-lat
est/epel-7-x86_64/00482175-scap-security-guide/scap-security-guide-0.1.31
-2.el7.centos.noarch.rpm
rpm -ivh scap-security-guide-0.1.31-2.el7.centos.noarch.rpm
yum history sync
}
install_ubuntu14.04_client() {
echo Installing Spacewalk client for Ubuntu 14.04
if [ -n "`which rhnreg_ks`" ] ; then echo rhnreg_ks is already
installed. Aborting; exit; fi
# Install some pre-requisites before our packages
apt-get -y install python-dbus python-newt python-dmidecode python-gudev
python-dbus-dev python-support python-libxml2 python-gobject python-gi
python-g object-2 python-ethtool python-jabber
apt-get -y install apt-transport-spacewalk python-rhn rhn-client-tools
rhnsd
wget "https://$spacewalkserver/pub/spacewalk.gpg.pubkey";
apt-key add spacewalk.gpg.pubkey
# Now set up and register with our Spacewalk server
mkdir /var/lock/subsys
wget https://$spacewalkserver/pub/RHN-ORG-TRUSTED-SSL-CERT -O
/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
rhnreg_ks --force --serverUrl=https://$spacewalkserver/XMLRPC
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
--activationkey=1-avo-ubuntu-trusty-key
# Take updates and security patches for main and universe from spacewalk
echo "deb spacewalk://$spacewalkserver/XMLRPC channels: main
trusty-updates trusty-backports trusty-security" >
/etc/apt/sources.list.d/spacewalk.list
cp /etc/apt/sources.list /etc/apt/sources.list.bak
# and not from the standard repositories
perl -pi -e 's/^deb([-src]*) (.*) trusty main/#deb$1 $2 trusty main/'
/etc/apt/sources.list
perl -pi -e 's/^deb([-src]*) (.*) trusty-updates ([m|u][^u])/#deb$1 $2
trusty-updates $3/' /etc/apt/sources.list
perl -pi -e 's/^deb([-src]*) (.*) trusty-security ([m|u][^u])/#deb$1 $2
trusty-security $3/' /etc/apt/sources.list
perl -pi -e 's/^deb([-src]*) (.*) trusty-backports/#deb$1 $2
trusty-backports/' /etc/apt/sources.list
# Work around https://bugzilla.redhat.com/show_bug.cgi?id=1187189
wget https://$spacewalkserver/pub/49spacewalk-workaround -O
/etc/apt/apt-conf.d/49spacewalk-workaround
# clean up and test
popd
rm -Rf /tmp/trusty-debs
apt-get update
}
install_ubuntu16.04_client() {
echo Installing Spacewalk client for Ubuntu 16.04
apt-get -y install apt-transport-spacewalk python-rhn python-ethtool
rhnsd rhn-client-tools python-jabber
if [ `dpkg -l apt-transport-spacewalk | wc -l` -lt 6 ]; then
echo "Could not download necessary prerequisites. Aborting"
exit
fi
wget https://$spacewalkserver/pub/RHN-ORG-TRUSTED-SSL-CERT -O
/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
rhnreg_ks --force --serverUrl=https://$spacewalkserver/XMLRPC
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
--activationkey=1-avo-ubuntu-xeni
Re: [Spacewalk-list] Follow 302 redirect on reposync
Not sure what url you are using to sync, but I'm using this one without any issues https://packages.graylog2.org/repo/el/stable/2.5/x86_64 Respectfully, Andy From: on behalf of "mag...@1337.cf" Reply-To: "spacewalk-list@redhat.com" Date: Tuesday, January 29, 2019 at 2:37 AM To: "spacewalk-list@redhat.com" Subject: [Spacewalk-list] Follow 302 redirect on reposync Hey folks, recently my Spacewalk server failed to sync Graylog packages. It always aborts right after starting the repo-sync bunch and sent me an error report. I investigated the issue and discovered the following: Graylog is using AWS s3 to host their packages and redirects requests with a 302 response to their bucket. Normally you could just use the direct URL to their s3 bucket but for whatever reasons they use temporary access tokens, generated upon request and with a limited validity of 10 minutes. The solution to this in my opinion would be that Spacewalk follows the 302 redirect instead of aborting the sync bunch. I found no option to enable this kind of behavior, does anyone know if this is even possible? Regards, Robert ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
[Spacewalk-list] Follow 302 redirect on reposync
Hey folks, recently my Spacewalk server failed to sync Graylog packages. It always aborts right after starting the repo-sync bunch and sent me an error report. I investigated the issue and discovered the following: Graylog is using AWS s3 to host their packages and redirects requests with a 302 response to their bucket. Normally you could just use the direct URL to their s3 bucket but for whatever reasons they use temporary access tokens, generated upon request and with a limited validity of 10 minutes. The solution to this in my opinion would be that Spacewalk follows the 302 redirect instead of aborting the sync bunch. I found no option to enable this kind of behavior, does anyone know if this is even possible? Regards, Robert ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
