This is in response to some of the questions I've seen about registering clients. I'm including "sanitized" versions of 2 scripts that I wrote to make this whole process easier since we have several hundred clients spread over about multiple sites in multiple cities with various odd domain names involved.
I created spacewalk proxy servers for each of the cities that are remote from the master. These scripts help to automate placing tools on the "pub" site and subtrees for each spacewalk/proxy server and for registration help to pick the correct proxy/master when registering a client. If you decide to use any of what I'm including here you'll need to carefully work through the parts that relate the domain name to spacewalk / proxy server. I tried to confine most of that logic to a very small segment of the scripts so it won't take searching all over the script for those pieces. You'll also want to pay attention to the activation key naming convention I used and replace that with your own. Also mentioned in this script is a piece that I came up with that gets injected into VMware clients for dealing with forcing a reconfig of the vmware tools on boot after a kernel update. This may not be needed with future versions of the vmware tools, but most of the servers I'm dealing with still need this. If you're interested in having a copy of that script let me know. On the spacewalk master I use reposync/createrepo to build replicas of the minimum components necessary to hook up spacewalk clients and push out copies of those to the /var/www/html/pub.... trees of the proxy servers. The particular content that I pull with reposync is limited by the conf file: /etc/reposync.conf [epel-6] name=Extra Packages for Enterprise Linux 6 - $basearch baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/ mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6&arch=$basearch failovermethod=priority gpgkey=http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL gpgcheck=1 enabled=1 includepkgs=bea-stax* cobbler editarea gc gc-devel git* jabberd jabberpy* jakarta-commons-cli jcommon \ jfreechart libapreq2 libgsasl* libntlm* libyaml perl-Algorithm-Diff perl-Apache-DBI \ perl-BerkeleyDB perl-Cache-Cache perl-Class-MethodMaker perl-Class-Singleton \ perl-Convert-BinHex perl-Config-IniFiles perl-Crypt-DES perl-Crypt-GeneratePassword \ perl-DateTime perl-DateTime-Format-Mail perl-DateTime-Format-W3CDTF perl-Error \ perl-FreezeThaw perl-Frontier-RPC perl-GD perl-Git perl-Math-FFT perl-HTML-TableExtract \ perl-IO-Capture perl-IO-stringy perl-IPC-ShareLite perl-libapreq2 perl-MIME-Lite \ perl-MIME-tools perl-Net-IPv4Addr perl-Net-SNMP perl-Params-Validate perl-Proc-Daemon \ perl-SOAP-Lite perl-TermReadKey perl-Text-Diff perl-Unix-Syslog perl-XML-RSS perl-version \ perlAlgorithm-Diff python-cheetah python-dmidecode python-ethtool python-hashlib python-hwdata python-netaddr PyYAML \ python-simplejson rhino tzdata-java udns* [rpmforge-6] name = RPMforge for Enterprise Linux 6 - $basearch baseurl = http://apt.sw.be/redhat/el6/en/$basearch/rpmforge mirrorlist = http://apt.sw.be/redhat/el6/en/mirrors-rpmforge #mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge enabled = 1 protect = 0 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag gpgcheck = 1 includepkgs=amavisd-new arc cabextract clamav* clamd freeze lha lzop nomarch perl-Archive-Zip perl-Convert-TNEF \ perl-Convert-UUlib perl-MailTools perl-Net-Server ripole unarj zoo [spacewalk-client-6] name = Spacewalk Client for Enterprise Linux 6 - $basearch baseurl = http://spacewalk.redhat.com/yum/1.7-client/RHEL/6/$basearch/ gpgkey = http://spacewalk.redhat.com/yum/RPM-GPG-KEY-spacewalk-2012 gpgcheck=1 [epel-5] name=Extra Packages for Enterprise Linux 5 - $basearch baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch/ mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch failovermethod=priority gpgkey=http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL gpgcheck=1 enabled=1 includepkgs=bea-stax* cobbler editarea gc gc-devel git* jabberd jabberpy* jakarta-commons-cli jcommon \ jfreechart libapreq2 libgsasl* libntlm* libyaml perl-Algorithm-Diff perl-Apache-DBI \ perl-BerkeleyDB perl-Cache-Cache perl-Class-MethodMaker perl-Class-Singleton \ perl-Convert-BinHex perl-Config-IniFiles perl-Crypt-DES perl-Crypt-GeneratePassword \ perl-DateTime perl-DateTime-Format-Mail perl-DateTime-Format-W3CDTF perl-Error \ perl-FreezeThaw perl-Frontier-RPC perl-GD perl-Git perl-Math-FFT perl-HTML-TableExtract \ perl-IO-Capture perl-IO-stringy perl-IPC-ShareLite perl-libapreq2 perl-MIME-Lite \ perl-MIME-tools perl-Net-IPv4Addr perl-Net-SNMP perl-Params-Validate perl-Proc-Daemon \ perl-SOAP-Lite perl-TermReadKey perl-Text-Diff perl-Unix-Syslog perl-XML-RSS perl-version \ perlAlgorithm-Diff python-cheetah python-dmidecode python-ethtool python-hashlib python-hwdata python-netaddr PyYAML \ python-simplejson rhino tzdata-java udns* [rpmforge-5] name = RPMforge for Enterprise Linux 5 - $basearch baseurl = http://apt.sw.be/redhat/el5/en/$basearch/rpmforge mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge #mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge enabled = 1 protect = 0 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag gpgcheck = 1 includepkgs=amavisd-new arc cabextract clamav* clamd freeze lha lzop nomarch perl-Archive-Zip perl-Convert-TNEF \ perl-Convert-UUlib perl-MailTools perl-Net-Server ripole unarj zoo [spacewalk-client-5] name = Spacewalk Client for Enterprise Linux 5 - $basearch baseurl = http://spacewalk.redhat.com/yum/1.7-client/RHEL/5/$basearch/ gpgkey = http://spacewalk.redhat.com/yum/RPM-GPG-KEY-spacewalk-2012 gpgcheck=1 # # Puppetlabs # [puppetlabs] name=Puppet Labs Packages baseurl=http://yum.puppetlabs.com/el/$releasever/products/$basearch enabled=1 gpgcheck=1 gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-reductive [puppetlabs-dependencies] name=Puppet Labs Dependencies baseurl=http://yum.puppetlabs.com/el/$releasever/dependencies/$basearch enabled=1 gpgcheck=1 gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-reductive [puppetlabs-extras] name=Puppet Labs Extras baseurl=http://yum.puppetlabs.com/el/$releasever/extras/$basearch enabled=1 gpgcheck=1 gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-reductive [puppetlabs-devel] name=Puppet Labs Development baseurl=http://yum.puppetlabs.com/el/$releasever/devel/$basearch enabled=0 gpgcheck=1 gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-reductive --------------------------------------------------- Please find attached a copy of the client registration script that I use. I usually use another smaller script as a front end to this one that I invoke from a centralized server that has administrative access rights for ssh to most of the servers in the environment. Also here is the script that manages the repo pulls and builds: /usr/local/bin/spacewalk-daily #! /bin/bash -xv export MY_NAME=$_ cd /var/www/html/pub/spacewalk-client if [ ! -e spacewalk-client-tools-0.0-1.noarch.rpm ]; then wget http://stahnma.fedorapeople.org/spacewalk-tools/spacewalk-client-tools-0.0-1.noarch.rpm; fi for distro in spacewalk-client epel rpmforge puppetlabs; { for arch in x86_64 i386; { for rel in 6 5; { export releasever=$rel export TARGET_DIR=/var/www/html/pub/$distro/$rel/$arch echo $MY_NAME `date` building local repo ${TARGET_DIR} if [ ! -e "${TARGET_DIR}" ]; then mkdir -p ${TARGET_DIR} ; fi /usr/bin/reposync --arch=$arch --repoid=${distro}-$rel -c /etc/reposyncb.conf -p ${TARGET_DIR} -d -l -g -n -q > /dev/null cd ${TARGET_DIR} case "${distro}" in epel) ETH_FILE=/var/www/mrepo/rhel-server-$rel-$arch/RPMS.updates/python-ethtool*.rpm if [ -e ${ETH_FILE} ]; then cp ${ETH_FILE} ${TARGET_DIR} ; fi ;; *) ;; esac case "${rel}" in 5) echo "Using sha1" REPO_SHA="-s sha1" ;; 6) echo "Using sha256" REPO_SHA="-s sha256" ;; *) echo "No algorithm specified" REPO_SHA="" ;; esac createrepo -v ${REPO_SHA} ${TARGET_DIR} > /dev/null } } for proxy in city1 city2 city3 city4 city5; { case "${site}" in dom1*|dom2*|dom3*) export SPACEWALK_DOMAIN=company1.com ;; *) export SPACEWALK_DOMAIN=corp.company.com ;; esac rsync -avz /var/www/html/pub/$distro spacewalk-${proxy}.${SPACEWALK_DOMAIN}:/var/www/html/pub } } Robert Boyd Sr System Engineer | Peoplefluent p. 919-645-2972 | c. 919-306-4681 e. robert.b...@peoplefluent.com Visit: www.peoplefluent.com | Read: Peoplefluent Blog Follow: @peoplefluent | Download: iPad App ------------------------------------ Subject: spacewalk-client-register #! /bin/bash #! -xv # Script to register a new client to Spacewalk # $1 = section to execute: can be repo | certificates | register | re-register | vmware | [all] # $2 = override site name # # Author: Robert Boyd # Date: Fall 2012 # Spacewalk V1.7 # export WHO_AM_I_EXACTLY=$0 export WHO_AM_I=${0##./} export MY_NAME=${WHO_AM_I##*/} log_message () { echo "`date` ${MY_NAME} $@" } export host_dom=`hostname -d` #echo "host domain: ${host_dom}" if [ -n "$1" ]; then export REG_request=$1; fi if [ "$REG_request" != "help" ]; then log_message "requesting ${REG_request:=all}" export REG_request export my_site=${host_dom%%.*} if [ -n "$2" ]; then export site=$2 ; fi log_message "Site: ${site:=$my_site}" fi # # Fix up the repo addresses to point to the right server # replace_url () { # replace_url: function to replace original URL strings with new ones for internal repos for spacewalk-client, EPEL and rpmforge # args: $1=original; $2=replacement; $3=filename(s) # /usr/bin/perl -p -i.bak -e "s|$1|$2|g" $3 } replace_first_occurrence () { # replace_url: function to enable/disable only the 1st repository reference in a file # args: $1=filename(s) # $2=REPO ENABLE/DISABLE Switch # FN=${1##./} RF=${FN##*/} RN=${RF%%.*} echo RN=$RN REPOSWITCH=$2 if [ "$2" = "" ]; then REPOSWITCH=1 ; fi echo REPOSWITCH=$REPOSWITCH /usr/bin/perl -sp -i.bak -e '!$y and /\[${RN}/ and !/\[${RN}-/ && print ; !$x and s/(enabled?)\s*=\s*[01]+/${1}=${REPOSWITCH}/ and $x++ ; $y++' -- -RN=$RN -REPOSWITCH=$REPOSWITCH $1 } import_repos () { log_message "Base Architecture: ${BASEARCH}, Release No: ${RELEASE_NO}" log_message "EPEL ${REL_NO} selected for ${BASEARCH} epel-release $EPEL_REL }" yum clean all chattr -i /etc/yum.repos.d/*.repo for REPO_FILE in `ls /etc/yum.repos.d/*.repo` do case ${REPO_FILE##.*} in rhel5) replace_url "https:/*.company3.com/mrepo/rhel${REL_NO}-server-${BASEARCH}/RPMS.os/" "https://${SPACEWALK_SERVER}/mrepo/rhel-server-${REL_NO}-${BASEARCH}/" ${REPO_FILE} ;; spacewalk-client|epel|rpmforge|reposync|mcafee|company3|hp) # Do nothing for now echo "Leaving Repo ${REPO_FILE##*/} as is" ;; *) echo "Disabling Repo ${REPO_FILE##*/}" replace_url "enabled=1" "enabled=0" ${REPO_FILE} replace_url "enabled = 1" "enabled = 0" ${REPO_FILE} ;; esac done # # remove old site specific yum configs built for use with mrepo and other previous implementations. You may not need something like this. # for yumsite in site8 site0 site1 site3 site6 site9 site7 do for yumarch in 32 64 do if rpm -q company3-yumconf-${yumsite}${yumarch} > /dev/null ; then yum remove company3-yumconf-${yumsite}${yumarch}; fi done if rpm -q company3-yumconf-${yumsite} > /dev/null ; then yum remove company3-yumconf-${yumsite}; fi done case ${REL_NO} in 5|6) log_message "Linking to spacewalk-client, EPEL and rpmforge(repoforge) repositories" # For CentOS/RHEL 5 & 6: # Install link to the nearest spacewalk yum repository (release dependent, architecture independent) # original repository: # rpm -Uvh http://spacewalk.redhat.com/yum/1.7/RHEL/${REL_NO}/i386/spacewalk-client-repo-1.7-5.el${REL_NO}.noarch.rpm # inhouse repository: rpm -Uvh http://${SPACEWALK_SERVER}/pub/spacewalk-client/spacewalk-client-repo-1.7-5.el${REL_NO}.noarch.rpm # install link to nearest EPEL yum repository ( release dependent, architecture independent) # original repository: # rpm -Uvh http://dl.fedoraproject.org/pub/epel/${REL_NO}/$BASEARCH/epel-release-${EPEL_REL}.noarch.rpm # inhouse repository: rpm -Uvh http://${SPACEWALK_SERVER}/pub/epel/epel-release-${EPEL_REL}.noarch.rpm # RPMFORGE/REPOFORGE rpm -Uvh http://${SPACEWALK_SERVER}/pub/rpmforge/rpmforge-release-0.5.2-2.el${REL_NO}.rf.${BASEARCH}.rpm # Update all of the yum repo configuration files to point to our internal mirror(s) of these 3 repositories because of firewalls # spacewalk-client fixups for NEXT_FILE in /etc/yum.repos.d/spacewalk-client.repo /etc/reposync.conf; do if [ -e ${NEXT_FILE} ]; then log_message "Updating remote server info for spacewalk-client in file ${NEXT_FILE}" replace_url "spacewalk.*.corp.company3.com" "${SPACEWALK_SERVER}" ${NEXT_FILE} replace_url "spacewalk.redhat.com" "${SPACEWALK_SERVER}" ${NEXT_FILE} replace_url "yum/RPM-GPG-KEY-spacewalk-2012" "pub/spacewalk-client/RPM-GPG-KEY-spacewalk-2012" ${NEXT_FILE} replace_url "yum/1.7-client/RHEL/" "pub/spacewalk-client/" ${NEXT_FILE} replace_first_occurrence ${NEXT_FILE} 1 fi done # epel fixups for NEXT_FILE in /etc/yum.repos.d/epel.repo /etc/reposync.conf; do if [ -e ${NEXT_FILE} ]; then replace_url "#baseurl=http://download.fedoraproject.org/" "baseurl=http://${SPACEWALK_SERVER}/" ${NEXT_FILE} replace_url "baseurl=http://download.fedora.redhat.com/" "baseurl=http://${SPACEWALK_SERVER}/" ${NEXT_FILE} replace_url "http://download.fedora.redhat.com/" "http://${SPACEWALK_SERVER}/" ${NEXT_FILE} replace_first_occurrence ${NEXT_FILE} 1 fi done # rpmforge fixups for NEXT_FILE in /etc/yum.repos.d/rpmforge.repo /etc/reposync.conf; do log_message "Updating baseurl for file ${NEXT_FILE}" if [ -e ${NEXT_FILE} ]; then for FIX_ARCH in i386 x86_64; do for FIX_REL in 5 6; do replace_url "apt.sw.be/.*/rpmforge\$" "${SPACEWALK_SERVER}/pub/rpmforge/${FIX_REL}/\\\$basearch" ${NEXT_FILE} replace_url "^mirrorlist\b" "#mirrorlist" ${NEXT_FILE} replace_first_occurrence ${NEXT_FILE} 1 done done fi done # Install the Red Hat Network client utilities with yum yum install -y rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin # yum clean all yum --verbose repolist # Disable the temporary repos for NEXT_FILE in /etc/yum.repos.d/spacewalk-client.repo /etc/yum.repos.d/epel.repo /etc/yum.repos.d/rpmforge.repo; do replace_first_occurrence ${NEXT_FILE} 0 done ;; 4) log_message "Linking to spacewalk-client repository" # For CentOS/RHEL 4: # rpm -ivh http://stahnma.fedorapeople.org/spacewalk-tools/spacewalk-client-tools-0.0-1.noarch.rpm rpm --import /usr/share/rhn/RPM-GPG-KEY rpm -ivh http://${SPACEWALK_SERVER}/pub/spacewalk-client/spacewalk-client-tools-0.0-1.noarch.rpm replace_url "spacewalk.redhat.com" "${SPACEWALK_SERVER}" /etc/yum.repos.d/spacewalk-client-tools.repo # yum install up2date up2date up2date ;; *) # we don't know what to do for this version log_message "This script does not handle Linux Release ${RELEASE_STR}-${BASEARCH}" echo "Exiting" exit 1 ;; esac } install_certs () { cd /tmp # # Register certificates that we need # log_message "Registering SSL and GPG certificates" wget http://${SPACEWALK_SERVER}/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm wget http://${SPACEWALK_SERVER}/pub/RPM-GPG-KEY-redhat-release rpm -v --import http://${SPACEWALK_SERVER}/pub/spacewalk-client/RPM-GPG-KEY-spacewalk-2012 rpm -v --import RPM-GPG-KEY-redhat-release rpm -ivh rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm # # Fix up up2date to use SSL Certificate # replace_url RHNS-CA-CERT RHN-ORG-TRUSTED-SSL-CERT /etc/sysconfig/rhn/up2date replace_url "xmlrpc.rhn.redhat.com" "${SPACEWALK_SERVER}" /etc/sysconfig/rhn/up2date } register_me () { if [ -n "$1" ]; then FORCE="--force" ; fi # # Finally ... what we've all been waiting for -- register this server as a client! # log_message "Registering client `hostname` to Spacewalk via nearest Proxy/Server" log_message "Registering `hostname` as a client of ${SPACEWALK_SERVER} for updates & patches." echo "Please be patient -- this may take a little while." rhnreg_ks --serverUrl=http://${SPACEWALK_SERVER}/XMLRPC --activationkey=2-PF-spacewalk-RHEL${REL_NO}-${BASEARCH} ${FORCE} } vmware_auto_update () { # # Add vmware-config-tools auto update for systems with VMware Tools installed # if [ -e /usr/bin/vmware-config-tools.pl ]; then log_message "configuring auto configure on boot with new kernel for VMware Tools" wget -qO- http://${SPACEWALK_SERVER}/pub/auto-fixup-vmware.sh | /bin/bash else log_message "auto configure for VMware Tools already configured" fi } configure () { # First we figure out which server we should register through based on the domain name # Determine the site, then based on the site select the appropriate server/proxy case "${site}" in site7|site4|company2) export SPACEWALK_DOMAIN=site4.company2.com ;; wal|msp|labs) export SPACEWALK_DOMAIN=company.com ;; *) export SPACEWALK_DOMAIN=corp.company3.com ;; esac if [ ${BASH_VERSINFO[0]} -ge 4 ]; then declare -A SPACEWALK_SERVERS # # corp defaults to null string # SPACEWALK_SERVERS=( ['corp']= ['site6']=-city1 ['site3']=-city3 ['site9']=-city4 ['site10']=-city4 ['msp']=-city4 ['site1']=-city0 ['site0']= ['site7']=-city2 ['site4']=-city2 ['company2']=-city2 ) export SPACEWALK_SERVER=spacewalk${SPACEWALK_SERVERS[$site]}.${SPACEWALK_DOMAIN} # log_message "Spacewalk Server: $SPACEWALK_SERVER" else case "${site}" in site3) export SITE_PART=-city3 ;; site7|site4|company2) export SITE_PART=-city2 ;; site6) export SITE_PART=-city1 ;; wal|labs|msp) export SITE_PART=-city4 ;; site1) export SITE_PART=-city0 ;; corp|site0|*) export SITE_PART= ;; esac # log_message "Site selection string: $SITE_PART" SPACEWALK_SERVER=spacewalk${SITE_PART}.${SPACEWALK_DOMAIN} fi log_message "Nearest Spacewalk Server/Proxy: ${SPACEWALK_SERVER}" # Determine what architecture and release number we are running export BASEARCH=$(uname -i) export RELEASE_STR=`uname -r` export RELEASE_NO=`expr match "${RELEASE_STR}" '.*\(\(.el\|.es\|.as\)[0-9]\|.EL\)'` RELEASE_NO=${RELEASE_NO:1} export REL_NO=${RELEASE_NO:2} # determine which EPEL yum repository to use ( release dependent, architecture independent) case ${RELEASE_NO} in EL|el4|es4|as4) REL_NO=4 export EPEL_REL="0.0-1" ;; el5) export EPEL_REL="5-4" ;; el6) export EPEL_REL="6-7" ;; *) echo "This script does not handle Linux Release ${RELEASE_NO}-${BASEARCH}" echo "Exiting" exit 1 ;; esac } # end of configure case "${REG_request}" in help) echo "Usage: ${WHO_AM_I} { repo | certificates | register | re-register | vmware | [all] } [site]" rc=$? ;; *) configure log_message "Requesting $REG_request for spacewalk client `hostname`" case "${REG_request}" in repo) echo "Set up repositories and links" import_repos ; rc=$? ;; cert*) install_certs ; rc=$? ;; reg*) register_me ; rc=$? ;; re-reg*) install_certs register_me T ; rc=$? ;; vmware*) vmware_auto_update ; rc=$? ;; all) import_repos install_certs register_me vmware_auto_update rc=$? ;; help) ;; *) echo "Invalid option ${REG_request}" ${WHO_AM_I_EXACTLY} help exit 2 ;; esac ;; esac exit $rc _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list