[Spacewalk-list] Firewall requires internal Mirroring EPEL and spacewalk repos

Boyd, Robert Robert.Boyd at peoplefluent.com
Wed Aug 22 19:41:11 UTC 2012 

Thank you for the pointer.   I'm setting up channels or sub-channels for the EPEL and spacewalk distros now. I'll still have to figure out what the URL will be for adding to yum on the new clients so they can find it.

If you look in the text below everywhere it says to install spacewalk-client-repo or epel-release I'm going to be able to pull down those RPMs and install them         -- then I'll need to go into the /etc/yum.repos.d/spacewalk.repo and epel.repo and fix up the baseurl to point to something on my Spacewalk server and/or proxy server.   That's the part I'm uncertain of at this point.    Or do I have to copy/link the files from inside of spacewalk's repositories to something accessible underneath the /pub tree and use that as the baseurl?

Ultimately I'd like to add a section for the Wiki instructions that shows new people how to do this process if they're faced with the same hurdle.   There's no reason for each new spacewalk administrator to have to re-invent this stuff.

I think I must beg to differ with you on the EPEL point though.  Here is the text from the Wiki for registering clients for RHEL:

Red Hat Enterprise Linux 5 and 6, Scientific Linux 6, CentOS 5 or 6
Warning: If you are installing these packages on a Red Hat Enterprise Linux installation it will override some of the original base packages and you may well be invalidating your support agreement with Red Hat!

 1.  Install the Spacewalk yum repository

 *   RHEL 5 / CentOS 5
*  # rpm -Uvh http://spacewalk.redhat.com/yum/1.7/RHEL/5/i386/spacewalk-client-repo-1.7-5.el5.noarch.rpm

 *   RHEL 6 / SL 6 / CentOS 6
*  # rpm -Uvh http://spacewalk.redhat.com/yum/1.7/RHEL/6/i386/spacewalk-client-repo-1.7-5.el6.noarch.rpm

 1.  The latest client tools bring the upstream development to your client boxes. That means that the packages may have dependencies that are not found in core Red Hat Enterprise Linux. These dependencies can be found in EPEL, just like for the Spacewalk server:

 *   EPEL 5
*  # BASEARCH=$(uname -i)
*  # rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/$BASEARCH/epel-release-5-4.noarch.rpm

 *   EPEL 6
*  # BASEARCH=$(uname -i)
*  # rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/$BASEARCH/epel-release-6-7.noarch.rpm

 1.  Install client packages
4.  # yum install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin

 1.  Register your CentOS or Red Hat Enterprise Linux system to Spacewalk using the activation key you created earlier
6.  # rhnreg_ks --serverUrl=http://YourSpacewalk.example.org/XMLRPC --activationkey=<key-with-rhel-custom-channel>

From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Paul Robert Marino
Sent: Wednesday, August 22, 2012 2:43 PM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] Firewall requires internal Mirroring EPEL and spacewalk repos

Well the important thing if you want to register existing clients is to install the packages in the spacewalk client repo,  EPEL is not required for this.

after you do that you just need to run rhnreg_ks with the activation key for the appropriate base channel and the server url

If you dont intend to run osad you will need to run rhnsd instead which does check ins with the spacewalk server at regular intervals. The big difference betwean the two is osad keeps an active encrypted connection to a jabber instance running on the spacewalk server so they can communicate in real time, and rhnsd runs rhn_check every few minutes to check if any thing needs to be executed via the XML RPC API via https.

As far as what url to use for mirroring EPEL just look at a box that already has EPEL configured in yum and copy url in the mirrorlist and or baseurl fields from /etc/yum.repos.d/epel.repo.
On Wed, Aug 22, 2012 at 2:00 PM, Boyd, Robert <Robert.Boyd at peoplefluent.com<mailto:Robert.Boyd at peoplefluent.com>> wrote:
I see your point - I'm just not sure how this actually will work.   I'm still learning how things tie together.   If I want to  have Spacewalk mirror EPEL and Spacewalk Client, what are the URLs I would use to create repositories in Spacewalk?   And then what does the yum repo link look like to be able to install the client software on a new client?   Surely someone has had to do this before for an environment where the clients aren't allowed to face the Internet directly.
Or I suppose I could create a sub-directory under http://spacewalkhost/pub  with the specific rpms linked into it and pull them down that way.   What I'm looking for is the most reasonable way to make it work with the least amount of ongoing maintenance required to keep it up to date.
Thanks,
Robert
From: spacewalk-list-bounces at redhat.com<mailto:spacewalk-list-bounces at redhat.com> [mailto:spacewalk-list-bounces at redhat.com<mailto:spacewalk-list-bounces at redhat.com>] On Behalf Of Paul Robert Marino
Sent: Tuesday, August 21, 2012 7:36 PM
To: spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>
Subject: Re: [Spacewalk-list] Firewall requires internal Mirroring EPEL and spacewalk repos

Keep in mind as long as you don't use osad its all https so I don't see the point.
On Aug 21, 2012 7:29 PM, "Paul Robert Marino" <prmarino1 at gmail.com<mailto:prmarino1 at gmail.com>> wrote:

Well yea but why not just have spacewalk directly mirror epel and cut out the middle man
On Aug 21, 2012 7:01 PM, "Boyd, Robert" <Robert.Boyd at peoplefluent.com<mailto:Robert.Boyd at peoplefluent.com>> wrote:
It appears that due to firewalling and such I'll need to build an internal yum repo mirror of EPEL and spacewalk repos.   I have mrepo running on my spacewalk master server.   Can I easily tell mrepo to mirror those 2 so I can serve them internally from there?
And, question #2 - if I have spacewalk proxy servers running, can I use them as repo mirrors too with what's already installed on them, or will I need to install mrepo or figure out using createrepo to do that?
Thanks for any tips you might think of for doing this.

Robert Boyd
Senior Systems Engineer
Phone: 919-645-2972<tel:919-645-2972>
Mobile: 919-306-4681<tel:919-306-4681>
Peoplefluent
434 Fayetteville Street
Raleigh, NC  27601

robert.boyd at peoplefluent.com<mailto:michael.dileonardo at peoplefluent.com>

[cid:image001.png at 01CD807B.4C402F60]



This email message is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20120822/6a282160/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4488 bytes
Desc: image001.png
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20120822/6a282160/attachment.png>

More information about the Spacewalk-list mailing list