[Spacewalk-list] Can spacewalk be used on a disconnected network?

Fabian Bosch fabian.bosch at daasi.de
Wed Jan 24 10:41:44 UTC 2018 

Dear Paul

Wafa isn't quite right. Of course, Spacewalk needs some kind of upstream 
repositories to stay up-to-date. But those Repos you can mirror in a 
somehow "connected" network (internal or DMZ). If you want to provide 
those up-to-date repos to "disconnected" clients you can use the 
Spacewalk-Proxy architecture to connect such clients (secured) to a 
"connected" and up-to-date Spacewalk-server.
In this case you have full traffic-control between hidden proxy and 
public Spacewalk-server which might meet your security-requirements 
since you only need two ports to open for basic functionality.


regards,

Fabian


Am 24.01.2018 um 10:46 schrieb Sadri, Wafa (BITBW):
>
> Dear Paul,
>
> Spacewalk is a great tool to manage servers „offline“ and act as a 
> local repository. You can deploy servers using spacewalks internal 
> kickstart functionality. I have not used it myself, because I run a 
> seperate kickstart server. You can also use it to deploy „security 
> configurations“ via the configuration channels which your servers can 
> subscribe to.
>
> However keep in mind that you should connect the spacewalk to the 
> internet to be able to download the latest patches for your servers 
> once in a while. I recommend to install the server while connected to 
> the internet. It makes life much easier. There’s no good way to 
> populate channels with rpms properly, if you’re not connected tot he 
> internet.
>
> Hope this helps.
>
> regards,
>
> Wafa
>
> *Von:*spacewalk-list-bounces at redhat.com 
> [mailto:spacewalk-list-bounces at redhat.com] *Im Auftrag von *Paul Greene
> *Gesendet:* Mittwoch, 24. Januar 2018 05:16
> *An:* spacewalk-list at redhat.com
> *Betreff:* [Spacewalk-list] Can spacewalk be used on a disconnected 
> network?
>
> Hi All,
>
> I have a requirement to manage a bunch of CentOS servers that are all 
> disconnected from the internet. These are the kinds of things I'm 
> looking to accomplish:
>
> yum updates and security patches, preferably for multiple version #s 
> of CentOS 6.7, 6.8, 6.9, and 7.x
>
> rapid deployment of new servers, preferably with predefined security 
> configurations; currently, the systems are primarily physical, 
> virtualization might come later
>
> sometimes the "rapid deployment of servers" might include blowing away 
> what is currently on an existing server and reinstalling a fresh system
>
> For the building of the spacewalk server itself, how complicated is it 
> to build the server itself offline - i.e. resolving all the 
> dependencies and populating with all the needed rpms? (It might be 
> possible to build the server connected to the internet initially, and 
> then move it offline)
>
> Is spacewalk a good tool to meet these requirements?
>
> Paul
>
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list

-- 
     --
     Fabian Bosch, Solutions-Engineer

     DAASI International GmbH
     Europaplatz 3
     D-72072 Tübingen
     Germany

     phone: +49 7071 407109-0
     fax:   +49 7071 407109-9

     email: fabian.bosch at daasi.de
     web:   www.daasi.de

     Sitz der Gesellschaft: Tübingen
     Registergericht: Amtsgericht Stuttgart, HRB 382175
     Geschäftsleitung: Peter Gietz

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20180124/e75c4d9f/attachment.htm>

More information about the Spacewalk-list mailing list