This is a continuation of the Spacewalk series , more information such as the initial setup and other features is available from the tag index. The establishment of standards and baselines in an enterprise environment is an important step toward improving the general state of information security. It allows the assurance that all systems used within the business meet minimum security requirements.

Configuration files

Configuration files are group by channels, and configuration channels are assigned to systems through activation keys. By grouping config's and activation keys by function, management of servers becomes a breeze!. Configuration files can be managed via either the web interface under the configuration tab or via spacecmd. Spacecmd offers the following config management functions as of spacewalk 2.2. I highly recommend becoming familiar with the use of spacecmd as it makes spacewalk management much easier

spacecmd {SSM:0}> configchannel_
configchannel_addfile      configchannel_create       configchannel_diff         configchannel_forcedeploy  configchannel_listfiles    configchannel_sync
configchannel_backup       configchannel_delete       configchannel_export       configchannel_import       configchannel_listsystems  configchannel_updatefile
configchannel_clone        configchannel_details      configchannel_filedetails  configchannel_list         configchannel_removefiles  configchannel_verifyfile
Configuration channels can hold any files, however by default there is a maximum file size that it is able to hold, this can be modified by setting the variables maximum_config_file_size and web.maximum_config_file_size in /etc/rhn/rhn.conf. This will be required if you wish to store larger files such as file archives within spacewalk.
When creating files through the web interface it is possible to set the file ownership, permissions and SELinux context, setting these correctly can save hours of headache in the future!.

Once you have uploaded all the files you wish to be managed by spacewalk you must assign your configuration channel to an activation key. You are able to have multiple configuration channels per activation key, if there are conflicting files within two configuration channels then the channel with the higher priority within the activation key will be used. If registering a system with multiple activation keys then the order of activation keys is used to decide the channel priority with the first activation key being used as the primary source of files, secondary key's configuration files will be deployed but will not override any files managed from the first activation key.

To use the configuration file deployment within activation keys the permission must be set within the key, this can be done by setting the Provisioning and Monitoring entitlements, followed by adding the configuration file permission.


Once adding all you configuration files to the channel, and assigning the channel to the activation key you are then able to move onto creating a kickstart to get a standard build process moving. In the web interface browse to Systems -> Kickstarts -> Profiles and click the create new kickstart. Follow the wizard choosing your settings. When setting the root password keep in mind that although it is stored in a hashed format, it is publicly available to anyone who has access to the spacewalk server, so setting a strong but default password is recommend, and then change this as part as the install process.

Under the Details tab, check the logging options and preserve ks.cfg to save a log to the booted server for future reference. Go through selecting all te options you want, such as enabling configuration management, selecting activation keys and adding Pre / post scripts. And that's all there really is to kickstarts!