Kickstart Fedora 17 from Spacewalk

References

• https://fedorahosted.org/spacewalk/wiki/HowToKickstartCobbler
• https://fedorahosted.org/spacewalk/wiki/ManagingFedoraSystems

Kickstart with registration to Spacewalk

Fedora 17 has some 26,000 packages on the Base Channel.  The Distribution Tree's repodata, as supplied by a DVD ISO image, has a few thousand.  Guess what:

1. there are four packages required as dependencies of Spacewalk-client v1.7 that are not on the standard DVD ISO!
2. the packages on the Base Channel from spacewalk are not accessible during a kickstart because the repodata for the base channel is supplied externally from Spacewalk, the Distro-Tree.  However, child channels' repodata are available during a kickstart.  Who designs this rubbish?

The solution is to create a new "child channel" of the Fedora 17 Base Channel in your spacewalk server.  The name is irrelevant but it seems to be convention to put "-tools" in its name.  Once you have your empty child channel add the following four packages from the parent/base channel.  Essentially these four packages will be frozen in time so even as the parent channel receives updates the child channel will not, unless compare the parent and child and promote the updates into the child channel manually.

• m2crypto
• python-dmidecode
• python-gudev
• python-hwdata

I also had to add a few packages manually to the kickstart's package list that were not being installed for me even though spacewalk had put instructions into the kickstart to use some of the commands from these packages.  Maybe I had another issue but I don't think so.  So manually add the following packages to the kickstart software packages list:

• rhn-client-tools
• rhn-setup

Distro-Trees

In regard to "distro-trees" you need some files from three directories from the DVD ISO image, at least for Fedora17.  This is a huge space saver.  It is strange that we have to use the metadata from a static DVD image.  However I understand the requirement from vmlinuz, initrd.img and squashfs.img.

• images/pxeboot/vmlinuz
• images/pxeboot/initrd.img
• LiveOS/squashfs.img
• repodata/*
  

Spacewalk Profile Re-connect option

If you enable "Re-connect to the existing system profile. Do not create a new system profile." in a kickstart profile under System Details -> Details -> Spacewalk Profile then your brand new system will fail to register on the first kickstart.  Manually register it once and from then on it will continue using the existing profile.

sha512 password hashes for /etc/shadow

cat passwd_hash_sha512.pl

#!/usr/bin/perl
#===============================================================================
#
# FILE: passwd_hash_sha512.pl
#
# USAGE: ./passwd_hash_sha512.pl
#
# DESCRIPTION: Generate the password hash for /etc/shadow using the sha512 algorithim.
#
# OPTIONS: ---
# REQUIREMENTS: ---
# BUGS: ---
# NOTES: ---
# AUTHOR: Andrew Spurrier,
# COMPANY:
# VERSION: 1.0
# CREATED: 11/06/12 21:00:15
# REVISION: ---
#===============================================================================

use strict;
use warnings;

my $salt = join "", (".", "/", 0..9, "A".."Z", "a".."z")[rand 64, rand 64, rand 64, rand 64];
my $pass1;
my $pass2;


$salt="\$6\$$salt\$";
print "$salt\n";

# request and verify the password from the user.
system "stty -echo";
print "The following password will be converted into a hash using sha512. The output is suitable for /etc/shadow.\n";
print "Password: ";
chomp($pass1 = <stdin>);
print "\n";
print "Verify: ";
chomp($pass2 = <stdin>);
print "\n";
system "stty echo";

if ($pass1 ne $pass2)
{
print "The passwords did not match.\n";
exit 1;
}

print "Password Hash is: ";
print crypt($pass1, $salt) . "\n";

exit 0;