Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
systemsmanagement:Uyuni:Master
spacewalk-config
spacewalk-config-git-0.ecad5f1.obscpio
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File spacewalk-config-git-0.ecad5f1.obscpio of Package spacewalk-config
07070100000000000041FD0000000000000000000000056634DB6700000000000000000000000000000000000000000000001100000000spacewalk-config07070100000001000081B40000000000000000000000016634DB67000046AC000000000000000000000000000000000000001900000000spacewalk-config/LICENSE GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. <one line to give the program's name and a brief idea of what it does.> Copyright (C) <year> <name of author> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. <signature of Ty Coon>, 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. 07070100000002000041FD0000000000000000000000056634DB6700000000000000000000000000000000000000000000001500000000spacewalk-config/etc07070100000003000041FD0000000000000000000000036634DB6700000000000000000000000000000000000000000000001B00000000spacewalk-config/etc/httpd07070100000004000041FD0000000000000000000000026634DB6700000000000000000000000000000000000000000000002200000000spacewalk-config/etc/httpd/conf.d07070100000005000081B40000000000000000000000016634DB670000013E000000000000000000000000000000000000003100000000spacewalk-config/etc/httpd/conf.d/os-images.confAlias /os-images /srv/www/os-images Alias /tftp /srv/tftpboot <Directory "/srv/www/os-images"> SetEnv VIRTUALENV Options Indexes Require all granted </Directory> <Directory "/srv/tftpboot"> SetEnv VIRTUALENV Options FollowSymLinks AllowOverride None Require all granted </Directory> 07070100000006000081B40000000000000000000000016634DB67000000BB000000000000000000000000000000000000003000000000spacewalk-config/etc/httpd/conf.d/z-public.confAlias /pub /srv/www/htdocs/pub <Directory "/srv/www/htdocs/pub"> SetEnv VIRTUALENV Options Indexes SymLinksIfOwnerMatch Require all granted AllowOverride All </Directory> 07070100000007000081B40000000000000000000000016634DB6700001C82000000000000000000000000000000000000003800000000spacewalk-config/etc/httpd/conf.d/zz-spacewalk-www.conf# Do not edit this file directly it will be overwritten by updates. Instead create your own custom config alongside it. Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \ \"%r\" %b \"%{Referer}i\" \"%{User-Agent}i\" %>s T%{ms}T" ssl_combined DocumentRoot "/usr/share/susemanager/www/htdocs" <Directory "/usr/share/susemanager/www/htdocs"> Options Indexes FollowSymLinks AllowOverride All <IfVersion <= 2.2> Order allow,deny Allow from all </IfVersion> <IfVersion >= 2.4> Require all granted </IfVersion> ExpiresActive On <FilesMatch "\.(js|css|ico|gif|png|pdf)$"> ExpiresDefault A86400 Header append Cache-Control "public" </FilesMatch> </Directory> Alias /icons/ "/usr/share/apache2/icons/" <Directory "/usr/share/apache2/icons"> Options Indexes MultiViews AllowOverride None <IfModule !mod_access_compat.c> Require all granted </IfModule> <IfModule mod_access_compat.c> Order allow,deny Allow from all </IfModule> </Directory> ScriptAlias /cgi-bin/ "/usr/share/susemanager/www/cgi-bin/" <Directory "/usr/share/susemanager/www/cgi-bin"> AllowOverride None Options +ExecCGI -Includes <IfModule !mod_access_compat.c> Require all granted </IfModule> <IfModule mod_access_compat.c> Order allow,deny Allow from all </IfModule> </Directory> # generic html; no session for vulnerability bots ErrorDocument 404 /rhn/errors/404.jsp ErrorDocument 500 /rhn/errors/500.jsp <IfModule !proxy_ajp_module> LoadModule proxy_ajp_module modules/mod_proxy_ajp.so </IfModule> <IfModule !proxy_wstunnel_module> LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so </IfModule> # Turn rewrite engine on so we can use it for # kickstart requests. RewriteEngine on RewriteOptions inherit SSLProxyEngine on # This rule handles incoming kickstart file requests from # machines actually performing a kickstart. This rule # processes the incoming URL and converts it into something # slightly more Struts friendly. RewriteRule ^/ks/cfg([-a-zA-Z0-9\._/\%\ ]*)$ /rhn/kickstart/DownloadFile.do?ksurl=$1 RewriteRule ^/download/(.*)$ /rhn/common/DownloadFile.do?url=/$1 RewriteRule ^/rpc/api /rhn/rpc/api RewriteRule ^/ks/dist(.*)$ /rhn/common/DownloadFile.do?url=/ks/dist$1 "[B= ?+,BNP]" RewriteRule ^(/ty/.*)$ /rhn/common/DownloadFile.do?url=$1 RewriteRule ^/index\.html$ /rhn/manager/login # for saltboot image redirection RewriteRule ^(/saltboot/.*)$ /rhn$1 # For rhn-custom-info RewriteRule ^/WEBRPC /rhn/rpc/api # TEMPORARY: Next two rewrite rules are required for backward compatibility only. # Should be deleted when all managed debian based systems updated with flat repos. RewriteRule ^/rhn/manager/download/dists/(.*)/main/(.*)/(Packages.*)$ /rhn/manager/download/$1/repodata/$3 RewriteRule ^/rhn/manager/download/dists/(.*)/(InRelease|Release.*)$ /rhn/manager/download/$1/repodata/$2 # Rewrite rule for APT repos metadata RewriteRule ^/rhn/manager/download/(.*)/(InRelease|Release.*|Packages.*)$ /rhn/manager/download/$1/repodata/$2 # Workaround for SLE11 Kiwi that unconditionally appends extra params to https urls RewriteCond %{QUERY_STRING} ^(.*)\?credentials=kiwiRepoCredentials$ RewriteRule ^(/rhn/manager/download/.*)$ $1?%1 # increase timeout on proxy requests ProxyTimeout 600 <IfModule proxy_ajp_module> <Proxy ajp://localhost:8009> ProxySet min=1 </Proxy> RewriteRule ^/rhn/Login2\.do ajp://localhost:8009/rhn/manager/login [P] RewriteCond %{REQUEST_URI} !^/rhn/websocket RewriteCond %{REQUEST_URI} !^/rhn/websockify RewriteRule ^/rhn(.*) ajp://localhost:8009/rhn$1 [P] </IfModule> <IfModule proxy_wstunnel_module> ProxyPass "/rhn/websocket" "ws://localhost:8080/rhn/websocket" ProxyPass "/rhn/websockify" "ws://localhost:8050/" </IfModule> # mod_xsendfile configuration XSendFile on XSendFilePath /var/spacewalk/packages XSendFilePath /var/spacewalk/rhn/comps XSendFilePath /var/spacewalk/rhn/modules XSendFilePath /var/cache/rhn/repodata <Directory /var/spacewalk/packages> <IfVersion <= 2.2> Order allow,deny Allow from all </IfVersion> <IfVersion >= 2.4> Require all granted </IfVersion> </Directory> <Directory /var/cache/rhn/repodata> <IfVersion <= 2.2> Order allow,deny Allow from all </IfVersion> <IfVersion >= 2.4> Require all granted </IfVersion> </Directory> RedirectMatch ^/renew/.* https://scc.suse.com/ # switch all cookies into HttpOnly cookies # we have to do it on apache level because tomcat5-5.5.23 doesn't support them Header edit Set-Cookie ^(pxt-session-cookie=.*)$ "$1; HttpOnly" Header edit Set-Cookie ^(JSESSIONID=.*)$ "$1; HttpOnly" # Disable TRACE and TRACK RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] ServerTokens Prod ServerSignature Off #prevent directory listing on these directories <Directory "/var/www/html/css"> Options None </Directory> <Directory "/var/www/html/errors"> Options None </Directory> <Directory "/var/www/html/fonts"> Options FollowSymLinks </Directory> <Directory "/var/www/html/img"> Options None </Directory> <Directory "/var/www/html/javascript"> Options None </Directory> # security related rules # Whitelist of URIs that can be cached by a proxy SetEnvIf Request_URI "/XMLRPC/GET-REQ" susemanager_static SetEnvIf Request_URI "/ks/dist" susemanager_static SetEnvIf Request_URI "/img" susemanager_static SetEnvIf Request_URI "/css" susemanager_static SetEnvIf Request_URI "/fonts" susemanager_static SetEnvIf Request_URI "/javascript" susemanager_static SetEnvIf Request_URI "/pub" susemanager_static SetEnvIf Request_URI "/errors" susemanager_static SetEnvIf Request_URI "/rhn/manager/download" susemanager_static SetEnvIf Request_URI "/os-images" susemanager_static SetEnvIf Request_URI "/saltboot" susemanager_static SetEnvIf Request_URI "/tftp" susemanager_static # Any non-whitelisted URI will not be cached by default Header set Cache-Control "no-cache,no-store,must-revalidate,private" env=!susemanager_static Header set Pragma "no-cache" env=!susemanager_static Header set Expires 0 env=!susemanager_static Header unset ETag Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure Header always append X-Frame-Options SAMEORIGIN Header set Content-Security-Policy: "default-src 'self' https: wss: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ;style-src 'self' https: 'unsafe-inline' " Header set X-XSS-Protection "1; mode=block" Header set X-Content-Type-Options "nosniff" Header set X-Permitted-Cross-Domain-Policies "master-only" # make sure the js MIME is not x-js AddType "application/javascript" .js # Make sure modules are loaded for response compression <IfModule !filter_module> LoadModule filter_module modules/mod_filter.so </IfModule> <IfModule !deflate_module> LoadModule deflate_module modules/mod_deflate.so </IfModule> # Enable response compression for text types <IfModule mod_deflate.c> AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json application/xml </IfModule> 07070100000008000041FD0000000000000000000000036634DB6700000000000000000000000000000000000000000000001900000000spacewalk-config/etc/rhn07070100000009000041FD0000000000000000000000026634DB6700000000000000000000000000000000000000000000002D00000000spacewalk-config/etc/rhn/spacewalk-repo-sync0707010000000A000081B40000000000000000000000016634DB6700000041000000000000000000000000000000000000003600000000spacewalk-config/etc/rhn/spacewalk-repo-sync/uln.conf[main] username = <your uln user name> password = <uln password> 0707010000000B000081B40000000000000000000000016634DB6700000002000000000000000000000000000000000000001D00000000spacewalk-config/etc/satname1 0707010000000C000041FD0000000000000000000000026634DB6700000000000000000000000000000000000000000000001F00000000spacewalk-config/etc/sudoers.d0707010000000D000081B40000000000000000000000016634DB67000003B8000000000000000000000000000000000000002900000000spacewalk-config/etc/sudoers.d/spacewalk## RHN specifics ## Cmnd_Alias CONFIG_RHN = /usr/sbin/rhn-sat-restart-silent,\ /usr/bin/rhn-config-satellite.pl,\ /usr/bin/rhn-bootstrap,\ /usr/bin/rhn-ssl-tool,\ /sbin/service taskomatic restart,\ /usr/sbin/mgr-monitoring-ctl,\ /usr/bin/instance-flavor-check # The CONFIG_RHN commands are required for reconfiguration of a # running Red Hat Satellite. They should be enabled for proper operation # of the Red Hat Satellite. tomcat ALL=(root) NOPASSWD: CONFIG_RHN # These two directives allow tomcat and apache to invoke CONFIG_RHN # commands via sudo even without a real tty Defaults:tomcat !requiretty # These two commands allow tomcat and apache to check permissions of # the minion bootstrap ssh-known_hosts file tomcat ALL=(root) NOPASSWD: /usr/bin/ls -la /var/lib/salt/.ssh/known_hosts 0707010000000E000081B40000000000000000000000016634DB6700003C5A000000000000000000000000000000000000002A00000000spacewalk-config/spacewalk-config.changes------------------------------------------------------------------- Fri May 03 14:41:02 CEST 2024 - marina.latini@suse.com - version 5.0.3-0 * Enable SSSD authentication by default in containers ------------------------------------------------------------------- Thu Apr 04 18:53:32 CEST 2024 - marina.latini@suse.com - version 5.0.2-0 * Be explicit about default Apache configs being overwritten on updates and point to making custom configs. (bsc#1219061) * Set cobbler.host to localhost (bsc#1219887) ------------------------------------------------------------------- Tue Jan 16 08:25:02 CET 2024 - jgonzalez@suse.com - version 5.0.1-1 * Bump version to 5.0.0 ------------------------------------------------------------------- Fri Dec 15 17:09:43 CET 2023 - rosuna@suse.com - version 4.4.5-1 * Move all file managed by RPM from /srv to /usr/share/susemanager * Adapt Enterprise Linux for /usr/share/susemanager structure ------------------------------------------------------------------- Wed Nov 01 20:39:27 CET 2023 - marina.latini@suse.com - version 4.4.4-1 * Handle spaces in /ks/dist/ file names (bsc#1213680) ------------------------------------------------------------------- Mon Sep 18 14:29:42 CEST 2023 - rosuna@suse.com - version 4.4.3-1 * allow calling instance-flavor-check via sudo * drop gpg keyrings and certificates to connect to redhat cdn * Add /saltboot directory * Mark /os-images and /tftp as static content ------------------------------------------------------------------- Wed Dec 14 14:14:18 CET 2022 - jgonzalez@suse.com - version 4.4.2-1 * remove jabberd and osa-dispatcher ------------------------------------------------------------------- Wed Sep 28 11:13:24 CEST 2022 - jgonzalez@suse.com - version 4.4.1-1 * Add an option to use a remote PostgreSQL DB ------------------------------------------------------------------- Wed Jul 27 14:16:23 CEST 2022 - jgonzalez@suse.com - version 4.3.9-1 * fix posttrans error "RHN-ORG-TRUSTED-SSL-CERT" not found ------------------------------------------------------------------- Fri May 20 00:08:47 CEST 2022 - jgonzalez@suse.com - version 4.3.8-1 * create LOCAL-RHN-ORG-TRUSTED-SSL-CERT if it does not exist (bsc#1199376) ------------------------------------------------------------------- Thu Apr 28 10:14:10 CEST 2022 - jgonzalez@suse.com - version 4.3.7-1 * Disable HSTS headers by default ------------------------------------------------------------------- Tue Apr 19 12:00:34 CEST 2022 - jgonzalez@suse.com - version 4.3.6-1 * Made tftp root available through apache configuration * Enable HSTS for Apache to force traffic to be in HTTPS * Upgrade build tooling, and corresponding cache configuration ------------------------------------------------------------------- Mon Feb 21 12:07:41 CET 2022 - jgonzalez@suse.com - version 4.3.5-1 * preserve TLS Certificates during migration ------------------------------------------------------------------- Tue Feb 15 10:02:51 CET 2022 - jgonzalez@suse.com - version 4.3.4-1 * adapt rhn.conf template for reporting database * remove TLS Certificates from package ------------------------------------------------------------------- Tue Jan 18 13:52:35 CET 2022 - jgonzalez@suse.com - version 4.3.3-1 * apache config: Adjust rewrite rules for flat repositories format for Debian based systems * add migration for changed rhn.conf values ------------------------------------------------------------------- Fri Nov 05 13:37:55 CET 2021 - jgonzalez@suse.com - version 4.3.2-1 * Remove unused legacy code ------------------------------------------------------------------- Mon Aug 09 10:30:22 CEST 2021 - jgonzalez@suse.com - version 4.3.1-1 - Bump version to 4.3.0 ------------------------------------------------------------------- Fri Feb 12 14:28:11 CET 2021 - jgonzalez@suse.com - version 4.2.4-1 - Increase apache ssl logs to include response code and process time ------------------------------------------------------------------- Wed Jan 27 13:03:39 CET 2021 - jgonzalez@suse.com - version 4.2.3-1 - Fixed apache group for RHEL. - Updated Source URL in SPEC. - Drop the ssl_available option (SSL is always present) ------------------------------------------------------------------- Thu Dec 03 13:45:30 CET 2020 - jgonzalez@suse.com - version 4.2.2-1 - Updated to build on RHEL. ------------------------------------------------------------------- Fri Sep 18 11:32:01 CEST 2020 - jgonzalez@suse.com - version 4.2.1-1 - Update package version to 4.2.0 ------------------------------------------------------------------- Tue Jun 23 17:21:02 CEST 2020 - jgonzalez@suse.com - version 4.1.4-1 - Don't use SSL to proxy mgr-websockify with apache (bsc#1149644) ------------------------------------------------------------------- Wed Mar 11 10:53:59 CET 2020 - jgonzalez@suse.com - version 4.1.3-1 - Redirect renewals to SCC ------------------------------------------------------------------- Mon Feb 17 12:49:51 CET 2020 - jgonzalez@suse.com - version 4.1.2-1 - Remove auditlog-keeper ------------------------------------------------------------------- Wed Nov 27 17:01:11 CET 2019 - jgonzalez@suse.com - version 4.1.1-1 - Load modules to enable Apache static file compression - Proxy websockify through Apache (bsc#1155455) - Bump version to 4.1.0 (bsc#1154940) - Change the default value of taskomatic maxmemory to 4GB - Resolve modules.yaml file for modular repositories - remove superfluous 'apache' entries from sudoers configuration (bsc#1151632) - Migrate login to Spark - Require uyuni-base-common for /etc/rhn - Apache configuration: cache vendors folder ------------------------------------------------------------------- Wed Jul 31 17:33:40 CEST 2019 - jgonzalez@suse.com - version 4.0.10-1 - mark zz-spacewalk-www.conf and os-images.conf as plain %config instead of %config(noreplace): Those files were never meant to be edited by the user. The package will preserve your edits as .rpmsave files. If you need edits, you will have to merge them after every upgrade from the rpmsave files from now on. - Fix URL rewrites for proxy cobbler api endpoint (bsc#1133800) ------------------------------------------------------------------- Wed May 15 15:10:31 CEST 2019 - jgonzalez@suse.com - version 4.0.9-1 - SPEC cleanup ------------------------------------------------------------------- Thu Apr 25 09:45:33 CEST 2019 - jgonzalez@suse.com - version 4.0.8-1 - Fix config declaration for rhn.conf (bsc#1132197) ------------------------------------------------------------------- Mon Apr 22 12:11:22 CEST 2019 - jgonzalez@suse.com - version 4.0.7-1 - Enable SLES11 OS Image Build Host ------------------------------------------------------------------- Wed Apr 03 17:10:37 CEST 2019 - jgonzalez@suse.com - version 4.0.6-1 - remove apache access_compat module from config if it exists ------------------------------------------------------------------- Mon Mar 25 16:42:45 CET 2019 - jgonzalez@suse.com - version 4.0.5-1 - remove apache access_compat module and adapt config files ------------------------------------------------------------------- Sat Mar 02 00:10:15 CET 2019 - jgonzalez@suse.com - version 4.0.4-1 - Add rewrite rules for .deb repository metadata paths ------------------------------------------------------------------- Mon Dec 17 14:36:59 CET 2018 - jgonzalez@suse.com - version 4.0.3-1 - Add permissions for tomcat & apache to check bootstrap ssh file (bsc#1114181) ------------------------------------------------------------------- Fri Oct 26 10:11:12 CEST 2018 - jgonzalez@suse.com - version 4.0.2-1 - Increase the Apache proxy timeout to 10 minutes - fix /etc/sudoers.d/spacewalk file (related to bsc#1099517) NOTE: In case there have been custom modifications to this file, it will be saved in /root/sudoers-spacewalk.save as sudo will fail on duplicate definitions ------------------------------------------------------------------- Fri Aug 10 15:20:22 CEST 2018 - jgonzalez@suse.com - version 4.0.1-1 - Bump version to 4.0.0 (bsc#1104034) - Feat: add OS Image building with Kiwi FATE#322959 FATE#323057 FATE#323056 - Fix copyright for the package specfile (bsc#1103696) - remove not needed build dependency to cobbler (bsc#1102137) ------------------------------------------------------------------- Mon Mar 05 08:48:15 CET 2018 - jgonzalez@suse.com - version 2.8.5.2-1 - remove empty clean section from spec (bsc#1083294) ------------------------------------------------------------------- Wed Feb 28 09:35:10 CET 2018 - jgonzalez@suse.com - version 2.8.5.1-1 - Sync with upstream ------------------------------------------------------------------- Wed Jan 17 12:02:13 CET 2018 - jgonzalez@suse.com - version 2.8.4.1-1 - Resolve comps.xml file for repositories (bsc#1048528) ------------------------------------------------------------------- Wed Aug 30 16:04:03 CEST 2017 - mc@suse.de - version 2.7.1.5-1 - Resolve comps.xml file for repositories (bsc#1048528) ------------------------------------------------------------------- Tue May 23 07:59:03 CEST 2017 - mc@suse.de - version 2.7.1.4-1 - Rename incomplete_package_import to package_import_skip_changelog - java.message_queue_thread_pool_size, salt_presence_ping_timeout, salt_presence_ping_gather_job_timeout: document in man page - incomplete_package_import: document in man page ------------------------------------------------------------------- Fri Mar 31 09:38:28 CEST 2017 - mc@suse.de - version 2.7.1.3-1 - migrate SSL certificates on update (bsc#1031276) ------------------------------------------------------------------- Tue Mar 07 14:48:32 CET 2017 - mc@suse.de - version 2.7.1.2-1 - Updated links to github in spec files - add wss: to apache Content-Security-Policy - apache config - make remote commands UI async ------------------------------------------------------------------- Tue Feb 07 17:44:30 CET 2017 - michele.bologna@suse.com - version 2.7.1.1-1 - Align with upstream versioning ------------------------------------------------------------------- Wed Jan 11 16:00:35 CET 2017 - michele.bologna@suse.com - version 2.7.0.1-1 - Version 2.7.0 ------------------------------------------------------------------- Mon Nov 07 11:07:44 CET 2016 - michele.bologna@suse.com - version 2.5.2.5-1 - Mention maxmemory option in rhn.conf (bsc#957653) ------------------------------------------------------------------- Thu Oct 06 15:09:40 CEST 2016 - mc@suse.de - version 2.5.2.4-1 - make the Apache proxy timeout greater (5 min) than the Salt timeout (bsc#993304,bsc#994623) ------------------------------------------------------------------- Wed Feb 10 08:41:42 CET 2016 - mc@suse.de - version 2.5.2.3-1 - provide empty no_proxy variable for reference in rhn.conf ------------------------------------------------------------------- Tue Jan 26 14:14:15 CET 2016 - mc@suse.de - version 2.5.2.2-1 - fix permissions in mod_xsendfile configuration - configure and require mod_xsendfile ------------------------------------------------------------------- Thu Jan 14 13:35:25 CET 2016 - mc@suse.de - version 2.5.2.1-1 - removing unused enable_solaris_support configuration parameter - removing unused force_unentitlement configuration parameter ------------------------------------------------------------------- Mon Nov 30 11:17:49 CET 2015 - mc@suse.de - version 2.5.1.1-1 - apache config: Set new download endpoint as static - hide error message for not existing directories (bsc#952845) - Enable DEFLATE compression in Apache ------------------------------------------------------------------- Wed Oct 07 13:54:50 CEST 2015 - mc@suse.de - version 2.5.0.1-1 - replace upstream subscription counting with new subscription matching (FATE#311619) ------------------------------------------------------------------- Mon Jun 22 16:23:17 CEST 2015 - jrenner@suse.de - version 2.1.5.6-1 - Remove obsolete WebKit-CSP tag: it breaks older browsers and it is ignored on newer ones. ------------------------------------------------------------------- Tue Mar 31 14:52:40 CEST 2015 - mc@suse.de - version 2.1.5.5-1 - Disable Cache-Control headers for non dynamic content. (bnc#916220) ------------------------------------------------------------------- Tue Feb 03 13:21:34 CET 2015 - mc@suse.de - version 2.1.5.4-1 - Getting rid of Tabs and trailing spaces ------------------------------------------------------------------- Fri Sep 12 16:05:41 CEST 2014 - mc@suse.de - version 2.1.5.3-1 - Recommended apache settings from the security team ------------------------------------------------------------------- Thu Feb 27 15:24:45 CET 2014 - fcastelli@suse.com - version 2.1.5.2-1 - fix enabling RewriteLock for apache 2.2 - change apache RedirectMatch into a RewriteRule to prevent warnings ------------------------------------------------------------------- Mon Jan 13 09:50:57 CET 2014 - mc@suse.de - version 2.1.5.1-1 - rewrite Login2.do to Login.do page required for IPA integration ------------------------------------------------------------------- Wed Dec 18 13:53:45 CET 2013 - mc@suse.de - version 2.1.3.1-1 - updated links to system group delete page - Remove groups/errata_list.pxt - system group edit properties - linking + cleanup - system group details - linking + cleanup ------------------------------------------------------------------- Tue Dec 10 15:33:57 CET 2013 - mc@suse.de - version 2.1.2.1-1 - switch to 2.1 ------------------------------------------------------------------- Fri Sep 28 16:12:34 CEST 2012 - mc@suse.de - version 1.7.2.3-1 - Set owner/group of config-defaults dir consistently (bnc#776377) - add a comment about the server.satellite.http_proxy format. ------------------------------------------------------------------- Fri Apr 27 16:34:21 CEST 2012 - mc@suse.de - version 1.7.2.2-1 - Reverting removal of traceback_mail. ------------------------------------------------------------------- Wed Mar 21 17:49:57 CET 2012 - mc@suse.de - version 1.7.2.1-1 - Bumping package version ------------------------------------------------------------------- Wed Mar 7 14:43:57 CET 2012 - ug@suse.de - fixed permissions of /var/lib/rhn/rhn-satellite-prep/etc ------------------------------------------------------------------- Wed Feb 1 14:21:23 CET 2012 - ug@suse.de - fixed file permissions of some config files (bnc#742939) ------------------------------------------------------------------- Mon Aug 29 11:50:18 CEST 2011 - iartarisi@suse.cz - Add /etc/rhn/default/rhn_audit.conf for AuditLogging (fate#312607) ------------------------------------------------------------------- Thu Apr 14 15:18:08 CEST 2011 - jrenner@suse.de - No proxying needed, just rewrite (bnc#685078) (CVE-2009-0788, CVE-2010-1171) ------------------------------------------------------------------- Fri Feb 11 07:20:00 UTC 2011 - dmacvicar@suse.de - debrand renew/ redirection rule (bnc#667911) ------------------------------------------------------------------- Fri Jan 28 13:53:04 CET 2011 - mc@suse.de - fix monitoring config to get scout config push working (bnc#665898) ------------------------------------------------------------------- Wed Sep 15 09:21:32 CEST 2010 - mantel@suse.de - Initial release of spacewalk-config ------------------------------------------------------------------- 0707010000000F000081B40000000000000000000000016634DB6700001732000000000000000000000000000000000000002700000000spacewalk-config/spacewalk-config.spec# # spec file for package spacewalk-config # # Copyright (c) 2024 SUSE LLC # Copyright (c) 2008-2018 Red Hat, Inc. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %if 0%{?suse_version} %define apacheconfdir %{_sysconfdir}/apache2 %define apachepkg apache2 %define apache_group www %else %define apacheconfdir %{_sysconfdir}/httpd %define apachepkg httpd %define apache_group apache %endif Name: spacewalk-config Summary: Spacewalk Configuration License: GPL-2.0-only Group: Applications/System Version: 5.0.3 Release: 0 URL: https://github.com/uyuni-project/uyuni Source0: https://github.com/uyuni-project/uyuni/archive/%{name}-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %if 0%{?rhel} || 0%{?fedora} Requires(post): chkconfig Requires(preun):chkconfig # This is for /sbin/service Requires(preun):initscripts %endif # We need package httpd to be able to assign group apache in files section Requires(pre): %{apachepkg} Requires: openssl BuildRequires: uyuni-base-common Requires(pre): uyuni-base-common %global prepdir %{_var}/lib/rhn/rhn-satellite-prep %if 0%{?suse_version} BuildRequires: sudo %endif Requires: diffutils Requires: (apache2-mod_xsendfile or mod_xsendfile) %description Common Spacewalk configuration files and templates. %prep %setup -q echo "%{name} %{version}" > version %build %install rm -Rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT mv etc $RPM_BUILD_ROOT/ mv var $RPM_BUILD_ROOT/ mv usr $RPM_BUILD_ROOT/ #TODO invert this logic: the default should be for suse, the if should contains directive for other distros %if 0%{?suse_version} export NO_BRP_STALE_LINK_ERROR=yes mv $RPM_BUILD_ROOT/etc/httpd $RPM_BUILD_ROOT%{apacheconfdir} %else sed -i 's|srv/www/htdocs|var/www/html|g' $RPM_BUILD_ROOT%{apacheconfdir}/conf.d/z-public.conf sed -i 's|/usr/share/apache2/|/usr/share/httpd/|g' $RPM_BUILD_ROOT%{apacheconfdir}/conf.d/zz-spacewalk-www.conf %endif touch $RPM_BUILD_ROOT/%{_sysconfdir}/rhn/rhn.conf mkdir -p $RPM_BUILD_ROOT/etc/pki/tls/certs/ mkdir -p $RPM_BUILD_ROOT/etc/pki/tls/private/ %files %defattr(-,root,root,-) %attr(400,root,root) %config(noreplace) %{_sysconfdir}/rhn/spacewalk-repo-sync/uln.conf %config %{apacheconfdir}/conf.d/zz-spacewalk-www.conf %config %{apacheconfdir}/conf.d/os-images.conf %config %{apacheconfdir}/conf.d/z-public.conf %attr(440,root,root) %config %{_sysconfdir}/sudoers.d/spacewalk %dir %{_var}/lib/cobbler/ %dir %{_var}/lib/cobbler/kickstarts/ %dir %{_var}/lib/cobbler/snippets/ %config(noreplace) %{_var}/lib/cobbler/kickstarts/spacewalk-sample.ks %config(noreplace) %{_var}/lib/cobbler/snippets/spacewalk_file_preservation %attr(0640,root,%{apache_group}) %config(noreplace) %{_sysconfdir}/rhn/rhn.conf %config(noreplace) %{_sysconfdir}/satname %dir %{_var}/lib/rhn %dir %{_var}/lib/rhn/rhn-satellite-prep %attr(0750,root,root) %dir %{_var}/lib/rhn/rhn-satellite-prep/etc %attr(0750,root,%{apache_group}) %dir %{_var}/lib/rhn/rhn-satellite-prep/etc/rhn %attr(0640,root,%{apache_group}) %{_var}/lib/rhn/rhn-satellite-prep/etc/rhn/rhn.conf %license LICENSE %doc %{_mandir}/man5/rhn.conf.5* %if 0%{?suse_version} %dir %{_sysconfdir}/pki %dir %{_sysconfdir}/pki/tls %dir %{_sysconfdir}/pki/tls/certs %dir %{_sysconfdir}/pki/tls/private %dir %{_sysconfdir}/rhn/spacewalk-repo-sync %endif %pre # Set the group to allow Apache to access the conf files ... chgrp %{apache_group} /etc/rhn /etc/rhn/rhn.conf 2> /dev/null || : # ... once we restrict access to some files that were too open in # the past. chmod o-rwx /etc/rhn/rhn.conf* /etc/sysconfig/rhn/backup-* /var/lib/rhn/rhn-satellite-prep/* 2> /dev/null || : %post %if 0%{?suse_version} sysconf_addword /etc/sysconfig/apache2 APACHE_MODULES version sysconf_addword /etc/sysconfig/apache2 APACHE_MODULES proxy sysconf_addword /etc/sysconfig/apache2 APACHE_MODULES proxy_ajp sysconf_addword /etc/sysconfig/apache2 APACHE_MODULES proxy_wstunnel sysconf_addword /etc/sysconfig/apache2 APACHE_MODULES rewrite sysconf_addword /etc/sysconfig/apache2 APACHE_MODULES headers sysconf_addword /etc/sysconfig/apache2 APACHE_MODULES xsendfile sysconf_addword /etc/sysconfig/apache2 APACHE_MODULES filter sysconf_addword /etc/sysconfig/apache2 APACHE_MODULES deflate sysconf_addword /etc/sysconfig/apache2 APACHE_SERVER_FLAGS SSL sysconf_addword /etc/sysconfig/apache2 APACHE_SERVER_FLAGS ISSUSE %endif ### TO-REMOVE AFTER: 2023-12-01 if egrep -m1 "^taskomatic.com.redhat.rhn.taskomatic.task.SSHMinionActionExecutor.parallel_threads[[:space:]]*=" /etc/rhn/rhn.conf >/dev/null; then sed -i "s/taskomatic.com.redhat.rhn.taskomatic.task.SSHMinionActionExecutor.parallel_threads[[:space:]]*=\(.\+\)/taskomatic.sshminion_action_executor.parallel_threads =\1/" /etc/rhn/rhn.conf fi if egrep -m1 "^taskomatic.com.redhat.rhn.taskomatic.task.MinionActionExecutor.parallel_threads[[:space:]]*=" /etc/rhn/rhn.conf >/dev/null; then sed -i "s/taskomatic.com.redhat.rhn.taskomatic.task.MinionActionExecutor.parallel_threads[[:space:]]*=\(.\+\)/taskomatic.minion_action_executor.parallel_threads =\1/" /etc/rhn/rhn.conf fi if egrep -m1 "^taskomatic.com.redhat.rhn.taskomatic.task" /etc/rhn/rhn.conf >/dev/null; then echo "WARNING: Found deprecated configuration items in /etc/rhn/rhn.conf" fi ### END %changelog 07070100000010000041FD0000000000000000000000036634DB6700000000000000000000000000000000000000000000001500000000spacewalk-config/usr07070100000011000041FD0000000000000000000000036634DB6700000000000000000000000000000000000000000000001B00000000spacewalk-config/usr/share07070100000012000041FD0000000000000000000000036634DB6700000000000000000000000000000000000000000000001F00000000spacewalk-config/usr/share/man07070100000013000041FD0000000000000000000000026634DB6700000000000000000000000000000000000000000000002400000000spacewalk-config/usr/share/man/man507070100000014000081B40000000000000000000000016634DB670000216A000000000000000000000000000000000000002F00000000spacewalk-config/usr/share/man/man5/rhn.conf.5.\" Process this file with .\" groff -man -Tascii foo.1 .\" .TH rhn.conf 5 "1 March 2011" Linux "File Formats and Conventions" .SH NAME rhn.conf \- Configuration file for Spacewalk/Red Hat Satellite Server .SH SYNOPSIS .B /etc/rhn/rhn.conf .SH DESCRIPTION .B rhn.conf is a configuration file used for several services in Spacewalk/Red Hat Satellite server. .SH FORMAT .P Format of /etc/rhn/rhn.conf is very simple. Each line is either a comment or a directive. Comment lines start with a # and are ignored. A directive line has the format below: .TP parameter = value .SH OPTIONS .P Spacewalk/Red Hat Satellite includes dozens other options in \fB/usr/share/rhn/config-defaults/*.conf\fR which administrator can override in /etc/rhn/rhn.conf, but \fB*** JUST CHANGE THOSE PARAMETERS IF YOU REALLY KNOW WHAT ARE YOU DOING! *** \fR .P The most important tunables parameters in \fB/etc/rhn/rhn.conf\fR are listed below: .TP .B "traceback_mail" Define which mail address will be used to notify about reports, warnings and Web traceback errors. Use commas to separate mail addresses. .IP .B Default: none .TP .B "mount_point" Define the directory used to store the RPM package files offered by software channels. As a recommendation, we suggest at least 30 GB storage per software channel (including Base and child channels). .IP .B Default: /var/satellite .TP .B "kickstart_mount_point" Define the directory used to store the kickstart trees. .IP .B Default: /var/satellite .TP .B "repomd_cache_mount_point" Define the directory used to store the packages, errata, channels, kickstart trees and also store the repositories metadata cache information. It is generated when using Spacewalk/Red Hat Satellite on demand when the client asks for thoses files. These cache files are stored in .B /var/cache/rhn and the storage needs of this directory will vary greatly. We suggest at least 10GB of space in .B /var/cache/rhn on Spacewalk/Red Hat Satellite server. Very large environments will need to increase the amount of space in .B /var/cache/rhn that directory. .IP .B Default: /var/cache .TP .B "server.satellite.rhn_parent" This parameter determines the parent RHN Classic/Red Hat Satellite whose packages will be downloaded or synced. This parameter usually points to RHN Hosted, .B rhn.redhat.com .IP .B Default: none .TP .B "server.satellite.http_proxy" This parameter determines the HTTP proxy used to download or sync packages from. Enter the IP address or HTTP Proxy FQDN address. .IP .B Default: none .TP .B "server.satellite.http_proxy_username" This parameter determines the HTTP proxy username. .IP .B Default: none .TP .B "server.satellite.http_proxy_password" This parameter determines the HTTP proxy password. .IP .B Default: none .TP .B "debug" .P .RS This parameter determines debug level used by Spacewalk/Red Hat Satellite processes. Please, keep in mind that raising up this value will generate a very verbose logs, which is only useful for debugging purposes. .B Use it carefully! Valid values: .B [0-6] .RE .B .P .RS 0 low verbosity .RE .RS 6 high verbosity .RE .IP .B Default: 1 .TP .B "disconnected (boolean)" This parameter controls whether server is running in connected or disconnected mode. When running in disconnected mode, the RHN Entitlement Certificate is activated locally but not on remote RHN Servers. .IP .B Default: 0 .TP .B "enable_snapshots" (boolean) This parameter controls whether server is allowed to perform system snapshots. .IP .B Default: 1 .TP .B "pam_auth_service" Spacewalk/Red Hat Satellite supports network-based authentication systems via Pluggable Authentication Modules (PAM). Spacewalk/Red Hat Satellite supports LDAP, Kerberos, Directory Server and other network-based authentication systems. To enable Spacewalk/Red Hat Satellite to use PAM and your organization's authentication infrastructure, follow the steps below: .RS .IP \(bu 3 make sure that pam\-devel package is installed .IP \(bu 3 set the parameter \fBpam_auth_service = rhn\-satellite\fR .IP \(bu 3 create a file in \fB/etc/pam.d/rhn\-satellite\fR which contains: .B For LDAP authentication on 32\-bit systems: .nf #%PAM-1.0 auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_ldap.so no_user_check auth required /lib/security/pam_deny.so account required /lib/security/pam_ldap.so no_user_check .fi .B For LDAP authentication on 64\-bit systems: .nf #%PAM-1.0 auth required /lib64/security/pam_env.so auth sufficient /lib64/security/pam_ldap.so no_user_check auth required /lib64/security/pam_deny.so account required /lib64/security/pam_ldap.so no_user_check .fi .IP \(bu 3 restart Spacewalk/Red Hat Satellite service .RE .IP .B Default: none .TP .B "enable_nvrea" (boolean) This parameter controls whether server will allow package uploads for same NVREA (Name, Version, Release, Epoch, Arch) but different vendors. .RS .IP \(bu 3 Spacewalk Server .RS .IP \(bu 3 \fBDefault:\fR 1 .RE .IP \(bu 3 Red Hat Satellite Server .RS .IP \(bu 3 \fBDefault:\fR 0 .RE .RE .TP .B "web.maximum_config_file_size" (bytes) This parameter controls which is the maximum allowed size for configuration files. .IP .B Default: 32768 .TP .B "java.taskomatic_channel_repodata_workers" (integer) This parameter controls how many repodata workers should generate repodata information concurrently. If the number of repodata workers running on the system are bigger than defined on .B java.taskomatic_channel_repodata_workers, then the job will be queued. .IP .B Default: 2 .TP .B "taskomatic.java.maxmemory" (integer) The maximum amount of memory (MB) that Taskomatic can use. If you find that Taskomatic is running out of memory, consider increasing this. .IP .B Default: 4096 .TP .B "taskomatic.java.initmemory" (integer) The initial amount of memory (MB) that Taskomatic is allocated on start-up. .IP .B Default: 256 .TP .B "java.message_queue_thread_pool_size" (integer) Size of the thread pool used for the message queue. .IP .B Default: 5 .TP .B "salt_presence_ping_timeout" (integer) SUSE Manager presence timeout for Salt minions (main timeout, in seconds). .IP .B Default: 4 .TP .B "salt_presence_ping_gather_job_timeout" (integer) SUSE Manager presence timeout for Salt minions (gather job timeout, in seconds). .IP .B Default: 1 .TP .B "package_import_skip_changelog" (boolean) When importing packages, skip non-essential data that can make the import faster (changelogs). Not recommended in production. .IP .B Default: 0 .TP .B "java.smtp_server" This parameter defines the server Satellite will use as its SMTP server. .IP .B Default: localhost .SS Database Options .TP .B "db_backend" Determine the database backend. Valid backends are: .B postgresql or .B oracle .IP .TP .B "db_user" Determine the user for database connections. .IP .TP .B "db_password" Determine the password for database connections. .IP .TP .B "db_name" Determine the database name. .IP .TP .B "db_host" Determine the database host. .IP .TP .B "db_port" Determine the database port. .IP .SH Inter-Red Hat Satellite Sync (ISS) The ability of synchronize two Spacewalk/Red Hat Satellites servers is called Inter-Red Hat Satellite Sync (ISS) which allows to synchronize channels from the master Red Hat Satellite to slave servers, simplifying the process of coordinating contents from one Spacewalk/Red Hat Satellite source to another or several others. Note: Several options that used to be available in rhn.conf are now only set by the Satellite Admin in the Admin -> ISS Configuration pages in the web interface. .SS Master Spacewalk/Red Hat Satellite Servers .TP .B "disable_iss" If set to 1, then no slave will be able to sync from this server this option does not affect the ability to sync to this server from another spacewalk (or hosted). .IP .B Default: 0 .SH FILES .I /etc/rhn/rhn.conf .RS Configuration file for Spacewalk/Red Hat Satellite server. See .BR rhn.conf (5) for further details. .SH ADDITIONAL DOCS For additional documentation, please visit: .P .RE .B Red Hat Satellite Documentation .RS http://docs.redhat.com/docs/en-US/Red_Hat_Network_Satellite/index.html .P .RE .B Spacewalk Documentation .RS http://www.spacewalkproject.org/documentation.html .P .SH BUGS Please, if you find a bug or want a new feature fill a bug at .BI http://bugzilla.redhat.com .SH AUTHORS Marcelo Moreira de Mello <mmello@redhat.com> .SH "SEE ALSO" .BR rhn.conf (5), .BR rhn-activate-satellite (8), .BR db-control (1), .BR pam (8) 07070100000015000041FD0000000000000000000000036634DB6700000000000000000000000000000000000000000000001500000000spacewalk-config/var07070100000016000041FD0000000000000000000000046634DB6700000000000000000000000000000000000000000000001900000000spacewalk-config/var/lib07070100000017000041FD0000000000000000000000046634DB6700000000000000000000000000000000000000000000002100000000spacewalk-config/var/lib/cobbler07070100000018000041FD0000000000000000000000026634DB6700000000000000000000000000000000000000000000002C00000000spacewalk-config/var/lib/cobbler/kickstarts07070100000019000081B40000000000000000000000016634DB6700000902000000000000000000000000000000000000004000000000spacewalk-config/var/lib/cobbler/kickstarts/spacewalk-sample.ks# Kickstart config file generated by Spacewalk Config Management # # Profile Label : spacewalk-sample # Date Created : 2008-12-06 09:08:33.0 # install text network --bootproto dhcp url --url http://@@http_server@@/$media_path lang en_US langsupport --default en_US en_US keyboard us mouse none zerombr yes clearpart --all part /boot --fstype=ext3 --size=200 part pv.01 --size=1000 --grow part swap --size=1000 --maxsize=2000 volgroup myvg pv.01 logvol / --vgname=myvg --name=rootvol --size=1000 --grow bootloader --location mbr timezone America/New_York auth --enablemd5 --enableshadow rootpw --iscrypted <encrypted password> selinux --permissive reboot firewall --disabled skipx repo --name=Cluster --baseurl=http://@@http_server@@/mnt/Cluster repo --name=ClusterStorage --baseurl=http://@@http_server@@/mnt/ClusterStorage repo --name=VT --baseurl=http://@@http_server@@/mnt/VT repo --name=Workstation --baseurl=http://@@http_server@@/mnt/Workstation key --skip %packages --resolvedeps @ Base %post --nochroot mkdir /mnt/sysimage/tmp/ks-tree-copy if [ -d /oldtmp/ks-tree-shadow ]; then cp -fa /oldtmp/ks-tree-shadow/* /mnt/sysimage/tmp/ks-tree-copy elif [ -d /tmp/ks-tree-shadow ]; then cp -fa /tmp/ks-tree-shadow/* /mnt/sysimage/tmp/ks-tree-copy fi cp /etc/resolv.conf /mnt/sysimage/etc/resolv.conf cp -f /tmp/ks-pre.log /mnt/sysimage/root/ %post ( # Log %post errors # --Begin Spacewalk command section-- mkdir -p /tmp/rhn_rpms/optional cd /tmp/rhn_rpms/optional wget -P /tmp/rhn_rpms/optional http://@@http_server@@/download/package/0d4038661a461e7335cb4a602afbf9eaf6962a86/1229750186128/1/1236/libxml2-python-2.6.32-1.fc9.i386.rpm rpm -Uvh --replacepkgs --replacefiles /tmp/rhn_rpms/optional/pyOpenSSL* /tmp/rhn_rpms/optional/rhnlib* /tmp/rhn_rpms/optional/libxml2-python* perl -npe 's|^(\s*serverURL\s*=\s*[^:]+://)[^/]*/|${1}@@http_server@@/|' -i /etc/sysconfig/rhn/up2date # now copy from the ks-tree we saved in the non-chroot checkout cp -fav /tmp/ks-tree-copy/* / rm -Rf /tmp/ks-tree-copy # --End Spacewalk command section-- # begin cobbler snippet $SNIPPET('redhat_register_using_salt') # end cobbler snippet ) >> /root/ks-post.log 2>&1 # MOTD echo >> /etc/motd echo "Spacewalk kickstart on \$(date +'%Y-%m-%d')" >> /etc/motd echo >> /etc/motd # end of generated kickstart file 0707010000001A000041FD0000000000000000000000026634DB6700000000000000000000000000000000000000000000002A00000000spacewalk-config/var/lib/cobbler/snippets0707010000001B000081B40000000000000000000000016634DB670000015D000000000000000000000000000000000000004600000000spacewalk-config/var/lib/cobbler/snippets/spacewalk_file_preservation%post --nochroot mkdir /mnt/sysimage/tmp/ks-tree-copy if [ -d /oldtmp/ks-tree-shadow ]; then cp -fa /oldtmp/ks-tree-shadow/* /mnt/sysimage/tmp/ks-tree-copy elif [ -d /tmp/ks-tree-shadow ]; then cp -fa /tmp/ks-tree-shadow/* /mnt/sysimage/tmp/ks-tree-copy fi cp /etc/resolv.conf /mnt/sysimage/etc/resolv.conf cp -f /tmp/ks-pre.log /mnt/sysimage/root/ 0707010000001C000041FD0000000000000000000000036634DB6700000000000000000000000000000000000000000000001D00000000spacewalk-config/var/lib/rhn0707010000001D000041FD0000000000000000000000036634DB6700000000000000000000000000000000000000000000003000000000spacewalk-config/var/lib/rhn/rhn-satellite-prep0707010000001E000041FD0000000000000000000000036634DB6700000000000000000000000000000000000000000000003400000000spacewalk-config/var/lib/rhn/rhn-satellite-prep/etc0707010000001F000041FD0000000000000000000000026634DB6700000000000000000000000000000000000000000000003800000000spacewalk-config/var/lib/rhn/rhn-satellite-prep/etc/rhn07070100000020000081B40000000000000000000000016634DB67000009C8000000000000000000000000000000000000004100000000spacewalk-config/var/lib/rhn/rhn-satellite-prep/etc/rhn/rhn.conftraceback_mail = @@traceback_mail@@ mount_point = @@mount_point@@ kickstart_mount_point = @@kickstart_mount_point@@ repomd_cache_mount_point = /var/cache # Use proxy FQDN, or FQDN:port server.satellite.http_proxy = @@serverDOTsatelliteDOThttp_proxy@@ server.satellite.http_proxy_username = @@serverDOTsatelliteDOThttp_proxy_username@@ server.satellite.http_proxy_password = @@serverDOTsatelliteDOThttp_proxy_password@@ # no_proxy is a comma seperated list # Either an exact match, or the previous character # is a '.', so host is within the same domain. # A leading '.' in the pattern is ignored. server.satellite.no_proxy = # Completely disable ISS. # If set to 1, then no slave will be able to sync from this server # this option does not affect ability to sync to this server from # another spacewalk (or hosted). disable_iss=0 db_backend = @@db_backend@@ db_user = @@db_user@@ db_password = @@db_password@@ db_name = @@db_name@@ db_host = @@db_host@@ db_port = @@db_port@@ db_ssl_enabled = @@db_ssl_enabled@@ report_db_backend = @@report_db_backend@@ report_db_user = @@report_db_user@@ report_db_password = @@report_db_password@@ report_db_name = @@report_db_name@@ report_db_host = @@report_db_host@@ report_db_port = @@report_db_port@@ report_db_ssl_enabled = @@report_db_ssl_enabled@@ report_db_sslrootcert = @@report_db_sslrootcert@@ externaldb = @@externaldb@@ externaldb_admin_user = @@externaldb_admin_user@@ externaldb_admin_password = @@externaldb_admin_password@@ server.nls_lang = @@serverDOTnls_lang@@ hibernate.dialect=@@hibernate_dialect@@ hibernate.connection.driver_class=@@hibernate_driver@@ hibernate.connection.driver_proto=@@hibernate_driver_proto@@ web.satellite = 1 web.satellite_install = @@satellite_install@@ web.session_swap_secret_1 = @@session_swap_secret_1@@ web.session_swap_secret_2 = @@session_swap_secret_2@@ web.session_swap_secret_3 = @@session_swap_secret_3@@ web.session_swap_secret_4 = @@session_swap_secret_4@@ session_secret_1 = @@session_secret_1@@ session_secret_2 = @@session_secret_2@@ session_secret_3 = @@session_secret_3@@ session_secret_4 = @@session_secret_4@@ server.secret_key = @@server_secret_key@@ encrypted_passwords = @@encrypted_passwords@@ web.restrict_mail_domains = # system snapshots enabled enable_snapshots = 1 #cobbler host name cobbler.host = @@cobblerDOThost@@ # Web UI hostname java.hostname = @@javaDOThostname@@ pam_auth_service = susemanager # Maximum Java Heap Size (in MB) # taskomatic.java.maxmemory=4096 07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000B00000000TRAILER!!!
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor