Spacewalk – Bootstrap Script

Spacewalk is a tool for managing linux-servers. Its a very powerful tool which will make your life easyer especally if you have to manage large amounts of servers.

Spacewalk has two ways to add systems to the manager.

The first way is that you install a fresh server and add him to the system. You can add the nescessary steps in the post-install-script.

The second way is to add existing servers to the system. And this is the use case that i have mostly.

So, lets have a look at the nescessary steps we need:

  • Import the SSL-Key of the spacewalk-server
  • Import GPG-keys of non-official repositorys
  • Install the rhn-setup package which provides the binary that makes the regisitration to the spacewalk-server
  • registration to the spacewalk-server
  • Install spacewalk-related packages (for use of remote-commands, executing tasks, controlling package-manager…)
  • disable local repositorys
  • enable remote-commands
  • enable and start osad (task-engine)

I added this to a script and im providing it via the spacewalk-server. Clients can download it from the web interface.

So here is my little script:


#import ssl cert from spacewalk

rpm -Uvh http://spacewalk-url/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm

#import gpg key for spacewalk-client-repo

rpm --import http://spacewalk-url/pub/gpg/RPM-GPG-KEY-spacewalk-2.9-client

#import gpg key for epel repo

rpm --import http://spacewalk-url/pub/gpg/RPM-GPG-KEY-EPEL-7

#install nescessary packages

yum -y install rhn-setup

#register client on spacewalk-server

rhnreg_ks --serverUrl=https://spacewalk-url/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-activationkey

#install spacewalk related packages

yum -y install osad rhncfg-actions rhncfg rhncfg-client yum-rhn-plugin fping screen perl-Frontier-RPC perl-Text-Unidecode

#disable centos original repos

sed -i '/\[base\]/ a enabled=0' /etc/yum.repos.d/CentOS-Base.repo
sed -i '/\[updates\]/ a enabled=0' /etc/yum.repos.d/CentOS-Base.repo
sed -i '/\[extras\]/ a enabled=0' /etc/yum.repos.d/CentOS-Base.repo
sed -i 's/enabled=1/enabled=0/' /etc/yum.repos.d/epel.repo

#activate remote commands and osa-service

rhn-actions-control --enable-all

systemctl enable osad

systemctl start osad

Linux – Getting Band-in-a-Box 2012 work with wine


i just wanted to use Band-in-a-Box 2012 on my Linux Laptop especially with wine because installing it in a virtual machine has a bunch of disadvantages.

For example because you have to load (and unload) a complete OS and in my case get my USB Audio Interface work IN the virtual machine.

So wine is the better option. But my past experiences with wine were not really good 😀

To simplify the complete process, i used Playonlinux. Playonlinux is a “framework” for wine installations.

Its script based, so if you use one of the scripts from the library, it chooses automaticly the best working  wine version, installs additional librarys and so on.

The downside is, that there is no script for BandinaBox 😀

Not cool, but also not dramatic. I used some informations from forums and also winehq.

So how we begin? (please excuse if the instructions are not 100% suitable, but i use it in german language, so the option names may differ a bit)


what do you need?:

  • working Playonlinux Installation
  • timidity++ package
  • A File from a working Windows Computer (doesnt matter which version), named “gm.dls”
  • You can find this file here: c:\windows\system32\drivers\gm.dls (or load it from my dropbox account: gm.dls)


  • Start Playonlinux, and click install new software.
  • Then you choose  Install a program what is not listed.
  • Choose Install a program in a new virtual drive
  • Give it a name
  • Choose install some librarys
  • Choose 32bit windows installation
  • Choose the “POL_Install_wmp9” library
  • Choose the Installation File, for BiaB2012: bandinabox_realband_2012_full.exe
  • Get through the installation.
  • Things you need to consider: Do the complete installation (its imported), as starter choose “bbw.exe”


So, you got it installed but it wont start.

  • You have to copy the gm.dls file to the “windows/system32/drivers” folder of the wine-prefix. Select the starter of your BiaB Installation and select “open a directory”

Okay, BiaB starts now but it wont play sounds 😀

  • The last step is starting timidity++ before you start BiaB.
  • Here is your command:

timidity -iA -Os -B2,8 &

Then you can start BiaB and it should play sounds and so on.

Gratz! 🙂

Dell iDrac – Fixing SSL Problem


i got two Dell R710 servers which have the problem, that if you wanna open the iDrac web interface, google chrome gives you the error:


its not the usual “hey you got a self signed certificate, its not cool, but you can pass” error ;D this error wont let you open the website.

You can fix this by the following steps:

  • Open a ssh connection to the corresponding iDrac (use the same password as for the webinterface)

ssh root@idrac-ip

  • Regenerate the certifcate

/admin1-> racadm sslresetcfg
Certificate regenerated successfully and webserver restarted

  • Reset the iDrac

/admin1-> racadm racreset soft
RAC reset operation initiated successfully. It may take up to a minute
for the RAC to come back online again.


and youre done!

Archlinux – Set Vim Alias

On Archlinux, you got the problem that even if you install vim, you have to type vim to open files with vim.

But normally you want to type vi and open the file with vim – as you know from other distributions.

The solution is setting a symbolic link, but its easyer on arch.

Just install the vi-vim-symlink Package from AUR

Now you got your symlink even without logging out.

Scalar i6000 – Connect to the Webinterface

I got issues connecting to the Webinteface of our Scalar i6000.

Its java based and the problem is that it is designed for java version 1.6.

That means that if your’e using lets say java 1.8, there will be errors that prevents the execution of the applet.

So i found out that there are two main problems:

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(
at java.lang.reflect.Constructor.newInstance(
at java.lang.Class.newInstance(
at sun.applet.AppletPanel.createApplet(
at sun.applet.AppletPanel.runLoader(
Caused by: access denied ("java.util.PropertyPermission" "user.home" "read")
at java.lang.SecurityManager.checkPermission(
at java.lang.SecurityManager.checkPropertyAccess(
at java.lang.System.getProperty(
at com.adic.amc.lm.client.LM3Applet.(
... 9 more access denied ("" "setProperty.networkaddress.cache.ttl")
at java.lang.SecurityManager.checkPermission(
at java.lang.SecurityManager.checkSecurityAccess(
at com.adic.amc.lm.client.LM3Applet.init(

You see java has a problem with AccessControl of
“java.util.PropertyPermission” “user.home” “read”
and “” “setProperty.networkaddress.cache.ttl”

The solution is pretty simple.

Java has a file in which permissions are controlled. In my system (archlinux), its located here:


Maybe in your system the file can be located otherwhere, so just use find oder locate.

I made two entrys in the grant-section in it:

grant {
permission java.util.PropertyPermission "user.home", "read";

The the applet loads and you dont have to install a old java version 🙂

Xfce4 – Save Display Settings


Xfce4 is relatively good in dynamically setting your Display Settings if you use multiple Monitors or plugging in Beamers or so.

But sometimes it confuses the configuration.

Therefor you can save your settings if you copy the xml file where the options are written in and replace the confused config with the saved config.

you can find the configuration file here:


Copy the file to your preferred location.

WordPress – Changing Permalinks


in the net you find tons of posts what changes you have to made if you wanna change your permalinks to postname. But mostly in combination with an apache webserver.

So im using nginx and this is a bit more difficult.

But i found the solution.

Simply add this line to your vhost configuration:

if (!-e $request_filename) {
rewrite ^.*$ /index.php last;

For apache just place an empty .htaccess file in your wordpress-folder, give it 666 permissions and insert this:

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Spacewalk – Automatic Creation of a Kickstartable Tree

Spacewalk is a tool for (mainly) managing and provisioning server or client linux-systems.

I’m using for a few months now and yeah. Its not well documented, especially the provisioning part.

Spacewalk uses kickstart as provisioning tool.

You have to add a kickstartable tree. Then make your kickstart distribution and then finally your kickstart profile where you define the properties for your system.

The problem is the kickstartable tree. The documentation says, simple mount a distribution dvd and then use the path where the distro is mounted.

Uhm… no. wont work for CentOS 🙂

I found a script on the net wich dowloads all the distribution files that you need. its name is mkelfs.

The github entry was updated in Nov 2015 but it still works.

Just download it from here:

Before you can use the command you have to create the folders in which the script deploys the distro data.

mkdir /var/satellite/kickstart_tree

Here is the command you need for CentOS 7 (dont be suprised, the reason why Centos is not in the parameters is that its a default value 😀 )

./ --release 7 --arch x86_64 -b centos7-x86_64

-b is the name of your base channel

CentOS 7 – Firewalld allow all traffic from a Server

I hate the default firewall in CentOS. 😀

Its so unneeded complicated that a simple Access-Rule seems to be as hard as climbing up the mount everest.

So, my problem was i wanted to configure a CentOS-Server for our backup system. Backup client was installed but the CentOS-Firwall was blocking the traffic.

Our backup-system needs several ports (in range) and communication comes from multiple servers.

But i didnt wanted to allow a port range because of security. So open up traffic for our backup-subnet was the way to go.

Here is the command:

firewall-cmd --permanent --zone=public --direct --add-rule ipv4 filter IN_public_allow 0 -s xx.x.xx.x/xx -j ACCEPT

firewall-cmd --reload

Have fun 😀