[Spacewalk-list] I can now update CentOS

Kevin Sandy kevin at digitallotus.com
Thu Nov 13 00:03:58 UTC 2014 

It's not enough to copy the file.  You also need to update any references to RHNS-CA-CERT in /etc/sysconfig/up2date to instead use RHN-ORG-TRUSTED-SSL-CERT.  When you kickstart a server this is all done automatically.

-- kevin

> On Nov 12, 2014, at 2:19 PM, Daryl Rose <rosede12 at gmail.com> wrote:
> 
> Okay. Then we're back to square one.  
> 
> As I said, I did in fact copy RHN-ORG-TRUSTED-SSL-CERT from my spacewalk server to the client.  Since the certificate is in fact /usr/share/rhn, https should work.  But it doesn't.  So, there is still either a bug, or something else is missing.
> 
> With that said, where would I get the rpm?  Is the rpm on the spacewalk server as well?   
> 
> Thank you.
> 
> Daryl
> 
> 
>> On Wed, Nov 12, 2014 at 1:00 PM, Amedeo Salvati <amedeo at oscert.net> wrote:
>> Daryl, sorry but I haven't see your previus email, but the answer you get -> scp RHN-ORG-TRUSTED-SSL-CERT from spacewalk it's another solution! 
>> 
>> to better understand the file RHN-ORG-TRUSTED-SSL-CERT generated during installation it's the CA key that you have to put on path: 
>> 
>> /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
>> 
>> on the other hand, instead of scp above file, you can install rpm rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm that inside of it there are the same file RHN-ORG-TRUSTED-SSL-CERT, so you can choose, usually on bootstrap script to use rpm or to use text file -> I prefer to use rpm on rpm systems (rhel, centos, suse...), but repeat if you have copied that file using scp is the same result!
>> 
>> best regards
>> Amedeo Salvati
>> 
>> Il 12/11/2014 18:14, Daryl Rose ha scritto:
>>> Amedeo,
>>> 
>>> This is not any any documentation that I can find. As a matter of fact, when I first started working on this, I ran           into an error about RHN-ORG-TRUSTED-SSL-CERT.  I posted a question to this list, and a person replied back telling me that I needed to scp RHN-ORG-TRUSTED-SSL-CERT from the SW server to the client.  That resolved that particular error, but no where have I found that I need to install an additional rpm.
>>> 
>>> I will install it and test.
>>> 
>>> Thank you.
>>> 
>>> Daryl
>>> 
>>> 
>>> 
>>>> On Wed, Nov 12, 2014 at 9:58 AM, Amedeo Salvati <amedeo at oscert.net> wrote:
>>>> Daryl this seem that you haven't imported your spacewalk ssl keys, usually under pub directory of your SW server you can find two files:
>>>> 
>>>> RHN-ORG-TRUSTED-SSL-CERT
>>>> rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
>>>> 
>>>> install rpm on your spacewalk clients, and then your clients has this ssl key under:
>>>> 
>>>> /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
>>>> 
>>>> and with this you can use https communications between spacewalk server and clients... -> with this is more safe if you have provision entitlements and want to execute on real time scripts (communication goes through http over ssl)
>>>> 
>>>> Best Regards
>>>> Amedeo Salvati
>>>>  
>>>>  
>>>> Da: spacewalk-list-bounces at redhat.com
>>>> A: Spacewalk-list at redhat.com
>>>> Cc:
>>>> Data: Wed, 12 Nov 2014 09:33:43 -0600
>>>> Oggetto: [Spacewalk-list] I can now update CentOS
>>>> 
>>>> > Previous questions were about the failure of updating CentOS from the Spacewalk server.  I was getting the following error:
>>>> 
>>>> > local action status: ((6,), 'Fatal error in Python code occurred', {})
>>>> 
>>>> > I searched and searched and searched, posted questions and no one was able to answer the question on what the error was, and how to resolve it.  
>>>> 
>>>> > The only reply that I received on this board was that this was a bug that had been fixed in RH Satellite Server, but apparently not in Spacewalk.  
>>>> 
>>>> > Perhaps this is a known bug that was only fixed in RH Satellite and not addressed in SW because I found other postings with the exact same issue.  These postings go back for over a year, so I know this has been an issue for sometime.  Almost all of these posts have the same replies: execute a yum clean all, update yum, etc...  I did all of that as well as did the others in who have the same issue.  Stop/start the satellite server etc....
>>>> 
>>>> > Finally, I found a posting by a guy who jumped through all of the hoops, as had I, but finally found out that removing the "s" from the https://<sp-walk server> in /usr/sysconfig/rhn/up2date resolved the issue.
>>>> 
>>>> > I successfully updated my CentOS 6.5 server.
>>>> 
>>>> > Thank you
>>>> 
>>>> > Daryl
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Spacewalk-list mailing list
>>>> Spacewalk-list at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Spacewalk-list mailing list
>>> Spacewalk-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>> 
>> 
>> _______________________________________________
>> Spacewalk-list mailing list
>> Spacewalk-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/spacewalk-list
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20141112/9d5baa32/attachment.htm>

More information about the Spacewalk-list mailing list