[Spacewalk-list] I can now update CentOS
Kevin Sandy
kevin at digitallotus.com
Thu Nov 13 00:03:58 UTC 2014
It's not enough to copy the file. You also need to update any references to RHNS-CA-CERT in /etc/sysconfig/up2date to instead use RHN-ORG-TRUSTED-SSL-CERT. When you kickstart a server this is all done automatically.
-- kevin
> On Nov 12, 2014, at 2:19 PM, Daryl Rose <rosede12 at gmail.com> wrote:
>
> Okay. Then we're back to square one.
>
> As I said, I did in fact copy RHN-ORG-TRUSTED-SSL-CERT from my spacewalk server to the client. Since the certificate is in fact /usr/share/rhn, https should work. But it doesn't. So, there is still either a bug, or something else is missing.
>
> With that said, where would I get the rpm? Is the rpm on the spacewalk server as well?
>
> Thank you.
>
> Daryl
>
>
>> On Wed, Nov 12, 2014 at 1:00 PM, Amedeo Salvati <amedeo at oscert.net> wrote:
>> Daryl, sorry but I haven't see your previus email, but the answer you get -> scp RHN-ORG-TRUSTED-SSL-CERT from spacewalk it's another solution!
>>
>> to better understand the file RHN-ORG-TRUSTED-SSL-CERT generated during installation it's the CA key that you have to put on path:
>>
>> /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
>>
>> on the other hand, instead of scp above file, you can install rpm rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm that inside of it there are the same file RHN-ORG-TRUSTED-SSL-CERT, so you can choose, usually on bootstrap script to use rpm or to use text file -> I prefer to use rpm on rpm systems (rhel, centos, suse...), but repeat if you have copied that file using scp is the same result!
>>
>> best regards
>> Amedeo Salvati
>>
>> Il 12/11/2014 18:14, Daryl Rose ha scritto:
>>> Amedeo,
>>>
>>> This is not any any documentation that I can find. As a matter of fact, when I first started working on this, I ran into an error about RHN-ORG-TRUSTED-SSL-CERT. I posted a question to this list, and a person replied back telling me that I needed to scp RHN-ORG-TRUSTED-SSL-CERT from the SW server to the client. That resolved that particular error, but no where have I found that I need to install an additional rpm.
>>>
>>> I will install it and test.
>>>
>>> Thank you.
>>>
>>> Daryl
>>>
>>>
>>>
>>>> On Wed, Nov 12, 2014 at 9:58 AM, Amedeo Salvati <amedeo at oscert.net> wrote:
>>>> Daryl this seem that you haven't imported your spacewalk ssl keys, usually under pub directory of your SW server you can find two files:
>>>>
>>>> RHN-ORG-TRUSTED-SSL-CERT
>>>> rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
>>>>
>>>> install rpm on your spacewalk clients, and then your clients has this ssl key under:
>>>>
>>>> /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
>>>>
>>>> and with this you can use https communications between spacewalk server and clients... -> with this is more safe if you have provision entitlements and want to execute on real time scripts (communication goes through http over ssl)
>>>>
>>>> Best Regards
>>>> Amedeo Salvati
>>>>
>>>>
>>>> Da: spacewalk-list-bounces at redhat.com
>>>> A: Spacewalk-list at redhat.com
>>>> Cc:
>>>> Data: Wed, 12 Nov 2014 09:33:43 -0600
>>>> Oggetto: [Spacewalk-list] I can now update CentOS
>>>>
>>>> > Previous questions were about the failure of updating CentOS from the Spacewalk server. I was getting the following error:
>>>>
>>>> > local action status: ((6,), 'Fatal error in Python code occurred', {})
>>>>
>>>> > I searched and searched and searched, posted questions and no one was able to answer the question on what the error was, and how to resolve it.
>>>>
>>>> > The only reply that I received on this board was that this was a bug that had been fixed in RH Satellite Server, but apparently not in Spacewalk.
>>>>
>>>> > Perhaps this is a known bug that was only fixed in RH Satellite and not addressed in SW because I found other postings with the exact same issue. These postings go back for over a year, so I know this has been an issue for sometime. Almost all of these posts have the same replies: execute a yum clean all, update yum, etc... I did all of that as well as did the others in who have the same issue. Stop/start the satellite server etc....
>>>>
>>>> > Finally, I found a posting by a guy who jumped through all of the hoops, as had I, but finally found out that removing the "s" from the https://<sp-walk server> in /usr/sysconfig/rhn/up2date resolved the issue.
>>>>
>>>> > I successfully updated my CentOS 6.5 server.
>>>>
>>>> > Thank you
>>>>
>>>> > Daryl
>>>>
>>>>
>>>> _______________________________________________
>>>> Spacewalk-list mailing list
>>>> Spacewalk-list at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>>>
>>>
>>>
>>> _______________________________________________
>>> Spacewalk-list mailing list
>>> Spacewalk-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>>
>>
>> _______________________________________________
>> Spacewalk-list mailing list
>> Spacewalk-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20141112/9d5baa32/attachment.htm>
More information about the Spacewalk-list
mailing list