[Spacewalk-list] Spacewalk Kickstart ISO Certificate invalid

prmarino1 at gmail.com prmarino1 at gmail.com
Wed Apr 27 00:37:07 UTC 2016 

Sounds like something changed in your network.
If PXE/dhcp works I would compare what the DNS settings are.
I assume that if you are booting off of a CD it's because DHCP isn't available or its going to a different DHCP server that doesn't offer DHCP.
I would suspect that there is a reverse lookup issue, 
Example
Original
Spacewalk.mycompany.com A 192.168.1.25
25.1.168.192 A spacewalk.mycompany.com
New version
Servera25.mycompany.com A 192.168.1.25
‎25.1.168.192 A servera2d.mycompany.com
Spacewalk.mycompany.com Cname servera25

Assuming the local DNS has the cname in the new config should be fine, the original config should be fine too, but if you mix and match the foreword A record from the original with the reverse lookup record from the new version the SSL cert will not verify correctly.

  Original Message  
From: Johannes Raff
Sent: Tuesday, April 26, 2016 17:59
To: spacewalk-list at redhat.com
Reply To: spacewalk-list at redhat.com
Subject: [Spacewalk-list] Spacewalk Kickstart ISO Certificate invalid

Hi,

we are running Spacewalk 2.4 on CentOS 6.6 with three Organisations. The setup has been started on version 2.0 and has always been updated. So far we had no problems but suddenly the kickstarting through a cobbler iso doesn’t work anymore.

we restarted Spacewalk, executed cobbler sync and cobbler buildiso. After that booting from the ISO, I can select the profile and the setup starts. after the setup, the machine comes up but is not registered with the Organisation in spacewalk. After reading through the logs, I find, that the /var/log/up2date log shows a invalid certificate error. if I start the run_register manually and using https, I can not move over the connection information. If I use rhnreg_ks, I have the Certificate error again.

If I switch to http: I can input the username and password, in the last step I get the error 70 though which says that the profile has no free allocations, which is not correct. I have verified the certificate, it is the right certificate (same md5) then on the server or an existing host, it has the correct hostname in the cert and in the kickstart file and the name resolution works well and it is valid.

If I book a machine in the DHCP connected network, I get the profiles from PXE and after selecting the correct profile, the setup and registration works without a issue.

This behaviour has appeared just recently, not straight after an upgrade of spacewalk. The Centos patches have been update recently.

Does anyone had a similar issue like this or could someone recommend next steps.

Many Thanks
Johannes

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list