[Spacewalk-list] Upgrading clients to 2.4

Dimitri Yioulos dyioulos at netatlantic.com
Fri Feb 12 20:56:45 UTC 2016 

Is it against a security policy or firewall rule to simply do “rpm –import http://spacewalk.redhat.com/yum/RPM-GPG-KEY-spacewalk-2015”?


From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Ian Forde
Sent: Friday, February 12, 2016 3:46 PM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] Upgrading clients to 2.4

You could always use SSM to execute remote commands on your hosts, (consisting of a curl/wget to download key to their local filesystems and import the keys...) Then you should be able to upgrade the packages.

On Fri, Feb 12, 2016 at 12:37 PM, Matt Bayliss <aarrgghh765 at gmail.com<mailto:aarrgghh765 at gmail.com>> wrote:
OK, so I pushed out the package rhncfg-actions so I could run remote commands.  I figured I could set up a configuration channel to push out the gpg key and then use a remote command to install it.  I found that I could not use configuration channels or use remote commands until I logged onto each server and enabled the functionality with 'rhn-actions-control --enable-all' (why is this not on by default?!).
Anyway, I've finally jumped through enough hoops to run the 'gpg --import RPM-GPG-KEY-spacewalk-2015' command, problem is though is that the 2.4-client packages still won't install and I'm getting the same "Error while executing packages action: Public key for rhn-setup-2.4.11-1.el6.noarch.rpm is not installed [[6]]"

GPG keys on my system are:
# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'

gpg-pubkey-c105b9de-4e0fd3a3 --> gpg(CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key at centos.org<mailto:centos-6-key at centos.org>>)
gpg-pubkey-863a853d-4f55f54d --> gpg(Spacewalk <spacewalk-devel at redhat.com<mailto:spacewalk-devel at redhat.com>>)
gpg-pubkey-0608b895-4bd22942 --> gpg(EPEL (6) <epel at fedoraproject.org<mailto:epel at fedoraproject.org>>)
It seems that the key has not been imported properly.  I'll check the file I pushed out again.

# gpg --with-fingerprint RPM-GPG-KEY-spacewalk-2015
pub  1024D/B8002DE1 2015-04-17 Spacewalk <spacewalk-devel at redhat.com<mailto:spacewalk-devel at redhat.com>>
      Key fingerprint = A5FC 508C DD3C C46D 3C3B  4612 DCC9 81CD B800 2DE1
OK, so that looks right,. I'll try and import it again..

# gpg --import RPM-GPG-KEY-spacewalk-2015
gpg: key B8002DE1: "Spacewalk <spacewalk-devel at redhat.com<mailto:spacewalk-devel at redhat.com>>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
It's processed and unchanged but it's still not in my list:

# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
gpg-pubkey-c105b9de-4e0fd3a3 --> gpg(CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key at centos.org<mailto:centos-6-key at centos.org>>)
gpg-pubkey-863a853d-4f55f54d --> gpg(Spacewalk <spacewalk-devel at redhat.com<mailto:spacewalk-devel at redhat.com>>)
gpg-pubkey-0608b895-4bd22942 --> gpg(EPEL (6) <epel at fedoraproject.org<mailto:epel at fedoraproject.org>>)
wtf?  Why won't the key import/update?

On 12 February 2016 at 15:18, Dimitri Yioulos <dyioulos at netatlantic.com<mailto:dyioulos at netatlantic.com>> wrote:
Matt,

I think you can use Manage|Provisioning|Run remote commands against a group of servers.  If you use Ansible in your environment, I have a simple playbooks to accomplish installing the public key which I’m happy to share with you.

Dimitri

From: spacewalk-list-bounces at redhat.com<mailto:spacewalk-list-bounces at redhat.com> [mailto:spacewalk-list-bounces at redhat.com<mailto:spacewalk-list-bounces at redhat.com>] On Behalf Of Matt Bayliss
Sent: Friday, February 12, 2016 9:41 AM
To: spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>
Subject: [Spacewalk-list] Upgrading clients to 2.4

I'm trying to bring a bunch of Spacewalk clients which are currently using the 2.2-client version, up to 2.4-client.
I created a new channel & repo and used the SSM to transfer systems over to the new channel.  The updates then appeaar as available and I scheduled the upgrade.
The problem is that I receive the error "Error while executing packages action: Public key for rhn-setup-2.4.11-1.el6.noarch.rpm is not installed [[6]]" as the 2015 key is not installed by my clients.
What's the best way to fix this using Spacewalk, I'd rather avoid having to import the key manually on each system.
Thanks,
Matt

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list


_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20160212/36933759/attachment.htm>

More information about the Spacewalk-list mailing list