[Spacewalk-list] rhn_check fails
Jan Hutař
jhutar at redhat.com
Wed Feb 24 08:51:45 UTC 2016
I'm not good at netwrking, but for SSL you just need to make sure that
hostname in the Spacewalk CA certificate
(`grep sslCACert= /etc/sysconfig/rhn/up2date`) matches real Spacewalk
hostname (`ping` to it works, and possibly also that `host` on its IP
gives hostname).
What you have described might be the issue for sure. Could you please
show output of the commands from mine previous email? We will see there.
BTW feel free to respond later if it is late in your area now...
On 2016-02-24 00:21 -0800, Emmett Hogan wrote:
> I think you are on to the source of my problem with the cert.
>
> I have two interfaces in my SW server, one connects to the corporate
> network, and one is a private network (no forwarding) for PXE booting.
> I did this for a few reasons, but mainly because I didn’t want a DHCP
> server on our corporate LAN and I didn’t want some knucklehead
> accidentally PXE booting their machine and wiping it clean.
>
> Anyway…I put the bare-metal machines on the PXE network which uses all
> IP addresses…(no access to a name server).
>
> But, now that I think about it…perhaps I build them with a temporary
> host file which points them to the spacewalk server on the PXE
> network…then, as part of the move to the real network, I remove that
> host entry and DNS responds with the real IP address. That would keep
> me from having to change a lot of stuff when I move the machine.
>
> Hmmmm….what do you think?
>
> -Emmett
>
> --
> Emmett Hogan
> EHogan at gmail.com
>
> From: Jan Hutař [1]<jhutar at redhat.com>
> Reply: Jan Hutař [2]<jhutar at redhat.com>
> Date: February 24, 2016 at 12:03:16 AM
> To: Emmett Hogan [3]<ehogan at gmail.com>
> CC: spacewalk-list at redhat.com [4]<spacewalk-list at redhat.com>
> Subject: Re: [Spacewalk-list] rhn_check fails
>
> I'm not entirely sure, but this might be few issues, so lets try:
> client# grep sslCACert= /etc/sysconfig/rhn/up2date
> client# grep Subject: /etc/sysconfig/rhn/up2date
> Subject: C=CZ, ST=Brno, L=Brno, O=Brno, OU=spacewalk.example.com,
> CN=spacewalk.example.com
> Check the hostname in OU or CN param (I do not know the difference). It
> should match to the hostname how you are accessing your Spacewalk and
> also:
> client# grep serverURL= /etc/sysconfig/rhn/up2date
> serverURL=https://spacewalk.example.com/XMLRPC
> make sure that (from the client) ping to the Spacewalk hostname works
> + host on the IP returns same hostname. There is more to check for
> sure.
> Regards,
> Jan
> On 2016-02-23 23:30 -0800, Emmett Hogan wrote:
> > Hi Jan,
> > That fixed my problem with the new client trying to go to
> > centos.org...but just got me a little further down the road to:
> > error was [Errno 14] curl#51 - "Unable to communicate securely with
> > peer: requested domain name does not match the server's certificate."
> > (This was in my up2date log on the client after running rhn_check)
> > I'll revisit this tomorrow...it's getting a little late here.
> > Thanks again for your help.
> > -Emmett
> >
> > On Tue, Feb 23, 2016 at 11:22 PM, Emmett Hogan <[1]ehogan at gmail.com>
> > wrote:
> >
> > There are definitely repos in there....I didn't know I was supposed
> to
> > remove them.
> > I must have missed that in the documentation.
> > Thanks, I'll remove the repos and give it another try.
> > -Emmett
> >
> > On Tue, Feb 23, 2016 at 11:15 PM, Jan Hutař <[2]jhutar at redhat.com>
> > wrote:
> >
> > On 2016-02-23 22:45 -0800, Emmett Hogan wrote:
> >
> > Forgive me if this is a silly question, but I finally got a bare
> > metal
> > system to build from my Spacewalk server and wanted to push some
> > extra
> > packages to it. The request queued up like it should, then
> > eventually
> > failed with a python error. In doing some digging, it was trying
> > to
> > resolve [1][3]mirrorlist.centos.org. I don't understand why it
> > would be
> > trying to go back to centos for the packages....I thought that it
> > would
> > go to my Spacewalk server for all it's updates.
> > I even tried running:
> > # rhn_check
> > Could not retrieve mirrorlist
> >
> > [2][4]http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&in
> > fra=st
> > ock error was
> > 14: curl#6 - "Could not resolve host: [3][5]mirrorlist.centos.org;
> > Unknown
> > error"
> > I checked /etc/sysconfig/rhn/up2date and it references my
> > spacewalk
> > host:
> > serverURL=[4][6]https://192.168.67.5/XMLRPC
> > I know I've apparently screwed up something, somewhere, but I
> > cannot
> > seem to find the answer anywhere.
> > Any help would be greatly appreciated.
> > -Emmett
> > References
> > 1. [7]http://mirrorlist.centos.org/
> > 2.
> > [8]http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra
> > =stock
> > 3. [9]http://mirrorlist.centos.org/
> > 4. [10]https://192.168.67.5/XMLRPC
> >
> > Hello,
> > to view the actual traceback:
> > # less /var/log/up2date
> > And if you see client trying to reach [11]mirrorlist.centos.org,
> > check
> > if you did not left some repos behind on the client:
> > # yum repolist
> > # cat /etc/yum.repos.d/*.repo
> > Regards,
> > Jan
> > --
> > Jan Hutar Systems Management QA
> > [12]jhutar at redhat.com Red Hat, Inc.
> >
> >References
> >
> > 1. mailto:ehogan at gmail.com
> > 2. mailto:jhutar at redhat.com
> > 3. http://mirrorlist.centos.org/
> > 4.
> http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=st
> > 5. http://mirrorlist.centos.org/
> > 6. https://192.168.67.5/XMLRPC
> > 7. http://mirrorlist.centos.org/
> > 8.
> http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock
> > 9. http://mirrorlist.centos.org/
> > 10. https://192.168.67.5/XMLRPC
> > 11. http://mirrorlist.centos.org/
> > 12. mailto:jhutar at redhat.com
> --
> Jan Hutar Systems Management QA
> jhutar at redhat.com Red Hat, Inc.
>
>References
>
> 1. mailto:jhutar at redhat.com
> 2. mailto:jhutar at redhat.com
> 3. mailto:ehogan at gmail.com
> 4. mailto:spacewalk-list at redhat.com
--
Jan Hutar Systems Management QA
jhutar at redhat.com Red Hat, Inc.
More information about the Spacewalk-list
mailing list