[Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error
P.Cookson at bham.ac.uk
P.Cookson at bham.ac.uk
Thu Feb 28 09:35:27 UTC 2019
Hi
It's a little more involved than that! I produced these notes, for myself, when un-registering a system from a Dev Spacewalk Server and registering it with a Test Spacewalk Server. It's effectively the same thing that you need to do though.
Spacewalk does not provide an option to un-register a client system (similar to registering - "rhnreg_ks") - the only option is to remove the client system's profile from the Spacewalk server.
To remove a client's profile from the Spacewalk server perform these steps:
1. Log in to the Spacewalk Console.
2. Click on the Systems tab in the top navigation bar and then click on the name of the system which you want to remove from the Systems List.
3. Click the Delete System link in the top-right corner of the page.
4. Confirm system profile deletion by clicking the Delete Profile button.
5. Now go to the client system and execute below command to remove the associated System ID file:
# rm /etc/sysconfig/rhn/systemid
In addition, remove Spacewalk certificate for Development and add certificate for Test. Then register client system with Test Spacewalk server:
# certutil -d sql:/etc/pki/nssdb -Dn RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
# rpm -ev rhn-org-trusted-ssl-cert-1.0-1.noarch
# rpm -Uvh https://<Test Server>/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
# certutil -d sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
# rhnreg_ks --serverUrl=https://<Test Server>/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=[ACTIVATION KEY]
Note, if you're using OSAD, the service may have stopped during this process and therefore, will need to be re-started. I've also found that, even if it's still running, I've had to restart it before actions were automatically picked up again:
# systemctl start osad OR service osad start
Hope this is of help?
Regards
Phil
From: spacewalk-list-bounces at redhat.com <spacewalk-list-bounces at redhat.com> On Behalf Of rui.a.zhou at nokia-sbell.com
Sent: 28 February 2019 08:57
To: spacewalk-list at redhat.com
Cc: Zhu, Ting (NSB - CN/Shanghai) <ting.zhu at nokia-sbell.com>
Subject: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error
I re-installed the spacewalk server, and the client can not register to the new installed server.
[root at FNSHB109 rhn]# rpm -e rhn-org-trusted-ssl-cert-1.0-1.noarch
[root at FNSHB109 rhn]# rpm -Uvh http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
Retrieving http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
Preparing... ################################# [100%]
Updating / installing...
1:rhn-org-trusted-ssl-cert-1.0-1 ################################# [100%]
[root at FNSHB109 rhn]# rhnreg_ks --serverUrl=https://spacewalk-server/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-centos7.6 --force --verbose
D: rpcServer: Calling XMLRPC registration.welcome_message
An error has occurred:
The SSL certificate failed verification.
See /var/log/up2date for more information
[root at FNSHB109 rhn]# cat /etc/sysconfig/rhn/up2date |grep share
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
[Thu Feb 28 16:53:34 2019] up2date D: rpcServer: Calling XMLRPC registration.welcome_message
[Thu Feb 28 16:53:34 2019] up2date
Traceback (most recent call last):
File "/usr/sbin/rhnreg_ks", line 215, in <module>
cli.run()
File "/usr/lib/python2.7/site-packages/up2date_client/rhncli.py", line 94, in run
sys.exit(self.main() or 0)
File "/usr/sbin/rhnreg_ks", line 93, in main
rhnreg.getCaps()
File "/usr/lib/python2.7/site-packages/up2date_client/rhnreg.py", line 264, in getCaps
s.capabilities.validate()
File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", line 185, in __get_capabilities
self.registration.welcome_message()
File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", line 84, in __call__
raise_with_tb(up2dateErrors.SSLCertificateVerifyFailedError())
File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", line 67, in __call__
return rpcServer.doCall(method, *args, **kwargs)
File "/usr/lib/python2.7/site-packages/up2date_client/rpcServer.py", line 214, in doCall
ret = method(*args, **kwargs)
File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python2.7/site-packages/up2date_client/rpcServer.py", line 48, in _request1
ret = self._request(methodname, params)
File "/usr/lib/python2.7/site-packages/rhn/rpclib.py", line 394, in _request
self._handler, request, verbose=self._verbose)
File "/usr/lib/python2.7/site-packages/rhn/transports.py", line 177, in request
headers, fd = req.send_http(host, handler)
File "/usr/lib/python2.7/site-packages/rhn/transports.py", line 733, in send_http
self._connection.request(self.method, handler, body=bstr(self.data), headers=self.headers)
File "/usr/lib64/python2.7/httplib.py", line 1017, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.7/httplib.py", line 1051, in _send_request
self.endheaders(body)
File "/usr/lib64/python2.7/httplib.py", line 1013, in endheaders
self._send_output(message_body)
File "/usr/lib64/python2.7/httplib.py", line 864, in _send_output
self.send(msg)
File "/usr/lib64/python2.7/httplib.py", line 840, in send
self.sock.sendall(data)
File "/usr/lib/python2.7/site-packages/rhn/SSL.py", line 264, in write
sent = self._connection.send(data)
<class 'up2date_client.up2dateErrors.SSLCertificateVerifyFailedError'>: The SSL certificate failed verification.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20190228/774c36a1/attachment.htm>
More information about the Spacewalk-list
mailing list