[Spacewalk-devel] Preventing anyone from registering as a Proxy
It occured to me when doing the testing on Proxy that there doesn't seem to be anything to stop anyone who has root access on a machine that is registered in Spacewalk from making it into a registered Proxy server. It's probably not desirable to allow anyone to do this (although i don't think it exposes anything). Does that make sense? I suppose this isn't so much of an issue in RHN Satellite since you have to have paid for your Proxy entitlements and so you're probably using them (and it'll stop you from activating if you've run out of entitlements). ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
[Spacewalk-devel] Spacewalk Proxy 0.5
Hi guys, I've finally had a chance to run through the install of Spacewalk Proxy against 0.5 (I think 0.2 was the last release I found time for). I've run into a few problems and also made a few notes on some fixes needed in the installer (these are generally pretty trivial -- I can provide patches but it might just be easier for someone with git access to make the changes - let me know what you prefer). Here goes: - At the point we get to the activate in the script httpd is not yet installed any more so it can't chown systemid to the apache user (so it fails) - If the system has already been registered as a Proxy the activation fails (need to delete the system and reregister it) - It would probably be good to check somewhere in the installer that the machine you're trying to activate is registered in the Spacewalk server (since it's clearly not going to work otherwise!) - The error /usr/sbin/configure-proxy.sh: line 236: cat: No such file or directory is given if you don't choose to install monitoring (probably need to wrap this bit in an if monitoring block) - On line 311 there's a missing line continuation character which means it'll just stop - should be -e s|/VirtualHost|SSLProxyEngine on\n/VirtualHost| \ Hopefully those notes are helpful to you. Let me know if you want me to bugzilla them. Finally I couldn't actually get it to work afterwards - trying to register a client gives the error below (i've tryed deleting /var/spool/up2date/loginAuth.pkl) - any help much appriciated: Traceback (most recent call last): File /usr/sbin/rhnreg_ks, line 266, in ? cli.run() File /usr/share/rhn/up2date_client/rhncli.py, line 65, in run sys.exit(self.main() or 0) File /usr/sbin/rhnreg_ks, line 90, in main rhnreg.getCaps() File /usr/share/rhn/up2date_client/rhnreg.py, line 329, in getCaps s.capabilities.validate() File /usr/share/rhn/up2date_client/rhnserver.py, line 156, in __get_capabilities self.registration.welcome_message() File /usr/share/rhn/up2date_client/rhnserver.py, line 52, in __call__ raise self.__exception_from_fault(f) up2date_client.up2dateErrors.CommunicationError: Error communicating with server. The message was: Error Message: RHN Proxy error (auth caching issue). Please contact your system administrator. Error Class Code: 1000 Error Class Info: RHN Proxy error. Explanation: An error has occurred while processing your request. If this problem persists please enter a bug report at bugzilla.redhat.com. If you choose to submit the bug report, please be sure to include details of what you were trying to do when this error occurred and details on how to reproduce this problem. Regards, -R ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] Certificate Generation
Wierd, I'm sure it gave an error about not being able to find libraries first time round but I've just retried and I don't get any error. Apologies for the confusion. 2009/4/2 Michael Mraka michael.mr...@redhat.com: Rob James wrote: % Ah, OK thanks. % % I've updated the Oracle XE install docs too since someone had removed % the bit about setting up the environment to run sqlplus. Please don't. I've reverted your change. The steps are not necessary (see archive of the list) for client setup and they confuse others. -- Michael Mráka Satellite Engineering, Red Hat ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] Certificate Generation
OK, perhaps I didn't have the Spacewalk repo setup first time round and didn't notice the package fail to install. On Thu, Apr 2, 2009 at 12:58 PM, Jan Pazdziora jpazdzi...@redhat.com wrote: On Thu, Apr 02, 2009 at 12:53:39PM +0100, Rob James wrote: Wierd, I'm sure it gave an error about not being able to find libraries first time round but I've just retried and I don't get any error. Apologies for the confusion. It's probably the oracle-lib-compat which is in the Install section now which fixes the problem. -- Jan Pazdziora Senior Software Engineer, Satellite Engineering, Red Hat ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
[Spacewalk-devel] Certificate Generation
Just been running through the install process from scratch for Spacewalk 0.5 and the certificate generation which the docs say is nessecery seems to be quite a pain. Can gen-oss-sat-cert.pl and template-eval.cert at least be included (maybe in spacewalk-admin) to make things a little easier? Even better would be for the installer to deal with all this for you... As it is the instructions don't seem to actually work for me (I just get Can't locate RHN/CertUtils.pm in @INC... when trying to run gen-oss-sat-cert.pl). I'll look more when i have some time. R ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] commit messages
Looking at the commit logs recently a lot of the linked Bugzilla reports seem to have restricted access - is this just that they are coming from the Satellite QA or is it that they have customer info in? Where possible it would be nice for the community for bug reports to be open access. -R On Fri, Feb 6, 2009 at 2:09 AM, Jesus Rodriguez jes...@redhat.com wrote: Folks have been doing pretty good with using the proper commit message format. I applaud you for that. But, yes there is a bug, can we try and use more descriptive commit messages? They don't have to be epic poems, but something other than: - a few more schema fixes - fixed bug etc. I know sometimes we check in changes that simple or so many changes it's hard to concisely describe. Let's at least try :) Thanks -- jesus m. rodriguez| jes...@redhat.com sr. software engineer | irc: zeus rhn satellite spacewalk | 919.754.4413 (w) rhce # 805008586930012| 919.623.0080 (c) +---+ | Those who cannot learn from history | | are doomed to repeat it. | | -- George Santayana | +---+ ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] commit messages
In the last 24 hours of commits at least these seem to be restricted: Justin Sherrill [Fri, 6 Feb 2009 16:31:49 +] 458943 - fixed issue where having 500 items on a page and clicking confirm would result in page not found Brad Buckingham [Fri, 6 Feb 2009 16:16:42 +] 483824 - fix apidoc error on errata.listKeywords Pradeep Kilambi [Thu, 5 Feb 2009 22:08:17 +] bug#480028 adding debug options to migration script Mike McCune [Thu, 5 Feb 2009 19:53:18 +] 481767 - be more forgiving of busted kickstart distros during a sync and also report errors in an email. Justin Sherrill [Thu, 5 Feb 2009 17:56:29 +] 443718 - fixing a view mistage and having a query just use the view On Fri, Feb 6, 2009 at 2:05 PM, Devan Goodwin dgood...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 6 Feb 2009 10:41:21 + Rob James rssja...@googlemail.com wrote: Looking at the commit logs recently a lot of the linked Bugzilla reports seem to have restricted access - is this just that they are coming from the Satellite QA or is it that they have customer info in? Where possible it would be nice for the community for bug reports to be open access. -R This was likely an oversight, we try to make a public Spacewalk bug for anything reported against Satellite and use that in the Spacewalk commit messages. Cheers, Devan - -- Devan Goodwin dgood...@redhat.com Software Engineer Spacewalk / RHN Satellite Halifax, Canada 650.567.9039x79267 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmMQ6UACgkQAyHWaPV9my4RBACgpwn7h7rkmaXB/ftjZIX3IV25 OCQAnA+YuV1OXGgLRmfdEUgudlnxWMcu =Lg3Z -END PGP SIGNATURE- ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] Is Spacewalk Proxy rawhide supposed to work?
Jan, did you ever get this to work? It's been a while since I tried getting proxy up and running (probably shortly after the 0.3 release) but I never got it to work properly. I'd be interested to know if you have any success. -R On Thu, Jan 15, 2009 at 2:54 PM, Jan Pazdziora jpazdzi...@redhat.com wrote: On Mon, Jan 12, 2009 at 05:55:52PM +0100, Miroslav Suchý wrote: That is long story. If you want just short answer - yes, it is working. But it is winter time and you may want to read some story during long evenings. So make yourself some hot tee and sit down comfortably. This is story about chicken and egg... In Satellite you have proxy packages in Proxy channel and since we wanted to created command line installer (CLI) for proxy and only possible way to make proxy channel available from command line is rhn-proxy-activate and since this command is in Proxy channel ... you are busted. So I have to cut this circle somewhere and I decided to move rhn-proxy-activate to separate package (in spacewalk spacewalk-proxy-installer) and it is available in RHN Tools channel. So if you install spacewalk-proxy-installer you will only install packages needed for installer run. So, rhncfg, rhncfg-actions, rhncfg-client, and rhncfg-management are really all needed to run the installer and activate the proxy? And httpd? -- Jan Pazdziora Satellite Engineering, Red Hat ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel