[Spacewalk-list] kickstart profiles resetting to 3GB disk, and vibr0
First of all, thanks for Spacewalk 1.6. Lots-o-bugs fixed, including the "can't kickstart if you have the Provisioning entitlement" bug. I've got a strange one. Periodically, all of my kickstart profiles revert to 3GB disk and Virtual Bridge vibr0. All of them. Very weird. The number of virtual CPUs may also reset, but I'm not sure as I don't currently have any multi-CPU profiles. I couldn't find any indication in /var/log/rhn/ and /var/log/tomcat6/. Any ideas? System is CentOS 6.2 fully patched. -Ian ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
Re: [Spacewalk-list] Spacewalk Proxy 1.6 and non-self signed certificates
> I'll give your tips a try and report back. > > Thanks, > ScottW One important note, I'm using an external certificate authority, so I don't have the private key for the CA. It is my understanding that the code requires the private key for the CA. ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
Re: [Spacewalk-list] Spacewalk Proxy 1.6 and non-self signed certificates
On Wed, Dec 28, 2011 at 2:10 PM, Miroslav Suchy wrote: > Dne 28.12.2011 17:50, Scott Worthington napsal(a): > >> I successfully followed (pardon the URL)... >> >> http://unfuckablelinux.com/2008/07/02/spacewalk-and-avoiding-self-signed-certificates/ >> ...to install a valid SSL certificate into Spacewalk. This server has > > > This steps IMHO properly does not populate rhn-ca-openssl.cnf. And you have > wrong filenames since, we assume clean use of rhn-ssl-tool. > > >> been in production tracking 1.6-nightly and now 1.6-release since Sept >> 2011, and it is working well. >> >> I am now creating a Spacewalk Proxy 1.6. >> >> When running the automation script 'configure-proxy.sh', you must copy >> the the files three files RHN-ORG-PRIVATE-SSL-KEY, >> RHN-ORG-TRUSTED-SSL-CERT, and rhn-ca-openssl.cnf from the main >> Spacewalk server in /root/ssl-build. > >> >> Because I am not using a self-signed SSL cert on the main Spacewalk >> server, the script fails with: > > You have to copy that spacewalk-server:/root/ssl-build/spacewalk/server.key > proxy:/root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY > make sure that content of rhn-ca-openssl.cnf is sane and then run: > > configure-proxy.sh --force-own-ca > > Mirek Thanks Mirek for the tip! I didn't find anything on the Spacewalk Wiki about using own CA, and there is also a bug track about that no documentation on --force-own-ca (https://bugzilla.redhat.com/show_bug.cgi?id=729663). I'll give your tips a try and report back. Thanks, ScottW ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
Re: [Spacewalk-list] Spacewalk Proxy 1.6 and non-self signed certificates
Dne 28.12.2011 17:50, Scott Worthington napsal(a): I successfully followed (pardon the URL)... http://unfuckablelinux.com/2008/07/02/spacewalk-and-avoiding-self-signed-certificates/ ...to install a valid SSL certificate into Spacewalk. This server has This steps IMHO properly does not populate rhn-ca-openssl.cnf. And you have wrong filenames since, we assume clean use of rhn-ssl-tool. been in production tracking 1.6-nightly and now 1.6-release since Sept 2011, and it is working well. I am now creating a Spacewalk Proxy 1.6. When running the automation script 'configure-proxy.sh', you must copy the the files three files RHN-ORG-PRIVATE-SSL-KEY, RHN-ORG-TRUSTED-SSL-CERT, and rhn-ca-openssl.cnf from the main Spacewalk server in /root/ssl-build. > > Because I am not using a self-signed SSL cert on the main Spacewalk > server, the script fails with: You have to copy that spacewalk-server:/root/ssl-build/spacewalk/server.key proxy:/root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY make sure that content of rhn-ca-openssl.cnf is sane and then run: configure-proxy.sh --force-own-ca Mirek ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
[Spacewalk-list] Spacewalk Proxy 1.6 and non-self signed certificates
Hello, I am utilizing Spacewalk 1.6 with non-self-signed SSL certificate provided by a commercial CA (a requirement in my environment due to PCI compliance). I successfully followed (pardon the URL)... http://unfuckablelinux.com/2008/07/02/spacewalk-and-avoiding-self-signed-certificates/ ...to install a valid SSL certificate into Spacewalk. This server has been in production tracking 1.6-nightly and now 1.6-release since Sept 2011, and it is working well. I am now creating a Spacewalk Proxy 1.6. When running the automation script 'configure-proxy.sh', you must copy the the files three files RHN-ORG-PRIVATE-SSL-KEY, RHN-ORG-TRUSTED-SSL-CERT, and rhn-ca-openssl.cnf from the main Spacewalk server in /root/ssl-build. Because I am not using a self-signed SSL cert on the main Spacewalk server, the script fails with: Using configuration from /root/ssl-build/rhn-ca-openssl.cnf CA certificate and CA private key do not match 140222874289992:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:325: I am uncertain if anyone else has set up their main Spacewalk server with a non-self-signed SSL certificate and then attempted to set up a Spacewalk Proxy. Since the automation script, /usr/sbin/configure-proxy.sh, fails on line 500 when it is trying to build the SSL certificate, I will be manually generating the instructions & process for installing non-self-signed SSL cert into a Spacewalk Proxy. If you are interested in that process, please let me know and I'll post my how-to on this list to successfully get a Spacewalk Proxy 1.6 to use a non-self-signed SSL cert. Best, ScottW ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
Re: [Spacewalk-list] monitor problem
Hello i tried to stop restart services but i still have the problems pls tell me the correct why yo stop and restart the services regards rob On 25-12-2011 0:29, Larry Letelier wrote: Here the clue, Starting Monitoring ... 2011-12-25 00:02:22 InstallSoftwareConfig: !! RHN::Exception: RHN::DB connect('xe','spacewalk',...) failed: ORA-01033: ORACLE initialization or shutdown in progress (DBD ERROR: OCISessionBegin) Your fdqn is resolved ? Your *.ora files are find ? Try to stop all services involved and start one bye one. Saludos, -- Larry Letelier El 24-12-2011, a las 20:18, "rob morrien" escribió: hello to all, i updated my spacewalk, afther that i added packages. afther restart i get the next problem: Starting spacewalk services... Initializing jabberd processes ... process [router] already running process [sm] already running process [c2s] already running process [s2s] already running Starting osa-dispatcher: [ OK ] Starting tomcat5: tomcat5 process already running Waiting for tomcat to be ready ... Starting httpd: 2011-12-24 23:53:59 Monitoring: WARNING: STARTED BUT *NOT* RUNNING 2011-12-24 23:53:59 Monitoring: ERRORS ENCOUNTERED DURING LAST ACTION: 2011-12-24 23:53:59 Monitoring: !! Monitoring configuration load failed 2011-12-24 23:53:59 Monitoring: !! Monitoring configuration not loaded - not starting MOC functions! 2011-12-24 23:54:00 MonitoringScout: WARNING: STARTED BUT *NOT* RUNNING 2011-12-24 23:54:00 MonitoringScout: ERRORS ENCOUNTERED DURING LAST ACTION: 2011-12-24 23:54:00 MonitoringScout:!! Monitoring configuration load failed Starting rhn-search... rhn-search is already running. Starting cobbler daemon: [ OK ] Starting RHN Taskomatic... afther this problem i can't login anymore , who has a tip for me to fix this problem rob hello i have more detailed info Starting osa-dispatcher: RHN 15097 2011/12/25 00:00:56 +02:00: ('Connection attempt failed', 1033, 'ORA-01033: ORACLE initialization or shutdown in progress\nProcess ID: 0\nSession ID: 0 Serial number: 0\n') RHN 15097 2011/12/25 00:00:56 +02:00: ('Error caught:',) RHN 15097 2011/12/25 00:00:56 +02:00: ('Traceback (most recent call last):\n File "/usr/share/rhn/osad/jabber_lib.py", line 115, in main\n self.setup_config(config)\n File "/usr/share/rhn/osad/osa_dispatcher.py", line 82, in setup_config\nrhnSQL.initDB()\n File "/usr/lib/python2.4/site-packages/spacewalk/server/rhnSQL/__init__.py", line 124, in initDB\n__init__DB(backend, host, port, username, password, database)\n File "/usr/lib/python2.4/site-packages/spacewalk/server/rhnSQL/__init__.py", line 55, in __init__DB\n__DB.connect()\n File "/usr/lib/python2.4/site-packages/spacewalk/server/rhnSQL/driver_cx_Oracle.py", line 406, in connect\nraise apply(sql_base.SQLConnectError, err_args)\nSQLConnectError: (1033, \'ORA-01033: ORACLE initialization or shutdown in progress\\nProcess ID: 0\\nSession ID: 0 Serial number: 0\\n\', \'xe\', \'Connection_Connect(): begin session\')\n',) [ OK ] Starting tomcat5: [ OK ] Waiting for tomcat to be ready ... Starting httpd:[ OK ] Starting Monitoring ... 2011-12-25 00:02:22 InstallSoftwareConfig: !! RHN::Exception: RHN::DB connect('xe','spacewalk',...) failed: ORA-01033: ORACLE initialization or shutdown in progress (DBD ERROR: OCISessionBegin) RHN::DB /usr/lib/perl5/vendor_perl/5.8.8/RHN/DB.pm 224 RHN::Exception::DB::throw DBI /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/DBI.pm 636 RHN::DB::handle_error DBI /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/DBI.pm 689 DBI::__ANON__ RHN::DB /usr/lib/perl5/vendor_perl/5.8.8/RHN/DB.pm 215 DBI::connect RHN::DB /usr/lib/perl5/vendor_perl/5.8.8/RHN/DB.pm 180 RHN::DB::direct_connect NOCpulse::NOCpulseini /usr/lib/perl5/vendor_perl/5.8.8/NOCpulse/NOCpulseini.pm 45 RHN::DB::connect InstallSoftwareConfig /etc/rc.d/np.d/InstallSoftwareConfig.pm 22 NOCpulse::NOCpulseini::connect InstallSoftwareConfig /etc/rc.d/np.d/InstallSoftwareConfig.pm 21 (eval) SysVStep /etc/rc.d/np.d/SysVStep.pm 287 InstallSoftwareConfig::startActions SysVStep /etc/rc.d/np.d/SysVStep.pm 118 SysVStep::startStep MacroSysVStep /etc/rc.d/np.d/MacroSysVStep.pm 86 SysVStep::run MacroSysVStep /etc/rc.d/np.d/MacroSysVStep.pm 86 (eval) Monitoring /etc/rc.d/np.d/Monitoring.pm 51 MacroSysVStep::startModule SysVStep /etc/rc.d/np.d/SysVStep.pm 287 Monitoring::startActions SysVStep /etc/rc.d/np.d/SysVStep.pm 118 SysVStep::startStep MacroSysVStep /etc/rc.d/np.d/MacroSysVStep.pm 30 SysVStep::run main /usr/sbin/Monitoring 28 MacroSysVStep::run main /usr/sbin/Monitoring 28 (eval) Starting InstallSoftwareConfig ... [ FAIL ] 2011-12-25 00:02:22 InstallSoftwareConfig: WARNING: STARTED BUT *NOT* RUNNING
Re: [Spacewalk-list] AIX in Spacewalk?
Thanks for the hints Mirek. I'm going to take a look at this and see if I can get anything going. I'll keep you posted. Greg On 2011-12-28 7:13 AM, "Miroslav Suchy" wrote: >Dne 23.12.2011 19:10, Wojtak, Greg napsal(a): >> What kind of effort would be involved in getting these pieces working? >>I'm not talking about provisioning or anything too complex. I just >>think it would be a huge gain to be able to do the things I mentioned >>above. > >Basicaly - you need to port client stuff: >https://fedorahosted.org/spacewalk/browser/client > >You will need to start with rhnlib: >https://fedorahosted.org/spacewalk/browser/client/rhel/rhnlib > >then rhn-client-tool: >https://fedorahosted.org/spacewalk/browser/client/rhel/rhn-client-tools > >All this is just python. >And you will get 80% of functionality by this time. > >rhnsd will be then piece of cake as it is very small (but it needs >compilation): >https://fedorahosted.org/spacewalk/browser/client/rhel/rhnsd > >If you use rpm and yum there you can continue with: >https://fedorahosted.org/spacewalk/browser/client/rhel/yum-rhn-plugin > >And if you will still have some time you can port: >https://fedorahosted.org/spacewalk/browser/client/tools/rhncfg > >And you will have 99% of functionality, but the provisioning, by this >time. > >If you really mean it, it would be nice if you can manage your changes >as set of patches or as some howto which start with upstream tar.gz. >Like we have for debian: >https://fedorahosted.org/spacewalk/browser/client/debian/DEBIAN-HOWTO > >And of course, when you are done, we would love to see it too. :) > >Mirek Suchy > >___ >Spacewalk-list mailing list >Spacewalk-list@redhat.com >https://www.redhat.com/mailman/listinfo/spacewalk-list ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
Re: [Spacewalk-list] upgrade question
Dne 24.12.2011 21:15, rob morrien napsal(a): at this moment i still use i386 (32bits) environment for spacewalk. i saw that 1.6 is now released. can we still use the i386 environment or do we have to move to 64 bits Yes, 1.6 is still for both i386 and x86_64. Mirek ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
Re: [Spacewalk-list] AIX in Spacewalk?
Dne 23.12.2011 19:10, Wojtak, Greg napsal(a): What kind of effort would be involved in getting these pieces working? I'm not talking about provisioning or anything too complex. I just think it would be a huge gain to be able to do the things I mentioned above. Basicaly - you need to port client stuff: https://fedorahosted.org/spacewalk/browser/client You will need to start with rhnlib: https://fedorahosted.org/spacewalk/browser/client/rhel/rhnlib then rhn-client-tool: https://fedorahosted.org/spacewalk/browser/client/rhel/rhn-client-tools All this is just python. And you will get 80% of functionality by this time. rhnsd will be then piece of cake as it is very small (but it needs compilation): https://fedorahosted.org/spacewalk/browser/client/rhel/rhnsd If you use rpm and yum there you can continue with: https://fedorahosted.org/spacewalk/browser/client/rhel/yum-rhn-plugin And if you will still have some time you can port: https://fedorahosted.org/spacewalk/browser/client/tools/rhncfg And you will have 99% of functionality, but the provisioning, by this time. If you really mean it, it would be nice if you can manage your changes as set of patches or as some howto which start with upstream tar.gz. Like we have for debian: https://fedorahosted.org/spacewalk/browser/client/debian/DEBIAN-HOWTO And of course, when you are done, we would love to see it too. :) Mirek Suchy ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list