Re: [Spacewalk-list] Error bootstrapping Fedora 28, missing Everything repo (base channel)

[Kevin Olbrich]

I just noticed what might be the problem.

For CentOS, the parent channel uses the “base” repo. Do I need to use the
server / workstation folders as parent channel?

Kevin

2018-05-09 16:38 GMT+02:00 Kevin Olbrich :

> Hi!
>
> I try to deploy a fedora28 client (server edition) using spacewalk.
>
> This is my channel layout:
> *Parent-Channel: fedora-28-x86_64 # Everything repo linked*
> Sub-Channel: fedora-28-x86_64-icinga # 3rd party repo linked
> Sub-Channel: fedora-28-x86_64-opennebula  # 3rd party repo linked
> Sub-Channel: fedora-28-x86_64-rpmfusion  # 3rd party repo linked
> Sub-Channel: fedora-28-x86_64-rpmfusion-nf  # 3rd party repo linked
> Sub-Channel: fedora-28-x86_64-spacewalk  # 3rd party repo linked
> Sub-Channel: fedora-28-x86_64-updates # Updates repo linked
>
> Then I got an activation key, linking to above channels.
>
> This activation key is linked to my kickstart profile, based on above
> parent channel.
> I have temporarily removed all additional packages from the kickstart
> profile.
>
> When I boot my server using PXE, i can select the kickstart profile and
> the system starts installation.
> *After this, I get a "Question" from anaconda, asking if I want to skip
> "perl".*
>
> Package "perl" is in the Everything repo, which is not listed in the
> kickstart file:
>
> ...
> skipx
> repo --name=fedora-28-x86_64-icinga --baseurl=http://cloudmgr03.
> mgmt.example.com/ks/dist/child/fedora-28-x86_64-icinga/
> fedora-28-server-x86_64
> repo --name=fedora-28-x86_64-rpmfusion-nf --baseurl=http://cloudmgr03.
> mgmt.example.com/ks/dist/child/fedora-28-x86_64-
> rpmfusion-nf/fedora-28-server-x86_64
> repo --name=fedora-28-x86_64-opennebula --baseurl=http://cloudmgr03.
> mgmt.example.com/ks/dist/child/fedora-28-x86_64-
> opennebula/fedora-28-server-x86_64
> repo --name=fedora-28-x86_64-updates --baseurl=http://cloudmgr03.
> mgmt.example.com/ks/dist/child/fedora-28-x86_64-
> updates/fedora-28-server-x86_64
> repo --name=fedora-28-x86_64-rpmfusion --baseurl=http://cloudmgr03.
> mgmt.example.com/ks/dist/child/fedora-28-x86_64-
> rpmfusion/fedora-28-server-x86_64
> autopart --type=plain
> ...
>
> Most likely it would work by removing the repo from the parent channel and
> moving it down to it's own sub-channel.
> This does not match the installation instructions.
>
> What am I doing wrong?
>
> Kind regards
> Kevin
>
___
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

Re: [Spacewalk-list] Certificat problem by client installation

[Robert Paschedag]

> Gesendet: Mittwoch, 09. Mai 2018 um 13:47 Uhr
> Von: "Jérôme Meyer" 
> An: "'Robert Paschedag'" , 
> "spacewalk-list@redhat.com" , 
> "'spacewalk-list@redhat.com'" 
> Betreff: RE: [Spacewalk-list] Certificat problem by client installation
>
> Hi Robert,
> 
> Thanks for contacting.
> I've configured a static entry in /etc/hosts and test it but unfortunately 
> the spacecmd result is the same. 
> Oddly this URL (https://.local/rpc/api) works directly with a 
> web browser (only http: certificate invalid)
> 
> Best regards,
> Jérôme Meyer
> 
> 
Well Jérôme.you got it wrong.

You need to connect (and re-run your tests) to "prod_spacewalk.local"! That's 
why you made the static entry within /etc/hosts.
So when you now say"go to prod_spacewalk.local" your client is connecting 
to your "dev_spacewalk" system.
Then, there should not be an SSL error if the name you used to connect is 
EXACTLY THE SAME as the name within the SSL (CN=...)
Robert

> 
> 
> 
> -Original Message-
> From: Robert Paschedag [mailto:robert.pasche...@web.de] 
> Sent: Dienstag, 8. Mai 2018 20:28
> To: spacewalk-list@redhat.com; Jérôme Meyer; 'spacewalk-list@redhat.com'
> Subject: Re: [Spacewalk-list] Certificat problem by client installation
> 
> Am 8. Mai 2018 20:18:41 MESZ schrieb Robert Paschedag 
> :
> >Am 8. Mai 2018 19:00:53 MESZ schrieb "Jérôme Meyer"
> >:
> >>Dear All,
> >>
> >>Because our customer has some issue with his prod_spacewalk server to 
> >>create new system, we decided to clone it has dev_system to do some 
> >>test and troubleshooting this problem.
> >>Clone and configuration to dev_spacewalk was successfully done.
> >>
> >>Version:
> >>==
> >>dev_spacewalk : CentOS 7.4.1708
> >>spacewalk ver.: 2.4
> >>
> >>Steps
> >>==
> >>1) server successfully cloned
> >>2) Change hostname in configuration's file
> >>3) run the script with the new IP ADD :
> >>/usr/bin/spacewalk-hostname-rename 
> >>3.1) a new SSL certificate was created
> >>3.2) a private AC key was generated:
> >> Generating private CA key:
> >/root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY
> >>4) Configuring jabber to use PostgreSQL backend because some issue.
> >>5) Successfully start the service:
> >>
> >>Error
> >>==
> >>
> >>Now, we've created a new dev_server and after the installation, we 
> >>received some issue from kickstart logs:
> >>
> >>ERROR: Failed to connect to https://.local/rpc/api
> >>
> >>I've done an another test from this new machine:
> >>
> >># spacecmd -s  -u admin -p $(echo passwd | 
> >>openssl enc -aes-128-cbc -a -d -salt -pass pass:) --debug
> >>DEBUG: : False
> >>DEBUG: Read configuration from /root/.spacecmd/config
> >>DEBUG: Loading configuration section [spacecmd]
> >>DEBUG: Current Configuration: {'username': 'admin', 'password':
> >>'***', 'server': 'dev_spacewalk'} Welcome to spacecmd, a 
> >>command-line interface to Spacewalk.
> >>
> >>Type: 'help' for a list of commands
> >>  'help ' for command-specific help
> >>  'quit' to quit
> >>
> >>DEBUG: Configuration section [dev_spacewalk] does not exist
> >>DEBUG: Connecting to https://dev_spacewalk/rpc/api
> >>ERROR: 
> >>Traceback (most recent call last):
> >>File "/usr/lib/python2.7/site-packages/spacecmd/misc.py", line 284, in 
> >>do_login
> >>self.api_version = self.client.api.getVersion()
> >>  File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__
> >>return self.__send(self.__name, args)
> >>  File "/usr/lib64/python2.7/xmlrpclib.py", line 1587, in __request
> >>verbose=self.__verbose
> >>  File "/usr/lib64/python2.7/xmlrpclib.py", line 1273, in request
> >>return self.single_request(host, handler, request_body, verbose)  
> >>File "/usr/lib64/python2.7/xmlrpclib.py", line 1301, in
> >single_request
> >>self.send_content(h, request_body)
> >>  File "/usr/lib64/python2.7/xmlrpclib.py", line 1448, in send_content
> >>connection.endheaders(request_body)
> >>  File "/usr/lib64/python2.7/httplib.py", line 1013, in endheaders
> >>self._send_output(message_body)
> >>  File "/usr/lib64/python2.7/httplib.py", line 864, in _send_output
> >>self.send(msg)
> >>  File "/usr/lib64/python2.7/httplib.py", line 826, in send
> >>self.connect()
> >>  File "/usr/lib64/python2.7/httplib.py", line 1236, in connect
> >>server_hostname=sni_hostname)
> >>  File "/usr/lib64/python2.7/ssl.py", line 350, in wrap_socket
> >>_context=self)
> >>  File "/usr/lib64/python2.7/ssl.py", line 611, in __init__
> >>self.do_handshake()
> >>  File "/usr/lib64/python2.7/ssl.py", line 833, in do_handshake
> >>self._sslobj.do_handshake()
> >>SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
> >>(_ssl.c:579)
> >>ERROR: Failed to connect to https:///rpc/api
> >>
> >>Questions
> >>==
> >>
> >>1) How can I check if certificates are ok?
> >>2) Is a certificat's problem or spacewalk? An

[Spacewalk-list] Error bootstrapping Fedora 28, missing Everything repo (base channel)

[Kevin Olbrich]

Hi!

I try to deploy a fedora28 client (server edition) using spacewalk.

This is my channel layout:
*Parent-Channel: fedora-28-x86_64 # Everything repo linked*
Sub-Channel: fedora-28-x86_64-icinga # 3rd party repo linked
Sub-Channel: fedora-28-x86_64-opennebula  # 3rd party repo linked
Sub-Channel: fedora-28-x86_64-rpmfusion  # 3rd party repo linked
Sub-Channel: fedora-28-x86_64-rpmfusion-nf  # 3rd party repo linked
Sub-Channel: fedora-28-x86_64-spacewalk  # 3rd party repo linked
Sub-Channel: fedora-28-x86_64-updates # Updates repo linked

Then I got an activation key, linking to above channels.

This activation key is linked to my kickstart profile, based on above
parent channel.
I have temporarily removed all additional packages from the kickstart
profile.

When I boot my server using PXE, i can select the kickstart profile and the
system starts installation.
*After this, I get a "Question" from anaconda, asking if I want to skip
"perl".*

Package "perl" is in the Everything repo, which is not listed in the
kickstart file:

...
skipx
repo --name=fedora-28-x86_64-icinga --baseurl=
http://cloudmgr03.mgmt.example.com/ks/dist/child/fedora-28-x86_64-icinga/fedora-28-server-x86_64
repo --name=fedora-28-x86_64-rpmfusion-nf --baseurl=
http://cloudmgr03.mgmt.example.com/ks/dist/child/fedora-28-x86_64-rpmfusion-nf/fedora-28-server-x86_64
repo --name=fedora-28-x86_64-opennebula --baseurl=
http://cloudmgr03.mgmt.example.com/ks/dist/child/fedora-28-x86_64-opennebula/fedora-28-server-x86_64
repo --name=fedora-28-x86_64-updates --baseurl=
http://cloudmgr03.mgmt.example.com/ks/dist/child/fedora-28-x86_64-updates/fedora-28-server-x86_64
repo --name=fedora-28-x86_64-rpmfusion --baseurl=
http://cloudmgr03.mgmt.example.com/ks/dist/child/fedora-28-x86_64-rpmfusion/fedora-28-server-x86_64
autopart --type=plain
...

Most likely it would work by removing the repo from the parent channel and
moving it down to it's own sub-channel.
This does not match the installation instructions.

What am I doing wrong?

Kind regards
Kevin
___
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

Re: [Spacewalk-list] Cobbler / anaconda - Source needs network for installation

[Kevin Olbrich]

Hi!

> kernel is naming the ethernet-devices differently
I am using "biosdevname=0 net.ifnames=0" as default kernel parameters to
have consistent naming.

It turned out, that I have to use the server-dvd instead of netinstall.

The problem is solved.

Thanks!

- Kevin

2018-05-09 15:18 GMT+02:00 Andreas Dijkman :

> My best guess would be that the device eth0 isn’t present. In newer
> releases, the kernel is naming the ethernet-devices differently. If you are
> running vmware, try ens192 or ens166 as device. But if you have only 1
> interface, don’t supply the device at all.
>
> Kind regards,
>
> Andreas Dijkman
>
>
> On 9 May 2018, at 13:22, Kevin Olbrich  wrote:
>
> The previous text was not displayed correctly:
> network --device=eth0 --activate --onboot=on --bootproto=dhcp
>
> https://paste.fedoraproject.org/paste/FUFMmfAFbl08Tq~vi1spIA
>
>
> Mit freundlichen Grüßen / best regards,
> Kevin Olbrich.
>
> 2018-05-09 13:18 GMT+02:00 Kevin Olbrich :
>
>> Hi!
>>
>> I have set up a kickstart profile for fedora 28 (first kickstart project).
>> My kickstart file contains:
>> *network --device=eth0 --activate --onboot=on --bootproto=dhcp*
>>
>> Every time I try deploying the image profile, I get:
>> Source http://xxx... needs network for installation.
>> (/tmp/anaconda.log)
>>
>> Both "installation source" and "software selection" are marked by
>> exclamation marks.
>> Network configuration is ticked and "wired eth0 connected".
>>
>> Any ideas?
>>
>> Kind regards
>> Kevin
>>
>
> ___
> Spacewalk-list mailing list
> Spacewalk-list@redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
>
>
> ___
> Spacewalk-list mailing list
> Spacewalk-list@redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
___
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

Re: [Spacewalk-list] Cobbler / anaconda - Source needs network for installation

[Andreas Dijkman]

My best guess would be that the device eth0 isn’t present. In newer releases, 
the kernel is naming the ethernet-devices differently. If you are running 
vmware, try ens192 or ens166 as device. But if you have only 1 interface, don’t 
supply the device at all.

Kind regards,

Andreas Dijkman


> On 9 May 2018, at 13:22, Kevin Olbrich  wrote:
> 
> The previous text was not displayed correctly:
> network --device=eth0 --activate --onboot=on --bootproto=dhcp
> 
> https://paste.fedoraproject.org/paste/FUFMmfAFbl08Tq~vi1spIA 
> 
> 
> 
> Mit freundlichen Grüßen / best regards,
> Kevin Olbrich.
> 
> 2018-05-09 13:18 GMT+02:00 Kevin Olbrich mailto:k...@sv01.de>>:
> Hi!
> 
> I have set up a kickstart profile for fedora 28 (first kickstart project).
> My kickstart file contains:
> network --device=eth0 --activate --onboot=on --bootproto=dhcp
> 
> Every time I try deploying the image profile, I get:
> Source http://xxx. .. needs network for installation.
> (/tmp/anaconda.log)
> 
> Both "installation source" and "software selection" are marked by exclamation 
> marks.
> Network configuration is ticked and "wired eth0 connected".
> 
> Any ideas?
> 
> Kind regards
> Kevin
> 
> ___
> Spacewalk-list mailing list
> Spacewalk-list@redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list



smime.p7s
Description: S/MIME cryptographic signature
___
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

Re: [Spacewalk-list] Certificat problem by client installation

[Jérôme Meyer]

Hi Robert,

Thanks for contacting.
I've configured a static entry in /etc/hosts and test it but unfortunately the 
spacecmd result is the same. 
Oddly this URL (https://.local/rpc/api) works directly with a 
web browser (only http: certificate invalid)

Best regards,
Jérôme Meyer





-Original Message-
From: Robert Paschedag [mailto:robert.pasche...@web.de] 
Sent: Dienstag, 8. Mai 2018 20:28
To: spacewalk-list@redhat.com; Jérôme Meyer; 'spacewalk-list@redhat.com'
Subject: Re: [Spacewalk-list] Certificat problem by client installation

Am 8. Mai 2018 20:18:41 MESZ schrieb Robert Paschedag :
>Am 8. Mai 2018 19:00:53 MESZ schrieb "Jérôme Meyer"
>:
>>Dear All,
>>
>>Because our customer has some issue with his prod_spacewalk server to 
>>create new system, we decided to clone it has dev_system to do some 
>>test and troubleshooting this problem.
>>Clone and configuration to dev_spacewalk was successfully done.
>>
>>Version:
>>==
>>dev_spacewalk : CentOS 7.4.1708
>>spacewalk ver.: 2.4
>>
>>Steps
>>==
>>1) server successfully cloned
>>2) Change hostname in configuration's file
>>3) run the script with the new IP ADD :
>>/usr/bin/spacewalk-hostname-rename 
>>3.1) a new SSL certificate was created
>>3.2) a private AC key was generated:
>> Generating private CA key:
>/root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY
>>4) Configuring jabber to use PostgreSQL backend because some issue.
>>5) Successfully start the service:
>>
>>Error
>>==
>>
>>Now, we've created a new dev_server and after the installation, we 
>>received some issue from kickstart logs:
>>
>>ERROR: Failed to connect to https://.local/rpc/api
>>
>>I've done an another test from this new machine:
>>
>># spacecmd -s  -u admin -p $(echo passwd | 
>>openssl enc -aes-128-cbc -a -d -salt -pass pass:) --debug
>>DEBUG: : False
>>DEBUG: Read configuration from /root/.spacecmd/config
>>DEBUG: Loading configuration section [spacecmd]
>>DEBUG: Current Configuration: {'username': 'admin', 'password':
>>'***', 'server': 'dev_spacewalk'} Welcome to spacecmd, a 
>>command-line interface to Spacewalk.
>>
>>Type: 'help' for a list of commands
>>  'help ' for command-specific help
>>  'quit' to quit
>>
>>DEBUG: Configuration section [dev_spacewalk] does not exist
>>DEBUG: Connecting to https://dev_spacewalk/rpc/api
>>ERROR: 
>>Traceback (most recent call last):
>>File "/usr/lib/python2.7/site-packages/spacecmd/misc.py", line 284, in 
>>do_login
>>self.api_version = self.client.api.getVersion()
>>  File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__
>>return self.__send(self.__name, args)
>>  File "/usr/lib64/python2.7/xmlrpclib.py", line 1587, in __request
>>verbose=self.__verbose
>>  File "/usr/lib64/python2.7/xmlrpclib.py", line 1273, in request
>>return self.single_request(host, handler, request_body, verbose)  
>>File "/usr/lib64/python2.7/xmlrpclib.py", line 1301, in
>single_request
>>self.send_content(h, request_body)
>>  File "/usr/lib64/python2.7/xmlrpclib.py", line 1448, in send_content
>>connection.endheaders(request_body)
>>  File "/usr/lib64/python2.7/httplib.py", line 1013, in endheaders
>>self._send_output(message_body)
>>  File "/usr/lib64/python2.7/httplib.py", line 864, in _send_output
>>self.send(msg)
>>  File "/usr/lib64/python2.7/httplib.py", line 826, in send
>>self.connect()
>>  File "/usr/lib64/python2.7/httplib.py", line 1236, in connect
>>server_hostname=sni_hostname)
>>  File "/usr/lib64/python2.7/ssl.py", line 350, in wrap_socket
>>_context=self)
>>  File "/usr/lib64/python2.7/ssl.py", line 611, in __init__
>>self.do_handshake()
>>  File "/usr/lib64/python2.7/ssl.py", line 833, in do_handshake
>>self._sslobj.do_handshake()
>>SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
>>(_ssl.c:579)
>>ERROR: Failed to connect to https:///rpc/api
>>
>>Questions
>>==
>>
>>1) How can I check if certificates are ok?
>>2) Is a certificat's problem or spacewalk? Any Idea how I can 
>>debugging?
>>3) Our customer are using a selfsigned certificat, so I don't think 
>>that is a CA certificat problem?
>>4) All certificats saw ok but this file not. I don't really know how
>it
>>will be created:
>>
>># cat /tmp/ssl-key-1
>>Certificate:
>>Data:
>>Version: 3 (0x2)
>>Serial Number: 13876969005773671483 (0xc094e5c9943ecc3b)
>>Signature Algorithm: sha1WithRSAEncryption
>>Issuer: C=CH, ST=X, L=, O=, OU=XX, 
>>CN=.local
>
>Your cert is created for "prod_spacewalk.local" but you are connecting 
>to a totally different name ("dev_spacewalk" (without .local)) and 
>expect it to verify...
>
>How should this work?
>
>
>Even if you are using the correct name to connect Does your new 
>"client" "trust" the SW CA?
>
>Normally... the SW clients use the RHN-TRUSTED-SSL-CERT file that is 
>stored in /usr/share/

Re: [Spacewalk-list] Cobbler / anaconda - Source needs network for installation

[Kevin Olbrich]

The previous text was not displayed correctly:
network --device=eth0 --activate --onboot=on --bootproto=dhcp

https://paste.fedoraproject.org/paste/FUFMmfAFbl08Tq~vi1spIA


Mit freundlichen Grüßen / best regards,
Kevin Olbrich.

2018-05-09 13:18 GMT+02:00 Kevin Olbrich :

> Hi!
>
> I have set up a kickstart profile for fedora 28 (first kickstart project).
> My kickstart file contains:
> *network --device=eth0 --activate --onboot=on --bootproto=dhcp*
>
> Every time I try deploying the image profile, I get:
> Source http://xxx... needs network for installation.
> (/tmp/anaconda.log)
>
> Both "installation source" and "software selection" are marked by
> exclamation marks.
> Network configuration is ticked and "wired eth0 connected".
>
> Any ideas?
>
> Kind regards
> Kevin
>
___
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

[Spacewalk-list] Cobbler / anaconda - Source needs network for installation

[Kevin Olbrich]

Hi!

I have set up a kickstart profile for fedora 28 (first kickstart project).
My kickstart file contains:
*network --device=eth0 --activate --onboot=on --bootproto=dhcp*

Every time I try deploying the image profile, I get:
Source http://xxx... needs network for installation.
(/tmp/anaconda.log)

Both "installation source" and "software selection" are marked by
exclamation marks.
Network configuration is ticked and "wired eth0 connected".

Any ideas?

Kind regards
Kevin
___
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list