Tomas Lestach wrote:
----- Original Message -----
From: "Cliff Perry" <[email protected]>
To: "spacewalk-devel" <[email protected]>
Sent: Monday, October 18, 2010 7:09:10 PM
Subject: [Spacewalk-devel] [Fwd: [Spacewalk-list] expired satellite cert and
can't login to change entitlement
clashes]
API's work even when cert is expired? we did not lock out login via
API's?
True. We do not check for valid certificate when authenticating via API. Not
good.
Bug to fix or backdoor we should use when folks get into said
situation?
It seems like a bug and something we should fix :)
Good question. I'd say, it's a bug. Backdoors shall not be that easy to find.
:-)
Shall I create a BZ?
Tomas
--
Tomas Lestach
RHN Satellite Engineering, Red Hat
Cliff
-------- Original Message --------
Subject: [Spacewalk-list] expired satellite cert and can't login to
change entitlement clashes
Date: Mon, 18 Oct 2010 12:41:11 -0400
From: Aaron Prayther <[email protected]>
Reply-To: [email protected]
To: <[email protected]>, <[email protected]>
If you have ever let a satellite completely expire, even after the
week
of warning. I know just don't do that, but if you do...
This was after receiving errors trying to update the cert from within
the gui before it expired. Now that I think about it, it was probably
do to my not having Monitoring entitlements on the new cert and having
machine configured with them. So this is a heads up for mismatched
certs in general.
rhn-satellite-activate --rhn-cert=cert.cert
RHN_PARENT: satellite.rhn.redhat.com
Error: You do not have enough unused monitoring_entitled entitlements
in
the base org. You will need at least 25 free entitlements, based on
your
current consumption. Please un-entitle the remaining systems for the
activation to proceed.
You can't login, but you can hit it with spacecmd...
[r...@nces-sat-01 ~]# spacecmd system_list
[r...@nces-sat-01 ~]# spacecmd system_delete nces-sb-vm-01
nces-sb-vm-02
You could system_removeentitlement I suppose but I did not test that
one.
Not the rhn-satellite-activate should work correctly.
Aaron Prayther
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________
Spacewalk-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-devel
_______________________________________________
Spacewalk-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-devel
_______________________________________________
Spacewalk-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-devel
