List, I thought I'd put the list of minor but annoying issues I'm having to the
list in the hope that any advice on any of them may get me moving on them.
First, the environment, spacewalk 1.4 on Oracle XE on Centos 5.6 x86_64
Problem 1.) I think this is the root a few of the problems. I kickstart a
machine, it as an activation key that subscribes it to 4 software channels and
4 config channels. The kickstart process finishes and the client reboots, in
the spacewalk web interface I can see the machine as a registered client. I can
see it subscribed to the 4 software channels correctly in the web interface,
it's entitlemtns are management, monitoring and provisioning, in the
configuration menu, I can see it's subscribed to the correct for config
channels. The issue is that none of the 4 config channels have deployed the
files. If I do a "rhn_check" on the client, I get the following error
[quote]
[root@vmbuild01 ~]# rhn_check
Package rhncfg-5.9.52-1.el5.noarch already installed and latest version
Package rhncfg-actions-5.9.52-1.el5.noarch already installed and latest version
Package rhncfg-client-5.9.52-1.el5.noarch already installed and latest version
XMLRPC ProtocolError: <ProtocolError for spacewalk01.sccis.net /XMLRPC: 500
Internal Server Error>
[/quote]
the spacewalk server is reachable, I can see the client in the webui, I can
search the repos on the spacewalk server from the client using yum, I don't
know why it's giving a 500 error, and in reference to what.
This is the root of a few of my issues I believe, so I'm trying to understand
why this 500 is being generated.
2.) my kickstart profile package list is being ignored. I've attatched my
kickstart file for reference, but as you can see I've got wireless-tools, rhpl,
-system-config-securitylevel-tui as removed, yet in the finished build these
packages are still there, there is nothing that depends on these packages in
the kickstart, so why are they being installed ?
3.) config file deployment. I fully acknolwedge that this issue may be related
to point 1, but it's worth asking. The systems that are subscribed to config
channels if I kick "deploy" in the spacewalk UI to deploy the config files, the
spacewalk server schedules them for deployment but they never deploy. The
clients are allowed to have config file deployment, is there some known tweaks
that are needed to get config file deployment or package deployment working.
Sorry for the long post
thanks,
Matt
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
# Kickstart config file generated by Spacewalk Config Management
# Profile Label : scc-centos-5-x86-64-base-vm-build
# Date Created : 2011-05-25 11:29:00.0
install
text
network --bootproto=static --ip=80.86.39.120 --hostname=vmbuild01 --device=eth0
--gateway=80.86.39.1 --netmask=255.255.255.0 --nameserver=80.86.32.250
--onboot=yes --noipv6
url --url http://spacewalk01.sccis.net/ks/dist/centos-5-x86-64-kickstart-distro
lang en_GB
keyboard uk
zerombr
clearpart --all
bootloader --location mbr
timezone --utc Europe/London
auth --enablemd5 --enableshadow
rootpw --iscrypted $1$uewhsTXX$9D/x0xUqKxzY105ItxoFO1
selinux --permissive
reboot
firewall --disabled
skipx
key --skip
repo --name=centos-5-x86-64-updates-channel
--baseurl=http://spacewalk01.sccis.net/ks/dist/child/centos-5-x86-64-updates-channel/centos-5-x86-64-kickstart-distro
repo --name=el-5-x86-64-epel-channel
--baseurl=http://spacewalk01.sccis.net/ks/dist/child/el-5-x86-64-epel-channel/centos-5-x86-64-kickstart-distro
repo --name=el-5-x86-64-spacewalk-client-channel
--baseurl=http://spacewalk01.sccis.net/ks/dist/child/el-5-x86-64-spacewalk-client-channel/centos-5-x86-64-kickstart-distro
part /boot --fstype=ext3 --size=250
part / --fstype=ext3 --size=8192
part /home --fstype=ext3 --size=10240
part /var --fstype=ext3 --size=10240
part swap --fstype=swap --size=4096
%packages --nobase
rhn-client-tools
rhn-setup
rhn-check
rhnsd
yum-rhn-plugin
libnl
osad
python-dmidecode
rhncfg-actions
python-ethtool
wget
perl
ethtool
sudo
gpm
-gtk2
-system-config-securitylevel-tui
-system-config-firewall-base
-iptables-ipv6
-xorg-x11-filesystem
-xorg-x11-drv-ati-firmware
-zd1211-firmware
-iwl6050-firmware
-iwl6000-firmware
-iwl5150-firmware
-iwl5000-firmware
-iwl1000-firmware
-iwl4965-firmware
-iwl3945-firmware
-b43-openfwwf
-ipw2100-firmware
-ipw2200-firmware
-ivtv-firmware
-bfa-firmware
-dhclient
-centos-release-notes
-ed
-rhpl
-wireless-tools.x86_64
-wireless-tools.i386
-dhcpv6
-dhcpv6-client
-ecryptfs-utils
%pre
wget
"http://spacewalk01.sccis.net/cblr/svc/op/trig/mode/pre/profile/scc-centos-5-x86-64-base-vm-build:1:SpacewalkDefaultOrganization";
-O /dev/null
echo "Saving RHN keys..." > /dev/ttyS0
SYSTEM_ID=/etc/sysconfig/rhn/systemid
rhn_keys_found=no
mkdir -p /tmp/rhn
drives=$(list-harddrives | awk '{print $1}')
for disk in $drives; do
DISKS="$DISKS $(fdisk -l /dev/$disk | grep -v "swap\|LVM\|Extended" | awk
'/^\/dev/{print $1}')"
done
# Try to find the keys on ordinary partitions
for disk in $DISKS; do
name=test-$(basename $disk)
mkdir -p /tmp/$name
mount $disk /tmp/$name
[ $? -eq 0 ] || continue # Skip to the next partition if the mount fails
# Copy current RHN host keys out to be reused
if [ -f /tmp/${name}$SYSTEM_ID ]; then
cp -a /tmp/${name}$SYSTEM_ID /tmp/rhn
rhn_keys_found="yes"
umount /tmp/$name
break
fi
umount /tmp/$name
rm -r /tmp/$name
done
# Try LVM if that didn't work
if [ "$rhn_keys_found" = "no" ]; then
lvm lvmdiskscan
vgs=$(lvm vgs | tail -n +2 | awk '{ print $1 }')
for vg in $vgs; do
# Activate any VG we found
lvm vgchange -ay $vg
done
lvs=$(lvm lvs | tail -n +2 | awk '{ print "/dev/" $2 "/" $1 }')
for lv in $lvs; do
tmpdir=$(mktemp -d findkeys.XXXXXX)
mkdir -p /tmp/${tmpdir}
mount $lv /tmp/${tmpdir} || continue # Skip to next volume if this fails
# Let's see if the keys are in there
if [ -f /tmp/${tmpdir}$SYSTEM_ID ]; then
cp -a /tmp/${tmpdir}$SYSTEM_ID /tmp/rhn/
rhn_keys_found="yes"
umount /tmp/${tmpdir}
break # We're done!
fi
umount /tmp/${tmpdir}
rm -r /tmp/${tmpdir}
done
# And clean up..
for vg in $vgs; do
lvm vgchange -an $vg
done
fi
%post --nochroot
mkdir /mnt/sysimage/tmp/ks-tree-copy
if [ -d /oldtmp/ks-tree-shadow ]; then
cp -fa /oldtmp/ks-tree-shadow/* /mnt/sysimage/tmp/ks-tree-copy
elif [ -d /tmp/ks-tree-shadow ]; then
cp -fa /tmp/ks-tree-shadow/* /mnt/sysimage/tmp/ks-tree-copy
fi
cp /etc/resolv.conf /mnt/sysimage/etc/resolv.conf
cp -f /tmp/ks-pre.log* /mnt/sysimage/root/
%post --nochroot --interpreter /usr/bin/python
try:
import xmlrpclib
import shutil
import os
import os.path
old_system_id = "/tmp/rhn/systemid"
new_system_id = "/mnt/sysimage/root/systemid.old"
new_keys = "1-714e575b3fccf1474a215cb7447e8770,1-el-5-base-activation-key"
for key in new_keys.split(','):
if key.startswith('re-'):
os.exit(0)
if os.path.exists(old_system_id):
client = xmlrpclib.Server("http://spacewalk01.sccis.net/rpc/api";)
key = client.system.obtain_reactivation_key(open(old_system_id).read())
f = open("/mnt/sysimage/tmp/key","w")
f.write(key)
f.close()
shutil.copy(old_system_id, new_system_id)
except:
# xml rpc due to a old/bad system id
# we don't care about those
# we'll register those as new.
pass
%post --logfile /root/ks-rhn-post.log
# --Begin Spacewalk command section--
cat > /tmp/gpg-key-1 <<'EOF'
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.6 (GNU/Linux)
mQGiBEXopTIRBACZDBMOoFOakAjaxw1LXjeSvh/kmE35fU1rXfM7T0AV31NATCLF
l5CQiNDA4oWreDThg2Bf6+LIVTsGQb1V+XXuLak4Em5yTYwMTVB//4/nMxQEbpl/
QB2XwlJ7EQ0vW+kiPDz/7pHJz1p1jADzd9sQQicMtzysS4qT2i5A23j0VwCg1PB/
lpYqo0ZhWTrevxKMa1n34FcD/REavj0hSLQFTaKNLHRotRTF8V0BajjSaTkUT4uk
/RTaZ8Kr1mTosVtosqmdIAA2XHxi8ZLiVPPSezJjfElsSqOAxEKPL0djfpp2wrTm
l/1iVnX+PZH5DRKCbjdCMLDJhYap7YUhcPsMGSeUKrwmBCBJUPc6DhjFvyhA9IMl
1T0+A/9SKTv94ToP/JYoCTHTgnG5MoVNafisfe0wojP2mWU4gRk8X4dNGKMj6lic
vM6gne3hESyjcqZSmr7yELPPGhI9MNauJ6Ob8cTR2T12Fmv9w03DD3MnBstR6vhP
QcqZKhc5SJYYY7oVfxlSOfF4xfwcHQKoD5TOKwIAQ6T8jyFpKbQkRmVkb3JhIEVQ
RUwgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iGQEExECACQFAkXopTICGwMFCRLM
AwAGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQEZzANiF1IfabmQCgzvE60MnHSOBa
ZXXF7uU2Vzu8EOkAoKg9h+j0NuNom6WUYZyJQt4zc5seuQINBEXopTYQCADapnR/
blrJ8FhlgNPl0X9S3JE/kygPbNXIqne4XBVYisVp0uzNCRUxNZq30MpY027JCs2J
nL2fMpwvx33f0phU029vrIZKA3CmnnwVsjcWfMJOVPBmVN7m5bGU68F+PdRIcDsl
PMOWRLkTBZOGolLgIbM4719fqA8etewILrX6uPvRDwywV7/sPCFpRcfNNBUY+Zx3
5bf4fnkaCKxgXgQS3AT+hGYhlzIqQVTkGNveHTnt4SSzgAqR9sSwQwqvEfVtYNeS
w5rDguLG41HQm1Hojv59HNYjH6F/S1rClZi21bLgZbKpCFX76qPt8CTw+iQLBPPd
yoOGHfzyp7nsfhUrAAMFB/9/H9Gpk822ZpBexQW4y3LGFo9ZSnmu+ueOZPU3SqDA
DW1ovZdYzGuJTGGM9oMl6bL8eZrcUBBOFaWge5wZczIE3hx2exEOkDdvq+MUDVD1
axmN45q/7h1NYRp5GQL2ZsoV4g9U2gMdzHOFtZCER6PP9ErVlfJpgBUCdSL93V4H
Sgpkk7znmTOklbCM6l/G/A6q4sCRqfzHwVSTiruyTBiU9lfROsAl8fjIq2OzWJ2T
P9sadBe1llUYaow7txYSUxssW+89avct35gIyrBbof5M+CBXyAOUaSWmpM2eub24
0qbqiSr/Y6Om0t6vSzR8gRk7g+1H6IE0Tt1IJCvCAMimiE8EGBECAA8FAkXopTYC
GwwFCRLMAwAACgkQEZzANiF1IfZQYgCgiZHCv4xb+sTHCn/otc1Ovvi/OgMAnRXY
bbsLFWOfmzAnNIGvFRWy+YHi
=MMNL
-----END PGP PUBLIC KEY BLOCK-----
EOF
# gpg-key1
rpm --import /tmp/gpg-key-1
cat > /tmp/gpg-key-2 <<'EOF'
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.6 (GNU/Linux)
mQGiBEWfB6MRBACrnYW6yKMT+MwJlCIhoyTxGf3mAxmnAiDEy6HcYN8rivssVTJk
CFtQBlBOpLV/OW2YtKrCO2xHn46eNfnMri8FGT8g+9JF3MUVi7kiV1He4iJynHXB
+F2ZqIvHf3IaUj1ys+p8TK64FDFxDQDrGQfIsD/+pkSGx53/877IrvdwjwCguQcr
Ioip5TH0Fj0OLUY4asYVZH8EAIqFHEqsY+9ziP+2R3/FyxSllKkjwcMLrBug+cYO
LYDD6eQXE9Mq8XKGFDj9ZB/0+JzK/XQeStheeFG75q3noq5oCPVFO4czuKErIRAB
qKbDBhaTj3JhOgM12XsUYn+rI6NeMV2ZogoQCC2tWmDETfRpYp2moo53NuFWHbAy
XjETA/sHEeQT9huHzdi/lebNBj0L8nBGfLN1nSRP1GtvagBvkR4RZ6DTQyl0UzOJ
RA3ywWlrL9IV9mrpb1Fmn60l2jTMMCc7J6LacmPK906N+FcN/Docj1M4s/4CNanQ
NhzcFhAFtQL56SNyLTCk1XzhssGZ/jwGnNbU/aaj4wOj0Uef5LRGQ2VudE9TLTUg
S2V5IChDZW50T1MgNSBPZmZpY2lhbCBTaWduaW5nIEtleSkgPGNlbnRvcy01LWtl
eUBjZW50b3Mub3JnPohkBBMRAgAkBQJFnwekAhsDBQkSzAMABgsJCAcDAgMVAgMD
FgIBAh4BAheAAAoJEKikR9zoViiXKlEAmwSoZDvZo+WChcg3s/SpNoWCKhMAAJwI
E2aXpZVrpsQnInUQWwkdrTiL5YhMBBMRAgAMBQJFnwiSBYMSzAIRAAoJEDjCFhY5
bKCk0hAAn134bIx3wSbq58E6P6U5RT7Z2Zx4AJ9VxnVkoGHkVIgSdsxHUgRjo27N
F7kBDQRFnwezEAQA/HnJ5yiozwgtf6jt+kii8iua+WnjqBKomPHOQ8moxbWdv5Ks
4e1DPhzRqxhshjmub4SuJ93sgMSAF2ayC9t51mSJV33KfzPF2gIahcMqfABe/2hJ
aMzcQZHrGJCEX6ek8l8SFKou7vICzyajRSIK8gxWKBuQknP/9LKsoczV+xsAAwUD
/idXPkk4vRRHsCwc6I23fdI0ur52bzEqHiAIswNfO521YgLk2W1xyCLc2aYjc8Ni
nrMX1tCnEx0/gK7ICyJoWH1Vc7//79sWFtX2EaTO+Q07xjFX4E66WxJlCo9lOjos
Vk5qc7R+xzLDoLGFtbzaTRQFzf6yr7QTu+BebWLoPwNTiE8EGBECAA8FAkWfB7MC
GwwFCRLMAwAACgkQqKRH3OhWKJfvvACfbsF1WK193zM7vSc4uq51XsceLwgAoI0/
9GxdNhGQEAweSlQfhPa3yYXH
=o/Mx
-----END PGP PUBLIC KEY BLOCK-----
EOF
# gpg-key2
rpm --import /tmp/gpg-key-2
cat > /tmp/gpg-key-3 <<'EOF'
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)
mQGiBEhRXCoRBADbkCcAcIbmNn/u1L+ufZADpGb/yeXQDBTmupi8Gtst5t8Bvmcc
2xnUwsUk33Jt2HRKhziWqTdyqZPdTRCv3B4dLeyklv0lOrZhO2VSVWKREDnwTkp4
QZ4j1hpnDOcoRmUm6B7F/KR0UEUVgWDCCKVaeposT0gvoSeIiZ2X0hD6FwCg02SH
FJxzlkqITufZJLTFk2GqwSkEAJoD8czcmvej4uAOMRtVE57VR0d0xaF5UCCKGwEp
W1NvUQfMRI9gAMAFoKbmMIpQhnxDqqN6oDMVCDZFnGanNCFRHNvbjn3RcUboPLrr
Uc60HlUXnApyY3hHeZxdugai3KqRZFwwGsKRHBQ6s10OVWGsF9yfLkSJVv5SjQrW
6LQ3A/9ZizD3U15PiBO/XjUapuU07ojA+pkQwnn53f6lu1Afruq32778TE8Dc1NF
Qd2Qc9d6PLNhRfvnAVgtL1pVFcMPObg3LazCq2Re1pXydgzjmGeubEPfxvIxGhAT
qWLE7xGCZhcfIY07hHcT8/wDhgmFUgmDGAbA0AuxkWooJ0KlvbQmU3BhY2V3YWxr
IDxzcGFjZXdhbGstZGV2ZWxAcmVkaGF0LmNvbT6IZgQTEQIAJgUCSFFcKgIbAwUJ
A8JnAAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEJVCPU5DChw1uBEAnjsYGP39
iQ2DuNuk+ieUyr5Bl2JrAKCjM9mIrhzgX/kBBPTdkcHEqOPSlrkCDQRIUVwwEAgA
usI+2M8c48+bMeWLN98dGrTymoCy4WXhtyVhboGxIetA2Sjsq//v74HWXAjF88Mw
pxn+Lb9boeeym7kOohjKe/ejkuXYu/kt+zcpEuW4HD166GAIwiRDsH1O3EjhD1Q2
cJBuPDRRMqI7vynBWdS520tdwJZtJDT6/ivX5US3YNyXSpD12+DCq3HGL/aSMzXn
zSjhJFMaljnw8G/SfMEklzFhKL+czIKnfXMU1+kKBbh4V1HLXWq/cGtncKq8R/he
ptgb5VPh4uLRJJvJMm9N9Izh2pCiSZ9VrYcfhUbYw3Jzsxq/+rwXMTu24au6+0EM
ky8Foix8Ep4wAiSCxj8KiwADBQf/ZDLfx7zjjvXxoRX745BA2DIhgr+XD6CY9wk6
wog2zd9bG5Pd0fMMHJ9g+2b81cHeC9gD6zXAimv2OpnwHpxnzFaSpi4NVS/qcK1W
lYva4P0hCAUaVbxhACRvB+Et4a4KIpIgAkRyoLlZaZB2/cnwMi7KMLTe/SjtZSmu
cPsKKejxxlM9GEqoUdtPG8MyBUuU910x29gygmAYjS9FPAuuoWHATFvzitUjGhxl
aGjnecykH8nzB0QYTClW9IX6cy+kL6nhdjLFh4lIF0q7ZCD4yWgUHwW5uh/8sm/P
RYqsxfnT3ZgCr1KnMMudwZrtA6g7X99hJBmPwiPbFnDfnIOvMohPBBgRAgAPBQJI
UVwwAhsMBQkDwmcAAAoJEJVCPU5DChw1eXQAoIV273e25FLXjv583wB3TlvCsjTb
AKDJW17dFM0/fOvLdqaoLSPOwWN9TA==
=N/pP
-----END PGP PUBLIC KEY BLOCK-----
EOF
# gpg-key3
rpm --import /tmp/gpg-key-3
cat > /tmp/ssl-key-1 <<'EOF'
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
91:f7:89:72:3e:d9:c1:37
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=GB, ST=West Midlands, L=Birmingham, O=SCC, OU=DCS,
CN=spacewalk01.sccis.net/[email protected]
Validity
Not Before: May 25 09:58:27 2011 GMT
Not After : May 18 09:58:27 2036 GMT
Subject: C=GB, ST=West Midlands, L=Birmingham, O=SCC, OU=DCS,
CN=spacewalk01.sccis.net/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:ba:d2:7c:29:56:38:3f:6f:e9:65:6e:5b:5f:ef:
cb:dd:4b:2f:83:24:5e:84:31:47:01:49:29:52:9d:
4a:c1:d8:ce:08:f5:08:15:14:20:6f:a2:93:b6:d1:
f2:a9:c3:bc:10:dc:b0:81:25:eb:75:48:19:51:9c:
27:a0:53:59:8a:d6:ba:ef:9e:96:36:10:39:f6:5a:
10:1f:c5:07:4c:2e:1a:78:3a:bf:7c:ae:2d:26:6a:
7a:fe:de:15:25:3e:60:f5:20:2e:5c:93:ca:47:55:
9e:22:cc:07:07:c0:e5:8a:6d:87:73:24:db:13:be:
53:6c:65:85:7e:08:a6:8a:dc:c7:ad:32:1e:96:96:
76:4e:0b:a6:25:17:b0:d3:2b:ba:14:43:75:04:98:
7b:d3:0f:f2:f0:31:a4:27:0b:42:57:89:76:04:a5:
ae:8f:be:60:1b:36:8c:18:8c:9e:34:75:6e:fd:ea:
01:c1:07:c3:da:ac:8e:6a:4c:9c:91:e1:ad:de:e5:
fa:7c:41:e3:10:55:d5:ba:9d:cb:26:40:85:f8:0f:
93:02:aa:0d:79:50:10:4f:07:4a:c3:54:59:a4:47:
68:38:d5:fd:f7:ab:cd:51:4f:aa:9c:28:07:88:4e:
c1:ca:c4:b2:64:08:93:91:79:dd:7d:b8:f3:76:c4:
e6:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Key Usage:
Digital Signature, Key Encipherment, Certificate Sign
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Netscape Comment:
RHN SSL Tool Generated Certificate
X509v3 Subject Key Identifier:
6B:D6:48:71:78:FB:8F:3F:5A:CC:68:90:05:85:A5:46:1C:08:94:4F
X509v3 Authority Key Identifier:
keyid:6B:D6:48:71:78:FB:8F:3F:5A:CC:68:90:05:85:A5:46:1C:08:94:4F
DirName:/C=GB/ST=West
Midlands/L=Birmingham/O=SCC/OU=DCS/CN=spacewalk01.sccis.net/[email protected]
serial:91:F7:89:72:3E:D9:C1:37
Signature Algorithm: sha1WithRSAEncryption
aa:2d:ab:7c:e5:a5:3e:19:a4:73:9d:0c:fb:56:39:31:f3:c2:
43:8e:b2:47:84:62:ce:95:2c:93:62:e1:87:b8:22:79:49:b4:
4d:74:e2:c0:76:ec:fd:bf:22:76:49:8e:4c:4e:ff:a3:ab:b8:
d9:f5:97:5a:cf:08:ca:28:a3:bd:74:5f:d0:1a:a9:80:7f:c3:
a5:6d:01:25:96:75:c2:c0:8d:2f:1c:5c:a1:e7:41:84:79:72:
f7:67:15:1b:be:96:53:91:a5:dd:ab:f9:ea:46:45:58:ac:01:
af:de:77:67:39:7c:9b:2f:43:46:05:42:52:9c:b3:a3:32:19:
7a:8c:d7:88:25:a6:6a:4b:78:9d:c6:09:58:cd:50:b6:ae:29:
2a:62:b7:ab:e9:f1:80:29:46:37:1b:02:4b:98:f2:61:28:bf:
00:18:4d:c2:3d:79:37:50:1c:18:3b:3d:78:42:8a:01:2b:8f:
30:36:fc:37:6d:00:25:ba:68:6e:c4:87:4d:62:df:57:6d:22:
6a:4b:d7:6c:95:33:1a:b9:19:cf:02:75:c1:90:45:21:42:09:
37:5e:ec:27:e4:2d:96:09:c9:60:00:23:5c:ca:4e:ca:61:9e:
52:42:92:f5:75:cc:82:6b:46:f4:90:2f:e5:61:05:ef:f6:89:
4b:6a:5b:e1
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgIJAJH3iXI+2cE3MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYD
VQQGEwJHQjEWMBQGA1UECBMNV2VzdCBNaWRsYW5kczETMBEGA1UEBxMKQmlybWlu
Z2hhbTEMMAoGA1UEChMDU0NDMQwwCgYDVQQLEwNEQ1MxHjAcBgNVBAMTFXNwYWNl
d2FsazAxLnNjY2lzLm5ldDEjMCEGCSqGSIb3DQEJARYUbWRhcmN5QHNjaC1ncm91
cC5uZXQwHhcNMTEwNTI1MDk1ODI3WhcNMzYwNTE4MDk1ODI3WjCBmzELMAkGA1UE
BhMCR0IxFjAUBgNVBAgTDVdlc3QgTWlkbGFuZHMxEzARBgNVBAcTCkJpcm1pbmdo
YW0xDDAKBgNVBAoTA1NDQzEMMAoGA1UECxMDRENTMR4wHAYDVQQDExVzcGFjZXdh
bGswMS5zY2Npcy5uZXQxIzAhBgkqhkiG9w0BCQEWFG1kYXJjeUBzY2gtZ3JvdXAu
bmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutJ8KVY4P2/pZW5b
X+/L3UsvgyRehDFHAUkpUp1KwdjOCPUIFRQgb6KTttHyqcO8ENywgSXrdUgZUZwn
oFNZita6756WNhA59loQH8UHTC4aeDq/fK4tJmp6/t4VJT5g9SAuXJPKR1WeIswH
B8Dlim2HcyTbE75TbGWFfgimitzHrTIelpZ2TgumJRew0yu6FEN1BJh70w/y8DGk
JwtCV4l2BKWuj75gGzaMGIyeNHVu/eoBwQfD2qyOakyckeGt3uX6fEHjEFXVup3L
JkCF+A+TAqoNeVAQTwdKw1RZpEdoONX996vNUU+qnCgHiE7BysSyZAiTkXndfbjz
dsTmAQIDAQABo4IBYzCCAV8wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAqQwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDEGCWCGSAGG+EIBDQQkFiJSSE4g
U1NMIFRvb2wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRr1khxePuP
P1rMaJAFhaVGHAiUTzCB0AYDVR0jBIHIMIHFgBRr1khxePuPP1rMaJAFhaVGHAiU
T6GBoaSBnjCBmzELMAkGA1UEBhMCR0IxFjAUBgNVBAgTDVdlc3QgTWlkbGFuZHMx
EzARBgNVBAcTCkJpcm1pbmdoYW0xDDAKBgNVBAoTA1NDQzEMMAoGA1UECxMDRENT
MR4wHAYDVQQDExVzcGFjZXdhbGswMS5zY2Npcy5uZXQxIzAhBgkqhkiG9w0BCQEW
FG1kYXJjeUBzY2gtZ3JvdXAubmV0ggkAkfeJcj7ZwTcwDQYJKoZIhvcNAQEFBQAD
ggEBAKotq3zlpT4ZpHOdDPtWOTHzwkOOskeEYs6VLJNi4Ye4InlJtE104sB27P2/
InZJjkxO/6OruNn1l1rPCMooo710X9AaqYB/w6VtASWWdcLAjS8cXKHnQYR5cvdn
FRu+llORpd2r+epGRVisAa/ed2c5fJsvQ0YFQlKcs6MyGXqM14glpmpLeJ3GCVjN
ULauKSpit6vp8YApRjcbAkuY8mEovwAYTcI9eTdQHBg7PXhCigErjzA2/DdtACW6
aG7Eh01i31dtImpL12yVMxq5Gc8CdcGQRSFCCTde7CfkLZYJyWAAI1zKTsphnlJC
kvV1zIJrRvSQL+VhBe/2iUtqW+E=
-----END CERTIFICATE-----
EOF
# ssl-key1
cat /tmp/ssl-key-* > /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
perl -npe 's/RHNS-CA-CERT/RHN-ORG-TRUSTED-SSL-CERT/g' -i /etc/sysconfig/rhn/*
mkdir -p /tmp/rhn_rpms/optional
cd /tmp/rhn_rpms/optional
wget -P /tmp/rhn_rpms/optional
http://spacewalk01.sccis.net/download/package/da0330ebaad0e4f3380617229b646c754a564838/0/1/2735/pyOpenSSL-0.6-1.p24.7.2.2.x86_64.rpm
http://spacewalk01.sccis.net/download/package/c4395618b63bfad2248b205707b5e8e3dc3d512a/0/1/3432/libxml2-python-2.6.26-2.1.2.8.el5_5.1.x86_64.rpm
http://spacewalk01.sccis.net/download/package/4a499ed8dfde7050890eb2abace8ba62e980c120/0/1/3545/rhnlib-2.5.39-1.el5.noarch.rpm
rpm -Uvh --replacepkgs --replacefiles /tmp/rhn_rpms/optional/pyOpenSSL*
/tmp/rhn_rpms/optional/rhnlib* /tmp/rhn_rpms/optional/libxml2-python*
perl -npe
's|^(\s*(noSSLS\|s)erverURL\s*=\s*[^:]+://)[^/]*/|${1}spacewalk01.sccis.net/|'
-i /etc/sysconfig/rhn/up2date
mkdir -p /etc/sysconfig/rhn/allowed-actions/script
touch /etc/sysconfig/rhn/allowed-actions/script/all
mkdir -p /etc/sysconfig/rhn/allowed-actions/configfiles
touch /etc/sysconfig/rhn/allowed-actions/configfiles/all
# now copy from the ks-tree we saved in the non-chroot checkout
cp -fav /tmp/ks-tree-copy/* /
rm -Rf /tmp/ks-tree-copy
# --End Spacewalk command section--
/etc/init.d/messagebus restart
/etc/init.d/haldaemon restart
# begin cobbler snippet
# begin Red Hat management server registration
mkdir -p /usr/share/rhn/
wget http://spacewalk01.sccis.net/pub/RHN-ORG-TRUSTED-SSL-CERT -O
/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
perl -npe 's/RHNS-CA-CERT/RHN-ORG-TRUSTED-SSL-CERT/g' -i /etc/sysconfig/rhn/*
key=""
if [ -f /tmp/key ]; then
key=`cat /tmp/key`
fi
if [ $key ]; then
rhnreg_ks --serverUrl=https://spacewalk01.sccis.net/XMLRPC
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
--activationkey=$key,1-714e575b3fccf1474a215cb7447e8770,1-el-5-base-activation-key
else
rhnreg_ks --serverUrl=https://spacewalk01.sccis.net/XMLRPC
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
--activationkey=1-714e575b3fccf1474a215cb7447e8770,1-el-5-base-activation-key
fi
# end Red Hat management server registration
# end cobbler snippet
rhn_check
# Start post_install_network_config generated code
# End post_install_network_config generated code
%post --interpreter /bin/bash
# setup static groups for scc admin use
groupadd -g 999 sccsec
groupadd -g 998 sccsup
groupadd -g 997 sccmon
groupadd -g 996 sccadmin
# setup static users for scc admin use
useradd -u 999 -g users -G sccsec -c "SCC Security User" -d /home/sccsecure -m
-k /etc/skel -s /bin/bash sccsecure
useradd -u 998 -g users -G sccsup -c "SCC Support User" -d /home/sccsupport -m
-k /etc/skel -s /bin/bash sccsupport
useradd -u 997 -g users -G sccsec -c "SCC Monitor User" -d /home/sccmonitor -m
-k /etc/skel -s /bin/bash sccmonitor
useradd -u 996 -g users -G sccsec -c "SCC Admin User" -d /home/sccadmin -m -k
/etc/skel -s /bin/bash sccadmin
# now lock the users
passwd -l sccsecure
passwd -l sccsupport
passwd -l sccmonitor
passwd -l sccadmin
# we don't want the stock repos from the base install, so remove them. This
works on EL5 and 6 hosts
rm -rf /etc/yum.repos.d/*
# generic house keeping and clean up script for EL builds
# put anything that doesn't warrent it's own section in here
# remove grub splash image, it makes using a network consle easier without
re-draw
sed -i '/splashimage/d' /boot/grub/menu.lst
# clean up the redhat default users
userdel games
rm -rf /usr/games
userdel operator
userdel -r gopher
userdel -r ftp
# remove un-needed groups as part of default build
groupdel news
# create the local sudoers file - it's empty but it's there as a reference
touch /etc/sudo.local
chmod 640 /etc/sudo.local
%post
# Start koan environment setup
echo "export COBBLER_SERVER=spacewalk01.sccis.net" > /etc/profile.d/cobbler.sh
echo "setenv COBBLER_SERVER spacewalk01.sccis.net" > /etc/profile.d/cobbler.csh
# End koan environment setup
# MOTD
echo >> /etc/motd
echo "Spacewalk kickstart on $(date +'%Y-%m-%d')" >> /etc/motd
echo >> /etc/motd
# end of generated kickstart file
wget
"http://spacewalk01.sccis.net/cblr/svc/op/ks/profile/scc-centos-5-x86-64-base-vm-build:1:SpacewalkDefaultOrganization";
-O /root/cobbler.ks
wget
"http://spacewalk01.sccis.net/cblr/svc/op/trig/mode/post/profile/scc-centos-5-x86-64-base-vm-build:1:SpacewalkDefaultOrganization";
-O /dev/null
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
