Great, yeah that stuff is usually taken care of in the bootstrap, which is
how we register our systems to Spacewalk initially.  The hard part is when
we have to reregister systems after they already have
/etc/sysconfig/rhn/systemid and so on... but that's another story.

On Thu, Mar 31, 2016 at 4:42 PM Konstantin Raskoshnyi <>

> Eventually this script fixed all the stuff :).
> rpm -Uvh
> http://spacewalk/repos/spacewalk_client6/2.3-client/RHEL/6/x86_64/spacewalk-client-repo-2.3-2.el6.noarch.rpm
> rpm -Uvh http://spacewalk/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
> cat > /etc/yum.repos.d/spacewalk-client.repo << EOF
> [spacewalk-client]
> name=Spacewalk Client Tools
> baseurl=http://spacewalk/repos/spacewalk_client6/2.3-client/RHEL/6/x86_64/
> gpgkey=
> enabled=1
> gpgcheck=0
> yum install -y
> http://spacewalk/repos/epel6/x86_64/python-hwdata-1.7.3-1.el6.noarch.rpm
> yum install -y rhn-client-tools rhn-check rhn-setup rhnsd m2crypto
> yum-rhn-plugin rhncfg-actions
> rhn-actions-control --enable-all
> rhnreg_ks --serverUrl=https://spacewalk/XMLRPC
> --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=linux
> On Thu, Mar 31, 2016 at 11:53 AM, Matt Moldvan <> wrote:
>> Oh, that error you're seeing is because your system(s) don't recognize
>> the SSL cert generated by Spacewalk.  In your bootstrap script, is the
>> RHN-ORG-TRUSTED-CERT (or something like that) being pushed correctly to the
>> clients?  Otherwise they won't recognize the SSL cert being presented by
>> your Spacewalk master.
>> Try openssl s_client -connect spacewalkfqdn:443 -showcerts to see what
>> the verify result is.
>> On Thu, Mar 31, 2016 at 2:08 PM Konstantin Raskoshnyi <>
>> wrote:
>>> The problem is -  my servers don't have internet access. I set up epel
>>> repo sync on spacewalk...For example epel
>>> [epel]
>>> name=Extra Packages for Enterprise Linux 6 - $basearch
>>> baseurl=https://spacewalk/repos/epel6/x86_64/
>>> #mirrorlist=
>>> failovermethod=priority
>>> enabled=1
>>> gpgcheck=0
>>> When I try to install yum install rhn-client-tools rhn-check rhn-setup
>>> rhnsd m2crypto yum-rhn-plugin
>>> It shows me https://spacewalk/repos/epel6/x86_64/repodata/repomd.xml:
>>> [Errno 14] Peer cert cannot be verified or peer cert invalid
>>> So strange
>>> On Wed, Mar 30, 2016 at 6:04 PM, Matt Moldvan <> wrote:
>>>> I had a similar issue for systems that had old versions of nss, they
>>>> couldn't deal with an HTTPS repo for some reason.  Is your
>>>> /etc/sysconfig/rhn/up2date pointing to https://something by chance?
>>>> If so try changing it to http, updating yum and nss fully, then changing it
>>>> back to https.
>>>> One liner:  sudo sed -i 's/serverURL=https:/serverURL=http:/g'
>>>> /etc/sysconfig/rhn/up2date; sudo yum update yum* nss* ; sudo sed -i
>>>> 's/serverURL=http:/serverURL=https:/g' /etc/sysconfig/rhn/up2date
>>>> On Wed, Mar 30, 2016 at 6:47 PM Konstantin Raskoshnyi <
>>>>> wrote:
>>>>> Deployed a new machine, it didn't have internet access, added manually
>>>>> epel repo & spacewalk repo and installed client, registered on the
>>>>> spacewalk.
>>>>> The system shows this error, when I try to do anything:
>>>>> Cannot retrieve repository metadata (repomd.xml) for repository:
>>>>> epel_sci_6. Please verify its path and try again
>>>>> If I remove software channels from this machine it shows the same
>>>>> error but with the parent channel.
>>>>> Any solutions?
>>>>> _______________________________________________
>>>>> Spacewalk-list mailing list
>>>> _______________________________________________
>>>> Spacewalk-list mailing list
>>> _______________________________________________
>>> Spacewalk-list mailing list
>> _______________________________________________
>> Spacewalk-list mailing list
> _______________________________________________
> Spacewalk-list mailing list
Spacewalk-list mailing list

Reply via email to