Hi Vipul, Yes, the service is running as evidenced by the output. The problem as shown in the error message was that postgres actually can't update or delete the table stated due to a foreign key constraint validation on a table.
There's a post on the list about it and the recommendation was to remove it. Any ideas how to remove it from the DB? I'd actually like to log-in to postgres and delete this key being referenced (assuming I know the password for postgres). Kind regards, Francis On Mon, Jul 17, 2017 at 10:23 PM, Vipul Sharma (GDC) < sharma.vi...@in.g4s.com> wrote: > Hey, > > When you are running step 8 - Make sure spacewalk service is running, I'm > hoping you've must have stopped the service. Service is important to push > the data to postgres. > > Thanks > V > > On Mon, Jul 17, 2017 at 3:28 PM, Francis Lee Mondia < > endace.francis.mon...@gmail.com> wrote: > >> Hi Vipul, >> >> Thanks for the response. >> >> Still the same, I'm failing on step 8 on this guide ( >> https://github.com/spacewalkproject/spacewalk/wiki/ChangeCaCert): >> >> [root@spw01 ~]# rhn-ssl-dbstore -vvv --ca-cert >> /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT >> Public CA SSL certificate: /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT >> >> ERROR: unhandled exception occurred: >> Traceback (most recent call last): >> File "/usr/bin/rhn-ssl-dbstore", line 43, in <module> >> sys.exit(abs(mod.main() or 0)) >> File >> "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/rhn_ssl_dbstore.py", >> line 79, in main >> satCerts.store_rhnCryptoKey(values.label, values.ca_cert, >> verbosity=values.verbose) >> File >> "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", >> line 673, in store_rhnCryptoKey >> verbosity=verbosity) >> File >> "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", >> line 614, in _checkCertMatch_rhnCryptoKey >> h.execute(rhn_cryptokey_id=rhn_cryptokey_id) >> File >> "/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py", >> line 153, in execute >> return apply(self._execute_wrapper, (self._execute, ) + p, kw) >> File >> "/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", >> line 290, in _execute_wrapper >> retval = apply(function, p, kw) >> File >> "/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py", >> line 207, in _execute >> return self._execute_(args, kwargs) >> File >> "/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", >> line 309, in _execute_ >> self._real_cursor.execute(self.sql, params) >> psycopg2.IntegrityError: update or delete on table "rhncryptokey" >> violates foreign key constraint "rhn_csssl_cacertid_fk" on table >> "rhncontentsourcessl" >> DETAIL: Key (id)=(1) is still referenced from table >> "rhncontentsourcessl". >> >> >> I think the issue is because the server's RHNS-CA-CERT is expired. I >> found this [https://www.centos.org/forums/viewtopic.php?t=49388] but >> it's referencing a red hat article which is for RHEL 5. >> >> Where do I get an updated RHNS-CA-CERT? >> >> On Sun, Jul 16, 2017 at 10:53 AM, Vipul Sharma (GDC) < >> sharma.vi...@in.g4s.com> wrote: >> >>> I completely forgot one thing -- >>> >>> *In the above given command - --set-org-unit should be same >>> as --set-common-name. They should be the FQDN only.* >>> >>> On Sun, Jul 16, 2017 at 4:20 AM, Vipul Sharma (GDC) < >>> sharma.vi...@in.g4s.com> wrote: >>> >>>> Hi Francis, >>>> >>>> In order to configure Spacewalk successfully - Follow these steps - >>>> >>>> Make sure your *Hostname & FQDN are same.* >>>> >>>> *ex - HOSTNAME = abc.abc.com <http://abc.abc.com> * >>>> * FQDN = **abc.abc.com <http://abc.abc.com>* >>>> >>>> *Now,* >>>> >>>> Regenerate all the Certs & Keys -- >>>> >>>> ** First change the hostname to FQDN* >>>> >>>> /usr/bin/rhn-ssl-tool --gen-ca --set-country="abc" --set-state="abc" >>>> --set-city="abc" --set-org="abc" --set-org-unit="abc.com" >>>> --set-common-name="abc" --set-email="admin.com" --force >>>> >>>> **To generate new web-server keys --* >>>> >>>> /usr/bin/rhn-ssl-tool --gen-server --set-country="abc" >>>> --set-state="abc" --set-city="abc" --set-org="abc" --set-org-unit=" >>>> abc.com" --set-email="admin.com" >>>> >>>> **How to update the changes made to CA and web-server --* >>>> >>>> https://github.com/spacewalkproject/spacewalk/wiki/ChangeCaCert >>>> >>>> Thanks >>>> V >>>> >>>> On Sun, Jul 16, 2017 at 2:00 AM, Francis Lee Mondia < >>>> endace.francis.mon...@gmail.com> wrote: >>>> >>>>> Hi Michael, >>>>> >>>>> Thanks for the reply! >>>>> >>>>> On the following suggestions: >>>>> 1. Upgrade to latest version - definitely but I want to settle the SSL >>>>> issue first (might just do this next week though if SSL isn't resolved) >>>>> 2. Spacewalk-hostname-rename >>>>> - I've done this but haven't resolved the issue. Had to google how to >>>>> install the certificate which led me to https://access.redhat.com/solu >>>>> tions/10809 >>>>> - Followed that guide in just installing the certificate (copying >>>>> rpms, re-installing, etc) but decided to do the the whole shebang instead >>>>> after encountering the same issue >>>>> - now I'm stuck with this: >>>>> >>>>> [root@spacewalkserver ~]# rhn-ssl-dbstore >>>>> --ca-cert=/var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT -vvvvvvvv >>>>> Public CA SSL certificate: /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT >>>>> Nothing to do: certificate to be pushed matches certificate in >>>>> database. >>>>> Nothing to do: certificate to be pushed matches certificate in >>>>> database. >>>>> >>>>> ERROR: unhandled exception occurred: >>>>> Traceback (most recent call last): >>>>> File "/usr/bin/rhn-ssl-dbstore", line 43, in <module> >>>>> sys.exit(abs(mod.main() or 0)) >>>>> File >>>>> "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/rhn_ssl_dbstore.py", >>>>> line 79, in main >>>>> satCerts.store_rhnCryptoKey(values.label, values.ca_cert, >>>>> verbosity=values.verbose) >>>>> File >>>>> "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", >>>>> line 673, in store_rhnCryptoKey >>>>> verbosity=verbosity) >>>>> File >>>>> "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", >>>>> line 614, in _checkCertMatch_rhnCryptoKey >>>>> h.execute(rhn_cryptokey_id=rhn_cryptokey_id) >>>>> File >>>>> "/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py", >>>>> line 153, in execute >>>>> return apply(self._execute_wrapper, (self._execute, ) + p, kw) >>>>> File >>>>> "/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", >>>>> line 290, in _execute_wrapper >>>>> retval = apply(function, p, kw) >>>>> File >>>>> "/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py", >>>>> line 207, in _execute >>>>> return self._execute_(args, kwargs) >>>>> File >>>>> "/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", >>>>> line 309, in _execute_ >>>>> self._real_cursor.execute(self.sql, params) >>>>> psycopg2.IntegrityError: update or delete on table "rhncryptokey" >>>>> violates foreign key constraint "rhn_csssl_cacertid_fk" on table >>>>> "rhncontentsourcessl" >>>>> DETAIL: Key (id)=(1) is still referenced from table >>>>> "rhncontentsourcessl". >>>>> >>>>> >>>>> - I've found this: [https://www.redhat.com/archiv >>>>> es/spacewalk-list/2016-January/msg00046.html] which states I should >>>>> remove the assignment first. THIS I DON'T KNOW HOW TO DO. >>>>> - I think it's this [http://gatwards.org/techblog/ >>>>> replacing-spacewalk-ssl-certificates] shows how to do it but I'm >>>>> adamant to delete the only pair on it. I've deleted all expired certs >>>>> before. >>>>> >>>>> Thanks in advance. >>>>> >>>>> Kind regards, >>>>> Francis >>>>> >>>>> On Fri, Jul 14, 2017 at 11:35 PM, Michael Mraka < >>>>> michael.mr...@redhat.com> wrote: >>>>> >>>>>> Francis Lee Mondia: >>>>>> > Hi All, >>>>>> > >>>>>> > Sorry for this seemingly noob question but I'm new to spacewalk and >>>>>> just >>>>>> > inherited a system which was not being used for about 2 years and >>>>>> now I've >>>>>> > been tasked to revive it. >>>>>> >>>>>> Hi, >>>>>> >>>>>> First of all I'd suggest upgrade to latest Spacewalk (2.6) because >>>>>> there >>>>>> were a lot of bugs fixed since then (including security issues). >>>>>> >>>>>> > So I've got the system running, updated the channels, repos and now >>>>>> came >>>>>> > the process of re-adding hosts to the system. I was being shown the >>>>>> SSL >>>>>> > certicate error as I think the certificate has expired. I can >>>>>> register >>>>>> > hosts fine without SSL, and can push package updates to hosts fine >>>>>> without >>>>>> > it. I do want to resolve this though moving forward. I've tried the >>>>>> > numerous suggestions I can find (we have a red hat subscription so >>>>>> was able >>>>>> > to try their solutions too but none worked). >>>>>> >>>>>> Install spacewalk-utils package and run spacewalk-hostname-rename >>>>>> script. >>>>>> It will regenerate all SSL certs. >>>>>> >>>>>> > I'd also like to know though if upgrading spacewalk to a newer >>>>>> version >>>>>> > install a new SSL cert. When we first took a look at the system, we >>>>>> >>>>>> AFAIR upgrade will not change SSL certs. >>>>>> >>>>>> > couldn't log-in as the satellite certificate was expired and we had >>>>>> to >>>>>> > generate one from red hat support to be able to log back in. >>>>>> > >>>>>> > Hoping for some guidance on this from the community. >>>>>> > >>>>>> > Kind regards, >>>>>> > Francis >>>>>> >>>>>> Regards, >>>>>> >>>>>> >>>>>> -- >>>>>> Michael Mráka >>>>>> System Management Engineering, Red Hat >>>>>> >>>>>> _______________________________________________ >>>>>> Spacewalk-list mailing list >>>>>> Spacewalk-list@redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/spacewalk-list >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Spacewalk-list mailing list >>>>> Spacewalk-list@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/spacewalk-list >>>>> >>>> >>>> >>> >>> >>> Please consider the environment before printing this email. >>> ********************************************************************* >>> This communication may contain information which is confidential, >>> personal and/or privileged. It is for the exclusive use of the intended >>> recipient(s). >>> If you are not the intended recipient(s), please note that any >>> distribution, forwarding, copying or use of this communication or the >>> information in it is strictly prohibited. If you have received it in error >>> please contact the sender immediately by return e-mail. Please then delete >>> the e-mail and any copies of it and do not use or disclose its contents to >>> any person. >>> Any personal views expressed in this e-mail are those of the individual >>> sender and the company does not endorse or accept responsibility for them. >>> Prior to taking any action based upon this e-mail message, you should seek >>> appropriate confirmation of its authenticity. >>> This message has been checked for viruses on behalf of the company. >>> ********************************************************************* >>> >>> >> > > > Please consider the environment before printing this email. > ********************************************************************* > This communication may contain information which is confidential, personal > and/or privileged. It is for the exclusive use of the intended recipient(s). > If you are not the intended recipient(s), please note that any > distribution, forwarding, copying or use of this communication or the > information in it is strictly prohibited. If you have received it in error > please contact the sender immediately by return e-mail. Please then delete > the e-mail and any copies of it and do not use or disclose its contents to > any person. > Any personal views expressed in this e-mail are those of the individual > sender and the company does not endorse or accept responsibility for them. > Prior to taking any action based upon this e-mail message, you should seek > appropriate confirmation of its authenticity. > This message has been checked for viruses on behalf of the company. > ********************************************************************* > >
_______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
