The credentials for the postgres db should be stored within /etc/rhn/rhn.conf on the satellite server.
By default, this is User: rhnuser PW: rhnpw DB: rhnschema So..switching to user postgres Su – postgres And psql -U <user> -d <DB> and entering password should give you access. There is also a command to “set” the password Mit freundlichen Grüßen Robert Paschedag Netlution GmbH Landteilstr. 33 68163 Mannheim im Auftrag des SWR Südwestrundfunk HA IT, Medientechnik und Programmverbreitung Neckarstraße 230 70190 Stuttgart Telefon +49 (0)711 /929-12654 oder Telefon +49 (0)711 /929-13714 paschedag.netlut...@swr.de swr.de Von: spacewalk-list-boun...@redhat.com [mailto:spacewalk-list-boun...@redhat.com] Im Auftrag von Vipul Sharma (GDC) Gesendet: Montag, 17. Juli 2017 14:12 An: Francis Lee Mondia <endace.francis.mon...@gmail.com> Cc: spacewalk-list@redhat.com Betreff: Re: [Spacewalk-list] Spacewalk 2.1 | SSL Certificate Invalid when using HTTPS for host registration Hey, Do you remember the password you used when creating the DB - Please try this password given below - Database - spaceschema Username - spaceuser Password - spacepw #psql DBNAME USERNAME On Mon, Jul 17, 2017 at 4:45 PM, Francis Lee Mondia <endace.francis.mon...@gmail.com<mailto:endace.francis.mon...@gmail.com>> wrote: Hi Vipul, Yes, the service is running as evidenced by the output. The problem as shown in the error message was that postgres actually can't update or delete the table stated due to a foreign key constraint validation on a table. There's a post on the list about it and the recommendation was to remove it. Any ideas how to remove it from the DB? I'd actually like to log-in to postgres and delete this key being referenced (assuming I know the password for postgres). Kind regards, Francis On Mon, Jul 17, 2017 at 10:23 PM, Vipul Sharma (GDC) <sharma.vi...@in.g4s.com<mailto:sharma.vi...@in.g4s.com>> wrote: Hey, When you are running step 8 - Make sure spacewalk service is running, I'm hoping you've must have stopped the service. Service is important to push the data to postgres. Thanks V On Mon, Jul 17, 2017 at 3:28 PM, Francis Lee Mondia <endace.francis.mon...@gmail.com<mailto:endace.francis.mon...@gmail.com>> wrote: Hi Vipul, Thanks for the response. Still the same, I'm failing on step 8 on this guide (https://github.com/spacewalkproject/spacewalk/wiki/ChangeCaCert<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fspacewalkproject%2Fspacewalk%2Fwiki%2FChangeCaCert&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948648506&sdata=6uTbKGUyx0DTFigKnfdy2kpc2bbLjoESTWBn%2BucL9to%3D&reserved=0>): [root@spw01 ~]# rhn-ssl-dbstore -vvv --ca-cert /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT Public CA SSL certificate: /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT ERROR: unhandled exception occurred: Traceback (most recent call last): File "/usr/bin/rhn-ssl-dbstore", line 43, in <module> sys.exit(abs(mod.main() or 0)) File "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/rhn_ssl_dbstore.py", line 79, in main satCerts.store_rhnCryptoKey(values.label, values.ca_cert, verbosity=values.verbose) File "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", line 673, in store_rhnCryptoKey verbosity=verbosity) File "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", line 614, in _checkCertMatch_rhnCryptoKey h.execute(rhn_cryptokey_id=rhn_cryptokey_id) File "/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py", line 153, in execute return apply(self._execute_wrapper, (self._execute, ) + p, kw) File "/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", line 290, in _execute_wrapper retval = apply(function, p, kw) File "/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py", line 207, in _execute return self._execute_(args, kwargs) File "/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", line 309, in _execute_ self._real_cursor.execute(self.sql, params) psycopg2.IntegrityError: update or delete on table "rhncryptokey" violates foreign key constraint "rhn_csssl_cacertid_fk" on table "rhncontentsourcessl" DETAIL: Key (id)=(1) is still referenced from table "rhncontentsourcessl". I think the issue is because the server's RHNS-CA-CERT is expired. I found this [https://www.centos.org/forums/viewtopic.php?t=49388<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.centos.org%2Fforums%2Fviewtopic.php%3Ft%3D49388&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948648506&sdata=aahJV2c4U9lhprmcK0t105rV6DLA6Gb7frlWWQUciA0%3D&reserved=0>] but it's referencing a red hat article which is for RHEL 5. Where do I get an updated RHNS-CA-CERT? On Sun, Jul 16, 2017 at 10:53 AM, Vipul Sharma (GDC) <sharma.vi...@in.g4s.com<mailto:sharma.vi...@in.g4s.com>> wrote: I completely forgot one thing -- In the above given command - --set-org-unit should be same as --set-common-name. They should be the FQDN only. On Sun, Jul 16, 2017 at 4:20 AM, Vipul Sharma (GDC) <sharma.vi...@in.g4s.com<mailto:sharma.vi...@in.g4s.com>> wrote: Hi Francis, In order to configure Spacewalk successfully - Follow these steps - Make sure your Hostname & FQDN are same. ex - HOSTNAME = abc.abc.com<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fabc.abc.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948648506&sdata=VkXU9aiUQv7Ozusm1hYoZjkjdtmNIe80keWpY3Lb9vw%3D&reserved=0> FQDN = abc.abc.com<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fabc.abc.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=Npd3Evj28Im5AkpcqdE3jYToagiDzUUOgxR3RTqHplI%3D&reserved=0> Now, Regenerate all the Certs & Keys -- * First change the hostname to FQDN /usr/bin/rhn-ssl-tool --gen-ca --set-country="abc" --set-state="abc" --set-city="abc" --set-org="abc" --set-org-unit="abc.com<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fabc.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=IeWBvGsEH7IoYaHm74tn8Y1r9YOUFcoVhYQYLEmsxdM%3D&reserved=0>" --set-common-name="abc" --set-email="admin.com<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fadmin.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=Orc0yjfy2ky0BuNN1HXD6CKD1mLwtRnXtq7UFVONyT0%3D&reserved=0>" --force *To generate new web-server keys -- /usr/bin/rhn-ssl-tool --gen-server --set-country="abc" --set-state="abc" --set-city="abc" --set-org="abc" --set-org-unit="abc.com<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fabc.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=IeWBvGsEH7IoYaHm74tn8Y1r9YOUFcoVhYQYLEmsxdM%3D&reserved=0>" --set-email="admin.com<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fadmin.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=Orc0yjfy2ky0BuNN1HXD6CKD1mLwtRnXtq7UFVONyT0%3D&reserved=0>" *How to update the changes made to CA and web-server -- https://github.com/spacewalkproject/spacewalk/wiki/ChangeCaCert<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fspacewalkproject%2Fspacewalk%2Fwiki%2FChangeCaCert&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=uCijKeCu2h4oEINDB7vqfknIdpFPYndnFqVZ%2B5Cr2DA%3D&reserved=0> Thanks V On Sun, Jul 16, 2017 at 2:00 AM, Francis Lee Mondia <endace.francis.mon...@gmail.com<mailto:endace.francis.mon...@gmail.com>> wrote: Hi Michael, Thanks for the reply! On the following suggestions: 1. Upgrade to latest version - definitely but I want to settle the SSL issue first (might just do this next week though if SSL isn't resolved) 2. Spacewalk-hostname-rename - I've done this but haven't resolved the issue. Had to google how to install the certificate which led me to https://access.redhat.com/solutions/10809<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.redhat.com%2Fsolutions%2F10809&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=kapJlAemcHWzc%2B3yMpcvzs2lq4JFZaR%2BmReUQpv%2FIdc%3D&reserved=0> - Followed that guide in just installing the certificate (copying rpms, re-installing, etc) but decided to do the the whole shebang instead after encountering the same issue - now I'm stuck with this: [root@spacewalkserver ~]# rhn-ssl-dbstore --ca-cert=/var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT -vvvvvvvv Public CA SSL certificate: /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT Nothing to do: certificate to be pushed matches certificate in database. Nothing to do: certificate to be pushed matches certificate in database. ERROR: unhandled exception occurred: Traceback (most recent call last): File "/usr/bin/rhn-ssl-dbstore", line 43, in <module> sys.exit(abs(mod.main() or 0)) File "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/rhn_ssl_dbstore.py", line 79, in main satCerts.store_rhnCryptoKey(values.label, values.ca_cert, verbosity=values.verbose) File "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", line 673, in store_rhnCryptoKey verbosity=verbosity) File "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", line 614, in _checkCertMatch_rhnCryptoKey h.execute(rhn_cryptokey_id=rhn_cryptokey_id) File "/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py", line 153, in execute return apply(self._execute_wrapper, (self._execute, ) + p, kw) File "/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", line 290, in _execute_wrapper retval = apply(function, p, kw) File "/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py", line 207, in _execute return self._execute_(args, kwargs) File "/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", line 309, in _execute_ self._real_cursor.execute(self.sql, params) psycopg2.IntegrityError: update or delete on table "rhncryptokey" violates foreign key constraint "rhn_csssl_cacertid_fk" on table "rhncontentsourcessl" DETAIL: Key (id)=(1) is still referenced from table "rhncontentsourcessl". - I've found this: [https://www.redhat.com/archives/spacewalk-list/2016-January/msg00046.html<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Farchives%2Fspacewalk-list%2F2016-January%2Fmsg00046.html&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=aObzHeFK8Cnmze6MkZeMTptWi%2BUK6CJyqvwRi8hBJkQ%3D&reserved=0>] which states I should remove the assignment first. THIS I DON'T KNOW HOW TO DO. - I think it's this [http://gatwards.org/techblog/replacing-spacewalk-ssl-certificates<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgatwards.org%2Ftechblog%2Freplacing-spacewalk-ssl-certificates&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=Nfw6HCtk99eotgWR%2Bsh5DxM0UUKUrh21Z3wOTH24kcQ%3D&reserved=0>] shows how to do it but I'm adamant to delete the only pair on it. I've deleted all expired certs before. Thanks in advance. Kind regards, Francis On Fri, Jul 14, 2017 at 11:35 PM, Michael Mraka <michael.mr...@redhat.com<mailto:michael.mr...@redhat.com>> wrote: Francis Lee Mondia: > Hi All, > > Sorry for this seemingly noob question but I'm new to spacewalk and just > inherited a system which was not being used for about 2 years and now I've > been tasked to revive it. Hi, First of all I'd suggest upgrade to latest Spacewalk (2.6) because there were a lot of bugs fixed since then (including security issues). > So I've got the system running, updated the channels, repos and now came > the process of re-adding hosts to the system. I was being shown the SSL > certicate error as I think the certificate has expired. I can register > hosts fine without SSL, and can push package updates to hosts fine without > it. I do want to resolve this though moving forward. I've tried the > numerous suggestions I can find (we have a red hat subscription so was able > to try their solutions too but none worked). Install spacewalk-utils package and run spacewalk-hostname-rename script. It will regenerate all SSL certs. > I'd also like to know though if upgrading spacewalk to a newer version > install a new SSL cert. When we first took a look at the system, we AFAIR upgrade will not change SSL certs. > couldn't log-in as the satellite certificate was expired and we had to > generate one from red hat support to be able to log back in. > > Hoping for some guidance on this from the community. > > Kind regards, > Francis Regards, -- Michael Mráka System Management Engineering, Red Hat _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com<mailto:Spacewalk-list@redhat.com> https://www.redhat.com/mailman/listinfo/spacewalk-list<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Fmailman%2Flistinfo%2Fspacewalk-list&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=8wAw4%2BnmfT7kGNPIyFYDK64dBe3zs5vDIr8YFI%2BmS7c%3D&reserved=0> _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com<mailto:Spacewalk-list@redhat.com> https://www.redhat.com/mailman/listinfo/spacewalk-list<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Fmailman%2Flistinfo%2Fspacewalk-list&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=8wAw4%2BnmfT7kGNPIyFYDK64dBe3zs5vDIr8YFI%2BmS7c%3D&reserved=0> Please consider the environment before printing this email. ********************************************************************* This communication may contain information which is confidential, personal and/or privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, forwarding, copying or use of this communication or the information in it is strictly prohibited. If you have received it in error please contact the sender immediately by return e-mail. Please then delete the e-mail and any copies of it and do not use or disclose its contents to any person. Any personal views expressed in this e-mail are those of the individual sender and the company does not endorse or accept responsibility for them. Prior to taking any action based upon this e-mail message, you should seek appropriate confirmation of its authenticity. This message has been checked for viruses on behalf of the company. ********************************************************************* Please consider the environment before printing this email. ********************************************************************* This communication may contain information which is confidential, personal and/or privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, forwarding, copying or use of this communication or the information in it is strictly prohibited. If you have received it in error please contact the sender immediately by return e-mail. Please then delete the e-mail and any copies of it and do not use or disclose its contents to any person. Any personal views expressed in this e-mail are those of the individual sender and the company does not endorse or accept responsibility for them. Prior to taking any action based upon this e-mail message, you should seek appropriate confirmation of its authenticity. This message has been checked for viruses on behalf of the company. ********************************************************************* Please consider the environment before printing this email. ********************************************************************* This communication may contain information which is confidential, personal and/or privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, forwarding, copying or use of this communication or the information in it is strictly prohibited. If you have received it in error please contact the sender immediately by return e-mail. Please then delete the e-mail and any copies of it and do not use or disclose its contents to any person. Any personal views expressed in this e-mail are those of the individual sender and the company does not endorse or accept responsibility for them. Prior to taking any action based upon this e-mail message, you should seek appropriate confirmation of its authenticity. This message has been checked for viruses on behalf of the company. *********************************************************************
_______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
