Am 17. Juli 2017 16:16:50 MESZ schrieb "Paschedag, Robert" <paschedag.netlut...@swr.de>: >The credentials for the postgres db should be stored within >/etc/rhn/rhn.conf on the satellite server. > >By default, this is > >User: rhnuser >PW: rhnpw >DB: rhnschema > >So..switching to user postgres > >Su – postgres > >And > >psql -U <user> -d <DB> > >and entering password should give you access. > >There is also a command to “set” the password > > > > >Mit freundlichen Grüßen > >Robert Paschedag >Netlution GmbH >Landteilstr. 33 >68163 Mannheim > >im Auftrag des >SWR >Südwestrundfunk >HA IT, Medientechnik und Programmverbreitung >Neckarstraße 230 >70190 Stuttgart > >Telefon +49 (0)711 /929-12654 oder >Telefon +49 (0)711 /929-13714 >paschedag.netlut...@swr.de > >swr.de > >Von: spacewalk-list-boun...@redhat.com >[mailto:spacewalk-list-boun...@redhat.com] Im Auftrag von Vipul Sharma >(GDC) >Gesendet: Montag, 17. Juli 2017 14:12 >An: Francis Lee Mondia <endace.francis.mon...@gmail.com> >Cc: spacewalk-list@redhat.com >Betreff: Re: [Spacewalk-list] Spacewalk 2.1 | SSL Certificate Invalid >when using HTTPS for host registration > >Hey, >Do you remember the password you used when creating the DB - Please try >this password given below - > >Database - spaceschema > >Username - spaceuser > >Password - spacepw > > >#psql DBNAME USERNAME > >On Mon, Jul 17, 2017 at 4:45 PM, Francis Lee Mondia ><endace.francis.mon...@gmail.com<mailto:endace.francis.mon...@gmail.com>> >wrote: >Hi Vipul, > >Yes, the service is running as evidenced by the output. The problem as >shown in the error message was that postgres actually can't update or >delete the table stated due to a foreign key constraint validation on a >table. > >There's a post on the list about it and the recommendation was to >remove it. Any ideas how to remove it from the DB? I'd actually like to >log-in to postgres and delete this key being referenced (assuming I >know the password for postgres). > >Kind regards, >Francis > >On Mon, Jul 17, 2017 at 10:23 PM, Vipul Sharma (GDC) ><sharma.vi...@in.g4s.com<mailto:sharma.vi...@in.g4s.com>> wrote: >Hey, >When you are running step 8 - Make sure spacewalk service is running, >I'm hoping you've must have stopped the service. Service is important >to push the data to postgres. >Thanks > V > >On Mon, Jul 17, 2017 at 3:28 PM, Francis Lee Mondia ><endace.francis.mon...@gmail.com<mailto:endace.francis.mon...@gmail.com>> >wrote: >Hi Vipul, > >Thanks for the response. > >Still the same, I'm failing on step 8 on this guide >(https://github.com/spacewalkproject/spacewalk/wiki/ChangeCaCert<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fspacewalkproject%2Fspacewalk%2Fwiki%2FChangeCaCert&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948648506&sdata=6uTbKGUyx0DTFigKnfdy2kpc2bbLjoESTWBn%2BucL9to%3D&reserved=0>): > >[root@spw01 ~]# rhn-ssl-dbstore -vvv --ca-cert >/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT >Public CA SSL certificate: /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT > >ERROR: unhandled exception occurred: >Traceback (most recent call last): > File "/usr/bin/rhn-ssl-dbstore", line 43, in <module> > sys.exit(abs(mod.main() or 0)) >File >"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/rhn_ssl_dbstore.py", >line 79, in main >satCerts.store_rhnCryptoKey(values.label, values.ca_cert, >verbosity=values.verbose) >File >"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", >line 673, in store_rhnCryptoKey > verbosity=verbosity) >File >"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", >line 614, in _checkCertMatch_rhnCryptoKey > h.execute(rhn_cryptokey_id=rhn_cryptokey_id) >File >"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py", >line 153, in execute > return apply(self._execute_wrapper, (self._execute, ) + p, kw) >File >"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", >line 290, in _execute_wrapper > retval = apply(function, p, kw) >File >"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py", >line 207, in _execute > return self._execute_(args, kwargs) >File >"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", >line 309, in _execute_ > self._real_cursor.execute(self.sql, params) >psycopg2.IntegrityError: update or delete on table "rhncryptokey" >violates foreign key constraint "rhn_csssl_cacertid_fk" on table >"rhncontentsourcessl" >DETAIL: Key (id)=(1) is still referenced from table >"rhncontentsourcessl". > > >I think the issue is because the server's RHNS-CA-CERT is expired. I >found this >[https://www.centos.org/forums/viewtopic.php?t=49388<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.centos.org%2Fforums%2Fviewtopic.php%3Ft%3D49388&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948648506&sdata=aahJV2c4U9lhprmcK0t105rV6DLA6Gb7frlWWQUciA0%3D&reserved=0>] >but it's referencing a red hat article which is for RHEL 5. > >Where do I get an updated RHNS-CA-CERT? > >On Sun, Jul 16, 2017 at 10:53 AM, Vipul Sharma (GDC) ><sharma.vi...@in.g4s.com<mailto:sharma.vi...@in.g4s.com>> wrote: >I completely forgot one thing -- > >In the above given command - --set-org-unit should be same as >--set-common-name. They should be the FQDN only. > >On Sun, Jul 16, 2017 at 4:20 AM, Vipul Sharma (GDC) ><sharma.vi...@in.g4s.com<mailto:sharma.vi...@in.g4s.com>> wrote: >Hi Francis, > >In order to configure Spacewalk successfully - Follow these steps - > >Make sure your Hostname & FQDN are same. > >ex - HOSTNAME = >abc.abc.com<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fabc.abc.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948648506&sdata=VkXU9aiUQv7Ozusm1hYoZjkjdtmNIe80keWpY3Lb9vw%3D&reserved=0> >FQDN = >abc.abc.com<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fabc.abc.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=Npd3Evj28Im5AkpcqdE3jYToagiDzUUOgxR3RTqHplI%3D&reserved=0> > >Now, > >Regenerate all the Certs & Keys -- > >* First change the hostname to FQDN > >/usr/bin/rhn-ssl-tool --gen-ca --set-country="abc" --set-state="abc" >--set-city="abc" --set-org="abc" >--set-org-unit="abc.com<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fabc.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=IeWBvGsEH7IoYaHm74tn8Y1r9YOUFcoVhYQYLEmsxdM%3D&reserved=0>" >--set-common-name="abc" >--set-email="admin.com<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fadmin.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=Orc0yjfy2ky0BuNN1HXD6CKD1mLwtRnXtq7UFVONyT0%3D&reserved=0>" >--force > >*To generate new web-server keys -- > >/usr/bin/rhn-ssl-tool --gen-server --set-country="abc" >--set-state="abc" --set-city="abc" --set-org="abc" >--set-org-unit="abc.com<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fabc.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=IeWBvGsEH7IoYaHm74tn8Y1r9YOUFcoVhYQYLEmsxdM%3D&reserved=0>" >--set-email="admin.com<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fadmin.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=Orc0yjfy2ky0BuNN1HXD6CKD1mLwtRnXtq7UFVONyT0%3D&reserved=0>" > >*How to update the changes made to CA and web-server -- > >https://github.com/spacewalkproject/spacewalk/wiki/ChangeCaCert<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fspacewalkproject%2Fspacewalk%2Fwiki%2FChangeCaCert&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=uCijKeCu2h4oEINDB7vqfknIdpFPYndnFqVZ%2B5Cr2DA%3D&reserved=0> > >Thanks > V > >On Sun, Jul 16, 2017 at 2:00 AM, Francis Lee Mondia ><endace.francis.mon...@gmail.com<mailto:endace.francis.mon...@gmail.com>> >wrote: >Hi Michael, > >Thanks for the reply! > >On the following suggestions: >1. Upgrade to latest version - definitely but I want to settle the SSL >issue first (might just do this next week though if SSL isn't resolved) >2. Spacewalk-hostname-rename >- I've done this but haven't resolved the issue. Had to google how to >install the certificate which led me to >https://access.redhat.com/solutions/10809<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.redhat.com%2Fsolutions%2F10809&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=kapJlAemcHWzc%2B3yMpcvzs2lq4JFZaR%2BmReUQpv%2FIdc%3D&reserved=0> >- Followed that guide in just installing the certificate (copying >rpms, re-installing, etc) but decided to do the the whole shebang >instead after encountering the same issue >- now I'm stuck with this: > >[root@spacewalkserver ~]# rhn-ssl-dbstore >--ca-cert=/var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT -vvvvvvvv >Public CA SSL certificate: /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT >Nothing to do: certificate to be pushed matches certificate in >database. >Nothing to do: certificate to be pushed matches certificate in >database. > >ERROR: unhandled exception occurred: >Traceback (most recent call last): > File "/usr/bin/rhn-ssl-dbstore", line 43, in <module> > sys.exit(abs(mod.main() or 0)) >File >"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/rhn_ssl_dbstore.py", >line 79, in main >satCerts.store_rhnCryptoKey(values.label, values.ca_cert, >verbosity=values.verbose) >File >"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", >line 673, in store_rhnCryptoKey > verbosity=verbosity) >File >"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", >line 614, in _checkCertMatch_rhnCryptoKey > h.execute(rhn_cryptokey_id=rhn_cryptokey_id) >File >"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py", >line 153, in execute > return apply(self._execute_wrapper, (self._execute, ) + p, kw) >File >"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", >line 290, in _execute_wrapper > retval = apply(function, p, kw) >File >"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py", >line 207, in _execute > return self._execute_(args, kwargs) >File >"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", >line 309, in _execute_ > self._real_cursor.execute(self.sql, params) >psycopg2.IntegrityError: update or delete on table "rhncryptokey" >violates foreign key constraint "rhn_csssl_cacertid_fk" on table >"rhncontentsourcessl" >DETAIL: Key (id)=(1) is still referenced from table >"rhncontentsourcessl". > > >- I've found this: >[https://www.redhat.com/archives/spacewalk-list/2016-January/msg00046.html<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Farchives%2Fspacewalk-list%2F2016-January%2Fmsg00046.html&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=aObzHeFK8Cnmze6MkZeMTptWi%2BUK6CJyqvwRi8hBJkQ%3D&reserved=0>] >which states I should remove the assignment first. THIS I DON'T KNOW >HOW TO DO. >- I think it's this >[http://gatwards.org/techblog/replacing-spacewalk-ssl-certificates<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgatwards.org%2Ftechblog%2Freplacing-spacewalk-ssl-certificates&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=Nfw6HCtk99eotgWR%2Bsh5DxM0UUKUrh21Z3wOTH24kcQ%3D&reserved=0>] >shows how to do it but I'm adamant to delete the only pair on it. I've >deleted all expired certs before. > >Thanks in advance. > >Kind regards, >Francis > >On Fri, Jul 14, 2017 at 11:35 PM, Michael Mraka ><michael.mr...@redhat.com<mailto:michael.mr...@redhat.com>> wrote: >Francis Lee Mondia: >> Hi All, >> >> Sorry for this seemingly noob question but I'm new to spacewalk and >just >> inherited a system which was not being used for about 2 years and now >I've >> been tasked to revive it. > >Hi, > >First of all I'd suggest upgrade to latest Spacewalk (2.6) because >there >were a lot of bugs fixed since then (including security issues). > >> So I've got the system running, updated the channels, repos and now >came >> the process of re-adding hosts to the system. I was being shown the >SSL >> certicate error as I think the certificate has expired. I can >register >> hosts fine without SSL, and can push package updates to hosts fine >without >> it. I do want to resolve this though moving forward. I've tried the >> numerous suggestions I can find (we have a red hat subscription so >was able >> to try their solutions too but none worked). > >Install spacewalk-utils package and run spacewalk-hostname-rename >script. >It will regenerate all SSL certs. > >> I'd also like to know though if upgrading spacewalk to a newer >version >> install a new SSL cert. When we first took a look at the system, we > >AFAIR upgrade will not change SSL certs. > >> couldn't log-in as the satellite certificate was expired and we had >to >> generate one from red hat support to be able to log back in. >> >> Hoping for some guidance on this from the community. >> >> Kind regards, >> Francis > >Regards, > > >-- >Michael Mráka >System Management Engineering, Red Hat > >_______________________________________________ >Spacewalk-list mailing list >Spacewalk-list@redhat.com<mailto:Spacewalk-list@redhat.com> >https://www.redhat.com/mailman/listinfo/spacewalk-list<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Fmailman%2Flistinfo%2Fspacewalk-list&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=8wAw4%2BnmfT7kGNPIyFYDK64dBe3zs5vDIr8YFI%2BmS7c%3D&reserved=0> > > >_______________________________________________ >Spacewalk-list mailing list >Spacewalk-list@redhat.com<mailto:Spacewalk-list@redhat.com> >https://www.redhat.com/mailman/listinfo/spacewalk-list<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Fmailman%2Flistinfo%2Fspacewalk-list&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=8wAw4%2BnmfT7kGNPIyFYDK64dBe3zs5vDIr8YFI%2BmS7c%3D&reserved=0> > > > > >Please consider the environment before printing this email. >********************************************************************* >This communication may contain information which is confidential, >personal and/or privileged. It is for the exclusive use of the intended >recipient(s). >If you are not the intended recipient(s), please note that any >distribution, forwarding, copying or use of this communication or the >information in it is strictly prohibited. If you have received it in >error please contact the sender immediately by return e-mail. Please >then delete the e-mail and any copies of it and do not use or disclose >its contents to any person. >Any personal views expressed in this e-mail are those of the individual >sender and the company does not endorse or accept responsibility for >them. Prior to taking any action based upon this e-mail message, you >should seek appropriate confirmation of its authenticity. >This message has been checked for viruses on behalf of the company. >********************************************************************* > > > > >Please consider the environment before printing this email. >********************************************************************* >This communication may contain information which is confidential, >personal and/or privileged. It is for the exclusive use of the intended >recipient(s). >If you are not the intended recipient(s), please note that any >distribution, forwarding, copying or use of this communication or the >information in it is strictly prohibited. If you have received it in >error please contact the sender immediately by return e-mail. Please >then delete the e-mail and any copies of it and do not use or disclose >its contents to any person. >Any personal views expressed in this e-mail are those of the individual >sender and the company does not endorse or accept responsibility for >them. Prior to taking any action based upon this e-mail message, you >should seek appropriate confirmation of its authenticity. >This message has been checked for viruses on behalf of the company. >********************************************************************* > > > > >Please consider the environment before printing this email. >********************************************************************* >This communication may contain information which is confidential, >personal and/or privileged. It is for the exclusive use of the intended >recipient(s). >If you are not the intended recipient(s), please note that any >distribution, forwarding, copying or use of this communication or the >information in it is strictly prohibited. If you have received it in >error please contact the sender immediately by return e-mail. Please >then delete the e-mail and any copies of it and do not use or disclose >its contents to any person. >Any personal views expressed in this e-mail are those of the individual >sender and the company does not endorse or accept responsibility for >them. Prior to taking any action based upon this e-mail message, you >should seek appropriate confirmation of its authenticity. >This message has been checked for viruses on behalf of the company. >*********************************************************************
But just another information. When you get a SSL error from the client, then you have to check the SSL certificate on the "webserver"! Robert _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list