Hi Ray Yes, as I’ve said below, I’ve managed to directly sync both RHEL6 and RHEL7 packages to our Spacewalk server now. After struggling for 2-3 weeks, off and on, I’ve learnt I sort of only needed 2 lots of information really (both from the lists).
1. Add Red Hat Subscription Manager (RHSM) SSL Certificate to the trusted certificates database on the Spacewalk server. # cp -p /etc/rhsm/ca/redhat-uep.pem /usr/share/pki/ca-trust-source/anchors/ # update-ca-trust 2. Follow Robert's instructions, from list, here: https://www.redhat.com/archives/spacewalk-list/2016-January/msg00014.html Note, I’ve installed Spacewalk 2.8 on a RHEL 7 server. Therefore, I sourced the /etc/yum.repos.d/redhat.repo info from that server. I’d also built a RHEL 6 client test system, so I sourced the equivalent information from that system. If you need any further help just let me know, though, as I know how frustrating this was to sort out! I’ve only patched a single RHEL 6/7 system, subsequently, but it’s looking encouraging. Regards Phil From: spacewalk-list-boun...@redhat.com <spacewalk-list-boun...@redhat.com> On Behalf Of raymond.setchfi...@gmail.com Sent: 13 December 2018 11:43 To: spacewalk-list@redhat.com Subject: Re: [Spacewalk-list] [EXTERNAL] Spacewalk 2.8 - Patching RHEL 6/7 Servers Hi Phil I would be very interested in knowing if you got this working, as this is something which I have been attempting to do. I resolved this issue which you are experiencing by doing the following; copy the redhat-uep.pem to your spacewalk server to the following location #> /usr/share/pki/ca-trust-source/anchors/redhat-uep.pem run #> update-ca-trust But from there I ran into authentication issues. If you get further than I please let me know Ray On Thu, Dec 13, 2018 at 11:22 AM p.cook...@bham.ac.uk<mailto:p.cook...@bham.ac.uk> <p.cook...@bham.ac.uk<mailto:p.cook...@bham.ac.uk>> wrote: Hi Graeme Thanks for your response. I could see it was a certificate issue; just not so sure how to resolve it. After installing Spacewalk 2.8 on a RHEL 7 server I encountered the following 3 errors when trying to sync a RHEL 7 repository. I found all the resolutions in the lists so thought I’d group them together, here, for quick reference. Subsequently, I’ve synced the RHEL 7 repository to the Spacewalk server and successfully patched a RHEL 7 client system from it too☺ 1st SYNC ERROR - [Errno 14] curl#60 - "Peer's certificate issuer has been marked as not trusted by the user." Resolution: # cp -p /etc/rhsm/ca/redhat-uep.pem /usr/share/pki/ca-trust-source/anchors/ # update-ca-trust 2nd SYNC ERROR - [Errno 14] HTTPS Error 403 – Forbidden Resolution: Add Red Hat SSL Certificate details to relevant repository configuration page in Spacewalk Web UI. See Robert's instructions, from list, here: https://www.redhat.com/archives/spacewalk-list/2016-January/msg00014.html 3rd SYNC ERROR - https://cdn.redhat.com/content/dist/rhel/server/7/$releasever/$basearch/os/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found Resolution: Amend Repository URL From https://cdn.redhat.com/content/dist/rhel/server/7/$releasever/$basearch/os To https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os Note, if I’d followed Robert’s instructions, more diligently, I wouldn’t have seen this last error! I’ve also used a similar configuration for RHEL 6, too, and directly synced a RHEL 6 repository then successfully patched a RHEL 6 client system from it. Hope this is useful to others. Regards Phil From: spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com> <spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com>> On Behalf Of Graeme Fowler Sent: 11 December 2018 16:52 To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com> Subject: Re: [Spacewalk-list] [EXTERNAL] Spacewalk 2.8 - Patching RHEL 6/7 Servers Hi Phil The answer is staring you in the face in red: the RHEL repos use a certificate which your system doesn’t trust. You’ll need to fetch a copy of the cert and install it into your appropriate PKI tools on the Spacewalk server (part of the OS, not Spacewalk) to allow it to trust the certificate. You’re very much not the only person to have raised this on this mailing list – a check of the archives might help you! Graeme From: <spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com>> on behalf of "p.cook...@bham.ac.uk<mailto:p.cook...@bham.ac.uk>" <p.cook...@bham.ac.uk<mailto:p.cook...@bham.ac.uk>> Reply-To: "spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>" <spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>> Date: Tuesday, 11 December 2018 at 16:39 To: "spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>" <spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>> Subject: Re: [Spacewalk-list] [EXTERNAL] Spacewalk 2.8 - Patching RHEL 6/7 Servers Hi Jeffrey I haven’t had much success patching RHEL systems with my original proof of concept (PoC) environment that had Spacewalk 2.8 installed on an OEL 7 server. I’ve therefore, created a 2nd PoC environment with Spacewalk 2.8 installed on a RHEL 7 server, as you’ve described. I’ve left the RHEL 7 server repo (rhel-7-server-rpms) with its default configuration, as you have below, but when I try and sync I see the following error: [root@<server name> yum.repos.d]# cat /var/log/rhn/reposync/rhel7_x86_64.log 2018/12/11 15:50:42 +01:00 Command: ['/usr/bin/spacewalk-repo-sync', '--channel', 'rhel7_x86_64', '--type', 'yum'] 2018/12/11 15:50:42 +01:00 Sync of channel started. 2018/12/11 15:50:42 +01:00 2018/12/11 15:50:42 +01:00 Processing repository with URL: https://cdn.redhat.com/content/dist/rhel/server/7/$releasever/$basearch/os 2018/12/11 15:50:43 +01:00 ERROR: failure: repodata/repomd.xml from rhel7_x86_64: [Errno 256] No more mirrors to try. https://cdn.redhat.com/content/dist/rhel/server/7/$releasever/$basearch/os/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's certificate issuer has been marked as not trusted by the user." 2018/12/11 15:50:43 +01:00 ERROR: failure: repodata/repomd.xml from rhel7_x86_64: [Errno 256] No more mirrors to try. https://cdn.redhat.com/content/dist/rhel/server/7/$releasever/$basearch/os/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's certificate issuer has been marked as not trusted by the user." 2018/12/11 15:50:43 +01:00 Sync of channel completed in 0:00:00. [root@<server name>yum.repos.d]# Did you perform some additional configuration perhaps/any ideas? Might be useful if you could forward a screen dump of your channel/repo setup screen for RHEL 7, from the Web UI, too? Regards Phil From: spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com> <spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com>> On Behalf Of jeffrey.ir...@rivertechllc.com<mailto:jeffrey.ir...@rivertechllc.com> Sent: 27 November 2018 14:21 To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com> Subject: Re: [Spacewalk-list] [EXTERNAL] Spacewalk 2.8 - Patching RHEL 6/7 Servers RHEL 6 (my mirror repo) pulling from RH [rhel-6-server-rpms] metadata_expire = 86400 sslclientcert = /etc/pki/entitlement/3922910052842520258.pem baseurl = https://cdn.redhat.com/content/dist/rhel/server/6/$releasever/$basearch/os ui_repoid_vars = releasever basearch sslverify = 1 name = Red Hat Enterprise Linux 6 Server (RPMs) sslclientkey = /etc/pki/entitlement/3922910052842520258-key.pem gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release enabled = 1 sslcacert = /etc/rhsm/ca/redhat-uep.pem gpgcheck = 1 Spacewalk pulling from mirror (above) [rhel-6-server-rpms] name = Red Hat Enterprise Linux 6 Server (RPMs) baseurl = https://xxx.xxx.xxx.xxx/rhel-6-server-rpms/ enabled = 1 gpgcheck = 1 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release RHEL 7 [rhel-7-server-rpms] metadata_expire = 86400 sslclientcert = /etc/pki/entitlement/redhat.pem baseurl = https://cdn.redhat.com/content/dist/rhel/server/7/$releasever/$basearch/os ui_repoid_vars = releasever basearch sslverify = 1 name = Red Hat Enterprise Linux 7 Server (RPMs) sslclientkey = /etc/pki/entitlement/redhat-key.pem gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release enabled = 1 sslcacert = /etc/rhsm/ca/redhat-uep.pem gpgcheck = 1 ________________________________ From: spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com> <spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com>> on behalf of p.cook...@bham.ac.uk<mailto:p.cook...@bham.ac.uk> <p.cook...@bham.ac.uk<mailto:p.cook...@bham.ac.uk>> Sent: Tuesday, November 27, 2018 4:16 AM To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com> Subject: Re: [Spacewalk-list] [EXTERNAL] Spacewalk 2.8 - Patching RHEL 6/7 Servers Hi Jeffrey Thanks for your reply. It seems I would have been better off by starting with installing Spacewalk on a RHEL 7 server rather than an OL 7 server then? Can you just clarify/confirm what URL’s you’ve configured for the RHEL 6/7 repositories please (obviously, for the RHEL 6 local, just take out any sensitive information)? Regards Phil From: spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com> <spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com>> On Behalf Of jeffrey.ir...@rivertechllc.com<mailto:jeffrey.ir...@rivertechllc.com> Sent: 26 November 2018 19:58 To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com> Subject: Re: [Spacewalk-list] [EXTERNAL] Spacewalk 2.8 - Patching RHEL 6/7 Servers I have been able to do this by building a rhel 6 server and creating a local repo mirror. I then created a rhel 7 and installed spacewalk. That way i have the entitlements for rhel 6 and 7 covered. From there, I set up the channels and pointed the rhel 7 to the redhat network, and the rhel 6 was pointed to my local repo server. I can now get all the rhel 6 and 7 patches into spacewalk. ________________________________ From: spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com> <spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com>> on behalf of p.cook...@bham.ac.uk<mailto:p.cook...@bham.ac.uk> <p.cook...@bham.ac.uk<mailto:p.cook...@bham.ac.uk>> Sent: Monday, November 26, 2018 7:20 AM To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com> Subject: [EXTERNAL] [Spacewalk-list] Spacewalk 2.8 - Patching RHEL 6/7 Servers Good afternoon I’m currently looking in to options for introducing a single centralised patching solution for both Oracle Linux 6/7 and RHEL 6/7 systems. There are about 100 Oracle Linux servers and 50 RHEL servers. I’m starting with the Spacewalk product and therefore, built a proof of concept environment by installing Spacewalk 2.8 on an Oracle 7 system. Subsequently, I’ve added channels/repositories for Oracle 6/7 and successfully patched a number of test client systems. However, I can’t seem to obtain clear instructions for how to patch RHEL 6/7 systems using Spacewalk. I believe the functionality of Red Hat Satellite and Spacewalk is basically the same but the ability to connect directly to RHN to synchronize software repositories and errata's has been disabled. I’ve seen some tentative clues that this can be circumvented as well as some reference to using “mrepo” but the latter just seems over complicated really. Alternatively, if Red Hat Satellite is purchased to patch the RHEL 6/7 servers, has anyone had success with using it to patch Oracle 6/7 servers? In addition to patching, I also need to investigate their provisioning capabilities too. Regards Phil _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com<mailto:Spacewalk-list@redhat.com> https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list