The new cert broke our kickstart configuration because the Org name changed to Spacewalk Default Organization. To fix you can use spacecmd --org_rename spacecmd -u admin -p password -- org_rename "Spacewalk Default Organization" "My New Name"
On Mon, Jul 13, 2015 at 10:09 AM, Tomáš Kašpárek <[email protected]> wrote: > Hello, > > please follow instructions located at: > https://fedorahosted.org/spacewalk/wiki/HowToUpgrade#PerformSpacewalkactivation > > Tomáš > > > On 07/13/2015 03:56 PM, Coffman, Anthony J wrote: > >> I've got this also. >> >> Spacewalk 2.3 >> >> --Tony >> >> >> >> >> -----Original Message----- >> From: [email protected] [mailto: >> [email protected]] On Behalf Of Cliff Perry >> Sent: Monday, July 13, 2015 6:32 AM >> To: [email protected] >> Subject: Re: [Spacewalk-list] Certificate expiry >> >> On 13/07/15 11:20, Kobus Bensch wrote: >> >>> Morning >>> >>> I need some help please. This morning I got this message on the >>> Spacewalk login: >>> >>> Your satellite certificate has expired. Please visit the following >>> link for steps on how to request or generate a new certificate: >>> https://access.redhat.com/knowledge/tools/satcertYour satellite enters >>> restricted period in 7 day(s). >>> >>> So I followed the instructions here to get this resolved: >>> >>> https://fedorahosted.org/spacewalk/wiki/CertCreation >>> >>> Here is the steps I took: >>> gpg --gen-key >>> gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc. >>> This is free software: you are free to change and redistribute it. >>> There is NO WARRANTY, to the extent permitted by law. >>> >>> Please select what kind of key you want: >>> (1) RSA and RSA (default) >>> (2) DSA and Elgamal >>> (3) DSA (sign only) >>> (4) RSA (sign only) >>> Your selection? 1 >>> RSA keys may be between 1024 and 4096 bits long. >>> What keysize do you want? (2048) 4096 >>> Requested keysize is 4096 bits >>> Please specify how long the key should be valid. >>> 0 = key does not expire >>> <n> = key expires in n days >>> <n>w = key expires in n weeks >>> <n>m = key expires in n months >>> <n>y = key expires in n years >>> Key is valid for? (0) 3y >>> Key expires at Thu 12 Jul 2018 10:51:46 AM BST Is this correct? (y/N) >>> y >>> >>> GnuPG needs to construct a user ID to identify your key. >>> >>> Real name: Infrastructure_Team >>> Email address: [email protected] >>> Comment: Spacewalk Cert >>> You selected this USER-ID: >>> "Infrastructure_Team (Spacewalk Cert) <[email protected] >>> >" >>> >>> Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a >>> Passphrase to protect your secret key. >>> >>> can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory >>> gpg-agent[12582]: directory `/root/.gnupg/private-keys-v1.d' created >>> We need to generate a lot of random bytes. It is a good idea to >>> perform some other action (type on the keyboard, move the mouse, >>> utilize the >>> disks) during the prime generation; this gives the random number >>> generator a better chance to gain enough entropy. >>> We need to generate a lot of random bytes. It is a good idea to >>> perform some other action (type on the keyboard, move the mouse, >>> utilize the >>> disks) during the prime generation; this gives the random number >>> generator a better chance to gain enough entropy. >>> gpg: key C787B908 marked as ultimately trusted public and secret key >>> created and signed. >>> >>> gpg: checking the trustdb >>> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model >>> gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u >>> gpg: next trustdb check due at 2018-07-12 >>> pub 4096R/C787B908 2015-07-13 [expires: 2018-07-12] >>> Key fingerprint = E0A9 C645 60C3 FAD1 4EE9 0388 1627 481B C787 >>> B908 >>> uid Infrastructure_Team (Spacewalk Cert) >>> <[email protected]> >>> sub 4096R/113C619E 2015-07-13 [expires: 2018-07-12] >>> >>> gpg --list-keys >>> /root/.gnupg/pubring.gpg >>> ------------------------ >>> pub 1024D/F24F1B08 2002-04-23 [expired: 2004-04-22] >>> uid Red Hat, Inc (Red Hat Network) >>> <[email protected]> >>> >>> pub 4096R/C787B908 2015-07-13 [expires: 2018-07-12] >>> uid Infrastructure_Team (Spacewalk Cert) >>> <[email protected]> >>> sub 4096R/113C619E 2015-07-13 [expires: 2018-07-12] >>> >>> [root@dc2pmzspw01 ~]# gpg --list-secret-keys /root/.gnupg/secring.gpg >>> ------------------------ >>> sec 4096R/3E092771 2015-07-13 [expires: 2018-07-12] >>> uid Infrastructure Team (Spacewalk Cert) >>> <[email protected]> >>> ssb 4096R/DCFD06A8 2015-07-13 >>> >>> sec 4096R/C787B908 2015-07-13 [expires: 2018-07-12] >>> uid Infrastructure_Team (Spacewalk Cert) >>> <[email protected]> >>> ssb 4096R/113C619E 2015-07-13 >>> >>> gpg --export -a C787B908 > spacewalk-key.gpg gpg --export-secret-keys >>> -a C787B908 > spacewalk-secretkey.gpg >>> >>> gpg --keyring /etc/webapp-keyring-new.gpg --no-default-keyring >>> --import spacewalk-key.gpg spacewalk-secretkey.gpg >>> gpg: keyring `/etc/webapp-keyring-new.gpg' created >>> gpg: key C787B908: public key "Infrastructure_Team (Spacewalk Cert) >>> <[email protected]>" imported >>> gpg: key C787B908: already in secret keyring >>> gpg: Total number processed: 2 >>> gpg: imported: 1 (RSA: 1) >>> gpg: secret keys read: 1 >>> gpg: secret keys unchanged: 1 >>> >>> mv /etc/webapp-keyring.gpg /etc/webapp-keyring-old.gpg mv >>> /etc/webapp-keyring-new.gpg /etc/webapp-keyring.gpg >>> >>> gpg --keyring /etc/webapp-keyring.gpg --no-default-keyring --list-keys >>> /etc/webapp-keyring.gpg >>> ----------------------- >>> pub 4096R/C787B908 2015-07-13 [expires: 2018-07-12] >>> uid Infrastructure_Team (Spacewalk Cert) >>> <[email protected]> >>> sub 4096R/113C619E 2015-07-13 [expires: 2018-07-12] >>> >>> ./gen-oss-sat-cert.pl --orgid 1 --owner "Infrastructure_Team >>> (Spacewalk >>> Cert) <[email protected]>" --signer C787B908 --output >>> spacewalk-cert.cert --expires "2018-07-13 00:00:00" --slots 200000 >>> --satellite-version spacewalk >>> Passphrase: >>> gpg: Signature made Mon 13 Jul 2015 11:07:12 AM BST using RSA key ID >>> C787B908 >>> gpg: Good signature from "Infrastructure_Team (Spacewalk Cert) >>> <[email protected]>" >>> Signatures validation succeeded. >>> Certificate saved as tpgspacewalk-cert.cert >>> >>> rhn-satellite-activate --sanity-only --rhn-cert=spacewalk-cert.cert >>> [no output] >>> >>> rhn-satellite-activate --disconnected --rhn-cert=spacewalk-cert.cert >>> Certificate specifies 0 of virtualization_host_platform entitlements. >>> There are 3000 entitlements allocated to non-base org(s) (0 used). >>> You might need to deallocate some entitlements from non-base >>> organization(s). >>> You need to free 3000 entitlements to match the new certificate. >>> In the WebUI, the entitlement is named Virtualization Host >>> Platform. >>> Certificate specifies 0 of monitoring_entitled entitlements. >>> There are 338 entitlements used by systems in the base (id 1) >>> organization, >>> plus 3000 entitlements allocated to non-base org(s) (26 used). >>> You might need to unentitle some systems in the base organization, >>> or deallocate some entitlements from non-base organization(s). >>> You need to free 3338 entitlements to match the new certificate. >>> In the WebUI, the entitlement is named Monitoring. >>> Certificate specifies 0 of virtualization_host entitlements. >>> There are 3000 entitlements allocated to non-base org(s) (0 used). >>> You might need to deallocate some entitlements from non-base >>> organization(s). >>> You need to free 3000 entitlements to match the new certificate. >>> In the WebUI, the entitlement is named Virtualization Host. >>> Certificate specifies 0 of provisioning_entitled entitlements. >>> There are 338 entitlements used by systems in the base (id 1) >>> organization, >>> plus 3000 entitlements allocated to non-base org(s) (26 used). >>> You might need to unentitle some systems in the base organization, >>> or deallocate some entitlements from non-base organization(s). >>> You need to free 3338 entitlements to match the new certificate. >>> In the WebUI, the entitlement is named Provisioning. >>> Activation failed, will now exit with no changes. >>> >>> >>> I have tried several different settings in the ./gen-oss-sat-cert.pl >>> command but always the same. >>> >>> Can anybody help please? >>> >>> Thanks >>> >>> Kobus >>> >>> Trustpay Global Limited is an authorised Electronic Money Institution >>> regulated by the Financial Conduct Authority registration number 900043. >>> Company No 07427913 Registered in England and Wales with registered >>> address 130 Wood Street, London, EC2V 6DL, United Kingdom. >>> >>> For further details please visit our website at www.trustpayglobal.com >>> <http://www.trustpayglobal.com>. >>> >>> The information in this email and any attachments are confidential and >>> remain the property of Trustpay Global Ltd unless agreed by contract. >>> It is intended solely for the person to whom or the entity to which it >>> is addressed. If you are not the intended recipient you may not use, >>> disclose, copy, distribute, print or rely on the content of this email >>> or its attachments. If this email has been received by you in error >>> please advise the sender and delete the email from your system. >>> Trustpay Global Ltd does not accept any liability for any personal >>> view expressed in this message. >>> >>> >>> >>> _______________________________________________ >>> Spacewalk-list mailing list >>> [email protected] >>> https://www.redhat.com/mailman/listinfo/spacewalk-list >>> >>> Hi - can you confirm the version of Spacewalk being used? >> >> The old Certificate used expired today. We generated a new one a year ago: >> >> >> https://github.com/spacewalkproject/spacewalk/blob/ca2c784eaff062b36f5f464affc50c2a2d21fa6a/branding/setup/spacewalk-public.cert >> >> For now, it is safe to ignore the warning - please give us some time to >> provide our recommended solution here. Since not everyone has upgraded yet >> to Spacewalk 2.3. >> >> Regards, >> Cliff >> >> _______________________________________________ >> Spacewalk-list mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/spacewalk-list >> >> _______________________________________________ >> Spacewalk-list mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/spacewalk-list >> > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list >
_______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
