Re: [Spacewalk-list] Upgrading clients to 2.4

[Dimitri Yioulos]

Is it against a security policy or firewall rule to simply do “rpm –import 
http://spacewalk.redhat.com/yum/RPM-GPG-KEY-spacewalk-2015”?


From: spacewalk-list-boun...@redhat.com 
[mailto:spacewalk-list-boun...@redhat.com] On Behalf Of Ian Forde
Sent: Friday, February 12, 2016 3:46 PM
To: spacewalk-list@redhat.com
Subject: Re: [Spacewalk-list] Upgrading clients to 2.4

You could always use SSM to execute remote commands on your hosts, (consisting 
of a curl/wget to download key to their local filesystems and import the 
keys...) Then you should be able to upgrade the packages.

On Fri, Feb 12, 2016 at 12:37 PM, Matt Bayliss 
<aarrgghh...@gmail.com<mailto:aarrgghh...@gmail.com>> wrote:
OK, so I pushed out the package rhncfg-actions so I could run remote commands.  
I figured I could set up a configuration channel to push out the gpg key and 
then use a remote command to install it.  I found that I could not use 
configuration channels or use remote commands until I logged onto each server 
and enabled the functionality with 'rhn-actions-control --enable-all' (why is 
this not on by default?!).
Anyway, I've finally jumped through enough hoops to run the 'gpg --import 
RPM-GPG-KEY-spacewalk-2015' command, problem is though is that the 2.4-client 
packages still won't install and I'm getting the same "Error while executing 
packages action: Public key for rhn-setup-2.4.11-1.el6.noarch.rpm is not 
installed [[6]]"

GPG keys on my system are:
# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'

gpg-pubkey-c105b9de-4e0fd3a3 --> gpg(CentOS-6 Key (CentOS 6 Official Signing 
Key) <centos-6-...@centos.org<mailto:centos-6-...@centos.org>>)
gpg-pubkey-863a853d-4f55f54d --> gpg(Spacewalk 
<spacewalk-de...@redhat.com<mailto:spacewalk-de...@redhat.com>>)
gpg-pubkey-0608b895-4bd22942 --> gpg(EPEL (6) 
<e...@fedoraproject.org<mailto:e...@fedoraproject.org>>)
It seems that the key has not been imported properly.  I'll check the file I 
pushed out again.

# gpg --with-fingerprint RPM-GPG-KEY-spacewalk-2015
pub  1024D/B8002DE1 2015-04-17 Spacewalk 
<spacewalk-de...@redhat.com<mailto:spacewalk-de...@redhat.com>>
      Key fingerprint = A5FC 508C DD3C C46D 3C3B  4612 DCC9 81CD B800 2DE1
OK, so that looks right,. I'll try and import it again..

# gpg --import RPM-GPG-KEY-spacewalk-2015
gpg: key B8002DE1: "Spacewalk 
<spacewalk-de...@redhat.com<mailto:spacewalk-de...@redhat.com>>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
It's processed and unchanged but it's still not in my list:

# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
gpg-pubkey-c105b9de-4e0fd3a3 --> gpg(CentOS-6 Key (CentOS 6 Official Signing 
Key) <centos-6-...@centos.org<mailto:centos-6-...@centos.org>>)
gpg-pubkey-863a853d-4f55f54d --> gpg(Spacewalk 
<spacewalk-de...@redhat.com<mailto:spacewalk-de...@redhat.com>>)
gpg-pubkey-0608b895-4bd22942 --> gpg(EPEL (6) 
<e...@fedoraproject.org<mailto:e...@fedoraproject.org>>)
wtf?  Why won't the key import/update?

On 12 February 2016 at 15:18, Dimitri Yioulos 
<dyiou...@netatlantic.com<mailto:dyiou...@netatlantic.com>> wrote:
Matt,

I think you can use Manage|Provisioning|Run remote commands against a group of 
servers.  If you use Ansible in your environment, I have a simple playbooks to 
accomplish installing the public key which I’m happy to share with you.

Dimitri

From: 
spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com> 
[mailto:spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com>]
 On Behalf Of Matt Bayliss
Sent: Friday, February 12, 2016 9:41 AM
To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>
Subject: [Spacewalk-list] Upgrading clients to 2.4

I'm trying to bring a bunch of Spacewalk clients which are currently using the 
2.2-client version, up to 2.4-client.
I created a new channel & repo and used the SSM to transfer systems over to the 
new channel.  The updates then appeaar as available and I scheduled the upgrade.
The problem is that I receive the error "Error while executing packages action: 
Public key for rhn-setup-2.4.11-1.el6.noarch.rpm is not installed [[6]]" as the 
2015 key is not installed by my clients.
What's the best way to fix this using Spacewalk, I'd rather avoid having to 
import the key manually on each system.
Thanks,
Matt

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list@redhat.com<mailto:Spacewalk-list@redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list


_______________________________________________
Spacewalk-list mailing list
Spacewalk-list@redhat.com<mailto:Spacewalk-list@redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list


_______________________________________________
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list