Eventually this script fixed all the stuff :). rpm -Uvh http://spacewalk/repos/spacewalk_client6/2.3-client/RHEL/6/x86_64/spacewalk-client-repo-2.3-2.el6.noarch.rpm rpm -Uvh http://spacewalk/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm cat > /etc/yum.repos.d/spacewalk-client.repo << EOF [spacewalk-client] name=Spacewalk Client Tools baseurl=http://spacewalk/repos/spacewalk_client6/2.3-client/RHEL/6/x86_64/ gpgkey=http://yum.spacewalkproject.org/RPM-GPG-KEY-spacewalk-2014 enabled=1 gpgcheck=0 EOF yum install -y http://spacewalk/repos/epel6/x86_64/python-hwdata-1.7.3-1.el6.noarch.rpm yum install -y rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin rhncfg-actions rhn-actions-control --enable-all rhnreg_ks --serverUrl=https://spacewalk/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=linux
On Thu, Mar 31, 2016 at 11:53 AM, Matt Moldvan <[email protected]> wrote: > Oh, that error you're seeing is because your system(s) don't recognize the > SSL cert generated by Spacewalk. In your bootstrap script, is the > RHN-ORG-TRUSTED-CERT (or something like that) being pushed correctly to the > clients? Otherwise they won't recognize the SSL cert being presented by > your Spacewalk master. > > Try openssl s_client -connect spacewalkfqdn:443 -showcerts to see what the > verify result is. > > On Thu, Mar 31, 2016 at 2:08 PM Konstantin Raskoshnyi <[email protected]> > wrote: > >> The problem is - my servers don't have internet access. I set up epel >> repo sync on spacewalk...For example epel >> >> [epel] >> name=Extra Packages for Enterprise Linux 6 - $basearch >> baseurl=https://spacewalk/repos/epel6/x86_64/ >> #mirrorlist= >> https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch >> failovermethod=priority >> enabled=1 >> gpgcheck=0 >> >> When I try to install yum install rhn-client-tools rhn-check rhn-setup >> rhnsd m2crypto yum-rhn-plugin >> >> It shows me https://spacewalk/repos/epel6/x86_64/repodata/repomd.xml: >> [Errno 14] Peer cert cannot be verified or peer cert invalid >> >> So strange >> >> On Wed, Mar 30, 2016 at 6:04 PM, Matt Moldvan <[email protected]> wrote: >> >>> I had a similar issue for systems that had old versions of nss, they >>> couldn't deal with an HTTPS repo for some reason. Is your >>> /etc/sysconfig/rhn/up2date pointing to https://something by chance? If >>> so try changing it to http, updating yum and nss fully, then changing it >>> back to https. >>> >>> One liner: sudo sed -i 's/serverURL=https:/serverURL=http:/g' >>> /etc/sysconfig/rhn/up2date; sudo yum update yum* nss* ; sudo sed -i >>> 's/serverURL=http:/serverURL=https:/g' /etc/sysconfig/rhn/up2date >>> >>> On Wed, Mar 30, 2016 at 6:47 PM Konstantin Raskoshnyi < >>> [email protected]> wrote: >>> >>>> Deployed a new machine, it didn't have internet access, added manually >>>> epel repo & spacewalk repo and installed client, registered on the >>>> spacewalk. >>>> >>>> The system shows this error, when I try to do anything: >>>> >>>> Cannot retrieve repository metadata (repomd.xml) for repository: >>>> epel_sci_6. Please verify its path and try again >>>> >>>> If I remove software channels from this machine it shows the same error >>>> but with the parent channel. >>>> >>>> Any solutions? >>>> _______________________________________________ >>>> Spacewalk-list mailing list >>>> [email protected] >>>> https://www.redhat.com/mailman/listinfo/spacewalk-list >>> >>> >>> _______________________________________________ >>> Spacewalk-list mailing list >>> [email protected] >>> https://www.redhat.com/mailman/listinfo/spacewalk-list >>> >> >> _______________________________________________ >> Spacewalk-list mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/spacewalk-list > > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list >
_______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
