The second one requires file:// based URLs, which is why I use a configuration channel. I specify it locally:
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 (The three / characters are correct: the protocol is file:// and it starts from the / directory, hence file:///etc...) If the key is deployed via kickstart, it doesn't appear here (but that's OK, because it's already in the RPM database). You would need to deploy a file using a configuration channel to this location if you have non-kickstarted servers. You can leave the URL field empty if all your servers will be kickstarted and have the key added during install. Cheers, Avi > On 5 Apr 2016, at 11:18 AM, Lachlan Musicman <[email protected]> wrote: > > Thanks Avi - on the second one, should I be supplying the official URL, or > the url of my copy of the key? Do I need to fill out all three fields, or > just one? > > cheers > L. > > ------ > The most dangerous phrase in the language is, "We've always done it this way." > > - Grace Hopper > > On 5 April 2016 at 11:01, Avi Miller <[email protected] > <mailto:[email protected]>> wrote: > Hi, > > You put them in the first two. The third location (in the repository) is to > configure SSL certificates to communicate with the repository. Commonly used > for RHN-based repos (and perhaps SUSE repos, but I'm not sure about that). > > The first location adds the GPG key to Spacewalk, so you can deploy it during > kickstart. > The second location configures where yum will look for the GPG key (if not > already installed) and how to verify that it has the right one. > > I also have a GPG Configuration Channel so that I can deploy keys to machines > that were not installed via kickstart, but still need to have the keys > installed. > > Cheers, > Avi > >> On 5 Apr 2016, at 10:44 AM, Lachlan Musicman <[email protected] >> <mailto:[email protected]>> wrote: >> >> One final question. Now I have the relevant GPG keys, do I put them: >> >> - in System -> Kickstart -> GPG and SSL keys, then activate them in the >> profile OR >> - in Channels -> Manage Channels -> the Channel in question -> Basic >> Channel Details, at the bottom OR >> - in Channels -> Manage Channels -> Manage Repositories -> Repository in >> question. >> >> Or do I put them in all three, or just two. In the third option - the >> Repositories - the drop down only allows for the single SSL cert that I >> created at the start, none of the GPG keys are available. >> >> Cheers >> L. >> >> ------ >> The most dangerous phrase in the language is, "We've always done it this >> way." >> >> - Grace Hopper >> >> On 5 April 2016 at 09:27, Lachlan Musicman <[email protected] >> <mailto:[email protected]>> wrote: >> Ah, ok. Thanks. >> >> It's becoming clearer now. Did I miss something, or is it that I'm just not >> aware enough of how these systems work... >> >> Hmmm. >> >> cheers >> L. >> >> ------ >> The most dangerous phrase in the language is, "We've always done it this >> way." >> >> - Grace Hopper >> >> On 5 April 2016 at 08:57, Avi Miller <[email protected] >> <mailto:[email protected]>> wrote: >> Hi, >> >>> On 5 Apr 2016, at 8:41 AM, Lachlan Musicman <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> We have an SSL cert on that page - is that not enough? Do I need a separate >>> gpg key? I would presume the cert was sufficient - at no point in the >>> documentation did I see an explicit instruction to make one of each? >> >> >> That is not sufficient. That is the CA certificate for your Spacewalk >> instance. It's not the GPG key for the CentOS RPMs. You need to create a GPG >> key with the content from CentOS and deploy it during kickstart, so that yum >> has a valid GPG key against which to test the signature of the RPMs. >> >> So, you'd need to get a copy of the CentOS GPG key (usually found in >> /etc/pki/rpm-gpg on an already installed machine) and create a GPG key with >> the content of that key. You would then need to update your Kickstart >> Profile to deploy that GPG key during install, so that packages can be >> installed during the post-install phase, i.e. after registration with >> Spacewalk and post the Anaconda process. >> >> Hope that helps, >> Avi >> >> -- >> Oracle <http://www.oracle.com <http://www.oracle.com/>> >> Avi Miller | Product Management Director | +61 (3) 8616 3496 >> <tel:%2B61%20%283%29%208616%C2%A03496> >> Oracle Linux and Virtualization >> 417 St Kilda Road, Melbourne, Victoria 3004 Australia >> >> >> _______________________________________________ >> Spacewalk-list mailing list >> [email protected] <mailto:[email protected]> >> https://www.redhat.com/mailman/listinfo/spacewalk-list >> <https://www.redhat.com/mailman/listinfo/spacewalk-list> >> >> >> _______________________________________________ >> Spacewalk-list mailing list >> [email protected] <mailto:[email protected]> >> https://www.redhat.com/mailman/listinfo/spacewalk-list >> <https://www.redhat.com/mailman/listinfo/spacewalk-list> > -- > Oracle <http://www.oracle.com <http://www.oracle.com/>> > Avi Miller | Product Management Director | +61 (3) 8616 3496 > <tel:%2B61%20%283%29%208616%C2%A03496> > Oracle Linux and Virtualization > 417 St Kilda Road, Melbourne, Victoria 3004 Australia > > > _______________________________________________ > Spacewalk-list mailing list > [email protected] <mailto:[email protected]> > https://www.redhat.com/mailman/listinfo/spacewalk-list > <https://www.redhat.com/mailman/listinfo/spacewalk-list> > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list -- Oracle <http://www.oracle.com> Avi Miller | Product Management Director | +61 (3) 8616 3496 Oracle Linux and Virtualization 417 St Kilda Road, Melbourne, Victoria 3004 Australia
_______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
