This kickstart is not done in a local spacewalk network but from our Lab, which has only a NATed Internet connection and reaches the spacewalk through the internet, so it shares the firewalls external IP with another Spacewalk client and yes, there is no PXE possibility.
The DHCP (no PXE) in this network should be fine, since the kickstart was able to connect to the spacewalk and download the KS file as well as all packages. For the reverse Lookup, it’s correct, there is no reverse lookup entry for the IP, but it never existed and the kickstart from the ISO worked. Does there has to be a reverse entry? I can’t see the IP in the certificate, only the FQDN. The certificate has never been updated / resigned. Many thanks Johannes > On 27 Apr 2016, at 2:43 AM, [email protected] wrote: > > Correction > > Original Message > From: [email protected] > Sent: Tuesday, April 26, 2016 20:37 > To: Johannes Raff; [email protected] > Subject: Re: [Spacewalk-list] Spacewalk Kickstart ISO Certificate invalid > > Sounds like something changed in your network. > If PXE/dhcp works I would compare what the DNS settings are. > I assume that if you are booting off of a CD it's because DHCP isn't > available or its going to a different DHCP server that doesn't offer PXE. > I would suspect that there is a reverse lookup issue, > Example > Original > Spacewalk.mycompany.com A 192.168.1.25 > 25.1.168.192 A spacewalk.mycompany.com > New version > Servera25.mycompany.com A 192.168.1.25 > 25.1.168.192 A servera2d.mycompany.com > Spacewalk.mycompany.com Cname servera25 > > Assuming the local DNS has the cname in the new config should be fine, the > original config should be fine too, but if you mix and match the foreword A > record from the original with the reverse lookup record from the new version > the SSL cert will not verify correctly. > > Original Message > From: Johannes Raff > Sent: Tuesday, April 26, 2016 17:59 > To: [email protected] > Reply To: [email protected] > Subject: [Spacewalk-list] Spacewalk Kickstart ISO Certificate invalid > > Hi, > > we are running Spacewalk 2.4 on CentOS 6.6 with three Organisations. The > setup has been started on version 2.0 and has always been updated. So far we > had no problems but suddenly the kickstarting through a cobbler iso doesn’t > work anymore. > > we restarted Spacewalk, executed cobbler sync and cobbler buildiso. After > that booting from the ISO, I can select the profile and the setup starts. > after the setup, the machine comes up but is not registered with the > Organisation in spacewalk. After reading through the logs, I find, that the > /var/log/up2date log shows a invalid certificate error. if I start the > run_register manually and using https, I can not move over the connection > information. If I use rhnreg_ks, I have the Certificate error again. > > If I switch to http: I can input the username and password, in the last step > I get the error 70 though which says that the profile has no free > allocations, which is not correct. I have verified the certificate, it is the > right certificate (same md5) then on the server or an existing host, it has > the correct hostname in the cert and in the kickstart file and the name > resolution works well and it is valid. > > If I book a machine in the DHCP connected network, I get the profiles from > PXE and after selecting the correct profile, the setup and registration works > without a issue. > > This behaviour has appeared just recently, not straight after an upgrade of > spacewalk. The Centos patches have been update recently. > > Does anyone had a similar issue like this or could someone recommend next > steps. > > Many Thanks > Johannes > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
