Dear All, Because our customer has some issue with his prod_spacewalk server to create new system, we decided to clone it has dev_system to do some test and troubleshooting this problem. Clone and configuration to dev_spacewalk was successfully done.
Version:
==================================
dev_spacewalk : CentOS 7.4.1708
spacewalk ver.: 2.4
Steps
==================================
1) server successfully cloned
2) Change hostname in configuration's file
3) run the script with the new IP ADD : /usr/bin/spacewalk-hostname-rename <ip>
3.1) a new SSL certificate was created
3.2) a private AC key was generated:
Generating private CA key: /root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY
4) Configuring jabber to use PostgreSQL backend because some issue.
5) Successfully start the service:
Error
==================================
Now, we've created a new dev_server and after the installation, we received
some issue from kickstart logs:
ERROR: Failed to connect to https://<dev_spacewalk>.local/rpc/api
I've done an another test from this new machine:
<dev_server># spacecmd -s <dev_spacewalk> -u admin -p $(echo passwd | openssl
enc -aes-128-cbc -a -d -salt -pass pass:XXXX) --debug
DEBUG: : False
DEBUG: Read configuration from /root/.spacecmd/config
DEBUG: Loading configuration section [spacecmd]
DEBUG: Current Configuration: {'username': 'admin', 'password': '***********',
'server': 'dev_spacewalk'}
Welcome to spacecmd, a command-line interface to Spacewalk.
Type: 'help' for a list of commands
'help <cmd>' for command-specific help
'quit' to quit
DEBUG: Configuration section [dev_spacewalk] does not exist
DEBUG: Connecting to https://dev_spacewalk/rpc/api
ERROR: <class 'ssl.SSLError'>
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/spacecmd/misc.py", line 284, in
do_login
self.api_version = self.client.api.getVersion()
File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__
return self.__send(self.__name, args)
File "/usr/lib64/python2.7/xmlrpclib.py", line 1587, in __request
verbose=self.__verbose
File "/usr/lib64/python2.7/xmlrpclib.py", line 1273, in request
return self.single_request(host, handler, request_body, verbose)
File "/usr/lib64/python2.7/xmlrpclib.py", line 1301, in single_request
self.send_content(h, request_body)
File "/usr/lib64/python2.7/xmlrpclib.py", line 1448, in send_content
connection.endheaders(request_body)
File "/usr/lib64/python2.7/httplib.py", line 1013, in endheaders
self._send_output(message_body)
File "/usr/lib64/python2.7/httplib.py", line 864, in _send_output
self.send(msg)
File "/usr/lib64/python2.7/httplib.py", line 826, in send
self.connect()
File "/usr/lib64/python2.7/httplib.py", line 1236, in connect
server_hostname=sni_hostname)
File "/usr/lib64/python2.7/ssl.py", line 350, in wrap_socket
_context=self)
File "/usr/lib64/python2.7/ssl.py", line 611, in __init__
self.do_handshake()
File "/usr/lib64/python2.7/ssl.py", line 833, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:579)
ERROR: Failed to connect to https://<dev_spacewalk>/rpc/api
Questions
==================================
1) How can I check if certificates are ok?
2) Is a certificat's problem or spacewalk? Any Idea how I can debugging?
3) Our customer are using a selfsigned certificat, so I don't think that is a
CA certificat problem?
4) All certificats saw ok but this file not. I don't really know how it will be
created:
<dev_server># cat /tmp/ssl-key-1
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13876969005773671483 (0xc094e5c9943ecc3b)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=CH, ST=XXXXX, L=XXXX, O=XXXX, OU=XX, CN=<prod_spacewalk>.local
Validity
Not Before: Nov 4 10:50:35 2015 GMT
Not After : Oct 29 10:50:35 2036 GMT
Subject: C=XX, ST=XXXXX, L=XXXX, O=XXXX, OU=XX,
CN=<prod_spacewalk>.local
Subject Public Key Info:
...
-----END CERTIFICATE-----
Thank you for your help in advance,
Best regard,
Jérôme Meyer
System Engineer
________________________________
[cid:image005.jpg@01D3E6FE.E34FDD20]<http://www.lcsystems.ch/>
LC Systems-Engineering AG
Tel.:
+41 58 360 89 00
Reinacherstrasse 129
Fax:
+41 58 360 89 01
4053 Basel
Direkt:
+41 58 360 89 14
www.lcsystems.ch
Mobile:
+41 76 438 33 84
Email:
jerome.me...@lcsystems.ch
[cid:image006.jpg@01D3E6FE.E34FDD20]<http://www.lcsystems.ch/events>
________________________________
Diese Nachricht ist ausschliesslich für den bezeichneten Adressaten oder dessen
Vertreter bestimmt. Beachten Sie bitte, dass jede Form der unautorisierten
Nutzung, Veröffentlichung, Vervielfältigung oder Weitergabe des Inhaltes der
Email nicht gestattet ist. Sollten Sie nicht der vorgesehene Adressat dieser
Email oder dessen Vertreter sein, so bitten wir Sie, sich mit dem Absender der
Email in Verbindung zu setzen und anschliessend diese Email und sämtliche
Anhänge zu löschen.
________________________________
This message is exclusively for the person addressed or their representative.
Any form of the unauthorized use, publication, reproduction, copying or
disclosure of the content of this e-mail is not permitted. If you are not the
intended recipient of this message and its contents, please notify this sender
immediately and delete this message and all its attachments subsequently.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
