client-config-overrides.txt
enableProxy=0
enableProxyAuth=0
httpProxy=
noSSLServerURL=http://uyuni.test.uindy.edu/XMLRPC
proxyPassword=
proxyUser=
serverURL=https://uyuni.test.uindy.edu/XMLRPC
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
useGPG=1
command to kick off bootstrap
./bootstrap.sh
Using it for Salt
Version
Information for package Uyuni-Server-release:
---------------------------------------------
Repository : uyuni-server-stable
Name : Uyuni-Server-release
Version : 2020.06-78.2.uyuni
Arch : x86_64
Vendor : obs://build.opensuse.org/systemsmanagement:Uyuni
Support Level : Level 3
Installed Size : 1.4 KiB
Installed : Yes (automatically)
Status : up-to-date
Source package : Uyuni-Server-release-2020.06-78.2.uyuni.src
Summary : Uyuni Server
---------------
Len Ewen
Systems Administrator 1
Information Technology
University of Indianapolis
(317) 788-3362
[image: UIndyIT.jpg]
Confidentiality Notice: This communication and/or its content are for the
sole use of the intended recipient, and may be privileged, confidential, or
otherwise protected from disclosure by law. If you are not the intended
recipient, please notify the sender and then delete all copies of it.
Unless you are the intended recipient, your use or dissemination of the
information contained in this communication may be illegal.
On Tue, Jul 14, 2020 at 6:09 PM Julio González Gil
This is strange, your log says:
* configured not to use SSL: don't install corporate public CA cert
So I'd say that's what causing your problem... but I don't know why it is hapening.
At the bootstrap script you have have:
USING_SSL=1
Which is OK.
And the part of the code that shows the message I pasted above if USING_SSL equals 0, as you can see if you inspect the script (you will find):
if [ $USING_SSL -eq 1 ] ; then [...a lot of lines to the CA import...] else echo "* configured not to use SSL: don't install corporate public CA cert" fi
So in your case the RPM should get downloaded, installed, and the SSL verification should not fail.
I am running out of ideas, but four final questions:
1) Can you paste the content of client-config-overrides.txt? 2) Can you give us the CLI call you are using for the bootstrap? 3) Is the bootstrap script for traditional or for salt? 4) Are you using Uyuni Stable 2020.06 or Uyuni Master? (if not sure, please run `zypper info Uyuni-Server-release` on the server.
It's strange this is failing as we recently tested Oracle6 both salt and traditional bootstrap from script, it was working and I don't recally any change to the bootstrap script generator.
So if my next email (after you send us the answers for the questions) is unable to fix your problem, I will ask for a bug report to go deeper into this, and to try to reproduce it.
No, I didn't make any changes to the file. Here is the bootstrap.sh
CLIENT_OVERRIDES=client-config-overrides.txt HOSTNAME=uyuni.test.uindy.edu
ORG_CA_CERT=rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm ORG_CA_CERT_IS_RPM_YN=1
USING_SSL=1 USING_GPG=1
REGISTER_THIS_BOX=1
ALLOW_CONFIG_ACTIONS=1 ALLOW_REMOTE_COMMANDS=1
# this variable is only relevant for traditional clients and is ignored on salt minions FULLY_UPDATE_THIS_BOX=0
# Set if you want to specify profilename for client systems. # NOTE: Make sure it's set correctly if any external command is used. # # ex. PROFILENAME="foo.example.com" # For specific client system # PROFILENAME=`hostname -s` # Short hostname # PROFILENAME=`hostname -f` # FQDN PROFILENAME="" # Empty by default to let it be set automatically.
# After registration, before updating the system (or at least the installer) # disable all repos not provided by SUSE Manager. DISABLE_LOCAL_REPOS=1
# Disable yasts automatic online update feature in case it is enabled # on the client. Leaving automatic online update enabled, the client would # continue to update himself independently from SUSE Manager requests. DISABLE_YAST_AUTOMATIC_ONLINE_UPDATE=1
# SUSE Manager Specific settings: # # - Alternate location of the client tool repos providing the zypp-plugin-spacewalk # and packges required for registration. Unless they are already installed on the # client this repo is expected to provide them for SLE-10/SLE-11 based clients: # ${CLIENT_REPOS_ROOT}/sle/VERSION/PATCHLEVEL # If empty, the SUSE Manager repositories provided at https:// ${HOSTNAME}/pub/repositories # are used. CLIENT_REPOS_ROOT=
I just changed the two lines.
---------------
Len Ewen
Systems Administrator 1
Information Technology
University of Indianapolis
(317) 788-3362
[image: UIndyIT.jpg]
Confidentiality Notice: This communication and/or its content are for the sole use of the intended recipient, and may be privileged, confidential, or otherwise protected from disclosure by law. If you are not the intended recipient, please notify the sender and then delete all copies of it. Unless you are the intended recipient, your use or dissemination of the information contained in this communication may be illegal.
On Tue, Jul 14, 2020 at 11:36 AM Julio González Gil
wrote:
Can you share the content of your bootstrap script until the part where it
says:
# DO NOT EDIT BEYOND THIS POINT
Did you change anything at client-config-overrides.txt?
On martes, 14 de julio de 2020 17:30:49 (CEST) Len Ewen wrote:
It is the self signed certificate that is created by default uyuni. I didn't even need to use the certificate when I install OL7 or Cent7
boxes.
It just sees to work. Ol6 and Cent6 seem to be a little more needy. ---------------
Len Ewen
Systems Administrator 1
Information Technology
University of Indianapolis
(317) 788-3362
[image: UIndyIT.jpg]
Confidentiality Notice: This communication and/or its content are for the sole use of the intended recipient, and may be privileged, confidential,
or
otherwise protected from disclosure by law. If you are not the intended recipient, please notify the sender and then delete all copies of it. Unless you are the intended recipient, your use or dissemination of
information contained in this communication may be illegal.
On Tue, Jul 14, 2020 at 11:06 AM Julio González Gil < jgonzalez@suse.com>
wrote:
Who issued the SSL certificate you are using?
Is it the self-signed certificate that Uyuni creates by default?
If not, you need to follow
https://www.uyuni-project.org/uyuni-docs/uyuni/
administration/ssl-certs- <
https://www.uyuni-project.org/uyuni-docs/uyuni/administration/ssl-certs->
imported.html#_replace_certificates_with_a_third_party_certificate
In the end you will get a RPM published, and if you open your bootstrap script, you will notice this warning:
echo "Verify that the script variable settings are correct:" echo " - CLIENT_OVERRIDES should be only set differently if a customized" echo " client-config-overrides-VER.txt file was created with a different" echo " name." echo " - ensure the value of HOSTNAME is correct." echo " - ensure the value of ORG_CA_CERT is correct."
And below there's the value of the RPM:
ORG_CA_CERT=rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
So all in all, the short story is: you need to generate the RPMs,
install
them and deploy them and then update the bootstrap scripts.
On martes, 14 de julio de 2020 16:14:43 (CEST) Len Ewen wrote:
UPDATING RHN_REGISTER/UP2DATE CONFIGURATION FILES ------------------------------------------------- * downloading necessary files
client_config_update.py...
2020-07-14 09:52:25 URL:
http://uyuni.test.uindy.edu/pub/bootstrap/client_config_update.py
[6456/6456] -> "client_config_update.py" [1] FINISHED --2020-07-14 09:52:25-- Downloaded: 1 files, 6.3K in 0s (12025 GB/s)
client-config-overrides.txt...
2020-07-14 09:52:25 URL: http://uyuni.test.uindy.edu/pub/bootstrap/client-config-overrides.txt
[629/629] -> "client-config-overrides.txt" [1] FINISHED --2020-07-14 09:52:25-- Downloaded: 1 files, 629 in 0s (1172 GB/s)
PREPARE GPG KEYS AND CORPORATE PUBLIC CA CERT -------------------------------------------------
* importing organizational GPG keys 2020-07-14 09:52:25 URL: http://uyuni.test.uindy.edu/pub/uyuni-gpg-pubkey-0d20833e.key
[1126/1126]
-> "uyuni-gpg-pubkey-0d20833e.key" [1] FINISHED --2020-07-14 09:52:25-- Downloaded: 1 files, 1.1K in 0s (2097 GB/s)
* configured not to use SSL: don't install corporate public CA cert
CLEANING UP OLD SUSE MANAGER REPOSITORIES -------------------------------------------------
CHECKING THE REGISTRATION STACK ------------------------------------------------- * check for necessary packages being installed... * client codebase is oracle-6 package salt is not installed package salt-minion is not installed WARNING: cannot verify uyuni.test.uindy.edu’s certificate, issued by
“/C=US/ST=IN/L=Indy/O=Uindy/OU=Uindy/CN=uyuni.test.uindy.edu”: Unable to locally verify the issuer’s authority.
2020-07-14 09:52:25 URL:
https://uyuni.test.uindy.edu/pub/repositories/oracle/6/bootstrap/repodata/
re>
pomd.xml [2618/2618] -> "repomd.xml" [1] FINISHED --2020-07-14 09:52:25-- Downloaded: 1 files, 2.6K in 0s (4876 GB/s)
adding client software repository at
https://uyuni.test.uindy.edu/pub/repositories/oracle/6/bootstrap * going to install missing packages...
https://uyuni.test.uindy.edu/pub/repositories/oracle/6/bootstrap/repodata/
re>
pomd.xml: [Errno 14] problem making ssl connection Trying other mirror. Error: Cannot retrieve repository metadata (repomd.xml) for
repository:
susemanager:bootstrap. Please verify its path and try again package salt is not installed ERROR: Failed to install all missing packages.
---------------
Len Ewen
Systems Administrator 1
Information Technology
University of Indianapolis
(317) 788-3362
[image: UIndyIT.jpg]
Confidentiality Notice: This communication and/or its content are for the sole use of the intended recipient, and may be privileged,
confidential,
or
otherwise protected from disclosure by law. If you are not the
intended
recipient, please notify the sender and then delete all copies of it. Unless you are the intended recipient, your use or dissemination
of
the
information contained in this communication may be illegal.
On Tue, Jul 14, 2020 at 9:25 AM Julio González Gil <
jgonzalez@suse.com>
wrote: > Can you provide the log so we can see the error? > > On martes, 14 de julio de 2020 15:22:39 (CEST) Len Ewen wrote: > > I am getting an error where it cannot find the ssl
certificate
even
> though > > > it is in the bootstrap file. Oracle Linux 7 and Centos 7 > > install
fine,
> but > > > C6 and OL6 just freak out with the install. Is there some
sort
of
magic
> I > > > am missing to get C6 and OL6 to install properly? > > > > --------------- > > > > Len Ewen > > > > Systems Administrator 1 > > > > Information Technology > > > > University of Indianapolis > > > > (317) 788-3362 > > > > [image: UIndyIT.jpg] > > > > Confidentiality Notice: This communication and/or its content > > are > > for > > the > > sole use of the intended recipient, and may be privileged,
confidential,
> or > > > otherwise protected from disclosure by law. If you are not
On martes, 14 de julio de 2020 17:44:45 (CEST) Len Ewen wrote: the the
intended
> > recipient, please notify the sender and then delete all
copies
> > of > > it. > > Unless you are the intended recipient, your use or dissemination
of
the
> > information contained in this communication may be illegal. > > -- > Julio González Gil > Release Engineer, SUSE Manager and Uyuni > jgonzalez@suse.com
-- Julio González Gil Release Engineer, SUSE Manager and Uyuni jgonzalez@suse.com
-- Julio González Gil Release Engineer, SUSE Manager and Uyuni jgonzalez@suse.com
-- Julio González Gil Release Engineer, SUSE Manager and Uyuni jgonzalez@suse.com