Renew your satellite certificate for Spacewalk on CentOS 6.
Update 2018
Please use the link to the Spacewalk project Github page for instructions on how to refresh the certificate:
https://github.com/spacewalkproject/spacewalk/wiki/Refreshing-certificate
The link was originally posted on RedHat bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1600868
Renew Spacewalk Certificate
Existing certificate’s expiration date:
# grep expires /usr/share/spacewalk/setup/spacewalk-public.cert <rhn-cert-field name="expires">2015-07-13 00:00:00</rhn-cert-field>
Here is the new certificate:
# cat /usr/share/spacewalk/setup/spacewalk-public.cert <?xml version="1.0" encoding="UTF-8"?> <rhn-cert version="0.1"> <rhn-cert-field name="product">SPACEWALK-001</rhn-cert-field> <rhn-cert-field name="owner">Spacewalk Default Organization</rhn-cert-field> <rhn-cert-field name="issued">2007-07-13 00:00:00</rhn-cert-field> <rhn-cert-field name="expires">2018-07-13 00:00:00</rhn-cert-field> <rhn-cert-field name="slots">20000</rhn-cert-field> <rhn-cert-field name="monitoring-slots">20000</rhn-cert-field> <rhn-cert-field name="provisioning-slots">20000</rhn-cert-field> <rhn-cert-field name="virtualization_host">20000</rhn-cert-field> <rhn-cert-field name="virtualization_host_platform">20000</rhn-cert-field> <rhn-cert-field name="satellite-version">spacewalk</rhn-cert-field> <rhn-cert-field name="generation">2</rhn-cert-field> <rhn-cert-signature> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEABECAAYFAlNg/40ACgkQnnKdrwaUeTIXqwCgmRiTmzFuO7x3bitYPWcJFsZe UPgAn0kTzWo7xUGDpedM0No9nEnWa84P =FTXc -----END PGP SIGNATURE----- </rhn-cert-signature> </rhn-cert>
Activate:
# rhn-satellite-activate --rhn-cert /usr/share/spacewalk/setup/spacewalk-public.cert --disconnected Pushing scout configs to all monitoring scouts
References
http://kernelmanic.com/?p=1
https://www.redhat.com/archives/spacewalk-list/2014-December/msg00034.html
Thanks, saved my day.
how to get new certificate
Thanks for your question, I’ll update the article with the new certificate once I have it.
So, it means we need to wait for the certificate to come at https://raw.githubusercontent.com/spacewalkproject/spacewalk/master/branding/setup/spacewalk-public.cert
Yes, the maintainer of the software has to update the certificate. This happens every 3 years or so. There is a bug report created for this issue.
You can wait for an updated certificate to be released, or if you’re in a rush, you can use your GPG key to sign a modified
spacewalk-public.cert
.Thanks for keeping us operational!
I will keep walking back to this link to confirm when a new key has shown up for download!
No worries, you’re welcome.
I need to spacewalk-public.cert
Less two days for end.
I’ve updated the article.
Can you help me?
I do all like in
https://github.com/spacewalkproject/spacewalk/wiki/Refreshing-certificate
but have error:
rhn-satellite-activate –disconnected –rhn-cert=spacewalk-public.cert
ERROR: unhandled exception occurred:
Traceback (most recent call last):
File “/usr/bin/rhn-satellite-activate”, line 42, in
sys.exit(abs(mod.main() or 0))
File “/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/rhn_satellite _activate.py”, line 576, in main
date = expiredYN(options.rhn_cert)
File “/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/rhn_satellite _activate.py”, line 444, in expiredYN
expires = time.mktime(time.strptime(sc.expires, sc.datesFormat_cert))-time.t imezone
OverflowError: mktime argument out of range
Which version of Spacewalk?
Spacewalk version 2.2
CentOS 6.6
Oh, I don’t have such old version of Spacewalk to test with I’m afraid.
The error that you posted suggests a problem related to the expiration year of the certificate, which is set to 2100. This value might exceed some sort of a limit.
How you think, if I update Spacewalk to 2.5, it’s solve the problem with certificate?
According to bugzilla, that should fix the problem for you.
Shutdown SW service before update the database schema “/usr/sbin/spacewalk-service stop”
Modified “spacewalk.repo” to “2.6” and run “yum update”
Once new packages are successfully loaded, run below commands:
“systemctl daemon-reload”
“spacewalk-setup –external-postgresql –upgrade”
“/usr/bin/spacewalk-schema-upgrade”
You should be good if you will get below output :)
The database schema was upgraded to version [spacewalk-schema-2.6.17-1.el7].
Thanks for CentOS 7 instructions.
Hi,
I am getting the same certificate expired error. I have Spacewalk 2.6 version. How to get the certificate for Spacewalk 2.6.
Day 5 of 24 before Spacewalk becomes a brick. Should I become concerned and start giving RH people calls about this?
If you have RH support, then give them a call.
Oh, just to explain why I need to continue using certs – The environment that I currently support is running version 2.1….
So, unless you have a terrific way of going from 2.1 to a current, and very stable release, I’ll be staying put for a while.
:) Thanks for the help, both here and on bugzilla.redhat.com!!!
Spacewalk 2.1 is a really old version… This is just my experience, but I didn’t have problems upgrading Spacewalk 2.2 to 2.7 (over time as releases became available). I then moved to Katello.
Could some one has a idea is there a change spacewalk will create new certificate ? or do we good to go with spacewalk-public.cert . Please advice. thanks
Samsir
Spacewalk 2.5 (and higher) doesn’t use the entitlement certificate anymore, therefore I don’t think a new one will be created.