Thursday, September 29, 2016

How to rename your Spacewalk Server

This will also fix an error message if you are getting a certificate name error from your spacewalk clients.  This will cause the repos to show 0 packages even though spacewalk reports there are 1,000s of packages in the repo.  Other error messages "The SSL certificate failed verification."

On your spacewalk server you can check the cert:

openssl verify -CAfile /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT /etc/pki/spacewalk/jabberd/server.pem

You can also verify if your server name matches the certificate name by running the spacewalk rename script.

Before running the command, you need to install the spacewalk-utils

yum spacewalk-utils

spacewalk-hostname-rename x.x.x.x

The Xs are your servers IP.  It'll tell you the name it is reading.  Compare that to the file in /root/ssl-build/rhn-ca-openssl.cnf.  You are looking for cn=.

Now assuming that names don't match or you want to change your server name:

RHEL 7
hostnamectl set-hostname newservername

RHEL6
hostname newname

vim /etc/sysconfig/network

Now verify the new name is working

hostname

Now we need to create new certs.

rhn-ssl-tool --gen-ca --force

rhn-ssl-tool --gen-server

Now you need to install the new certs.

rpm -ivh --force ~/ssl-build/spacewalk/rhn-org-httpd-ssl-key-pair-spacewalk-1.0-2.noarch.rpm

Copy the new files to the apache folder so the clients can access it

cp ~/ssl-build/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm /var/www/html/pub/

chown apache /var/www/html/pub/rhn-*

Note:  The rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm changed on me.  The original was 1.0-1.

Now even though it's showing everything is right the spacewalk rename tool won't work until you reboot.  So reboot and then run:

spacewalk-hostname-rename x.x.x.x

Then do like you would normally:

rpm -Uvh http://servername.domain.com/pub/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm --force

Note: Notice that I added the --force argument

rhnreg_ks --serverUrl=https://servername.domain.com/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-activationkeyname

Note: If the system is already registered, you must add --force to the rhnreg_ks command.

ShareThis