Registred accidentally server hosting Satellite on himself Satellite
Hi,
We accidentally registered our RHEL (6.4) to himself (Satellite 5.5) after that we got errors with satellite-sync that we resolved weeks ago (restoring certificate backup) and deleted the system on our Satellite.
Our Satellite(isnt proxy) is pushing updates/channels from another Satellite (master) and I dont know if the RHEL himself was registred on master Satellite or RHN directly.
The CLI from rhn_register show that system is already registered and on field "Login:" our login to access.redhat.com
Now I noticed that the RHEL(6.4) himself isnt receiving updates, I restored (suspicous) /etc/sysconfig/rhn/systemid and made changes to /etc/sysconfig/rhn/up2date, line serverURL= was blank (added https://xmlrpc.rhn.redhat.com/XMLRPC).
Now I got error with yum update.
yum update -v
Loading "rhnplugin" plugin
Not loading "product-id" plugin, as it is disabled
Loading "security" plugin
Not loading "subscription-manager" plugin, as it is disabled
Config time: 0.053
The SSL certificate failed verification.
#
How can I recover from this?
Responses
First off: I ABSOLUTELY recommend opening a case with Red Hat.
That said, I imagine you could run rhnreg_ks to clean up this mess. You will then have an orphaned system at RHN that will be obvious. You will either have to delete that old registered system or unentitle the Satellite from that orphaned system. I believe the rhnreg_ks command will re-import the GPG key and cert or you will have to do that manually.
I suspect that when you registered your Satellite system (to itself), it pulled down new GPG keys from the Satellite system, which are now not valid. I believe you likely could re-import them using the data found here
https://access.redhat.com/site/security/team/key
Again - RH support is absolutely your best option as I am fairly certain that your Satellite is as important to you as mine is to me ;-)
Please update the thread with the direction you go and the results.
On a side note, one of the first lines in my bootstrap.sh file is to check for hostname and BAIL if the hostname resembles my Satellite's hostname. (I also use the hostname to decide what activation key to use - so, checking for the WRONG hostname was simple).
If I was in your shoes (and waiting on Red Hat)
using 2 days for example:
find /etc/ -mtime -2
rpm -qa | grep -i gpg
yum history list
Depending on what went down, it likely either updated files via rpm or yum (or both).
Hi,
It might be possible that ssl certificate on satellite server is expired. You can try steps from bellow articles to get latest RHNS-CA-CERT
https://access.redhat.com/site/articles/369723
https://access.redhat.com/site/solutions/353033
If still issue persists please open case with Red Hat Technical Support with sosreport of the Red Hat Satellite server.
Regards,
Ashish
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
