@@ -6,61 +6,71 @@ This last part is probably not needed.
If you're adding a redhat repo, you probably also need the SSL client certificate.
1. Download the certificates, if necessary (see below)
1. Add the certificate to Teigi: `tbag set --hg lxsoft/adm 8a85f983598e8558015993b62b96699e.pem --file 8a85f983598e8558015993b62b96699e.pem`
1. List the new certificate in `manifests/adm.pp` for the lxsoft machines.
1. Add the certificate to Teigi: `tbag set --hg lxsoft/adm 4542809831846091597.pem --file 4542809831846091597.pem`
1. List the new certificate in `manifests/adm.pp` for the lxsoft machines (`cluster_adm` branch).
1. Make sure your new repo files in [prod.repos.yaml](prod.repos.yaml) list the new certificate. You can use something like this to figure out which certificates belong to with repos:
(execute on an ADM node with the certificates)
```
```bash
for i in`ls /etc/cdn.redhat.com/*.pem`;do printf"$i returned http_code: "; curl -k-E$i https://cdn.redhat.com/content/dist/rhel/server/7/7.5/x86_64/os/repodata/ --write-out %{http_code}--silent--output /dev/null;printf"\n";done
```
## linuxsoft.cern.ch paths
By default all repos will be mirrored under <https://linuxsoft.cern.ch/mirror/>
You can control the path with `prod.repos.yaml` file, by using `pathroot` as in:
```yaml
redhat-8-ev-x86_64.repo:
pathroot:''
```
This will make mirrors start on <https://linuxsoft.cern.ch/> instead.
PS: Be aware RH repos are blocked unless you belong to certain LANDB sets: <https://linuxops.web.cern.ch/support/redhat/#landb-sets>
# Downloading Redhat certificates
Certs for linuxsoft-mirror system registered on [RHN](https://access.redhat.com/management/systems/b4ec8c2d-3eae-4ae0-b8fa-ec6d8a08ce9f/subscriptions)
These are the certs used as of 04/12/2020, you can use the following command to determine what certificate maps to which entitlement:
```
8a85f9845993af3f015993b34c3f0210 - 2017-01-01 - 2020-01-01 Red Hat Enterprise Linux Server, Self-support (1-2 sockets) (Up to 1 guest)
8a85f983598e8558015993b62b96699e - 2017-01-01 - 2020-01-01 Extended Update Support
8a85f9875993915c015993b8460b1956 - 2017-01-01 - 2020-01-01 Red Hat Enterprise Linux Developer Suite
8a85f983598e8558015993be99386c0f - 2017-01-01 - 2020-01-01 Red Hat JBoss A-MQ, 64-Core Standard
8a85f9825cc471b3015cc47ecc80054c - 2017-06-20 - 2020-01-01 Red Hat Virtualization (2-sockets), Premium
8a85f983598e8558015993c40f836ef2 - 2017-01-01 - 2020-01-01 Red Hat Enterprise MRG Realtime, Standard (1-2 sockets)
8a85f9875b339bfe015b33aaa17019fc - 2017-04-03 - 2020-01-01 Red Hat Enterprise Linux Extended Life Cycle Support (Physical or Virtual Nodes)
[root@lxsoftadm28 ~]# for i in /etc/cdn.redhat.com/*pem; do echo -n "$i: "; subscription-manager import --certificate $i >/dev/null; subscription-manager list --consumed |grep "Subscription Name" | cut -d: -f2; subscription-manager remove --all >/dev/null; done
/etc/cdn.redhat.com/195140964651792852.pem: Red Hat Enterprise Linux for Real Time, Premium (Physical Node)
/etc/cdn.redhat.com/3788516405494545882.pem: Red Hat Enterprise Linux Developer Suite
/etc/cdn.redhat.com/4542809831846091597.pem: Red Hat Virtualization (2-sockets), Premium
```
Note: with each new/changed subscription we have to add/remove subscription for linuxsoft-mirror
on RHN and use freshly regenerated cert .. seems to be necessary also in case of new product
versions which appeared after the orig. cert was generated
# RedHat repos
removed/replaced certs:
Figuring out which RedHat repos to sync is not obvious as paths change between versions (i.e. RHEL7 use different repo URLs than RHEL8).
```
8a85f98159926149015993c2a4ed781a - 2017-01-01 - 2020-06-20 Red Hat Virtualization (2-sockets), Premium
8a85f983598e8558015993be99386c0f - replaced 2018-02-27 for RH-SSO 7.2
d0ef2de33635419fbf7467a54ba485c9 - replaced 2019-08-16 for Extended Update Support
```
You could always spawn a new RHELX machine and follow these steps:
You can use the following command to determine what certificate maps to which entitlement:
* Share the RH image with the tenant you want
```
# for i in *pem; do echo -n "$i: "; subscription-manager import --certificate $i >/dev/null; subscription-manager list --consumed |grep "Subscription Name" | cut -d: -f2; subscription-manager remove --all >/dev/null; done
8a85f9825cc471b3015cc47ecc80054c.pem: Red Hat Virtualization (2-sockets), Premium
8a85f983598e8558015993be99386c0f.pem: Red Hat AMQ, Standard (64 Cores)
8a85f983598e8558015993c40f836ef2.pem: Red Hat Enterprise MRG Realtime, Standard (1-2 sockets)
8a85f9845993af3f015993b34c3f0210.pem: Red Hat Enterprise Linux Server, Self-support (1-2 sockets) (Up to 1 guest)
8a85f9875993915c015993b8460b1956.pem: Red Hat Enterprise Linux Developer Suite
8a85f9875b339bfe015b33aaa17019fc.pem: Red Hat Enterprise Linux Extended Life Cycle Support (Physical or Virtual Nodes)
97a00645e90241a495c87c71cab7258f.pem: Red Hat Virtualization Manager
d0ef2de33635419fbf7467a54ba485c9.pem: Extended Update Support
#
eval $(ai-rc 'IT Linux Support - CI VMs')
openstack image list | grep RHEL ## To see all available images