diff --git a/README.md b/README.md index c26a80619f8ebfe04c1deb1cc5a8738d2af7163e..0a42ec0b21549eb83bc6c947e1f791223433a2d2 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,42 @@ GPG key to [gpgkeys](gpgkeys/) and any specific configuration to [prod.repos.yam This last part is probably not needed. If you're adding a redhat repo, you probably also need the SSL client certificate. + 1. Download the certificates, if necessary (see below) 1. Add the certificate to Teigi: `tbag set --hg lxsoft/adm 8a85f983598e8558015993b62b96699e.pem --file 8a85f983598e8558015993b62b96699e.pem` - 2. List the new certificate in `manifests/adm.pp` for the lxsoft machines. - 3. Make sure your new repo files in [prod.repos.yaml](prod.repos.yaml) list the new certificate. + 1. List the new certificate in `manifests/adm.pp` for the lxsoft machines. + 1. Make sure your new repo files in [prod.repos.yaml](prod.repos.yaml) list the new certificate. + +# Downloading Redhat certificates + +Certs for linuxsoft-mirror system registered on [RHN](https://access.redhat.com/management/systems/b4ec8c2d-3eae-4ae0-b8fa-ec6d8a08ce9f/subscriptions) + +``` +8a85f9845993af3f015993b34c3f0210 - 2017-01-01 - 2020-01-01 Red Hat Enterprise Linux Server, Self-support (1-2 sockets) (Up to 1 guest) +8a85f983598e8558015993b62b96699e - 2017-01-01 - 2020-01-01 Extended Update Support +8a85f9875993915c015993b8460b1956 - 2017-01-01 - 2020-01-01 Red Hat Enterprise Linux Developer Suite +8a85f983598e8558015993be99386c0f - 2017-01-01 - 2020-01-01 Red Hat JBoss A-MQ, 64-Core Standard +8a85f9825cc471b3015cc47ecc80054c - 2017-06-20 - 2020-01-01 Red Hat Virtualization (2-sockets), Premium +8a85f983598e8558015993c40f836ef2 - 2017-01-01 - 2020-01-01 Red Hat Enterprise MRG Realtime, Standard (1-2 sockets) +8a85f9875b339bfe015b33aaa17019fc - 2017-04-03 - 2020-01-01 Red Hat Enterprise Linux Extended Life Cycle Support (Physical or Virtual Nodes) +``` + +Note: with each new/changed subscription we have to add/remove subscription for linuxsoft-mirror +on RHN and use freshly regenerated cert .. seems to be necessary also in case of new product +versions which appeared after the orig. cert was generated + +removed/replaced certs: + +``` +8a85f98159926149015993c2a4ed781a - 2017-01-01 - 2020-06-20 Red Hat Virtualization (2-sockets), Premium +8a85f983598e8558015993be99386c0f - replaced 2018-02-27 for RH-SSO 7.2 +``` + +## Procedure (Update 2018/04): + +1. Download the zip with all certificates +1. Rename them to the subject (be careful, the following may need to be adapted as Subject format may change) +```bash +for i in `ls *.pem`; do NAME=`openssl x509 -in $i -text | grep -i "Subject:" | sed 's/.*CN *= *\([a-z0-9]\{32\}\).*/\1/'`; mv $i $NAME.pem; done +``` +1. Proceed with steps above. diff --git a/prod.repos.d/redhat-7-ev-x86_64.repo b/prod.repos.d/redhat-7-ev-x86_64.repo index 0e316280cde0b8b9d5ece3e15cfd5bb71fc1f66f..77db23489695666ba2e1c959b203f3566da974bb 100644 --- a/prod.repos.d/redhat-7-ev-x86_64.repo +++ b/prod.repos.d/redhat-7-ev-x86_64.repo @@ -10,8 +10,8 @@ baseurl = https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhevh name = Red Hat Enterprise Virtualization Hypervisor 7 (RPMs) sslclientcert = /certs/8a85f9825cc471b3015cc47ecc80054c.pem sslcacert = /certs/redhat-uep.pem - enabled = 1 + [rhel-7-server-x86_64-rhevh-debug-rpms] baseurl = https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhevh/debug name = Red Hat Enterprise Virtualization Hypervisor 7 (Debug RPMs) @@ -186,3 +186,24 @@ baseurl = https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhvh/ sslclientcert = /certs/8a85f9825cc471b3015cc47ecc80054c.pem sslcacert = /certs/redhat-uep.pem enabled = 1 + +[rhel-7-server-rhv-4.2-manager-rpms] +name = Red Hat Virtualization Manager v4.2 (RHEL 7 Server) (RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhv-manager/4.2/os +sslclientcert = /certs/8a85f9825cc471b3015cc47ecc80054c.pem +sslcacert = /certs/redhat-uep.pem +enabled = 1 + +[rhel-7-server-rhv-4-manager-tools-rpms] +name = Red Hat Virtualization Manager 4 Tools (RHEL 7 Server) (RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhv-manager-tools/4/os +sslclientcert = /certs/8a85f9825cc471b3015cc47ecc80054c.pem +sslcacert = /certs/redhat-uep.pem +enabled = 1 + +[rhel-7-server-ansible-2-rpms] +name = Red Hat Ansible Engine 2 RPMs for Red Hat Enterprise Linux 7 Server +baseurl = https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/ansible/2/os +sslclientcert = /certs/8a85f9825cc471b3015cc47ecc80054c.pem +sslcacert = /certs/redhat-uep.pem +enabled = 1 diff --git a/reposync/runreposync.sh b/reposync/runreposync.sh index 97861efa1dbce4825613f8a5ebe93d94d2636361..51d4e5b2a541297f6d2272128c3022d743c064f4 100755 --- a/reposync/runreposync.sh +++ b/reposync/runreposync.sh @@ -153,7 +153,7 @@ for rpm in ${CHANGELIST}; do EOF done -CHANGECOUNT=`echo "${CHANGELIST}" | wc -l | awk '{print $1}'` +CHANGECOUNT=$((POSTCOUNT-PRECOUNT)) cat << EOF | log "message_type": "result",