From 69983b0362a3484481755ad309f964a924281039 Mon Sep 17 00:00:00 2001 From: Alex Iribarren <Alex.Iribarren@cern.ch> Date: Mon, 10 Dec 2018 14:04:47 +0100 Subject: [PATCH 1/4] Add docs on how to download certs --- README.md | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c26a806..2abb70e 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,38 @@ GPG key to [gpgkeys](gpgkeys/) and any specific configuration to [prod.repos.yam This last part is probably not needed. If you're adding a redhat repo, you probably also need the SSL client certificate. + 1. Download the certificates, if necessary (see below) 1. Add the certificate to Teigi: `tbag set --hg lxsoft/adm 8a85f983598e8558015993b62b96699e.pem --file 8a85f983598e8558015993b62b96699e.pem` - 2. List the new certificate in `manifests/adm.pp` for the lxsoft machines. - 3. Make sure your new repo files in [prod.repos.yaml](prod.repos.yaml) list the new certificate. + 1. List the new certificate in `manifests/adm.pp` for the lxsoft machines. + 1. Make sure your new repo files in [prod.repos.yaml](prod.repos.yaml) list the new certificate. + + +# Downloading Redhat certificates + +Certs for linuxsoft-mirror system registered on [RHN](https://access.redhat.com/management/systems/b4ec8c2d-3eae-4ae0-b8fa-ec6d8a08ce9f/subscriptions) + +8a85f9845993af3f015993b34c3f0210 - 2017-01-01 - 2020-01-01 Red Hat Enterprise Linux Server, Self-support (1-2 sockets) (Up to 1 guest) +8a85f983598e8558015993b62b96699e - 2017-01-01 - 2020-01-01 Extended Update Support +8a85f9875993915c015993b8460b1956 - 2017-01-01 - 2020-01-01 Red Hat Enterprise Linux Developer Suite +8a85f983598e8558015993be99386c0f - 2017-01-01 - 2020-01-01 Red Hat JBoss A-MQ, 64-Core Standard +8a85f9825cc471b3015cc47ecc80054c - 2017-06-20 - 2020-01-01 Red Hat Virtualization (2-sockets), Premium +8a85f983598e8558015993c40f836ef2 - 2017-01-01 - 2020-01-01 Red Hat Enterprise MRG Realtime, Standard (1-2 sockets) +8a85f9875b339bfe015b33aaa17019fc - 2017-04-03 - 2020-01-01 Red Hat Enterprise Linux Extended Life Cycle Support (Physical or Virtual Nodes) + +Note: with each new/changed subscription we have to add/remove subscription for linuxsoft-mirror +on RHN and use freshly regenerated cert .. seems to be necessary also in case of new product +versions which appeared after the orig. cert was generated + +removed/replaced certs: + +8a85f98159926149015993c2a4ed781a - 2017-01-01 - 2020-06-20 Red Hat Virtualization (2-sockets), Premium +8a85f983598e8558015993be99386c0f - replaced 2018-02-27 for RH-SSO 7.2 + +## Procedure (Update 2018/04): + +1. Download the zip with all certificates +1. Rename them to the subject (be careful, the following may need to be adapted as Subject format may change) +```bash +for i in `ls *.pem`; do NAME=`openssl x509 -in $i -text | grep -i "Subject:" | sed 's/.*CN *= *\([a-z0-9]\{32\}\).*/\1/'`; mv $i $NAME.pem; done +``` -- GitLab From 36ad85e5a8e94d4f9bfdef984b168e1487861a0b Mon Sep 17 00:00:00 2001 From: Alex Iribarren <Alex.Iribarren@cern.ch> Date: Mon, 10 Dec 2018 14:23:17 +0100 Subject: [PATCH 2/4] Just do the math --- reposync/runreposync.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reposync/runreposync.sh b/reposync/runreposync.sh index 97861ef..51d4e5b 100755 --- a/reposync/runreposync.sh +++ b/reposync/runreposync.sh @@ -153,7 +153,7 @@ for rpm in ${CHANGELIST}; do EOF done -CHANGECOUNT=`echo "${CHANGELIST}" | wc -l | awk '{print $1}'` +CHANGECOUNT=$((POSTCOUNT-PRECOUNT)) cat << EOF | log "message_type": "result", -- GitLab From ca89a5a22addc50b2804975cddf7f92dbbfa2fc2 Mon Sep 17 00:00:00 2001 From: Alex Iribarren <Alex.Iribarren@cern.ch> Date: Mon, 10 Dec 2018 16:39:31 +0100 Subject: [PATCH 3/4] Added rhel-7-server-{rhv-4.2-manager,manager-tools,ansible-2}-rpms --- prod.repos.d/redhat-7-ev-x86_64.repo | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/prod.repos.d/redhat-7-ev-x86_64.repo b/prod.repos.d/redhat-7-ev-x86_64.repo index 0e31628..77db234 100644 --- a/prod.repos.d/redhat-7-ev-x86_64.repo +++ b/prod.repos.d/redhat-7-ev-x86_64.repo @@ -10,8 +10,8 @@ baseurl = https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhevh name = Red Hat Enterprise Virtualization Hypervisor 7 (RPMs) sslclientcert = /certs/8a85f9825cc471b3015cc47ecc80054c.pem sslcacert = /certs/redhat-uep.pem - enabled = 1 + [rhel-7-server-x86_64-rhevh-debug-rpms] baseurl = https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhevh/debug name = Red Hat Enterprise Virtualization Hypervisor 7 (Debug RPMs) @@ -186,3 +186,24 @@ baseurl = https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhvh/ sslclientcert = /certs/8a85f9825cc471b3015cc47ecc80054c.pem sslcacert = /certs/redhat-uep.pem enabled = 1 + +[rhel-7-server-rhv-4.2-manager-rpms] +name = Red Hat Virtualization Manager v4.2 (RHEL 7 Server) (RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhv-manager/4.2/os +sslclientcert = /certs/8a85f9825cc471b3015cc47ecc80054c.pem +sslcacert = /certs/redhat-uep.pem +enabled = 1 + +[rhel-7-server-rhv-4-manager-tools-rpms] +name = Red Hat Virtualization Manager 4 Tools (RHEL 7 Server) (RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhv-manager-tools/4/os +sslclientcert = /certs/8a85f9825cc471b3015cc47ecc80054c.pem +sslcacert = /certs/redhat-uep.pem +enabled = 1 + +[rhel-7-server-ansible-2-rpms] +name = Red Hat Ansible Engine 2 RPMs for Red Hat Enterprise Linux 7 Server +baseurl = https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/ansible/2/os +sslclientcert = /certs/8a85f9825cc471b3015cc47ecc80054c.pem +sslcacert = /certs/redhat-uep.pem +enabled = 1 -- GitLab From b19c7e0c71674bdc4b0b189944336230d0e6a83f Mon Sep 17 00:00:00 2001 From: Alex Iribarren <Alex.Iribarren@cern.ch> Date: Mon, 10 Dec 2018 16:43:26 +0100 Subject: [PATCH 4/4] Try to improve the formatting --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2abb70e..0a42ec0 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ If you're adding a redhat repo, you probably also need the SSL client certificat Certs for linuxsoft-mirror system registered on [RHN](https://access.redhat.com/management/systems/b4ec8c2d-3eae-4ae0-b8fa-ec6d8a08ce9f/subscriptions) +``` 8a85f9845993af3f015993b34c3f0210 - 2017-01-01 - 2020-01-01 Red Hat Enterprise Linux Server, Self-support (1-2 sockets) (Up to 1 guest) 8a85f983598e8558015993b62b96699e - 2017-01-01 - 2020-01-01 Extended Update Support 8a85f9875993915c015993b8460b1956 - 2017-01-01 - 2020-01-01 Red Hat Enterprise Linux Developer Suite @@ -22,6 +23,7 @@ Certs for linuxsoft-mirror system registered on [RHN](https://access.redhat.com/ 8a85f9825cc471b3015cc47ecc80054c - 2017-06-20 - 2020-01-01 Red Hat Virtualization (2-sockets), Premium 8a85f983598e8558015993c40f836ef2 - 2017-01-01 - 2020-01-01 Red Hat Enterprise MRG Realtime, Standard (1-2 sockets) 8a85f9875b339bfe015b33aaa17019fc - 2017-04-03 - 2020-01-01 Red Hat Enterprise Linux Extended Life Cycle Support (Physical or Virtual Nodes) +``` Note: with each new/changed subscription we have to add/remove subscription for linuxsoft-mirror on RHN and use freshly regenerated cert .. seems to be necessary also in case of new product @@ -29,8 +31,10 @@ versions which appeared after the orig. cert was generated removed/replaced certs: +``` 8a85f98159926149015993c2a4ed781a - 2017-01-01 - 2020-06-20 Red Hat Virtualization (2-sockets), Premium 8a85f983598e8558015993be99386c0f - replaced 2018-02-27 for RH-SSO 7.2 +``` ## Procedure (Update 2018/04): @@ -39,4 +43,4 @@ removed/replaced certs: ```bash for i in `ls *.pem`; do NAME=`openssl x509 -in $i -text | grep -i "Subject:" | sed 's/.*CN *= *\([a-z0-9]\{32\}\).*/\1/'`; mv $i $NAME.pem; done ``` - +1. Proceed with steps above. -- GitLab