Red Hat Bugzilla – Bug 112541
Cactus complains about the rhn-org-trusted-ssl-cert package before kickstarting
Last modified: 2005-10-31 17:00:50 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031030 Description of problem: Hi! When scheduling a kickstart via web frontend Cactus complains about the package rhn-org-trusted-ssl-cert-1.0-1 when choosing "With System Profile" of the server which should be kickstarted. After choosing "Do not synch package profile" I'm able to proceed the schedule of the kickstart. It seems that I have to build an extra channel for this cert package. Is this correct? Best regards, cos Version-Release number of selected component (if applicable): rhn-base-2.9.99-21 How reproducible: Always Steps to Reproduce: 1. Try to schedule a kickstart. Actual Results: "Missing package" (certs) Expected Results: A smart way to put the needed package into the kickstart profile without defining an extra channel for it (if this is the solution). Additional info:
Created attachment 96668 [details] Missing package dialog
We now solve for this case in the web UI by allowing the user to ignore the offending package. What we really need, however, is to do one of two things: (a) Put the SSL package into a channel; or (b) Document the bootstrap script explaining the need to put the RPM in a channel. Since (a) is impossible in many cases, the next best thing is to do (b). Todd, please document these issues in the body of the bootstrap script itself.
NOTE: the two fixed (currently) package names for the CA Certificate RPMs are: old: rhns-ca-cert-VER-REL.noarch.rpm new: rhn-org-trusted-ssl-cert-VER-REL.noarch.rpm
This was added to the bootstrap script. It is NOT outputed to the screen. Review please!!! """ # # PROVISIONING/KICKSTART NOTE: # A client, in order to be properly provisioned with operational SSL needs to # have the SSL CA Cert installed. In order to do this, the package, # rhn-org-trusted-ssl-cert-<version>-<release).noarch.rpm, will need to be # imported into a child channel of the pertinent base operating system # channel. This child channel needs to also be accessible to the client. # """
Back to rnorwood to do his "skip those packages" magic.
The "skip those packages" magic turns out to not be feasible for rhn310 - created bug #113511 to explain why and track this issue. Moving this bug into on_dev to test the 'remove packages' sync feature for kickstarts.
punting to joe because he has the sat knowledge for this.
Looks good.