Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

RHEL5 registration in RHN ("Red Hat Classic") on proxy protected network

News RHEL subscription management Recommended Books Recommended Links Installation CheckList Oracle Linux Registration Administration Migrating systems from RHN to RHNSM
Redhat Networking bash NTP configuration on RHEL Sendmail on RHEL LVM How to change IP address in RHEL Humor Etc

For RHN Red Hat Enterprise Linux 5 uses for registration new utility  rhn_register instead of old up2date . This application works with the yum-based RHN Hosted and RHN Satellite client called Package Updater (or pup) that replaces up2date. For more information about pup, refer to Chapter 3, Package Updater.

Latest version of RHEL 5 such as 5.11 can also use new registration system (I think the minimum is 5.8). That makes sense only of RHN registration system is completely screwed (which is true if you need anything else then basic patches) and can't provide the the functionality you need.  See Migrating systems from RHN to RHNSM

Red Hat Enterprise Linux 6 uses for registration utility  rhn_register, the same as RHEL5   This application works with the yum-based RHN Hosted and RHN Satellite client called Package Updater (or pup) that replaces up2date. For more information about pup, refer to Chapter 3, Package Updater.

The rhn_register  application normally runs as part of the firstboot  configuration process just after installation. The first time a newly-installed Red Hat Enterprise Linux 5 system is booted, firstboot  uses rhn_register  to register your system with RHN.

1. Before starting:

  1. Set system proxy and check Internet access to redhat.com (or oracle.com) using firefox
  2. Set proxy in /etc/sysconfig/rhn/up2date
  3. If possible make access to redhat.com passwordless in your proxy configuration.

For example:

enableProxy[comment]=Use a HTTP Proxy
	enableProxy=1 
httpProxy[comment]=HTTP proxy in host:port format, e.g. squid.redhat.com:3128 
	httpProxy=www-proxy.your-corp.com:8081

After that you can run rhn_register (Oracle Linux users should run up2date -- register instead, Oracle Linux Registration). You can execute the command rhn_register  from the command line as root.

2. Use GUI version not text version of rhn_register. For example:

export DISPLAY=10.194.154.73:0
rhn_register &

Use your main Red Hat network ID, not email address. Provide password.

TIP:

 If you have never registered, you can start rhn_register by selecting Applications (the main menu on the panel) ⇒ System Tools ⇒ Package Updater. (You will be asked to enter the root password.) The Package Updater, when run on a system that has not yet been registered, triggers rhn_register if there is no /etc/sysconfig/rhn/systemid file on the system.

If you have already registered before and /etc/sysconfig/rhn/systemid exists on the system, rhn_register first asks if you are sure that you would like to register again. Doing so may create a duplicate system profile in RHN Satellite. Consider using rhnreg_ks and activation keys to re-register a system without creating a duplicate entry.

Command-line version of rhn_register

There is also a command-line version of rhn_register that allows you to register your system for access to RHN or Satellite without a graphical desktop environment.  I do not recommend to use it unless you no other options.

Type rhn_register at a shell prompt. If you are on shell terminal window and want to run the non-graphical version, you must type rhn_register --nox to prevent opening the graphical client.


Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

rhn-troubleshooting

When a RHEL system is not getting updated:

0) If you get "Not Checking In" notices, that means RHN knows
about it so it must have had steps 1-4 done correctly at one
time.


1) Make sure you've added the recommended changes (or add if not there)
to /etc/sysconfig/rhn/up2date:

Change sslCACert=/usr/share/rhn/RHNS-CA-CERT
to sslCACert=/usr/share/rhn/RHNS-CORP-CA-CERT

Change serverURL=http://xmlrpc.rhn.redhat.com/XMLRPC
to serverURL=http://rhn.nacs.uci.edu/XMLRPC

Change serverURL=https://xmlrpc.rhn.redhat.com/XMLRPC
to serverURL=https://rhn.nacs.uci.edu/XMLRPC

2) Make sure you're system is registered
If a registration page keeps coming up, the registration
process failed. You should have seen an error message while
running update_up2date.

or, when you try to do an up2date, you get some text output
that looks like this:

34. httpProxy
35. headerCacheSize 40
36. noReboot No
Enter number of item to edit <return to exit, q to quit without saving>:

* Try registering again manually using:
/usr/sbin/rhnreg_ks --activationkey=

Watch for errors that indicate things like there are no more
available licenses.


3) If you get 'already registered' errors, use --force with rhnreg_ks
or rm /etc/sysconfig/rhn/systemid


4) Apply the following patches (i386 only - these are beta
release only - no patches for other platforms yet):

* save your /etc/sysconfig/rhn/up2date
* rpm -e --nodeps up2date up2date-gnome (this should save the above
file, but just in case)
* rpm -ivh http://rhn.nacs.uci.edu/pub/up2date-4.3.14-1.i386.rpm
* rpm -ivh http://rhn.nacs.uci.edu/pub/up2date-gnome-4.3.14-1.i386.rpm


5) Make sure rhnsd is running properly:
* chkconfig --level 345 rhnsd on
* service rhnsd start


6) If an update will modify a configuration file, up2date will
download the update but not apply it.
Config option is: noReplaceConfig

An example is httpd--the httpd.conf file would get moved aside
and replaced by one devoid of the system specific mods you
made.


7) Have your NACS RHN contact (Minh, Con, or me) make sure that
the host entry on rhn.redhat.com, under properties, is
checked to allow automatic updates.

8) If you get problems like this:

"The following packages on this system are out-of-date and
may be upgraded."

Filter by Latest Package:
1 - 3 of 3 (0 selected)
Select Latest Package Installed Package Related Errata
jaf-1.0.2-3jpp_2rh:0 jaf-20030319-1
javamail-1.3.1-1jpp_3rh:1 javamail-20031006-1
junit-3.8.1-3jpp_2rh:0 junit-3.8.1-1


halfdome-root) up2date --update --nox

Fetching Obsoletes list for channel: rhel-i386-as-3...

Fetching Obsoletes list for channel: rhel-i386-as-3-extras...

Fetching Obsoletes list for channel: rhel-i386-as-3-devsuite...

Fetching Obsoletes list for channel: rhel-3-as-i386-rhaps-beta...

Fetching rpm headers...

Name Version Rel
----------------------------------------------------------

All packages are currently up to date

Try this solution:
halfdome-root) rpm --rebuilddb
halfdome-root) up2date -p

If that doesn't work, try:
Delete the system registered on rhn.redhat.com
Delete /etc/sysconfig/rhn/systemid
Run the command: rhnreg_ks --activationkeys=KEY
where KEY is the activation key from NACS

9) Error message:
Unresolvable chain of dependencies:
samba 3.0.4-6.3E requires libpam.so.0

System had two versions of samba installed: i386 and x86_64


Fix (be careful about conf files--back them up):
rpm -e --nodeps --allmatches CONFLICTING-PACKAGE
up2date CONFLICTING-PACKAGE

(Submitted by Tri)


*************************** OTHER THINGS ***************************
To convert from md5 to unix crypt password hashes:

Edit /etc/pam.d/system-auth and remove md5 from line:
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5

Then convert all passwords from md5 to crypt--might be easiest to
just issue new ones since you md5 is a one-way algorithm.

----------------------------------------------------------------------
Building a kernel
http://dcs.nac.uci.edu/~strombrg/RHEL-kernel-build.html
(Submitted by Dan)

----------------------------------------------------------------------
Configuring software RAID
http://dcs.nac.uci.edu/~strombrg/RHEL-software-RAID.html
(Submitted by Dan)

----------------------------------------------------------------------
If a package was updated accidently or the package update
is broken, it is possible to roll back the update. You can
only rollback all rollbacks listed, though, so it should
probably be done soon after a broken package is found. A
subsequent

up2date --update

will re-install the most recent version again.

up2date --list-rollbacks # Show the rpm rollbacks available
up2date --undo # undo the last package set update

(can install a single package using rpm --nodigest --nosignature -i /var/spool/repackage/<package.rpm>)

An alternative to using up2date rollback is to manually remove the
new package and install the previous one:

rpm -e quota-3.10-4
rpm -i --nodigest --nosignature /var/spool/repackage/quota-3.09-1.x86_64.rpm


----------------------------------------------------------------------

Error:
rpmdb: Program version 4.2 doesn't match environment version
error: db4 error(22) from dbenv->open: Invalid argument
error: cannot open Packages index using db3 - Invalid argument (22)
error: cannot open Packages database in /var/lib/rpm
[...'


The fix is to run the following commands:
\rm /var/lib/rpm/__*
rpm --rebuilddb

----------------------------------------------------------------------

Error:
SSL.Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]

Try one of the following:

Fix 1:
Make sure there are enough licenses available
(check with Con, Minh, or Duncan)

Fix 2:
Make sure you have the current cert by removing old one and
installing new one:
rpm -e rhns-ca-cert-1.0-1
rpm -i http://rhn.nacs.uci.edu/pub/curcert.rpm

----------------------------------------------------------------------

Error: up2date is downloading packages then starts repeating a package
name, followed by a message like:
Server error, partial package content

Fix: cd /var/spool/up2date and rm <pkg-name>* then retry
(removes the rpm and .hdr file)

----------------------------------------------------------------------

Error: while up2dating you get an error regarding an rpm package that
looks like this:

kdelibs-3.3.1-3.3.i386.rpm: ########################## Done.
########################## Done.
The package kdelibs-3.3.1-3.3 does not have a valid GPG signature.
It has been tampered with or corrupted. Aborting...

************ GPG VERIFICATION ERROR ****************
The package kdelibs-3.3.1-3.3 failed its gpg signature verification. This
means the package is corrupt.
****************************************************


Fix:
1) rm /var/spool/up2date/*
2) rerun /usr/sbin/up2date -u (or -uf)

----------------------------------------------------------------------

During an up2date, you get the following message:
Testing package set / solving RPM inter-dependencies...
Segmentation fault

Try this fix:

\rm /var/spool/up2date/*
\rm /var/lib/rpm/__*
rpm --rebuilddb

then re-run up2date

----------------------------------------------------------------------

When trying to update, get this error:

error: Can't create transaction lock

Try this:

rmdir /var/lock/rpm/transaction

----------------------------------------------------------------------

Error:
There was a fatal RPM install error. The message was:
There was a rpm unpack error installing the package: httpd-2.0.46-46.2.ent


Problem could be with links versus directories. To get more info,
rpm the package manually using:

rpm -Uvh /var/spool/up2date/<package-name>.rpm

Error messages should help resolve the problem.

----------------------------------------------------------------------

Problem with corrupt packages cached on client or proxy server
On client:
\rm /var/spool/up2date/*
\rm /var/lib/rpm/__*
rpm --rebuilddb

Then re-run up2date. If it fails, try below and then repeat
client steps


On RHN Proxy server:
A complete rebuild of squid cache will be necessary.

service rhn-proxy stop
rm -fr /var/spool/squid
mkdir /var/spool/squid
chown squid /var/spool/squid
squid -z
service rhn-proxy start

----------------------------------------------------------------------
Problem is packages won't install.

Error messages:
rpm -Uvh httpd-2.0.52-12.2.ent.i386.rpm --nodeps
Preparing... ########################################### [100%]
error: %pre(httpd-2.0.52-12.2.ent.i386) scriptlet failed, exit status 255
error: install: %pre scriptlet failed (2), skipping httpd-2.0.52-12.2.ent


Solution, edit /etc/selinux/config and set

SELINUX=disabled

permissive is not good enough, despite what the docs say


----------------------------------------------------------------------
Problem: can't update packages because system is confused about library
versions.

Testing package set / solving RPM inter-dependencies...
There was a package dependency problem. The message was:

Unresolvable chain of dependencies:
openldap 2.0.27-20 requires libsasl.so.7

[root@bgcluster01 root]# rpm -qa | grep openldap
openldap-2.0.27-17
openldap-2.0.27-17
openldap-devel-2.0.27-17
openldap-clients-2.0.27-17

Cause is usually i386 and x86_64 channels were both used to install
package but not all libs so the i386 libs appear missing when up2date
is trying to update the two versions.


Fix:
rpm -e openldap-* --nodeps
/usr/sbin/up2date --install openldap


Then run up2date -uf again.


----------------------------------------------------------------------
Problem:
up2date says updates needed but won't install because already installed.
Error messages:
RPM package conflict error. The message was:
Test install failed because of package conflicts:
package seamonkey-1.0.2-0.1.0.EL3 is already installed

Cause:
RHEL gets confused when there are 32- and 64-bit versions needed.

Solution:
1) see what is currently installed:
rpm -q --queryformat="%{n}-%{v}-%{r}.%{arch}\n" seamonkey

seamonkey-1.0.2-0.1.0.EL3.x86_64

2) Install the other version:
/usr/sbin/up2date -u seamonkey --arch=i386


----------------------------------------------------------------------
Problem:
/usr/sbin/up2date --list
Traceback (most recent call last):
File "/usr/sbin/up2date", line 11, in ?
import rpm
ImportError: libelf.so.1: cannot open shared object file: No such file
or directory

Solution:
Download to /tmp: http://rhn.nacs.uci.edu/rhn/elfutils-libelf-686.tgz
unzip and untar and copy /tmp/usr/lib/* /usr/lib
----------------------------------------------------------------------
Problem:
/usr/sbin/up2date --list
RPM error. The message was:
Could not determine what version of Red Hat Linux you are running.
If you get this error, try running

rpm --rebuilddb

Solution:
You will need to either download the redhat-release package for your
system from the Red Hat Network (RHN) or if the RPM package is
available install it from the /var/spool/up2date directory with the
command:

# rpm -Uvh /var/spool/up2date/redhat-release*.rpm

If you have rollbacks, you can try:
rpm --nodeps --nomd5 --nodigest --nosignature -Uvh /var/spool/repackage/redhat-release-4AS-4.1.i386.rpm


----------------------------------------------------------------------
PROBLEM: 404 Error when trying to update packages on RHEL 5

ERROR:

Error Downloading Packages: <package>:failed to retrieve getPackage/<package> rom rhel-x86_64-server-5
error was [Errno 14] HTTP Error 404: Not Found

SOLUTION:

# rm -rf /var/cache/yum/*

----------------------------------------------------------------------
PROBLEM: up2date cert conflicts with rhn cert
or: rhn-ca-cert conflicts with up2date cert

SOLUTION:
cd /usr/share/rhn
cp RHNS-CA-CERT RHNS-CA-CERT.up2date
rpm -Uvh --force http://rhn.nacs.uci.edu/pub/curcert.rpm
mv RHNS-CA-CERT RHNS-UCI-CA-CERT
mv RHNS-CA-CERT.up2date RHNS-CA-CERT
vi /etc/sysconfig/rhn/up2date
change RHNS-CA-CERT to RHNS-UCI-CA-CERT

Recommended Links

Red Hat Network - About RHN - Client Configuration

Configuration



Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March 12, 2019