 |
|
Unbreakable Linux Network - FAQ (Last Updated Dec 12, 2016) |
▶ How to update ULN-CA-CERT?
As of the end of 2016, many SSL certificate vendors are phasing out support for SHA-1 type CA certificates in favor of certificates which are generated using the SHA-2 algorithm. This is being done in conjunction with many major web browser companies which are requiring that sites phase out the SHA-1 certificates. In accordance with these mandates, Oracle is phasing out the use of SHA-1 certificates across all of its infrastructure.
Due to the nature of how Oracle Linux systems connect to Unbreakable Linux Network (ULN), this change to the SSL certificates used by the Unbreakable Linux Network servers requires the client SSL CA cert installed on all Oracle Linux systems to be updated if you wish that the servers continue receiving updates from ULN. The change to the server certificate will occur on December 15, 2016. After that time, if the certificate has not been updated on your Oracle Linux system you will cease to be able to connect to ULN.
Note for Oracle Linux 4 Customers : Oracle Linux 4 customers have access to all previously released errata and updates, as part of Lifetime support, but will need to access those packages using yum.oracle.com . For information on updating your channels, please refer to the http://yum.oracle.com/getting-started.html
Please make sure to have following or later version of the packages installed on the system before December 15, 2016.
Oracle Linux 7
rhn-client-tools-2.0.2-8.0.4.el7.noarch.rpm rhn-setup-2.0.2-8.0.4.el7.noarch.rpm rhn-check-2.0.2-8.0.4.el7.noarch.rpm rhn-setup-gnome-2.0.2-8.0.4.el7.noarch.rpm (if the older version of this package is installed)Oracle Linux 6
rhn-setup-1.0.0.1-38.0.6.el6.noarch.rpm rhn-client-tools-1.0.0.1-38.0.6.el6.noarch.rpm rhn-check-1.0.0.1-38.0.6.el6.noarch.rpm rhn-setup-gnome-1.0.0.1-38.0.6.el6.noarch.rpm (if the older version of this package is installed)Oracle Linux 5
x86_64: up2date-5.10.1-41.29.el5.x86_64.rpm up2date-gnome-5.10.1-41.29.el5.x86_64.rpm (if the older version of this package is installed) i386: up2date-5.10.1-41.29.el5.i386.rpm up2date-gnome-5.10.1-41.29.el5.i386.rpm (if the older version of this package is installed) ia64: up2date-5.10.1-41.29.el5.ia64.rpm up2date-gnome-5.10.1-41.29.el5.ia64.rpm (if the older version of this package is installed)Oracle VM 2.2 Server
i386: up2date-5.10.1-42.9.el5.i386.rpmIf the above packages are not installed on your registered system before December 15, 2016, you may encounter the following errors:
The certificate /usr/share/rhn/ULN-CA-CERT is expired. Please ensure you have the correct certificate and your system time is correct. OR There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')] A common cause of this error is the system time being incorrect. Verify that the time on this system is correct.
To update the client SSL certificate on your Oracle Linux machine, please run the following steps.
After this file has been updated you can continue using ULN as normal.
If you have any questions about this update please feel free to contact the ULN team via uln-info_us@oracle.com
▶ How do I obtain a login for Unbreakable Linux Network (ULN)?
You may register for a ULN account via linux.oracle.com/register You will need the following:
- An Oracle.com Single Sign on account. If you don't have one already, the link above will guide you through the steps to create one
- A valid Oracle Linux support or Oracle VM support CSI (customer support identifier). You may purchase Oracle Linux or Oracle VM support online via the Oracle Linux Store or via your sales representative.
▶ How do I register a machine with Unbreakable Linux Network (ULN)?If you are currently running Red Hat Enterprise Linux Server, follow these steps. If you are running Oracle Linux, use the following steps:
- Ensure you have a valid CSI by purchasing a support license online via the Oracle Linux Store.
- Ensure you have an account on ULN. You may register for a new account via linux.oracle.com/register
- Execute the following command as the root user and follow the directions on the screen
On Oracle Linux 4 or Oracle Linux 5 systems:
# up2date --registerNote: To use the up2date program in text mode, use this command instead:# up2date --nox --register
On Oracle Linux 6 systems:
# uln_register
▶ When I register, I see the following message, "This system profile has already been registered." (Oracle Linux 4 and Oracle Linux 5 only)
Most likely this means that your server is already registered with ULN. If you'd like to re-register a machine, please log in to ULN via the web interface and delete the system via the Systems tab. If the system you are registering is not already registered, but is a clone of an another system, follow these steps:
- Run the uuidgen(1) command to re-generate the system UUID - specifying the -r option generates a random UUID, while the -t option generates a UUID based on the system's network card MAC (hardware) address. Record the output of the uuidgen command, e.g.
# /usr/bin/uuidgen -r 1c460880-5a10-4d19-a115-5d5d409ace39 OR # /usr/bin/uuidgen -t e65006be-2b31-11dd-8799-00163e39e605- Using a text editor, open the /etc/sysconfig/rhn/up2date-uuid file and replace the existing value of the rhnuuid parameter with the output of the uuidgen command
# cat /etc/sysconfig/rhn/up2date-uuid uuid[comment]=Universally Unique ID for this server #rhnuuid=91d0junk-1538-11db-8f59-123bdba2bb0f rhnuuid=1c460880-5a10-4d19-a115-5d5d409ace39- Save the changes to the /etc/sysconfig/rhn/up2date-uuid file, then register the system again using the up2date utility - registration should then succeed.
▶ When I attempt to register a system via up2date or uln_register using my Single Sign On (SSO) account, I see the following message, "You must enter a valid e-mail address." My SSO account is not an email address, what do I do?
To update your SSO account to a valid email address ready for use with up2date or uln_register:
You may now use up2date or uln_register with your changed SSO username.
- follow these instructions
- Log in to ULN using a web browser
▶ How do I know whether my machine is registered?
To confirm whether your machine is registered, you can use the following command:
On Oracle Linux 3, 4 or 5 systems:
On Oracle Linux 6 systems:
# up2date --show-channelsYou should see output similar to the following:
el4_i386_latest
# yum repolistYou should see output similar to the following:
repo id repo name status ol6_x86_64_latest Oracle Linux 6 Latest (x86_64) 8,029
▶ I only see one channel after I have registered my system, how can I subscribe to additional channels?
When you register a server, it will be subscribed to a channel that has the latest Oracle Linux packages for the appropriate architecture. To subscribe to additional channels, log in to linux.oracle.com after you register your system. Click on the Systems tab to manage subscriptions for each subscribed server.
▶ When I attempt to update my system, I get unresolved package errors, what can I do about this?
This could be caused by any number of issues in the communication between your machine and the ULN servers. One of the main causes could be some stale headers in your machine's up2date cache. This can be accomplished with the following command:
- For Oracle Linux 3, 4 or 5 systems:
# rm /var/spool/up2date/*- For Oracle Linux 6 systems:
# yum clean all
▶ The Alert Notification Tool says that updates are available, but when I click on it to launch up2date or yum, nothing happens, what's wrong? (Oracle Linux 4 and Oracle Linux 5 only)
If you have installed Oracle Linux from installation media downloaded from Oracle or installed an earlier version of the Oracle Linux up2date rpm, then the graphical user interface (GUI) version of up2date may not be available. Clicking on the Alert Notification Tool icon at the top of the screen will do nothing until the GUI up2date agent is installed. If you've already registered your server (if not, see the answer to question 2), simply run the following as root to install the latest version of the up2date GUI first:
# up2date-nox -u
▶ I encounter an SSL error when I try to use up2date. This was working before, what's wrong? (Oracle Linux 4 and Oracle Linux 5 only)
If you encounter the error below, please read this announcement
There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')] A common cause of this error is the system time being incorrect. Verify that the time on this system is correct.
▶ How do I configure up2date/yum to use a proxy server?
Oracle Linux 6
If you're using a graphical desktop environment:
At the time of registering the system to ULN using uln_register , press the Advanced Network Configuration button after prviding the account information on Account Information screen. In the next window, use the appropriate fields for your HTTP proxy; if your proxy requires authentication, enter the username and password here. When finished, press the Close button to continue the registration process.
If you're in text mode:
At the time of registering the system to ULN using uln_register, use --proxy option specify http proxy to use
# uln_register --proxy=proxy_hostname:port_number
if your proxy requires authentication use additional options --proxyUser and --proxyPassword to specify username and password
# uln_register --proxy=proxy_hostname:port_number --proxyUser=username --proxyPassword=password
Oracle Linux 4 and Oracle Linux 5
If you're using a graphical desktop environment:
If you're in text mode:
- From a terminal, as root, run up2date-config to launch the ULN Configuration tool
- Check the box next to Enable HTTP Proxy
- In the adjacent field, type the name of your proxy server, including port, for example proxy.example.com:80
- As root, run up2date-config --nox
- Use the numbered menu to change up2date settings as follows:
- Set enableProxy to Yes
- Set httpProxy to the name of your proxy server with port, e.g. proxy.example.com:80
- If your proxy server requires authentication, set proxyUser and proxyPassword also
▶ How do I upgrade my Oracle VM environment from v2.1.5 to v2.2?
If you are using Oracle VM Manager to manage your environment, you should upgrade the components of your environment in the following order:
- Upgrade the Oracle VM Manager software from v2.1.5 to v2.2 from the Oracle VM 2.2.0 Installation Media
- Upgrade all of the Oracle VM servers except the Master (see the procedure below).
- Finally, upgrade the Oracle VM server that is the Master server (see the procedure below).
To upgrade each Oracle VM 2.1.5 Server to Oracle VM Server 2.2 follow these steps:
- Install ovm22upgrade package
# up2date ovm22upgrade- Run python script as suggested by the rpm install process
# /usr/local/sbin/ovm22upgrade.py- Upgrade package using following command and reboot the system
# up2date -fu
▶ How can I get help?
You can get help in the following ways:
- If you have purchased Basic or Premier support, you may use My Oracle Support (formerly MetaLink) for technical assistance
- If you have purchased Network support, you may discuss technical issues on the OTN Oracle Linux forum or file bug reports using Bugzilla
- For any other questions, please send an email to uln-info_us@oracle.com
▶ How do I update a specific package?
After registering and subscribing to required channels, run the following up2date command:
On Oracle Linux 3, 4 or 5 systems:
- On Oracle Linux 6 systems:
# up2date -u <package_name># yum update <package_name>
