*************************** UP2DATE PROBLEMS *************************** When a RHEL system is not getting updated: 0) If you get "Not Checking In" notices, that means RHN knows about it so it must have had steps 1-4 done correctly at one time. 1) Make sure you've added the recommended changes (or add if not there) to /etc/sysconfig/rhn/up2date: Change sslCACert=/usr/share/rhn/RHNS-CA-CERT to sslCACert=/usr/share/rhn/RHNS-CORP-CA-CERT Change serverURL=http://xmlrpc.rhn.redhat.com/XMLRPC to serverURL=http://rhn.nacs.uci.edu/XMLRPC Change serverURL=https://xmlrpc.rhn.redhat.com/XMLRPC to serverURL=https://rhn.nacs.uci.edu/XMLRPC 2) Make sure you're system is registered If a registration page keeps coming up, the registration process failed. You should have seen an error message while running update_up2date. or, when you try to do an up2date, you get some text output that looks like this: 34. httpProxy 35. headerCacheSize 40 36. noReboot No Enter number of item to edit : * Try registering again manually using: /usr/sbin/rhnreg_ks --activationkey= Watch for errors that indicate things like there are no more available licenses. 3) If you get 'already registered' errors, use --force with rhnreg_ks or rm /etc/sysconfig/rhn/systemid 4) Apply the following patches (i386 only - these are beta release only - no patches for other platforms yet): * save your /etc/sysconfig/rhn/up2date * rpm -e --nodeps up2date up2date-gnome (this should save the above file, but just in case) * rpm -ivh http://rhn.nacs.uci.edu/pub/up2date-4.3.14-1.i386.rpm * rpm -ivh http://rhn.nacs.uci.edu/pub/up2date-gnome-4.3.14-1.i386.rpm 5) Make sure rhnsd is running properly: * chkconfig --level 345 rhnsd on * service rhnsd start 6) If an update will modify a configuration file, up2date will download the update but not apply it. Config option is: noReplaceConfig An example is httpd--the httpd.conf file would get moved aside and replaced by one devoid of the system specific mods you made. 7) Have your NACS RHN contact (Minh, Con, or me) make sure that the host entry on rhn.redhat.com, under properties, is checked to allow automatic updates. 8) If you get problems like this: "The following packages on this system are out-of-date and may be upgraded." Filter by Latest Package: 1 - 3 of 3 (0 selected) Select Latest Package Installed Package Related Errata jaf-1.0.2-3jpp_2rh:0 jaf-20030319-1 javamail-1.3.1-1jpp_3rh:1 javamail-20031006-1 junit-3.8.1-3jpp_2rh:0 junit-3.8.1-1 halfdome-root) up2date --update --nox Fetching Obsoletes list for channel: rhel-i386-as-3... Fetching Obsoletes list for channel: rhel-i386-as-3-extras... Fetching Obsoletes list for channel: rhel-i386-as-3-devsuite... Fetching Obsoletes list for channel: rhel-3-as-i386-rhaps-beta... Fetching rpm headers... Name Version Rel ---------------------------------------------------------- All packages are currently up to date Try this solution: halfdome-root) rpm --rebuilddb halfdome-root) up2date -p If that doesn't work, try: Delete the system registered on rhn.redhat.com Delete /etc/sysconfig/rhn/systemid Run the command: rhnreg_ks --activationkeys=KEY where KEY is the activation key from NACS 9) Error message: Unresolvable chain of dependencies: samba 3.0.4-6.3E requires libpam.so.0 System had two versions of samba installed: i386 and x86_64 Fix (be careful about conf files--back them up): rpm -e --nodeps --allmatches CONFLICTING-PACKAGE up2date CONFLICTING-PACKAGE (Submitted by Tri) *************************** OTHER THINGS *************************** To convert from md5 to unix crypt password hashes: Edit /etc/pam.d/system-auth and remove md5 from line: password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 Then convert all passwords from md5 to crypt--might be easiest to just issue new ones since you md5 is a one-way algorithm. ---------------------------------------------------------------------- Building a kernel http://dcs.nac.uci.edu/~strombrg/RHEL-kernel-build.html (Submitted by Dan) ---------------------------------------------------------------------- Configuring software RAID http://dcs.nac.uci.edu/~strombrg/RHEL-software-RAID.html (Submitted by Dan) ---------------------------------------------------------------------- If a package was updated accidently or the package update is broken, it is possible to roll back the update. You can only rollback all rollbacks listed, though, so it should probably be done soon after a broken package is found. A subsequent up2date --update will re-install the most recent version again. up2date --list-rollbacks # Show the rpm rollbacks available up2date --undo # undo the last package set update (can install a single package using rpm --nodigest --nosignature -i /var/spool/repackage/) An alternative to using up2date rollback is to manually remove the new package and install the previous one: rpm -e quota-3.10-4 rpm -i --nodigest --nosignature /var/spool/repackage/quota-3.09-1.x86_64.rpm ---------------------------------------------------------------------- Error: rpmdb: Program version 4.2 doesn't match environment version error: db4 error(22) from dbenv->open: Invalid argument error: cannot open Packages index using db3 - Invalid argument (22) error: cannot open Packages database in /var/lib/rpm [...' The fix is to run the following commands: \rm /var/lib/rpm/__* rpm --rebuilddb ---------------------------------------------------------------------- Error: SSL.Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')] Try one of the following: Fix 1: Make sure there are enough licenses available (check with Con, Minh, or Duncan) Fix 2: Make sure you have the current cert by removing old one and installing new one: rpm -e rhns-ca-cert-1.0-1 rpm -i http://rhn.nacs.uci.edu/pub/curcert.rpm ---------------------------------------------------------------------- Error: up2date is downloading packages then starts repeating a package name, followed by a message like: Server error, partial package content Fix: cd /var/spool/up2date and rm * then retry (removes the rpm and .hdr file) ---------------------------------------------------------------------- Error: while up2dating you get an error regarding an rpm package that looks like this: kdelibs-3.3.1-3.3.i386.rpm: ########################## Done. ########################## Done. The package kdelibs-3.3.1-3.3 does not have a valid GPG signature. It has been tampered with or corrupted. Aborting... ************ GPG VERIFICATION ERROR **************** The package kdelibs-3.3.1-3.3 failed its gpg signature verification. This means the package is corrupt. **************************************************** Fix: 1) rm /var/spool/up2date/* 2) rerun /usr/sbin/up2date -u (or -uf) ---------------------------------------------------------------------- During an up2date, you get the following message: Testing package set / solving RPM inter-dependencies... Segmentation fault Try this fix: \rm /var/spool/up2date/* \rm /var/lib/rpm/__* rpm --rebuilddb then re-run up2date ---------------------------------------------------------------------- When trying to update, get this error: error: Can't create transaction lock Try this: rmdir /var/lock/rpm/transaction ---------------------------------------------------------------------- Error: There was a fatal RPM install error. The message was: There was a rpm unpack error installing the package: httpd-2.0.46-46.2.ent Problem could be with links versus directories. To get more info, rpm the package manually using: rpm -Uvh /var/spool/up2date/.rpm Error messages should help resolve the problem. ---------------------------------------------------------------------- Problem with corrupt packages cached on client or proxy server On client: \rm /var/spool/up2date/* \rm /var/lib/rpm/__* rpm --rebuilddb Then re-run up2date. If it fails, try below and then repeat client steps On RHN Proxy server: A complete rebuild of squid cache will be necessary. service rhn-proxy stop rm -fr /var/spool/squid mkdir /var/spool/squid chown squid /var/spool/squid squid -z service rhn-proxy start ---------------------------------------------------------------------- Problem is packages won't install. Error messages: rpm -Uvh httpd-2.0.52-12.2.ent.i386.rpm --nodeps Preparing... ########################################### [100%] error: %pre(httpd-2.0.52-12.2.ent.i386) scriptlet failed, exit status 255 error: install: %pre scriptlet failed (2), skipping httpd-2.0.52-12.2.ent Solution, edit /etc/selinux/config and set SELINUX=disabled permissive is not good enough, despite what the docs say ---------------------------------------------------------------------- Problem: can't update packages because system is confused about library versions. Testing package set / solving RPM inter-dependencies... There was a package dependency problem. The message was: Unresolvable chain of dependencies: openldap 2.0.27-20 requires libsasl.so.7 [root@bgcluster01 root]# rpm -qa | grep openldap openldap-2.0.27-17 openldap-2.0.27-17 openldap-devel-2.0.27-17 openldap-clients-2.0.27-17 Cause is usually i386 and x86_64 channels were both used to install package but not all libs so the i386 libs appear missing when up2date is trying to update the two versions. Fix: rpm -e openldap-* --nodeps /usr/sbin/up2date --install openldap Then run up2date -uf again. ---------------------------------------------------------------------- Problem: up2date says updates needed but won't install because already installed. Error messages: RPM package conflict error. The message was: Test install failed because of package conflicts: package seamonkey-1.0.2-0.1.0.EL3 is already installed Cause: RHEL gets confused when there are 32- and 64-bit versions needed. Solution: 1) see what is currently installed: rpm -q --queryformat="%{n}-%{v}-%{r}.%{arch}\n" seamonkey seamonkey-1.0.2-0.1.0.EL3.x86_64 2) Install the other version: /usr/sbin/up2date -u seamonkey --arch=i386 ---------------------------------------------------------------------- Problem: /usr/sbin/up2date --list Traceback (most recent call last): File "/usr/sbin/up2date", line 11, in ? import rpm ImportError: libelf.so.1: cannot open shared object file: No such file or directory Solution: Download to /tmp: http://rhn.nacs.uci.edu/rhn/elfutils-libelf-686.tgz unzip and untar and copy /tmp/usr/lib/* /usr/lib ---------------------------------------------------------------------- Problem: /usr/sbin/up2date --list RPM error. The message was: Could not determine what version of Red Hat Linux you are running. If you get this error, try running rpm --rebuilddb Solution: You will need to either download the redhat-release package for your system from the Red Hat Network (RHN) or if the RPM package is available install it from the /var/spool/up2date directory with the command: # rpm -Uvh /var/spool/up2date/redhat-release*.rpm If you have rollbacks, you can try: rpm --nodeps --nomd5 --nodigest --nosignature -Uvh /var/spool/repackage/redhat-release-4AS-4.1.i386.rpm ---------------------------------------------------------------------- PROBLEM: 404 Error when trying to update packages on RHEL 5 ERROR: Error Downloading Packages: :failed to retrieve getPackage/ rom rhel-x86_64-server-5 error was [Errno 14] HTTP Error 404: Not Found SOLUTION: # rm -rf /var/cache/yum/* ---------------------------------------------------------------------- PROBLEM: up2date cert conflicts with rhn cert or: rhn-ca-cert conflicts with up2date cert SOLUTION: cd /usr/share/rhn cp RHNS-CA-CERT RHNS-CA-CERT.up2date rpm -Uvh --force http://rhn.nacs.uci.edu/pub/curcert.rpm mv RHNS-CA-CERT RHNS-UCI-CA-CERT mv RHNS-CA-CERT.up2date RHNS-CA-CERT vi /etc/sysconfig/rhn/up2date change RHNS-CA-CERT to RHNS-UCI-CA-CERT ----------------------------------------------------------------------- Patch Reports says you have patches to do but you run yum update & no patches... Clean your Yum up: yum clean all \rm /var/lib/rpm/__* \rm -rf /var/cache/yum/* rpm --rebuilddb Now Run yum update