[Spacewalk-list] client config
Mike Kearey
mkearey at redhat.com
Thu Jun 26 03:23:37 UTC 2008
FasterDogs wrote:
> Greetings,
>
>
> First off, thanks for finally getting this out in the public.
>
> I've got SW server installed and my initial client config is the issue.
> these are rhel4.5 hosts. I can't seem to get past the client
> registration. here's what I get:
>
> [root at webd-m04 rhn]# rhnreg_ks --force
> --serverUrl=http://myserver2/XMLRPC --activationkey=mykey
> An error has occurred:
> xmlrpclib.Fault
>
> if I use https, I get
>
> rhnreg_ks --force --serverUrl=https://myserver/XMLRPC
> --activationkey=mykey
> An error has occurred:
> OpenSSL.SSL.Error
Hi there.
First thing - SSL will require FQDN (Fully Qualified Domain Name) from
clients to connect ie use https://myserver.mydomain.org/XMLRPC .
Particularly if the SSL cert was created for the host and it's hostname
is FQDN
To use SSL connection, in general you need to first setup the client to
have the server's trusted ORG certificate. That is easiest to do by
using the bootstrap.sh script in
http://myserver/pub/bootstrap//bootstrap.sh.
To have the bootstrap generated, visit the server, login and click
'Satellite Tools'. Click 'Satellite Configuration' on the left in grey
box ( Assuming this layout has not changed :) ). Click 'Bootstrap
Script' and set the details you want. Finally click 'Generate Bootstrap'
button.
Notice the 'SSL cert location' field, it will by default be pointing at
/var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT . Make sure that is the
correct server cert for your host. Basically the up2date client will use
that to determine if your service is trusted.
Once the bootstrap has been generated, download it:
wget http://myserver.mydomain.org/pub/bootstrap/bootstrap.sh
and run it:
bash bootstrap.sh
You will notice it exits with a warning - Check out the script, make the
required changes. Things to consider changing:
ACTIVATION_KEYS=???
FULLY_UPDATE_THIS_BOX=???
Running the bootstrap.sh makes all the required changes to the host's
/etc/sysconfig/rhn/up2date file, including this:
sslCACert[comment]=The CA cert used to verify the ssl server
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
With regard to the xmlrpc error - It may be as a result of the config in
/etc/sysconfig/rhn/up2date being incorrect, so lets see what the
bootstrap script does for you.
Cheers,
Michael
More information about the Spacewalk-list
mailing list