[Spacewalk-list] client config

Mike Kearey mkearey at redhat.com
Thu Jun 26 03:23:37 UTC 2008 

FasterDogs wrote:
> Greetings,
> 
> 
> First off, thanks for finally getting this out in the public.
> 
> I've got SW server installed and my initial client config is the issue.  
> these are rhel4.5 hosts.  I can't seem to get past the client 
> registration. here's what I get:
> 
> [root at webd-m04 rhn]# rhnreg_ks --force 
> --serverUrl=http://myserver2/XMLRPC --activationkey=mykey
> An error has occurred:
> xmlrpclib.Fault
> 
> if I use https, I get
> 
>  rhnreg_ks --force --serverUrl=https://myserver/XMLRPC 
> --activationkey=mykey
> An error has occurred:
> OpenSSL.SSL.Error

Hi there.

First thing - SSL will require FQDN (Fully Qualified Domain Name) from 
clients to connect ie use https://myserver.mydomain.org/XMLRPC . 
Particularly if the SSL cert was created for the host and it's hostname 
is FQDN

To use SSL connection, in general you need to first setup the client to 
have the server's trusted ORG certificate. That is easiest to do by 
using the bootstrap.sh script in 
http://myserver/pub/bootstrap//bootstrap.sh.

To have the bootstrap generated, visit the server, login and click 
'Satellite Tools'. Click 'Satellite Configuration' on the left in grey 
box ( Assuming this layout has not changed :)  ). Click 'Bootstrap 
Script' and set the details you want. Finally click 'Generate Bootstrap' 
button.

Notice the 'SSL cert location' field, it will by default be pointing at 
/var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT . Make sure that is the 
correct server cert for your host. Basically the up2date client will use 
that to determine if your service is trusted.

Once the bootstrap has been generated, download it:

wget http://myserver.mydomain.org/pub/bootstrap/bootstrap.sh

and run it:

bash bootstrap.sh

You will notice it exits with a warning - Check out the script, make the 
required changes. Things to consider changing:

ACTIVATION_KEYS=???
FULLY_UPDATE_THIS_BOX=???



Running the bootstrap.sh makes all the required changes to the host's 
/etc/sysconfig/rhn/up2date file, including this:

sslCACert[comment]=The CA cert used to verify the ssl server
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT


With regard to the xmlrpc error - It may be as a result of the config in 
/etc/sysconfig/rhn/up2date being incorrect, so lets see what the 
bootstrap script does for you.

Cheers,
Michael

More information about the Spacewalk-list mailing list