[Spacewalk-list] osad not working with Spacewalk proxy server
Sean Carolan
scarolan at gmail.com
Fri Feb 17 22:03:02 UTC 2012
On Fri, Feb 17, 2012 at 2:11 PM, Wojtak, Greg (Superfly)
<GregWojtak at quickenloans.com> wrote:
> server.pem and RHN-ORG-TRUSTED-SSL-CERT are two different things.
>
> server.pem is for jabberd. the CN in server.pem should be your spacewalk
> proxy's fqdn. RHN-ORG-TRUSTED-SSL-CERT should be identical to your
> non-proxied clients' (at least it is in our environment). Double check
> that the <id></id> fields in /etc/jabberd/c2s.xml match the CN in the
> server.pem. You can check the CN in server.pem by running
>
> openssl x509 -text < /etc/jabberd/server.pem
w00t - I got it working! The fix in case anyone runs into something similar:
1. Stop the rhn-proxy services
2. Wipe clean the contents of /root/ssl-build on the proxy server
3. Remove all spacewalk-proxy* packages from the system
4. Delete /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT on the proxy server
if it still exists
5. Reinstall the proxy server: yum install spacewalk-proxy-installer
6. Run "configure-proxy.sh". It will fail the first time asking you
to scp your cert, key and config file over like so:
scp 'root at spacewalk02.company.com:/root/ssl-build/{RHN-ORG-PRIVATE-SSL-KEY,RHN-ORG-TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}'
/root/ssl-build
7. Run "configure-proxy.sh" again, this time it will complete and ask
you for your SSL passphrase. Once this completes successfully it
should work!
8. Test a client by registering it with the proxy, and then starting
up osad. It should start showing up with "Online as of $DATE" in the
GUI.
I believe #6 and #7 is where I was failing the first few tries. There
were multiple certs in the /root/ssl-build directory, and I had
forgotten the ssl cert passphrase. Fortunately I managed to get rid
of the unnecessary certs, and dig up the passphrase for the real
certificate.
Thanks Greg and Jeremy for the helpful suggestions.
More information about the Spacewalk-list
mailing list