[Spacewalk-list] high availabilty and spacewalk SSLs
Tom Brown
tom at ng23.net
Thu May 3 18:43:47 UTC 2012
Set your hostnames to the VIP name during install then change it back for operation. We do it like this with dual masters then dual proxies spread about the dc's
On 3 May 2012, at 19:30, "Musayev, Ilya" <imusayev at webmd.net> wrote:
> I’m trying to design spacewalk environment with HA in mind.
>
> The proposed layout as follows
>
> 2 master server
> masterspwlk-ny.example.com as a hostname and CNAME myspacewalk.example.com – ACTIVE host
> masterspwlk-ca.example.com as a hostname and CNAME myspacewalk.example.com – STANDBY host, the CNAME flip will occur only if ACTIVE host fails.
>
> 2 spacewalk proxy hosts (connects to myspacewalk.example.com)
> spwlk-proxy-ny.example.com with CNAME spwlk-ny.example.com
> spwlk-proxy-ca.example.com with CNAME spwlk-ca.example.com
>
> My problem, the SSL certificates are bounded to hostname and when client gets the cert – it complains about cert mismatch. For example, the cert was issued to masterspwlk-ny.example.com, but the host that is being use is myspacewalk.example.com.
>
> How would I mitigate this issue, can I recreate the certificates with CNAME, what would be the procedure? Can I have multiple certs on master and proxy hosts?
>
> Any feedback is appreciated,
>
> Thanks
> ilya
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20120503/7cd63808/attachment.htm>
More information about the Spacewalk-list
mailing list