[Spacewalk-list] high availabilty and spacewalk SSLs

Tom Brown tom at ng23.net
Thu May 3 21:58:21 UTC 2012 

Well it's not hard to start over. Maybe spacewalk-reconfigure or similar?  We use puppet for the install so it's trivial

On 3 May 2012, at 19:47, "Musayev, Ilya" <imusayev at webmd.net> wrote:

> Its already installed, any way to alter? I have to redo everything L
>  
> From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Tom Brown
> Sent: Thursday, May 03, 2012 2:44 PM
> To: spacewalk-list at redhat.com
> Cc: spacewalk-list at redhat.com
> Subject: Re: [Spacewalk-list] high availabilty and spacewalk SSLs
>  
> Set your hostnames to the VIP name during install then change it back for operation. We do it like this with dual masters then dual proxies spread about the dc's
> 
> On 3 May 2012, at 19:30, "Musayev, Ilya" <imusayev at webmd.net> wrote:
> 
> I’m trying to design spacewalk environment with HA in mind.
>  
> The proposed layout as follows
>  
> 2 master server  
>    masterspwlk-ny.example.com as a hostname and CNAME myspacewalk.example.com – ACTIVE host
>    masterspwlk-ca.example.com as a hostname and CNAME myspacewalk.example.com – STANDBY host, the CNAME flip will occur only if ACTIVE host fails.
>  
> 2 spacewalk proxy hosts (connects to myspacewalk.example.com)
>   spwlk-proxy-ny.example.com with CNAME spwlk-ny.example.com  
>   spwlk-proxy-ca.example.com with CNAME spwlk-ca.example.com
>  
> My problem, the SSL certificates are bounded to hostname and when client gets the cert – it complains about cert mismatch. For example, the cert was issued to masterspwlk-ny.example.com, but the host that is being use is myspacewalk.example.com.
>  
> How would I mitigate this issue, can I recreate the certificates with CNAME, what would be the procedure? Can I have multiple certs on master and proxy hosts?
>  
> Any feedback is appreciated,
>  
> Thanks
> ilya
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20120503/623b36f0/attachment.htm>

More information about the Spacewalk-list mailing list