[Spacewalk-list] high availabilty and spacewalk SSLs
Paul Robert Marino
prmarino1 at gmail.com
Thu May 3 22:36:22 UTC 2012
Use the spacewalk-hostname-rename script
Note if you are using PostgreSQL as your database the version of the
script in the stock RPM has a bug that's been fixed in the source repo
so for now get the copy from there. if you are using oracle the stock
version from the RPM will work fine
Also on a side note why don't you create a single cert with multiple host names?
Its done for LDAP servers all the time and its great for web
application farms too. if you do that you get the option of bypassing
the load balancer and going strait to the instance which can be handy
for debugging issues,
On Thu, May 3, 2012 at 5:58 PM, Tom Brown <tom at ng23.net> wrote:
> Well it's not hard to start over. Maybe spacewalk-reconfigure or similar?
> We use puppet for the install so it's trivial
>
>
> On 3 May 2012, at 19:47, "Musayev, Ilya" <imusayev at webmd.net> wrote:
>
> Its already installed, any way to alter? I have to redo everything L
>
>
>
> From: spacewalk-list-bounces at redhat.com
> [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Tom Brown
> Sent: Thursday, May 03, 2012 2:44 PM
> To: spacewalk-list at redhat.com
> Cc: spacewalk-list at redhat.com
> Subject: Re: [Spacewalk-list] high availabilty and spacewalk SSLs
>
>
>
> Set your hostnames to the VIP name during install then change it back for
> operation. We do it like this with dual masters then dual proxies spread
> about the dc's
>
> On 3 May 2012, at 19:30, "Musayev, Ilya" <imusayev at webmd.net> wrote:
>
> I’m trying to design spacewalk environment with HA in mind.
>
>
>
> The proposed layout as follows
>
>
>
> 2 master server
>
> masterspwlk-ny.example.com as a hostname and CNAME
> myspacewalk.example.com – ACTIVE host
>
> masterspwlk-ca.example.com as a hostname and CNAME
> myspacewalk.example.com – STANDBY host, the CNAME flip will occur only if
> ACTIVE host fails.
>
>
>
> 2 spacewalk proxy hosts (connects to myspacewalk.example.com)
>
> spwlk-proxy-ny.example.com with CNAME spwlk-ny.example.com
>
> spwlk-proxy-ca.example.com with CNAME spwlk-ca.example.com
>
>
>
> My problem, the SSL certificates are bounded to hostname and when client
> gets the cert – it complains about cert mismatch. For example, the cert was
> issued to masterspwlk-ny.example.com, but the host that is being use is
> myspacewalk.example.com.
>
>
>
> How would I mitigate this issue, can I recreate the certificates with CNAME,
> what would be the procedure? Can I have multiple certs on master and proxy
> hosts?
>
>
>
> Any feedback is appreciated,
>
>
>
> Thanks
>
> ilya
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
More information about the Spacewalk-list
mailing list