[Spacewalk-list] Spacewalk use Hostname Alias instead of cname

FRANK Michael michael.frank at faurecia.com
Thu Nov 7 08:24:16 UTC 2013 

Hello Joe,

Yes the spacewalk key will be signed by a CA centrally used in our organization. 

I am very interested in the steps to integrate a "external" signed cert in to spacewalk. Could you please send it to me.

regards
 
Michael

-----Ursprüngliche Nachricht-----
Von: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] Im Auftrag von Joe Belliveau
Gesendet: Mittwoch, 6. November 2013 19:35
An: spacewalk-list at redhat.com
Betreff: Re: [Spacewalk-list] Spacewalk use Hostname Alias instead of cname

I see...

the spacewalk key will not be a self signed from it's own host ?

If not there is steps to provide a cert to the spacewalk host instead of generating it.

Also the host name tags are all in the RHN config folder. as far I remember most tools get the host from there.  

-Joe
 
On Nov 6, 2013, at 12:08 PM, "FRANK Michael" <michael.frank at faurecia.com> wrote:

> Hello Joe,
> 
> Due to very strong naming conventions in our datacenter I am not free to name my hosts as I want. Also past experience showed us that appliactions need to be moved to other platforms and need to renamed then. Also it happened two times in the past three years that we had to move to a different datacenter host for economic reasons. For that situation we developed the approach to add an alias or better say cname record for the host or better say for the application in order to simplify host name changes.
> 
> The SSL certificates is a different story because we have to use the certs from a central CA in the organization. I could add the alias on the CA request but currently I have no idea how to import the CA and host keys. rhn-ssl-tool don't offer me to import key files from external CA as far as I know. 
> 
> The hostname is used in a plenty of other configuration files like jabber, cobbler etc. To have a complete list would be very helpful.
> 
> 
> regards
> 
> Michael
> 
> -----Ursprüngliche Nachricht-----
> Von: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] Im Auftrag von Joe Belliveau
> Gesendet: Mittwoch, 6. November 2013 14:33
> An: spacewalk-list at redhat.com
> Betreff: Re: [Spacewalk-list] Spacewalk use Hostname Alias instead of cname
> 
> I run my spacewalk server with Aliases.
> 
> However i would rename the host to the alias. Something that won't change often.
> 
> Also why would you be renaming the host often ? Usually an update server is infrastructure and that should not move often.
> 
> In the ssl build reply file just add all the aliases, like you would any other certificate request. 
> 
> How I do it is I name my hosts spacewalk-ma-01,02,03 etc. then alias them with a tag like cambridge , boston, worcester (Massachusetts cities indicating their locations) so that the datacenter guys can easily join them to the local repo. 
> 
> BTW mine are all proxy servers to the main.
> 
> I think you need to consider just aliases in the ssl cert my friend.
> 
> -Joe
> 
> On Nov 6, 2013, at 8:02 AM, "FRANK Michael" <michael.frank at faurecia.com> wrote:
> 
>> Hello Michael,
>> 
>> With alias I meant a cname record.
>> 
>> regards
>> 
>> Mike
>> 
>> -----Ursprüngliche Nachricht-----
>> Von: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] Im Auftrag von Michael Mraka
>> Gesendet: Mittwoch, 6. November 2013 13:31
>> An: spacewalk-list at redhat.com
>> Betreff: Re: [Spacewalk-list] Spacewalk use Hostname Alias instead of cname
>> 
>> FRANK Michael wrote:
>> % Hello community,
>> %
>> % I am a novice with spacewalk and currently on the way to setup a % productive system. To have the most flexibility we plan to use a DNS % alias for the spacewalk hostname instead of the cname. This because we % may have to move spacewalk later to a different host with a different % hostname (cname).
>> 
>> Hello Michael,
>> 
>> I don't quite understand what's a DNS alias.
>> Is it secondary A record or CNAME record?
>> 
>> % I read the doc about spacewalk-hostname-rename but there is no way to % set other host name then the cname.
>> %
>> % Does anyone has an idea how this could work?
>> %
>> % Any help is much appreciated.
>> %
>> % Many thanks for all your work.
>> %
>> % Regards
>> %
>> % Mike
>> 
>> 
>> Regards,
>> 
>> --
>> Michael Mráka
>> Satellite Engineering, Red Hat
>> 
>> _______________________________________________
>> Spacewalk-list mailing list
>> Spacewalk-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>> 
>> 
>> DISCLAIMER:
>> This electronic transmission (and any attachments thereto) is intended solely for the use of the addressee(s). It may contain confidential or legally privileged information. If you are not the intended recipient of this message, you must delete it immediately and notify the sender. Any unauthorized use or disclosure of this message is strictly prohibited. Faurecia does not guarantee the integrity of this transmission and shall therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system.
>> 
>> 
>> _______________________________________________
>> Spacewalk-list mailing list
>> Spacewalk-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/spacewalk-list
> 
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
> 
> 
> DISCLAIMER:
> This electronic transmission (and any attachments thereto) is intended solely for the use of the addressee(s). It may contain confidential or legally privileged information. If you are not the intended recipient of this message, you must delete it immediately and notify the sender. Any unauthorized use or disclosure of this message is strictly prohibited. Faurecia does not guarantee the integrity of this transmission and shall therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system.
> 
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list


_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list


DISCLAIMER:
This electronic transmission (and any attachments thereto) is intended solely for the use of the addressee(s). It may contain confidential or legally privileged information. If you are not the intended recipient of this message, you must delete it immediately and notify the sender. Any unauthorized use or disclosure of this message is strictly prohibited. Faurecia does not guarantee the integrity of this transmission and shall therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system.

More information about the Spacewalk-list mailing list