[Spacewalk-list] Force scheduled pending actions in Spacewalk
Puck
puck at i29.net
Tue Nov 4 20:32:29 UTC 2008
Thanks David. I ran through the steps again and with your help figured
out what I was doing wrong. I had been trying to use the server.pem file
instead of the trusted cert on my clients, which was causing a TLS
error. Now that I've got the procedure down, I'll see if I can get a
basic wiki entry going for it. It seems to be a fairly common question
and there's very little documentation on it.
Thanks again for the help!
Jem
David Nutter wrote:
> On Tue, Nov 04, 2008 at 11:59:56AM -0600, Puck wrote:
>
>> Has anyone gotten osa-dispatcher/osad working that could do a write-up
>> on the wiki? I tried it once but ran into a bunch of TLS problems and
>> never got it working so I gave up. If someone else has a working
>> solution, I'd appreciate seeing the steps. I assume I just missed a
>> basic step somewhere that I wasn't aware of.
>>
>> When I tried, all the help I could find was:
>> Install jabberd and osa-dispatcher (on spacewalk server)
>> Edit /etc/jabberd/c2s.xml to uncomment router->pemfile and starttls
>> lines (server)
>> Restart rhn-satellite (server)
>> Install osad (on client)
>> Copy /etc/jabberd/server.pem (server) to /usr/share/rhn/RHNS-JABBER-CERT
>> (client)
>> Edit /etc/sysconfig/rhn/osad.conf (client) and set osa_ssl_cert =
>> /usr/share/rhn/RHNS-FCCI-CERT
>> Start osad (client)
>>
>> I forget where it first failed but I remember I spent a lot of time
>> massaging the config files to get it further along in the process but
>> eventually it just wouldn't go any further and I gave up. If anyone else
>> can add in a few steps I missed I'm willing to write the procedure up
>> into a wiki entry for all to enjoy. Any takers?
>>
>
> Not sure if my experience is representative enough for the wiki but
> here it is. Sounds pretty similar to yours except you do some extra
> things with certificates.
>
> In my case the /etc/jabberd/server.pem certificate was correct and
> identical to the one used by the rest of spacewalk. Presumably
> spacewalk-setup put it there. However, the certificate was not
> readable by the jabberd user, which caused problems.
>
> Also, it was necessary to open the jabberd router port inbound on the
> spacewalk server's firewall (5222)
>
> I turned SELinux off on the spacewalk server due to Oracle's need for
> text relocatable libs, there may be some extra setup steps there to
> get jabberd to work if you have it turned on.
>
> On the clients, I need to install the rhn-org-trusted-ssl-cert package
> and edit /etc/sysconfig/rhn/osad.conf to include the following line
> (easy to do in Kickstart %postinstall section):
>
> osa_ssl_cert = /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
>
> Then chkconfig osad on
>
> Starting "osad -v -N" on the clients was very helpful when figuring out
> how to do this, as osad then would complain loudly if it couldn't get
> a connection.
>
> Regards,
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20081104/da485b73/attachment.htm>
More information about the Spacewalk-list
mailing list