[Spacewalk-list] Force scheduled pending actions in Spacewalk

Puck puck at i29.net
Tue Nov 4 20:32:29 UTC 2008 

Thanks David. I ran through the steps again and with your help figured 
out what I was doing wrong. I had been trying to use the server.pem file 
instead of the trusted cert on my clients, which was causing a TLS 
error. Now that I've got the procedure down, I'll see if I can get a 
basic wiki entry going for it. It seems to be a fairly common question 
and there's very little documentation on it.

Thanks again for the help!

Jem


David Nutter wrote:
> On Tue, Nov 04, 2008 at 11:59:56AM -0600, Puck wrote:
>   
>> Has anyone gotten osa-dispatcher/osad working that could do a write-up 
>> on the wiki? I tried it once but ran into a bunch of TLS problems and 
>> never got it working so I gave up. If someone else has a working 
>> solution, I'd appreciate seeing the steps. I assume I just missed a 
>> basic step somewhere that I wasn't aware of.
>>
>> When I tried, all the help I could find was:
>> Install jabberd and osa-dispatcher (on spacewalk server)
>> Edit /etc/jabberd/c2s.xml to uncomment router->pemfile and starttls 
>> lines (server)
>> Restart rhn-satellite (server)
>> Install osad (on client)
>> Copy /etc/jabberd/server.pem (server) to /usr/share/rhn/RHNS-JABBER-CERT 
>> (client)
>> Edit /etc/sysconfig/rhn/osad.conf (client) and set osa_ssl_cert = 
>> /usr/share/rhn/RHNS-FCCI-CERT
>> Start osad (client)
>>
>> I forget where it first failed but I remember I spent a lot of time 
>> massaging the config files to get it further along in the process but 
>> eventually it just wouldn't go any further and I gave up. If anyone else 
>> can add in a few steps I missed I'm willing to write the procedure up 
>> into a wiki entry for all to enjoy. Any takers?
>>     
>
> Not sure if my experience is representative enough for the wiki but
> here it is. Sounds pretty similar to yours except you do some extra
> things with certificates. 
>
> In my case the /etc/jabberd/server.pem certificate was correct and
> identical to the one used by the rest of spacewalk. Presumably
> spacewalk-setup put it there. However, the certificate was not
> readable by the jabberd user, which caused problems. 
>
> Also, it was necessary to open the jabberd router port inbound on the
> spacewalk server's firewall (5222) 
>
> I turned SELinux off on the spacewalk server due to Oracle's need for
> text relocatable libs, there may be some extra setup steps there to
> get jabberd to work if you have it turned on. 
>
> On the clients, I need to install the rhn-org-trusted-ssl-cert package
> and edit /etc/sysconfig/rhn/osad.conf to include the following line
> (easy to do in Kickstart %postinstall section):
>
>   osa_ssl_cert = /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
>
> Then chkconfig osad on
>
> Starting "osad -v -N" on the clients was very helpful when figuring out
> how to do this, as osad then would complain loudly if it couldn't get
> a connection.
>
> Regards,
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20081104/da485b73/attachment.htm>

More information about the Spacewalk-list mailing list