[rhn-users] RHN Proxy install

Todd Warner taw at redhat.com
Fri Mar 11 20:22:44 UTC 2005


On Thu, 10 Mar 2005, MJang wrote:

> On Thu, 2005-03-10 at 18:24 -0500, Todd Warner wrote:
>> On Thu, 10 Mar 2005, Todd Warner wrote:
>>
>>> On Thu, 10 Mar 2005, MJang wrote:
>>>
>>>> Folks,
>>>>
>>>> I'd appreciate a bit of troubleshooting help here.
>>>>
>>>> Still working on getting RHN Proxy Server 3.6 going. I think I have
>>>> everything configured to the Proxy Server and Client config guides as
>>>> documented at http://www.redhat.com/docs/manuals/RHNetwork/
>>>>
>>>> I have RHN Proxy Server 3.6 installed on a RHEL 3 AS computer, have
>>>> verified that squid, httpd, and jabberd router are active with the
>>>> following command
>>>>
>>>> service rhn-proxy status
>>>>
>>>> I've created and dist the SSL keys, PRIVATE to the local proxy
>>>> computer's /usr/share/rhn, TRUSTED to one client's RHEL 3
>>>> WS's /usr/share/rhn
>>>>
>>>> When I try to connect from the RHEL 3 WS command line with up2date, I
>>>> get the following message (acutal URL deleted):
>>>>
>>>> https://xxx.xxx.xxx/XMLRPC
>>>> https://xxx.xxx.xxx/XMLRPC
>>>> https://xxx.xxx.xxx/XMLRPC
>>>> https://xxx.xxx.xxx/XMLRPC
>>>> https://xxx.xxx.xxx/XMLRPC
>>>> Error communicating with server. The message was:
>>>> Connection refused
>>>>
>>>> I've disabled all firewalls, I can connect via browser directly to
>>>>
>>>> https://xxx.xxx.xxx,
>>>>
>>>> and I get the "Red Hat Network Proxy" logo.
>>>>
>>>> Troubleshooting suggestions would be appreciated.
>>>>
>>>> Thanks,
>>>> Mike
>>>
>>> Is this connected to a RHN hosted or a satellite?
>>
>> OK. I am coming late to this party sorry. I just noticed the long string
>> of discussion. I see Cliff has been involved. :)
>>
>> The PRIVATE key goes nowhere and is irrelevent until you generate more
>> SSL key sets.
>>
>> "Connection refused" tells me the client can't talk to the RHN Proxy.
>> You may want to ensure that client is communicating to the RHN Proxy
>> Server and not our hosted environment. Check /etc/sysconfig/rhn/up2date
>> and, if this client is an RHEL 2.1 box, check
>> /etc/sysconfig/rhn/rhn_register as well. The connecting server URLs must
>> be pointing to the RHN Proxy and the CA SSL public certificate (the
>> TRUSTED cert) setting needs to be set to the appropriate file location.
>>
>> Also... when testing up2date against an RHN Proxy, tail -f these two
>> files:
>> tail -f /var/log/rhn/rhn_proxy_broker.log
>> tail -f /var/log/rhn/rhn_proxy_redirect.log
>>
>> On the way in, the HTTP request will cause the rhn_proxy_broker.log
>> to roll with output, and on the way out (the request is on it's way to
>> Red Hat or your satellite if applicable), rhn_proxy_redirect.log will
>> begin to roll with output.
>>
>> You may also consider tailing:
>> tail -f /var/log/httpd/error_log
>> and
>> tail -f /var/log/squid/access.log
>>
>
> I don't know precisely what happened, but it seems to be working now!
> Had a brief bout with copying the wrong CERT file on the way... Was
> almost ready to do the yum thing instead.
>
> One more thing I discovered is the danger of up2date --undo. Got my test
> RHEL WS to where it wouldn't even give me a console login.... But I'm
> downloading updates via the Proxy now, working as a router.
>
> Thanks,
> Mike

Excellent. Hmm... did you happen to reboot that RHN Proxy or do a
service rhn-proxy restart?

When you change or install server-side SSL key-sets, apache (which is at
the core of RHN Proxy) needs to be bounced in order to use the new key
set.

Anyway... glad to hear things are working for you.

-- 
____________
  /odd Warner                                    <taw@{redhat,pobox}.com>
       Geek Herder - QA/Sust-Eng/Rel-Eng/Docs/Ops - Red Hat Network
---------------------gpg info in the message headers--------------------
"Dissent is the highest form of patriotism." -Pres. Thomas Jefferson




More information about the rhn-users mailing list