[Spacewalk-list] high availabilty and spacewalk SSLs
Musayev, Ilya
imusayev at webmd.net
Thu May 3 22:20:50 UTC 2012
Install is piece of cake, import of eratta and packages is lengthy..
From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Tom Brown
Sent: Thursday, May 03, 2012 5:58 PM
To: spacewalk-list at redhat.com
Cc: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] high availabilty and spacewalk SSLs
Well it's not hard to start over. Maybe spacewalk-reconfigure or similar? We use puppet for the install so it's trivial
On 3 May 2012, at 19:47, "Musayev, Ilya" <imusayev at webmd.net<mailto:imusayev at webmd.net>> wrote:
Its already installed, any way to alter? I have to redo everything ☹
From: spacewalk-list-bounces at redhat.com<mailto:spacewalk-list-bounces at redhat.com> [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Tom Brown
Sent: Thursday, May 03, 2012 2:44 PM
To: spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>
Cc: spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>
Subject: Re: [Spacewalk-list] high availabilty and spacewalk SSLs
Set your hostnames to the VIP name during install then change it back for operation. We do it like this with dual masters then dual proxies spread about the dc's
On 3 May 2012, at 19:30, "Musayev, Ilya" <imusayev at webmd.net<mailto:imusayev at webmd.net>> wrote:
I’m trying to design spacewalk environment with HA in mind.
The proposed layout as follows
2 master server
masterspwlk-ny.example.com<http://masterspwlk-ny.example.com> as a hostname and CNAME myspacewalk.example.com<http://myspacewalk.example.com> – ACTIVE host
masterspwlk-ca.example.com<http://masterspwlk-ca.example.com> as a hostname and CNAME myspacewalk.example.com<http://myspacewalk.example.com> – STANDBY host, the CNAME flip will occur only if ACTIVE host fails.
2 spacewalk proxy hosts (connects to myspacewalk.example.com<http://myspacewalk.example.com>)
spwlk-proxy-ny.example.com<http://spwlk-proxy-ny.example.com> with CNAME spwlk-ny.example.com<http://spwlk-ny.example.com>
spwlk-proxy-ca.example.com<http://spwlk-proxy-ca.example.com> with CNAME spwlk-ca.example.com<http://spwlk-ca.example.com>
My problem, the SSL certificates are bounded to hostname and when client gets the cert – it complains about cert mismatch. For example, the cert was issued to masterspwlk-ny.example.com<http://masterspwlk-ny.example.com>, but the host that is being use is myspacewalk.example.com<http://myspacewalk.example.com>.
How would I mitigate this issue, can I recreate the certificates with CNAME, what would be the procedure? Can I have multiple certs on master and proxy hosts?
Any feedback is appreciated,
Thanks
ilya
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20120503/25b90af8/attachment.htm>
More information about the Spacewalk-list
mailing list