I see… the spacewalk key will not be a self signed from it's own host ?
If not there is steps to provide a cert to the spacewalk host instead of generating it. Also the host name tags are all in the RHN config folder. as far I remember most tools get the host from there. -Joe On Nov 6, 2013, at 12:08 PM, "FRANK Michael" <[email protected]> wrote: > Hello Joe, > > Due to very strong naming conventions in our datacenter I am not free to name > my hosts as I want. Also past experience showed us that appliactions need to > be moved to other platforms and need to renamed then. Also it happened two > times in the past three years that we had to move to a different datacenter > host for economic reasons. For that situation we developed the approach to > add an alias or better say cname record for the host or better say for the > application in order to simplify host name changes. > > The SSL certificates is a different story because we have to use the certs > from a central CA in the organization. I could add the alias on the CA > request but currently I have no idea how to import the CA and host keys. > rhn-ssl-tool don't offer me to import key files from external CA as far as I > know. > > The hostname is used in a plenty of other configuration files like jabber, > cobbler etc. To have a complete list would be very helpful. > > > regards > > Michael > > -----Ursprüngliche Nachricht----- > Von: [email protected] > [mailto:[email protected]] Im Auftrag von Joe Belliveau > Gesendet: Mittwoch, 6. November 2013 14:33 > An: [email protected] > Betreff: Re: [Spacewalk-list] Spacewalk use Hostname Alias instead of cname > > I run my spacewalk server with Aliases. > > However i would rename the host to the alias. Something that won't change > often. > > Also why would you be renaming the host often ? Usually an update server is > infrastructure and that should not move often. > > In the ssl build reply file just add all the aliases, like you would any > other certificate request. > > How I do it is I name my hosts spacewalk-ma-01,02,03 etc. then alias them > with a tag like cambridge , boston, worcester (Massachusetts cities > indicating their locations) so that the datacenter guys can easily join them > to the local repo. > > BTW mine are all proxy servers to the main. > > I think you need to consider just aliases in the ssl cert my friend. > > -Joe > > On Nov 6, 2013, at 8:02 AM, "FRANK Michael" <[email protected]> > wrote: > >> Hello Michael, >> >> With alias I meant a cname record. >> >> regards >> >> Mike >> >> -----Ursprüngliche Nachricht----- >> Von: [email protected] >> [mailto:[email protected]] Im Auftrag von Michael Mraka >> Gesendet: Mittwoch, 6. November 2013 13:31 >> An: [email protected] >> Betreff: Re: [Spacewalk-list] Spacewalk use Hostname Alias instead of cname >> >> FRANK Michael wrote: >> % Hello community, >> % >> % I am a novice with spacewalk and currently on the way to setup a % >> productive system. To have the most flexibility we plan to use a DNS % alias >> for the spacewalk hostname instead of the cname. This because we % may have >> to move spacewalk later to a different host with a different % hostname >> (cname). >> >> Hello Michael, >> >> I don't quite understand what's a DNS alias. >> Is it secondary A record or CNAME record? >> >> % I read the doc about spacewalk-hostname-rename but there is no way to % >> set other host name then the cname. >> % >> % Does anyone has an idea how this could work? >> % >> % Any help is much appreciated. >> % >> % Many thanks for all your work. >> % >> % Regards >> % >> % Mike >> >> >> Regards, >> >> -- >> Michael Mráka >> Satellite Engineering, Red Hat >> >> _______________________________________________ >> Spacewalk-list mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/spacewalk-list >> >> >> DISCLAIMER: >> This electronic transmission (and any attachments thereto) is intended >> solely for the use of the addressee(s). It may contain confidential or >> legally privileged information. If you are not the intended recipient of >> this message, you must delete it immediately and notify the sender. Any >> unauthorized use or disclosure of this message is strictly prohibited. >> Faurecia does not guarantee the integrity of this transmission and shall >> therefore never be liable if the message is altered or falsified nor for any >> virus, interception or damage to your system. >> >> >> _______________________________________________ >> Spacewalk-list mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/spacewalk-list > > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list > > > DISCLAIMER: > This electronic transmission (and any attachments thereto) is intended solely > for the use of the addressee(s). It may contain confidential or legally > privileged information. If you are not the intended recipient of this > message, you must delete it immediately and notify the sender. Any > unauthorized use or disclosure of this message is strictly prohibited. > Faurecia does not guarantee the integrity of this transmission and shall > therefore never be liable if the message is altered or falsified nor for any > virus, interception or damage to your system. > > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
