Hello Joe, Yes the spacewalk key will be signed by a CA centrally used in our organization.
I am very interested in the steps to integrate a "external" signed cert in to spacewalk. Could you please send it to me. regards Michael -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Joe Belliveau Gesendet: Mittwoch, 6. November 2013 19:35 An: [email protected] Betreff: Re: [Spacewalk-list] Spacewalk use Hostname Alias instead of cname I see... the spacewalk key will not be a self signed from it's own host ? If not there is steps to provide a cert to the spacewalk host instead of generating it. Also the host name tags are all in the RHN config folder. as far I remember most tools get the host from there. -Joe On Nov 6, 2013, at 12:08 PM, "FRANK Michael" <[email protected]> wrote: > Hello Joe, > > Due to very strong naming conventions in our datacenter I am not free to name > my hosts as I want. Also past experience showed us that appliactions need to > be moved to other platforms and need to renamed then. Also it happened two > times in the past three years that we had to move to a different datacenter > host for economic reasons. For that situation we developed the approach to > add an alias or better say cname record for the host or better say for the > application in order to simplify host name changes. > > The SSL certificates is a different story because we have to use the certs > from a central CA in the organization. I could add the alias on the CA > request but currently I have no idea how to import the CA and host keys. > rhn-ssl-tool don't offer me to import key files from external CA as far as I > know. > > The hostname is used in a plenty of other configuration files like jabber, > cobbler etc. To have a complete list would be very helpful. > > > regards > > Michael > > -----Ursprüngliche Nachricht----- > Von: [email protected] > [mailto:[email protected]] Im Auftrag von Joe Belliveau > Gesendet: Mittwoch, 6. November 2013 14:33 > An: [email protected] > Betreff: Re: [Spacewalk-list] Spacewalk use Hostname Alias instead of cname > > I run my spacewalk server with Aliases. > > However i would rename the host to the alias. Something that won't change > often. > > Also why would you be renaming the host often ? Usually an update server is > infrastructure and that should not move often. > > In the ssl build reply file just add all the aliases, like you would any > other certificate request. > > How I do it is I name my hosts spacewalk-ma-01,02,03 etc. then alias them > with a tag like cambridge , boston, worcester (Massachusetts cities > indicating their locations) so that the datacenter guys can easily join them > to the local repo. > > BTW mine are all proxy servers to the main. > > I think you need to consider just aliases in the ssl cert my friend. > > -Joe > > On Nov 6, 2013, at 8:02 AM, "FRANK Michael" <[email protected]> > wrote: > >> Hello Michael, >> >> With alias I meant a cname record. >> >> regards >> >> Mike >> >> -----Ursprüngliche Nachricht----- >> Von: [email protected] >> [mailto:[email protected]] Im Auftrag von Michael Mraka >> Gesendet: Mittwoch, 6. November 2013 13:31 >> An: [email protected] >> Betreff: Re: [Spacewalk-list] Spacewalk use Hostname Alias instead of cname >> >> FRANK Michael wrote: >> % Hello community, >> % >> % I am a novice with spacewalk and currently on the way to setup a % >> productive system. To have the most flexibility we plan to use a DNS % alias >> for the spacewalk hostname instead of the cname. This because we % may have >> to move spacewalk later to a different host with a different % hostname >> (cname). >> >> Hello Michael, >> >> I don't quite understand what's a DNS alias. >> Is it secondary A record or CNAME record? >> >> % I read the doc about spacewalk-hostname-rename but there is no way to % >> set other host name then the cname. >> % >> % Does anyone has an idea how this could work? >> % >> % Any help is much appreciated. >> % >> % Many thanks for all your work. >> % >> % Regards >> % >> % Mike >> >> >> Regards, >> >> -- >> Michael Mráka >> Satellite Engineering, Red Hat >> >> _______________________________________________ >> Spacewalk-list mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/spacewalk-list >> >> >> DISCLAIMER: >> This electronic transmission (and any attachments thereto) is intended >> solely for the use of the addressee(s). It may contain confidential or >> legally privileged information. If you are not the intended recipient of >> this message, you must delete it immediately and notify the sender. Any >> unauthorized use or disclosure of this message is strictly prohibited. >> Faurecia does not guarantee the integrity of this transmission and shall >> therefore never be liable if the message is altered or falsified nor for any >> virus, interception or damage to your system. >> >> >> _______________________________________________ >> Spacewalk-list mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/spacewalk-list > > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list > > > DISCLAIMER: > This electronic transmission (and any attachments thereto) is intended solely > for the use of the addressee(s). It may contain confidential or legally > privileged information. If you are not the intended recipient of this > message, you must delete it immediately and notify the sender. Any > unauthorized use or disclosure of this message is strictly prohibited. > Faurecia does not guarantee the integrity of this transmission and shall > therefore never be liable if the message is altered or falsified nor for any > virus, interception or damage to your system. > > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list DISCLAIMER: This electronic transmission (and any attachments thereto) is intended solely for the use of the addressee(s). It may contain confidential or legally privileged information. If you are not the intended recipient of this message, you must delete it immediately and notify the sender. Any unauthorized use or disclosure of this message is strictly prohibited. Faurecia does not guarantee the integrity of this transmission and shall therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system. _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
