Thanks, Paul, for your message. I did update the CA cert on the hosts (and edited their configurations to point to it). The package events work GREAT across the servers!
The real trouble is with, for example, the "compare-configs-default" task (via the built-in Task Engine). Anyone have any ideas why this is now wedged? (Some configuration file that needs a new pointer to the new cert, or where a password is wrong, for example?) TIA, Andy PS, I'm not sure I agree with your assessment of the heartbleed vulnerability, but that's a discussion for another time and/or place. ;) From: Paul Robert Marino <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Thursday, April 24, 2014 7:16 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [Spacewalk-list] after installation of 3rd party SSL certificate, now getting (intermittent) errors! Did you deploy the CA cert from the third party signer to the hosts as in place of the one initially deployed by spacewalk or update the /etc/sysconfig/rhn/up2date file to point to the stock copy form the 3rd party vendor deployed by the rpm included in the distro. Also heartbleed effected a smaller number of certs than most people think essentially if the cert was generated prior to the poisonous patch its safe. Its only new certs generated by versions after the poisonous patch and or systems that haven't updated the openssl libraries since which are vulnerable. The vast majority of production systems are reasonably safe. Further more I wouldn't worry about it that much unless your traffic goes over a public network. Essentially if someone has the access to utilize it in your internal network you have a much bigger problem. To be clear if you are vulnerable its a huge problem especially if you deal with ecommerce, web based financial information, or data that can be used for identity theaft. But you have really look at and understand the problem before you should panic and replace all your certs. -- Sent from my HP Pre3 ________________________________ On Apr 24, 2014 14:19, Andy Ingham <[email protected]<mailto:[email protected]>> wrote: Ever since we switched from a self-signed to a third-party SSL certificate two days ago (thank you, Heartbleed!), I've seen intermittent issues. The most obvious error: the daily 11:00 PM "compare-configs-default" task (which has always run successfully for all 70+ servers), now is failing for 98% (but not ALL!) hosts. The event message when it fails is: "This action has been picked up multiple times without a successful transaction; this action is now failed for this system." The osa-dispatcher.log and rhn_server_xmlrpc.log show LOTS of entries like rhnSQL/driver_postgresql.check_connection('ERROR', "DATABASE CONNECTION TO 'spaceschema' LOST", "Exception information: Database instance has no attribute 'dbh'") clustered around the time of the scheduled run I've done full restarts of postgres and spacewalk (and even a full reboot for good measure). Is there some reason that a cert change would lead to problems with postgres connections, or is the error above a red herring? Any ideas of where to look next? TIA, Andy Andy Ingham IT Infrastructure Fuqua School of Business Duke University _______________________________________________ Spacewalk-list mailing list [email protected]<mailto:[email protected]> https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
