 | | | Proxy Servers & Failover to the Mothership | Proxy Servers & Failover to the Mothership 2005-04-06 - By inode0
Back
After spending some time yesterday trying to configure server failover
so if our local rhn proxy were unavailable our clients will failover
to the central RHN servers for updates I thought I would share what I
discovered.
Documentation for this new arrangement appears at
http://rhn.redhat.com/help/client-config/s1-latest-clients-configuring.html#S2
-CLIENT-CONFIG-FAILOVER
and seems lacking in a couple of respects.
First, "add the fully qualified domain names (FQDN) for the Proxy or
Satellite immediately after the primary server, separated by a
semicolon (;)." It appears to me from experimentation that you need to
terminate each with a semicolon rather than just separate them by
semicolons. So the example given
serverURL=https://your_primary.your_domain.com/XMLRPC;https://your_secondary
.your_domain.com/XMLRPC
actually should be
serverURL=https://your_primary.your_domain.com/XMLRPC;https://your_secondary
.your_domain.com/XMLRPC;
Other obvious typos occur in the noSSLServer line in the example given here.
The more critical piece of information missing from these instructions
is that no mention is made of the sslCACert variable which likely also
needs to be modified as if you are a proxy user you probably have it
pointing to your proxy server's certificate. Something like
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT;/usr/share/rhn/RHNS-CA-CERT;
seems to work for us.
Can anyone confirm any of this? I'm eager to roll this feature out to
our clients.
I'm also curious if anyone can confirm that with older up2date clients
these changes are harmless? Or is it really necessary to determine the
version of up2date before making these modifications to
/etc/sysconfig/rhn/up2date?
Thanks,
John
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@(protected)?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
Earn $52 per hosting referral at Lunarpages.
|
|
|