Jan Pazdziora wrote:
On Mon, Dec 22, 2008 at 12:44:28PM -0800, Dave Parker wrote:
3) those files expect to find a cert/key pair called spacewalk.* in the
/etc/pki/tls structure. The package that installs the zz-* files sets up a pair
of symlinks in /etc/pki/tls that point to the cert/key pair spacewalk installs
in /etc/httpd/conf/ssl.* (it looked too treacherous to try to change the latter
at this time).
4) adds to spacewalk-setup the ability to backup and generate a new
/etc/httpd/conf.d/ssl.conf. This was necessary as the default ssl.conf provided
by the mod_ssl package defines the _default_:443 ssl server, and does so in a
way that's incompatible with spacewalk for lack of three directives. As it's
improper for a second rpm to alter %config files from a first, it's implemented
instead as a question in spacewalk-setup.
Dave,
Milan and I have been working on upgrade problems.
It seems, the change you did to spacewalk-setup does not add the SSL
configuration to /etc/httpd/conf.d/ssl.conf upon upgrade. So after
upgrade, the config is not used.
I addition to that, I really wonder why you've decided to put whole
new content to that /etc/httpd/conf.d/ssl.conf instead of just
changing the SSLCertificateFile and SSLCertificateKeyFile to
/etc/pki/tls/private/spacewalk.* (while commenting out the original
values), and adding those three mod_rewrite lines to _default_:443's
VirtualHost section. That way, whatever setting the system
administrator would have in that file would be preserved, plus the
code would be usable for upgrades as well.
Could we get the SSL-config-changing procedure improved for 0.5?
Hi Dave, just wish to check that this is indeed not an issue for
Spacewalk upgrades and/or then being sucked into future Satellite
releases. Please work with Milan if further consideration is needed.
Thanks,
Cliff
_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
