After spending some time yesterday trying to configure server failover so if our local rhn proxy were unavailable our clients will failover to the central RHN servers for updates I thought I would share what I discovered. Documentation for this new arrangement appears at http://rhn.redhat.com/help/client-config/s1-latest-clients-configuring.html#S2-CLIENT-CONFIG-FAILOVER and seems lacking in a couple of respects. First, "add the fully qualified domain names (FQDN) for the Proxy or Satellite immediately after the primary server, separated by a semicolon (;)." It appears to me from experimentation that you need to terminate each with a semicolon rather than just separate them by semicolons. So the example given serverURL=https://your_primary.your_domain.com/XMLRPC;https://your_secondary.your_domain.com/XMLRPC actually should be serverURL=https://your_primary.your_domain.com/XMLRPC;https://your_secondary.your_domain.com/XMLRPC; Other obvious typos occur in the noSSLServer line in the example given here. The more critical piece of information missing from these instructions is that no mention is made of the sslCACert variable which likely also needs to be modified as if you are a proxy user you probably have it pointing to your proxy server's certificate. Something like sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT;/usr/share/rhn/RHNS-CA-CERT; seems to work for us. Can anyone confirm any of this? I'm eager to roll this feature out to our clients. I'm also curious if anyone can confirm that with older up2date clients these changes are harmless? Or is it really necessary to determine the version of up2date before making these modifications to /etc/sysconfig/rhn/up2date? Thanks, John -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
