Bug 1020952
Summary: | [RFE] SSL encrypted connection for external PostgreSQL database | ||
---|---|---|---|
Product: | Red Hat Satellite 5 | Reporter: | Matej Kollar <mkollar> |
Component: | Server | Assignee: | Matej Kollar <mkollar> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Martin Korbel <mkorbel> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 560 | CC: | cperry, jhutar, mkollar, mkorbel, xdmoon |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | spacewalk-config-2.3.0-3-sat, spacewalk-setup-2.3.0-15-sat | Doc Type: | Enhancement |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-01-20 11:18:10 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1128175 |
Description
Matej Kollar
2013-10-18 15:15:29 UTC
Spacewalk.git: b59805075c45e0d03156b48d76c4e9fb9b4c46d9 f04c975fc675e4eaa5d6535a2049f7e10abf8760 bc89a7d2b00da730b1655606622ff61dfe789a8a 01afc927f1fb519884cfe900c4169360fcbf243c 7a22df856e85d474132dfd667b1b5e24b6e66041 HowTo document for spacewalk: https://fedorahosted.org/spacewalk/wiki/HowToPostgreSQLoverSSL I agree Martin. It seems the instructions "How to setup Spacewalk with PostgreSQL database over SSL" work nice on a running Spw/Sat. However the Spw/Sat installer isn't ready to setup the server to communicate with the external DB via SSL only. Ideally if the installer would detect the external DB is setup to accept SSL connections, it would ask the user, whether he wants to setup Spw/Sat to communicate with the DB over SSL only. If so, it would set the "db_ssl_enabled = 1" to rhn.conf, and ask for the postgresql-db-root-ca.cert, or other needed information. I mean something a little different. No autodetect, but if the user configures the installer for installation with SSL (he has to set all required parameters CA certicate, port, ...) and this setting can be used in rhn.conf and Java before restarting of tomcat. I mean, we should have two ways to setup SSL: 1. installation with SSL (the installator automaticly configures rhn.conf and Java for using SSL) 2. installation without SSL (or existing satellite), manualy changes in rhn.conf and Java for enable SSL Some work on installer. spacewalk.git: d7be2430cc0ebf5aa803203898d3e24eb430f564 Also updated https://fedorahosted.org/spacewalk/wiki/HowToPostgreSQLoverSSL appropriately. upstream work spacewalk.git: 2a23154816658b06b73a6b577f6be31869a1b9ed Upstream work spacewalk.git: bcda94c0148a59e73c287d81e85a493cdbeb5e85 @#c18: That is ok. |