Bug 1013802

Fixing version assignment

RHUI-3 uses a different installer that allows you to specify certificate expiration in days

On 20161115 iso, 

1) if the cert expires, the user will see: 

RHUI Username: admin
RHUI Password: 
Server certificate is not signed by a trusted authority.

Is it too generic maybe? What about adding smth like: "or has expired"

2) --certs-ca-expiration is checked to be an integer. However it shouldn't be a negative or zero integer.

rhui-installer --certs-ca-expiration=string
Parameter certs-ca-expiration invalid
Error during configuration, exiting
Please check the settings in /etc/rhui-installer/answers.yaml
[root@ns01 ~]# rhui-installer --certs-ca-expiration=1.05
Parameter certs-ca-expiration invalid
Error during configuration, exiting
Please check the settings in /etc/rhui-installer/answers.yaml
[root@ns01 ~]# rhui-installer --certs-ca-expiration=''
Parameter certs-ca-expiration invalid
Error during configuration, exiting
Please check the settings in /etc/rhui-installer/answers.yaml
[root@ns01 ~]# rhui-installer --certs-ca-expiration=0
Preparing installation Debug: Automatically imported concat from concat i^C/usr/share/gems/gems/kafo-0.7.3/lib/kafo/kafo_configure.rb:390:in `each': Interrupt
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/kafo_configure.rb:390:in `block in run_installation'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/kafo_configure.rb:388:in `spawn'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/kafo_configure.rb:388:in `run_installation'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/kafo_configure.rb:149:in `execute'
	from /usr/share/gems/gems/clamp-0.6.2/lib/clamp/command.rb:67:in `run'
	from /usr/share/gems/gems/clamp-0.6.2/lib/clamp/command.rb:125:in `run'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/kafo_configure.rb:156:in `run'
	from /sbin/rhui-installer:5:in `<main>'

[root@ns01 ~]# rhui-installer --certs-ca-expiration=-100
Preparing installation Done                                              
  Something went wrong! Check the log for ERROR-level output
  The full log is at /var/log/kafo/configuration.log
Please check the settings in /etc/rhui-installer/answers.yaml
[root@ns01 ~]# rhui-installer --certs-ca-expiration=100
Preparing installation Debug: importing '/usr/share/rhui-installer/module^C/usr/share/gems/gems/kafo-0.7.3/lib/kafo/kafo_configure.rb:390:in `each': Interrupt
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/kafo_configure.rb:390:in `block in run_installation'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/kafo_configure.rb:388:in `spawn'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/kafo_configure.rb:388:in `run_installation'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/kafo_configure.rb:149:in `execute'
	from /usr/share/gems/gems/clamp-0.6.2/lib/clamp/command.rb:67:in `run'
	from /usr/share/gems/gems/clamp-0.6.2/lib/clamp/command.rb:125:in `run'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/kafo_configure.rb:156:in `run'
	from /sbin/rhui-installer:5:in `<main>'

With certs-ca-expiration <= 0, I get:

# rhui-installer --certs-ca-expiration=-100
 validate_integer(): Expected -100 to be greater or equal to 1, got -100. at /usr/share/rhui-installer/modules/rhua/manifests/init.pp:139 on node rhua.example.com
 validate_integer(): Expected -100 to be greater or equal to 1, got -100. at /usr/share/rhui-installer/modules/rhua/manifests/init.pp:139 on node rhua.example.com
Preparing installation Done                                              
  Something went wrong! Check the log for ERROR-level output
  The full log is at /var/log/kafo/configuration.log
Please check the settings in /etc/rhui-installer/answers.yaml

That's better, although one could argue that it's a very technical error message.

As for expired cert, I didn't try using one, but I still see:

/usr/lib/python2.7/site-packages/rhui/tools/launcher.py:142:        prompt.write(prompt.color(_('Server certificate is not signed by a trusted authority.'),

(So, no "or has expired".)

Leaving in ON_QA.

Given the proximity to releasing GA at this point, the plan is to move the "or has expired" portion to it's own bug, and QA the rest against the GA build.

(In reply to Irina Gulina from comment #9)
> On 20161115 iso, 
> 
> 1) if the cert expires, the user will see: 
> 
> RHUI Username: admin
> RHUI Password: 
> Server certificate is not signed by a trusted authority.
> 
> Is it too generic maybe? What about adding smth like: "or has expired"

Filed bug 1415097 to track this post GA.

> 2) --certs-ca-expiration is checked to be an integer. However it shouldn't
> be a negative or zero integer.

This is (still) handled correctly in build 20170118:

With 0:
 validate_integer(): Expected 0 to be greater or equal to 1, got 0. at /usr/share/rhui-installer/modules/rhua/manifests/init.pp:139 on node rhua.example.com

With a negative integer:
 validate_integer(): Expected -100 to be greater or equal to 1, got -100. at /usr/share/rhui-installer/modules/rhua/manifests/init.pp:139 on node rhua.example.com

With a non-integer parameter:
Parameter certs-ca-expiration invalid

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0367