Bug 1330566

Summary: Cannot update custom certs with capsule-certs-generate --certs-update-server
Product: Red Hat Satellite Reporter: Sanket Jagtap <sjagtap>
Component: InstallerAssignee: Stephen Benjamin <stbenjam>
Status: CLOSED ERRATA QA Contact: Sanket Jagtap <sjagtap>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.2.0CC: bbuckingham, dmoessne, kbidarka, mmccune, tom.oliveri, xdmoon
Target Milestone: UnspecifiedKeywords: Regression, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: katello-installer-base-3.0.0.43-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-27 11:30:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1291065    

Description Sanket Jagtap 2016-04-26 13:19:36 UTC 
Description of problem:
Build: snap 9.1

Version-Release number of selected component (if applicable):


How reproducible:



Steps to Reproduce:
1. Set up satellite 6 with custom certificate following install guide
2. Set up External capsule with custom certificate 
3. try to update the certs on capsule , by using capsule-certs-generate and --certs-update-server option.
Actual results:


Expected results:
The certs should be updated and new capsule-certs.tar should be created

Actual result:

capsule-certs-generate --capsule-fqdn "sjagtap-capsule.satellite.lab.eng.rdu2.redhat.com" --certs-tar /root/certscap/sjagtap-capsule.satellite.lab.eng.rdu2.redhat.com.tar --server-cert /root/certscap/sjagtap-capsule.satellite.lab.eng.rdu2.redhat.com.crt --server-cert-req /root/certscap/sjagtap-capsule.satellite.lab.eng.rdu2.redhat.com.crt.req --server-key /root/certscap/sjagtap-capsule.satellite.lab.eng.rdu2.redhat.com.key --server-ca-cert /root/certscap/cacert.crt --certs-update-server
Marking certificate /root/ssl-build/sjagtap-capsule.satellite.lab.eng.rdu2.redhat.com/sjagtap-capsule.satellite.lab.eng.rdu2.redhat.com-apache for update
Marking certificate /root/ssl-build/sjagtap-capsule.satellite.lab.eng.rdu2.redhat.com/sjagtap-capsule.satellite.lab.eng.rdu2.redhat.com-foreman-proxy for update
Command '/usr/share/katello-installer-base/bin/katello-certs-check -c "/root/certscap/sjagtap-capsule.satellite.lab.eng.rdu2.redhat.com.crt" -r "/root/certscap/sjagtap-capsule.satellite.lab.eng.rdu2.redhat.com.crt.req" -k "/root/certscap/sjagtap-capsule.satellite.lab.eng.rdu2.redhat.com.key" -b "/root/certscap/cacert.crt"' exited with 127:
 sh: /usr/share/katello-installer-base/bin/katello-certs-check: No such file or directory
/usr/share/gems/gems/kafo-0.7.3/lib/kafo/hook_context.rb:71:in `exit': private method `exit' called for #<Kafo::KafoConfigure:0x000000029fb1e8> (NoMethodError)
	from /usr/share/katello-installer-base/hooks/pre/20-certs_update.rb:9:in `error'
	from /usr/share/katello-installer-base/hooks/pre/20-certs_update.rb:62:in `block (4 levels) in load'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/hooking.rb:34:in `instance_eval'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/hooking.rb:34:in `block (4 levels) in load'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/hook_context.rb:13:in `instance_exec'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/hook_context.rb:13:in `execute'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/hooking.rb:51:in `block in execute'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/hooking.rb:49:in `each'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/hooking.rb:49:in `execute'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/kafo_configure.rb:373:in `run_installation'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/kafo_configure.rb:149:in `execute'
	from /usr/share/gems/gems/clamp-0.6.2/lib/clamp/command.rb:67:in `run'
	from /usr/share/gems/gems/clamp-0.6.2/lib/clamp/command.rb:125:in `run'
	from /usr/share/gems/gems/kafo-0.7.3/lib/kafo/kafo_configure.rb:156:in `run'
	from /usr/sbin/capsule-certs-generate:49:in `<main>'


Additional info:
Comment 2 Stephen Benjamin 2016-05-24 11:37:27 UTC 
Created redmine issue http://projects.theforeman.org/issues/15158 from this bug
Comment 3 Bryan Kearney 2016-06-06 16:15:20 UTC 
Moving to POST since upstream bug http://projects.theforeman.org/issues/15158 has been closed
Comment 4 Justin Sherrill 2016-06-07 18:19:51 UTC 
*** Bug 1339205 has been marked as a duplicate of this bug. ***
Comment 5 Sanket Jagtap 2016-06-15 09:57:56 UTC 
build : Satellite 6.2 snap 15.2

capsule-certs-generate --capsule-fqdn "xyz.com" --certs-tar /root/certscap/xyz.com.tar --server-cert /root/certscap/xyz.com.crt --server-cert-req /root/certscap/xyz.com.crt.req --server-key /root/certscap/xyz.com.key --server-ca-cert /root/cacertcap.crt --certs-update-server
Marking certificate /root/ssl-build/xyz.com/xyz.com-apache for update
Marking certificate /root/ssl-build/xyz.com/xyz.com-foreman-proxy for update
Installing             Done                                               [100%] [..................................................................................]
  Success!

  To finish the installation, follow these steps:
...
....
Comment 6 Bryan Kearney 2016-07-27 11:30:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1501
Comment 7 Tom 2020-03-25 03:17:29 UTC 
Ran into this issue with capsule 6.6 

I just had to 'mkdir /root/ssl-build/; mkdir /root/ssl-build/$(hostname -f)'