Bug 1358807

Summary: capsule-installer doesn't properly clean up custom certs when providing new certs during an install
Product: Red Hat Satellite Reporter: Craig Donnelly <cdonnell>
Component: InstallationAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED WONTFIX QA Contact: Katello QA List <katello-qa-list>
Severity: high Docs Contact:
Priority: high    
Version: 6.1.9CC: chrobert, pmutha, stbenjam
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-09-04 18:02:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Craig Donnelly 2016-07-21 14:06:10 UTC 
Description of problem:
A run of capsule-installer where you provide an updated certs-tar file that has correct custom certs inside will not properly clean up previous custom certs that had issues/were incorrect.

Ex. Ran capsule-installer with certs signed by the wrong CA, then attempting to correct.

Version-Release number of selected component (if applicable):
6.1.9

How reproducible:
Always.

Steps to Reproduce:
1. Run capsule-installer with a certs-tar containing custom certs signed by the wrong CA compared to the Satellite. (This will fail with 422, etc..)
2. Regenerate the certs-tar with proper certs signed by same CA.
3. Run capsule-installer with the new certs-tar.

Actual results:
Install still fails.

Expected results:
Install should succeed with new certs.

Additional info:
I have not been able to narrow down the exact cause, but the workaround to this issue is to remove all files inside the following folders for a successful install:

1. /root/ssl-build
2. /etc/pki/katello/*
3. /etc/pki/katello-certs-tools/*
Comment 2 Bryan Kearney 2018-09-04 18:02:18 UTC 
Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in the product in the foreseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.