Bug 1415139

Summary: [RFE] Need the ability to supply dsn_alt_names for Puppet cert as part of satellite-installer --scenario capsule
Product: Red Hat Satellite Reporter: Ian Tewksbury <itewksbu>
Component: InstallationAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED DUPLICATE QA Contact: Katello QA List <katello-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2.4CC: bbuckingham, egolov, itewksbu, jcallaha, stbenjam
Target Milestone: UnspecifiedKeywords: FutureFeature, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-23 14:37:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ian Tewksbury 2017-01-20 11:50:40 UTC 
Description of problem:

When putting a load balancer in front of Satellite Capsules that have the Puppet feature the Puppet Certs for those Satellite Capsules must all have a DNS Alternative Name of the load balanced FQDN included in the Puppet certificate for hosts to be able to communicate to the Satellite Capsules via the load balanced FQDN.


Version-Release number of selected component (if applicable):
6.2.4

How reproducible:
RFE, always

Work Around:

1) On Capsule Server  : Run the `satellite-installer --scenario capsule`
2) On Satellite Server: `puppet cert clean $(hostname -f)`
3) On Satellite Server: `puppet cert generate $HOSTNAME --dns_alt_names=capsule.example.net,capsule.example.org`

Request:
add a --dns-alt-names (or equivlant) flag to the satellite-installer to be able to specify dns-alt names as part of the satellite-installer process
Comment 2 Stephen Benjamin 2017-01-23 14:37:33 UTC 
This will be available in Satellite 6.3.

Puppet configuration is managed using the 'puppet' puppet class inside the installer, but it's not exposed as a top-level option to the user in current versions of Satellite.  That many change so these would all be available as '--puppet-<parameter name>', but starting in *6.3*, we have a solution for any of the classes using hiera.

See https://bugzilla.redhat.com/show_bug.cgi?id=1305782#c14 and comments 15 and 16 for an understanding of how this works, but it's essentially a single YAML file in /etc/foreman-installer/custom-hiera.conf.

You can look at /etc/foreman-installer/modules/puppet/manifests/init.pp to see what can be set for the puppet class.


The DNS alt names option is one of the ones available.  So, in your case, the custom-hiera.conf would look like:

---
puppet::dns_alt_names: ['foo1.example.com', 'foo2.example.com']

*** This bug has been marked as a duplicate of bug 1305782 ***
Comment 3 Ian Tewksbury 2017-01-23 14:46:17 UTC 
Stephen,

Thank you. So to be clear this will not be available until Sat 6.3 correct?

Blue Skies,
~Ian
Comment 4 Stephen Benjamin 2017-01-25 20:15:06 UTC 
For right now, that's the plan.