Bug 1419511

Summary: capsule-certs-generate overwrites /etc/httpd/conf.d/pulp.conf wrongfully on satellite
Product: Red Hat Satellite Reporter: Ahmed Nazmy <anazmy>
Component: UpgradesAssignee: Stephen Benjamin <stbenjam>
Status: CLOSED ERRATA QA Contact: jcallaha
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.2.7CC: aladke, bkearney, brcoca, bscalio, cdonnell, egolov, fgarciad, hmore, inecas, jcallaha, mbacovsk, mtenheuv, nshaik, oshtaier, psuriset, stbenjam, zhunting
Target Milestone: UnspecifiedKeywords: PrioBumpGSS
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: katello-installer-base-3.0.0.76-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-06 08:37:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1410795    

Description Ahmed Nazmy 2017-02-06 11:39:58 UTC 
Description of problem:

On sat 6.2.7 , if you try to register a capsule using capsule-certs-generate it wrongfully overwrites /etc/httpd/conf.d/pulp.conf which leads to broken pulp api calls , seems this was a bug fix for BZ1405536

Version-Release number of selected component (if applicable):
Sat 6.2.7 

How reproducible:
Always

Steps to Reproduce:
1. on fresh or upgraded sat 6.2.7 or try check content of /etc/httpd/conf.d/pulp.conf

2. run : capsule-certs-generate --capsule-fqdn capsule.example.com --certs-tar ~/capsule.example.com-certs.tar

3. check content of /etc/httpd/conf.d/pulp.conf 

Actual results:

/etc/httpd/conf.d/pulp.conf now has no config to route pulp/api calls which leads to 404 Resource not found errors 


Expected results:

capsule-certs-generate  should not alter /etc/httpd/conf.d/pulp.conf on satellite 

Additional info:
Comment 1 Ahmed Nazmy 2017-02-06 11:41:33 UTC 
A workaround to fix is to rerun :
satellite-installer --scenario satellite --upgrade
Comment 4 Stephen Benjamin 2017-02-06 14:19:03 UTC 
Created redmine issue http://projects.theforeman.org/issues/18402 from this bug
Comment 5 Stephen Benjamin 2017-02-06 14:33:27 UTC 
Verification steps:

1. Ensure /etc/http/conf.d/pulp.conf contains configuration, ensure `hammer ping` shows all services OK
2. Run `capsule-certs-generate --capsule-fqdn capsule.example.com --certs-tar /tmp/capsule.tar.gz`
3. Ensure pulp.conf remains unchanged
4. Run `katello-service restart` and ensure `hammer ping` is still OK
Comment 9 Harshad More 2017-02-08 10:53:14 UTC 
Got below error while doing repository sync:
"There was an issue with the backend service pulp: 404 Resource Not Found (RuntimeError)"

hammer ping failed at pulp only without any output at Server Response

Fixed issue by running installer on satellite server:
# satellite-installer --scenario satellite --upgrade
Comment 10 jcallaha 2017-02-13 21:49:00 UTC 
Verified in Satellite 6.2.8 Snap 2.

-bash-4.2# cat /etc/httpd/conf.d/pulp.conf > pulp_before.conf
-bash-4.2# capsule-certs-generate --capsule-fqdn my.capsule.fqdn.rehat.com --certs-tar my.capsule.fqdn.rehat.com
Installing             Done                                               [100%] [..........................................................................................................]
  Success!

  To finish the installation, follow these steps:

  If you do not have the capsule registered to the Satellite instance, then please do the following:

  1. yum -y localinstall http://sat-qe-1.rhq.lab.eng.bos.redhat.com/pub/katello-ca-consumer-latest.noarch.rpm
  2. subscription-manager register --org "Default_Organization"

  Once this is completed run the steps below to start the capsule installation:

  1. Ensure that the satellite-capsule package is installed on the system.
  2. Copy my.capsule.fqdn.rehat.com to the system my.capsule.fqdn.rehat.com
  3. Run the following commands on the capsule (possibly with the customized
     parameters, see satellite-installer --scenario capsule --help and
     documentation for more info on setting up additional services):

  satellite-installer --scenario capsule\
                    --capsule-parent-fqdn                         "sat-qe-1.rhq.lab.eng.bos.redhat.com"\
                    --foreman-proxy-register-in-foreman           "true"\
                    --foreman-proxy-foreman-base-url              "https://sat-qe-1.rhq.lab.eng.bos.redhat.com"\
                    --foreman-proxy-trusted-hosts                 "sat-qe-1.rhq.lab.eng.bos.redhat.com"\
                    --foreman-proxy-trusted-hosts                 "my.capsule.fqdn.rehat.com"\
                    --foreman-proxy-oauth-consumer-key            "xxKkZmZvVPAbyDHcd3gQUzKKcbeeGRbL"\
                    --foreman-proxy-oauth-consumer-secret         "BHoLmatS6gMBH4SG5Tah4M3zgya4Rrvm"\
                    --capsule-pulp-oauth-secret                   "8n85XdQij7N8u3VyQJZbqssthF8MpmDo"\
                    --capsule-certs-tar                           "my.capsule.fqdn.rehat.com"
  The full log is at /var/log/capsule-certs-generate.log
-bash-4.2# cat /etc/httpd/conf.d/pulp.conf > pulp_after.conf
-bash-4.2# diff pulp_before.conf pulp_after.conf 
-bash-4.2#
Comment 11 Stephen Benjamin 2017-02-21 17:53:00 UTC 
*** Bug 1425550 has been marked as a duplicate of this bug. ***
Comment 13 errata-xmlrpc 2017-03-06 08:37:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0447