Bug 1518848

Summary: tomcat doesn't update certificate after katello-change-hostname
Product: Red Hat Satellite Reporter: Tomer Brisker <tbrisker>
Component: Backup & RestoreAssignee: John Mitsch <jomitsch>
Status: CLOSED WONTFIX QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 6.3.0CC: adahms, bbuckingham, bkearney, jomitsch, mmccune
Target Milestone: UnspecifiedKeywords: PrioBumpGSS, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
The command katello-change-hostname creates an error condition when run on Satellite 6.2 during migration and upgrade. This occurs because of a bug in the version of the katello-change-hostname command in the 6.2 release. To avoid this problem, complete the upgrade to Satellite 6.3 before running the katello-change-hostname command.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-11-26 19:32:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1115190, 1533259    

Description Tomer Brisker 2017-11-29 16:14:10 UTC 
Description of problem:
Tomcat doesn't change the change the server certificate to the new hostname after katello-change-hostname is run on a cloned 6.2 Satellite, leading to failure during 6.3 upgrade proccess. 

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Clone a 6.2 Satellite
2. run `katello-change-hostname new.example.com`
3. try to upgrade satellite to 6.3 using foreman-maintain.

Actual results:
Upgrade fails in stage `foreman-rake katello:clean_backend_objects` because katello refuses to connect to candlepin due to the fact candlepin provides an invalid server certificate. 


Expected results:
Upgrade successful.

Additional info:
If upgrade failed, remove /etc/tomcat/keystore and /etc/pki/katello/keystore and rerun satellite-installer with no arguments to regenerate the correct keystores before rerunning the upgrade process.
This may have to do with the fact that katello-change-hostname was run with satellite 6.2 so that its code and puppet-cert code is an older version than that shipped in 6.3.
Comment 1 Mike McCune 2017-11-30 17:45:20 UTC 
This needs to go into 6.2.z as the katello-change-hostname is taking place on the prior version. 

It works fine in 6.3.
Comment 3 Mike McCune 2017-11-30 17:47:17 UTC 
*** WORKAROUND ***

1) remove /etc/tomcat/keystore and /etc/pki/katello/keystore 

2) rerun satellite-installer with no arguments
Comment 9 Bryan Kearney 2018-11-26 19:32:40 UTC 
Satellite 6.2 has reached maintenance support phase 2 [1]. This bug does not quality for inclusion in a 6.2.z release during this support phase. I am therefore closing this bug out.

[1] https://access.redhat.com/support/policy/updates/satellite