Bug 1523880
Summary: | katello-change-hostname fails when Satellite uses custom certs | |||
---|---|---|---|---|
Product: | Red Hat Satellite | Reporter: | sthirugn <sthirugn> | |
Component: | Backup & Restore | Assignee: | John Mitsch <jomitsch> | |
Status: | CLOSED ERRATA | QA Contact: | jcallaha | |
Severity: | high | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 6.3.0 | CC: | bbuckingham, egolov, jcallaha, jomitsch, rjerrido | |
Target Milestone: | Unspecified | Keywords: | Triaged | |
Target Release: | Unused | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | katello-3.0.0-33 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1533951 (view as bug list) | Environment: | ||
Last Closed: | 2018-02-05 16:30:17 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1533259, 1533951 |
Description
sthirugn@redhat.com
2017-12-08 23:50:24 UTC
This issue was found in 6.2.z. Created redmine issue http://projects.theforeman.org/issues/22181 from this bug We may need to pull in https://bugzilla.redhat.com/show_bug.cgi?id=1501980, its an issue for 6.3, but not sure if its affecting 6.2. If so, it affects hostname change w/ custom certs. Verified in Satellite 6.2.14 Snap 3. k-c-h is working perfectly with custom certs on both RHEL 6 and RHEL 7. Helper script to generate custom certs. https://gist.github.com/JacobCallahan/f865e29c8abb8ed79f411c7fae081dd2 Verification steps: 1. Generate new custom certs 2. Rerun satellite installer with custom certs. 3. Edit cert generator to remove genca step (line 9) 4. Generate certs for the hostname you are changing to 5. Run k-c-h, specifying the custom cert locations Result: -bash-4.2# katello-change-hostname -u admin -p changeme -y \ -c "/root/ownca/test.com/test.com.crt"\ -r "/root/ownca/test.com/test.com.crt.req"\ -k "/root/ownca/test.com/test.com.key" test.com Checking custom certificates Checking hostname validity Checking overall health of server Checking credentials Updating default Capsule Updating installation media paths updating hostname in /etc/hostname setting hostname checking if hostname was changed stopping services Redirecting to /bin/systemctl stop foreman-tasks.service Redirecting to /bin/systemctl stop httpd.service Redirecting to /bin/systemctl stop pulp_workers.service Redirecting to /bin/systemctl stop foreman-proxy.service Redirecting to /bin/systemctl stop pulp_streamer.service Redirecting to /bin/systemctl stop pulp_resource_manager.service Redirecting to /bin/systemctl stop pulp_celerybeat.service Redirecting to /bin/systemctl stop smart_proxy_dynflow_core.service Redirecting to /bin/systemctl stop tomcat.service Redirecting to /bin/systemctl stop squid.service Redirecting to /bin/systemctl stop qdrouterd.service Redirecting to /bin/systemctl stop qpidd.service Redirecting to /bin/systemctl stop postgresql.service Redirecting to /bin/systemctl stop mongod.service deleting old certs backed up /var/www/html/pub to /var/www/html/pub/dell-per720xd-01.rhts.eng.bos.redhat.com-201801191131.backup updating hostname in /etc/hosts updating hostname in foreman installer scenarios removing last_scenario.yml file re-running the installer satellite-installer --scenario satellite -v --certs-server-ca-cert /root/ownca/dell-per720xd-01.rhts.eng.bos.redhat.com/cacert.crt --certs-server-cert /root/ownca/test.com/test.com.crt --certs-server-key /root/ownca/test.com/test.com.key --certs-server-cert-req /root/ownca/test.com/test.com.crt.req --certs-regenerate=true --foreman-proxy-register-in-foreman true ... Success! * Satellite is running at https://test.com * To install additional capsule on separate machine continue by running: capsule-certs-generate --capsule-fqdn "$CAPSULE" --certs-tar "~/$CAPSULE-certs.tar" The full log is at /var/log/foreman-installer/satellite.log [ INFO 2018-01-19 11:34:20 verbose] pulp.conf is already present, skipping [ INFO 2018-01-19 11:34:20 verbose] All hooks in group post finished Restarting puppet services Redirecting to /bin/systemctl restart puppet.service **** Hostname change complete! **** IMPORTANT: You will have to install the new bootstrap rpm and reregister all clients and Capsules with subscription-manager (update organization and environment arguments appropriately): yum remove -y katello-ca-consumer* rpm -Uvh http://test.com/pub/katello-ca-consumer-latest.noarch.rpm subscription-manager register --org="Default_Organization" --environment="Library" --force Then reattach subscriptions to the client(s) and run: subscription-manager refresh yum repolist On all Capsules, you will need to re-run the satellite-installer with this command: satellite-installer --capsule-parent-fqdn test.com \ --foreman-proxy-foreman-base-url https://test.com \ --foreman-proxy-trusted-hosts test.com Short hostnames have not been updated, please update those manually. Bonus: Using default certs, the k-c-h help output doesn't mention specifying custom cert parameters. -bash-4.2# katello-change-hostname --help Usage: katello-change-hostname HOSTNAME [OPTIONS] Example: katello-change-hostname foo.example.com -u admin -p changeme Options -u, --username USERNAME admin username (required) -p, --password PASSWORD admin password (required) -g, --program PROGRAM name of the program you are modifying (defaults to satellite) -S, --scenario SCENARIO name of the scenario you are modifying (defaults to satellite) -y, --assumeyes Answer yes for all questions -h, --help help THis was fixed in 6.2.14. |