Bug 1533951

Summary: katello-change-hostname fails when Satellite uses custom certs
Product: Red Hat Satellite Reporter: Brad Buckingham <bbuckingham>
Component: Backup & RestoreAssignee: John Mitsch <jomitsch>
Status: CLOSED ERRATA QA Contact: jcallaha
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.3.0CC: bbuckingham, ehelms, jomitsch, rjerrido, sthirugn
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1523880 Environment:
Last Closed: 2018-02-21 16:54:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1523880    
Bug Blocks: 1533259    

Comment 2 Satellite Program 2018-01-12 21:13:16 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/22181 has been resolved.
Comment 4 jcallaha 2018-02-08 19:27:41 UTC 
Verified in Satellite 6.3 Snap 35.

Helper script to generate custom certs. https://gist.github.com/JacobCallahan/f865e29c8abb8ed79f411c7fae081dd2

Verification steps:

1. Generate new custom certs
2. Rerun satellite installer with custom certs.
3. Edit cert generator to remove genca step (line 9)
4. Generate certs for the hostname you are changing to
5. Run s-c-h, specifying the custom cert locations

Result:

-bash-4.2# satellite-change-hostname -u admin -p changeme -y -c "/root/ownca/test.com/test.com.crt" -r "/root/ownca/test.com/test.com.crt.req" -k "/root/ownca/test.com/test.com.key" test.com
{:program=>"foreman", :scenario=>"satellite", :system_check=>false, :username=>"admin", :password=>"changeme", :confirm=>true, :custom_cert=>"/root/ownca/test.com/test.com.crt", :custom_cert_req=>"/root/ownca/test.com/test.com.crt.req", :custom_key=>"/root/ownca/test.com/test.com.key"}

Checking custom certificates

Checking hostname validity

Checking overall health of server

Checking credentials

Updating default Capsule
Updating installation media paths
updating hostname in /etc/hostname
setting hostname
checking if hostname was changed
stopping services
Redirecting to /bin/systemctl stop foreman-tasks.service
Redirecting to /bin/systemctl stop httpd.service
Redirecting to /bin/systemctl stop pulp_celerybeat.service
Redirecting to /bin/systemctl stop foreman-proxy.service
Redirecting to /bin/systemctl stop pulp_streamer.service
Redirecting to /bin/systemctl stop pulp_resource_manager.service
Redirecting to /bin/systemctl stop smart_proxy_dynflow_core.service
Redirecting to /bin/systemctl stop pulp_workers.service
Redirecting to /bin/systemctl stop tomcat.service
Redirecting to /bin/systemctl stop squid.service
Redirecting to /bin/systemctl stop qdrouterd.service
Redirecting to /bin/systemctl stop qpidd.service
Redirecting to /bin/systemctl stop postgresql.service
Redirecting to /bin/systemctl stop mongod.service
removing old cert rpms
Warning: RPMDB altered outside of yum.
deleting old certs
backed up /var/www/html/pub to /var/www/html/pub/ibm-x3550m3-07.lab.eng.brq.redhat.com-20180208201950.backup
updating hostname in /etc/hosts
updating hostname in foreman installer scenarios
backing up last_scenario.yaml
removing last_scenario.yaml
re-running the installer
foreman-installer --scenario satellite -v --disable-system-checks --certs-server-ca-cert /root/ownca/ibm-x3550m3-07.lab.eng.brq.redhat.com/cacert.crt --certs-server-cert /root/ownca/test.com/test.com.crt --certs-server-key /root/ownca/test.com/test.com.key --certs-server-cert-req /root/ownca/test.com/test.com.crt.req --certs-regenerate=true --foreman-proxy-register-in-foreman true
cleaning up temporary files
[ INFO 2018-02-08 20:20:26 verbose] Executing hooks in group pre_migrations
...
[ INFO 2018-02-08 20:23:00 verbose] Executing hooks in group post
  Success!
  * Satellite is running at https://test.com

  * To install an additional Capsule on separate machine continue by running:

      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" --certs-tar "/root/$CAPSULE-certs.tar"

  * To upgrade an existing 6.2 Capsule to 6.3:
      Please see official documentation for steps and parameters to use when upgrading a 6.2 Capsule to 6.3.

  The full log is at /var/log/foreman-installer/satellite.log
[ INFO 2018-02-08 20:23:01 verbose] pulp.conf is already present, skipping
[ INFO 2018-02-08 20:23:01 verbose] All hooks in group post finished
[ INFO 2018-02-08 20:23:01 verbose] Installer finished in 157.780472521 seconds
Restarting puppet services
Redirecting to /bin/systemctl restart puppet.service
**** Hostname change complete! ****
IMPORTANT:

  You will have to install the new bootstrap rpm and reregister all clients and Capsules with subscription-manager
  (update organization and environment arguments appropriately):

  yum remove -y katello-ca-consumer*
  rpm -Uvh http://test.com/pub/katello-ca-consumer-latest.noarch.rpm
  subscription-manager register --org="Default_Organization" --environment="Library" --force

  Then reattach subscriptions to the client(s) and run:

  subscription-manager refresh
  yum repolist


  On all Capsules, you will need to re-run the foreman-installer with this command:

  foreman-installer --foreman-proxy-content-parent-fqdn test.com \
                                  --foreman-proxy-foreman-base-url  https://test.com \
                                  --foreman-proxy-trusted-hosts test.com

  Short hostnames have not been updated, please update those manually.
Comment 5 Satellite Program 2018-02-21 16:54:17 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> 
> For information on the advisory, and where to find the updated files, follow the link below.
> 
> If the solution does not work for you, open a new bug report.
> 
> https://access.redhat.com/errata/RHSA-2018:0336