Bug 1564825

Summary: Bootstrap script fails with an error `SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:579)` while migrating systems registered with portal(using RHSM) to Red Hat Satellite 6.
Product: Red Hat Satellite Reporter: Amar Huchchanavar <ahuchcha>
Component: BootstrapAssignee: Rich Jerrido <rjerrido>
Status: CLOSED CURRENTRELEASE QA Contact: Katello QA List <katello-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2.14CC: ahuchcha, hajek
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-25 08:24:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Amar Huchchanavar 2018-04-08 03:41:46 UTC
Description of problem:
Bootstrap script fails with an error `SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:579)` while migrating systems registered with portal(using RHSM) to Red Hat Satellite 6. 

~~~
[RUNNING], [2018-04-07 23:21:20], [/usr/sbin/subscription-manager register --org 'Orion' --name 'm1.sat6.gsslab.pnq.redhat.com' --activationkey 'RHEL7'  --serverurl=https://satellite62.example.com:443/rhsm --baseurl=https://satellite62.example.com/pulp/repos --force] 
[ERROR], [2018-04-07 23:21:21], EXITING: [/usr/sbin/subscription-manager register --org 'Orion' --name 'client1.example.com' --activationkey 'RHEL7'  --serverurl=https://satellite62.example.com:443/rhsm --baseurl=https://satellite62.example.com/pulp/repos --force] failed to execute properly.
Unable to verify server's identity: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:579)
Unregistering from: satellite62.example.com:443/rhsm
~~~

Version-Release number of selected component (if applicable):
Satellite 6.2

How reproducible:
Always

Steps to Reproduce:
1.Register any RHSM compatible system to the portal.
2.Now, use bootstrap script to migrate it over Satellite 6.

Actual results:
Unable to verify server's identity: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:579)
Unregistering from: satellite62.example.com:443/rhsm


Expected results:
System should get registered to satellite6 without any issues.

Additional info:
This issue occurs because bootstrap script is unable to unregister system from a previously registered parent. i.e RHSM.
The reason why it is unable to unregister system is, we are changing rhsm.conf entries with 'katello-ca-consumer-latest.noarch.rpm' prior to unregistering the system.

Comment 2 Rich Jerrido 2018-04-25 08:23:10 UTC
Migration from RHSM or SAM was not supported in katello-client-bootstrap-1.3.0, which is included with Satellite 6.2. 

This capability was fixed as part of https://bugzilla.redhat.com/show_bug.cgi?id=1478769, and is included in katello-client-bootstrap-1.5.1, which is included in 6.3 (or newer). 

We will not be backporting a newer version of the bootstrap script to Satellite 6.2.