Bug 1616228

Summary: [Sat6.4] satellite-installer does not work for custom ssl certificates, fails with "illegal option -- r" for katello-certs-check command
Product: Red Hat Satellite Reporter: Ashish Humbe <ahumbe>
Component: InstallationAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED ERRATA QA Contact: Nikhil Kathole <nkathole>
Severity: high Docs Contact:
Priority: urgent    
Version: 6.4CC: inecas, kgaikwad, nkathole, sadas, sghai, zhunting
Target Milestone: 6.4.0Keywords: Regression, Triaged
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: katello-installer-base-3.7.0.2-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-16 18:52:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1625615    
Bug Blocks: 1619394    

Description Ashish Humbe 2018-08-15 10:51:58 UTC 
Description of problem:

Satellite-installer in Sat6.4 does not work for custom ssl certs 

# satellite-installer --scenario satellite --certs-server-cert /root/satellite.example.com.cert.pem --certs-server-key /root/satellite.example.com.key.pem --certs-server-ca-cert /root/ca-chain.cert.pem --certs-update-server --certs-update-server-ca  
Resetting puppet server version param...
Marking certificate /root/ssl-build/satellite.example.com/satellite.example.com-apache for update
Marking certificate /root/ssl-build/satellite.example.com/satellite.example.com-foreman-proxy for update
Marking certificate /root/ssl-build/katello-server-ca for update
Command '/usr/sbin/katello-certs-check -c "/root/satellite.example.com.cert.pem" -r "/root/satellite.example.com.csr.pem" -k "/root/satellite.example.com.key.pem" -b "/root/ca-chain.cert.pem"' exited with 1:
 /usr/sbin/katello-certs-check: illegal option -- r
Verifies, that custom ssl cert files are usable
as part of the Katello installation.

usage: /usr/sbin/katello-certs-check -c CERT_FILE -k KEY_FILE -b CA_BUNDLE_FILE



Version-Release number of selected component (if applicable):
Satellite 6.4 Snap 17

How reproducible:
Always

Steps to Reproduce:
1. Install satellite 6.4 from latest snap 
2. Run satellite-installer with custom ssl certificate options.

# satellite-installer --scenario satellite --certs-server-cert /root/satellite.example.com.cert.pem --certs-server-key /root/satellite.example.com.key.pem --certs-server-ca-cert /root/ca-chain.cert.pem --certs-update-server --certs-update-server-ca

3.

Actual results:

Installer fails for the katello-certs-check command option. 


Expected results:

The installer should work with the custom ssl cert parameters 


Additional info:
Comment 4 Ivan Necas 2018-08-16 11:02:17 UTC 
Seems like a regression of #1233431
Comment 6 Satellite Program 2018-08-16 14:09:45 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/24632 has been resolved.
Comment 8 Nikhil Kathole 2018-09-07 10:03:32 UTC 
Version tested:
Satellite 6.4 snap 20

Resetting puppet server version param...
Marking certificate /root/ssl-build/satellite/satellite-apache for update
Marking certificate /root/ssl-build/satellite/satellite-foreman-proxy for update
Marking certificate /root/ssl-build/katello-server-ca for update
Installing             Debug: Prefetching cli resources for foreman_confi [78%] [..................................................              ]

katello-certs-check command fixed in installer but going forward installer failed due https://bugzilla.redhat.com/show_bug.cgi?id=1625615

Will verify once BZ1625615 will ON_QA.
Comment 9 Nikhil Kathole 2018-09-10 08:54:20 UTC 
VERIFIED

Version tested:
Satellite 6.4 snap 21

# satellite-installer --scenario satellite\
>                       --certs-server-cert "/root/ownca/satellite-hostname/satellite-hostname.crt"\
>                       --certs-server-key "/root/ownca/satellite-hostname/satellite-hostname.key"\
>                       --certs-server-ca-cert "/root/ownca/satellite-hostname/cacert.crt"\
>                       --certs-update-server --certs-update-server-ca
Resetting puppet server version param...
Marking certificate /root/ssl-build/satellite-hostname/satellite-hostname-apache for update
Marking certificate /root/ssl-build/satellite-hostname/satellite-hostname-foreman-proxy for update
Marking certificate /root/ssl-build/katello-server-ca for update
Installing             Done                                               [100%] [.............................................]
  Success!
  * Satellite is running at https://satellite-hostname

  * To install an additional Capsule on separate machine continue by running:

      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" --certs-tar "/root/$CAPSULE-certs.tar"

  * To upgrade an existing 6.3 Capsule to 6.4:
      Please see official documentation for steps and parameters to use when upgrading a 6.3 Capsule to 6.4.

  The full log is at /var/log/foreman-installer/satellite.log
Comment 10 Bryan Kearney 2018-10-16 18:52:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2927