Bug 1627280
Summary: | katello-certs-check output for capsule prints FOREMAN_PROXY | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Nikhil Kathole <nkathole> |
Component: | Branding | Assignee: | satellite6-bugs <satellite6-bugs> |
Status: | CLOSED ERRATA | QA Contact: | jcallaha |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 6.4 | CC: | inecas, jcallaha, mmccune, nkathole, spetrosi, sshtein |
Target Milestone: | 6.4.2 | Keywords: | Triaged |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | katello-installer-base-3.7.0.11-1 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-02-13 19:08:20 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1625255 |
Description
Nikhil Kathole
2018-09-10 14:37:12 UTC
With 6.4.2 SNAP 1 we see the updated help text with the word Capsule: # capsule-certs-generate --foreman-proxy-fqdn ... ... [snip] ... 3. Run the following commands on the Capsule (possibly with the customized parameters, see satellite-installer --scenario capsule --help and documentation for more info on setting up additional services): satellite-installer --scenario capsule\ --foreman-proxy-content-parent-fqdn "sat-r220-01.lab.eng.rdu2.redhat.com"\ --foreman-proxy-register-in-foreman "true"\ --foreman-proxy-foreman-base-url "https://sat-r220-01.lab.eng.rdu2.redhat.com"\ --foreman-proxy-trusted-hosts "sat-r220-01.lab.eng.rdu2.redhat.com"\ Verification updated [root@capsule-6-5-qa-rhel7 capsule-6-5-qa-rhel7.rhsm-qe-1.example.com]# katello-certs-check -c "$name.crt" -k "$name.key" -b cacert.crt Checking server certificate encoding: [OK] Checking expiration of certificate: [OK] Checking expiration of CA bundle: [OK] Checking if server certificate has CA:TRUE flag [OK] Checking to see if the private key matches the certificate: [OK] Checking CA bundle against the certificate file: [OK] Checking Subject Alt Name on certificate [OK] Checking Key Usage extension on certificate for Key Encipherment [OK] Validation succeeded To use them inside a NEW $CAPSULE, run this command: capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \ --certs-tar "~/$CAPSULE-certs.tar" \ --server-cert "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com.crt" \ --server-key "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com.key" \ --server-ca-cert "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/cacert.crt" \ To use them inside an EXISTING $CAPSULE, run this command INSTEAD: capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \ --certs-tar "~/$CAPSULE-certs.tar" \ --server-cert "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com.crt" \ --server-key "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com.key" \ --server-ca-cert "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/cacert.crt" \ --certs-update-server Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0345 |