Bug 1627280
| Summary: | katello-certs-check output for capsule prints FOREMAN_PROXY | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Nikhil Kathole <nkathole> |
| Component: | Branding | Assignee: | satellite6-bugs <satellite6-bugs> |
| Status: | CLOSED ERRATA | QA Contact: | jcallaha |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.4 | CC: | inecas, jcallaha, mmccune, nkathole, spetrosi, sshtein |
| Target Milestone: | 6.4.2 | Keywords: | Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | katello-installer-base-3.7.0.11-1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-02-13 19:08:20 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1625255 | ||
With 6.4.2 SNAP 1 we see the updated help text with the word Capsule:
# capsule-certs-generate --foreman-proxy-fqdn ...
...
[snip]
...
3. Run the following commands on the Capsule (possibly with the customized
parameters, see satellite-installer --scenario capsule --help and
documentation for more info on setting up additional services):
satellite-installer --scenario capsule\
--foreman-proxy-content-parent-fqdn "sat-r220-01.lab.eng.rdu2.redhat.com"\
--foreman-proxy-register-in-foreman "true"\
--foreman-proxy-foreman-base-url "https://sat-r220-01.lab.eng.rdu2.redhat.com"\
--foreman-proxy-trusted-hosts "sat-r220-01.lab.eng.rdu2.redhat.com"\
Verification updated
[root@capsule-6-5-qa-rhel7 capsule-6-5-qa-rhel7.rhsm-qe-1.example.com]# katello-certs-check -c "$name.crt" -k "$name.key" -b cacert.crt
Checking server certificate encoding:
[OK]
Checking expiration of certificate:
[OK]
Checking expiration of CA bundle:
[OK]
Checking if server certificate has CA:TRUE flag
[OK]
Checking to see if the private key matches the certificate:
[OK]
Checking CA bundle against the certificate file:
[OK]
Checking Subject Alt Name on certificate
[OK]
Checking Key Usage extension on certificate for Key Encipherment
[OK]
Validation succeeded
To use them inside a NEW $CAPSULE, run this command:
capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
--certs-tar "~/$CAPSULE-certs.tar" \
--server-cert "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com.crt" \
--server-key "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com.key" \
--server-ca-cert "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/cacert.crt" \
To use them inside an EXISTING $CAPSULE, run this command INSTEAD:
capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
--certs-tar "~/$CAPSULE-certs.tar" \
--server-cert "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com.crt" \
--server-key "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com.key" \
--server-ca-cert "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/cacert.crt" \
--certs-update-server
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0345 |
Description of problem: katello-certs-check output for capsule prints FOREMAN_PROXY (In sat 6.3, it was CAPSULE) To use them inside a NEW $FOREMAN_PROXY, run this command: capsule-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY"\ --certs-tar "~/$FOREMAN_PROXY-certs.tar"\ --server-cert "/root/server.valid.crt"\ --server-key "/root/server.key"\ --server-ca-cert "/root/rootCA.pem"\ To use them inside an EXISTING $FOREMAN_PROXY, run this command INSTEAD: capsule-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY"\ --certs-tar "~/$FOREMAN_PROXY-certs.tar"\ --server-cert "/root/server.valid.crt"\ --server-key "/root/server.key"\ --server-ca-cert "/root/rootCA.pem"\ --certs-update-server Version-Release number of selected component (if applicable): Satellite 6.4 snap 21 How reproducible: always Steps to Reproduce: 1. 2. 3. Actual results: Expected results: To use them inside a NEW $CAPSULE, run this command: capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE"\ --certs-tar "~/$CAPSULE-certs.tar"\ --server-cert "/root/server.valid.crt"\ --server-key "/root/server.key"\ --server-ca-cert "/root/rootCA.pem"\ To use them inside an EXISTING $CAPSULE, run this command INSTEAD: capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE"\ --certs-tar "~/$CAPSULE-certs.tar"\ --server-cert "/root/server.valid.crt"\ --server-key "/root/server.key"\ --server-ca-cert "/root/rootCA.pem"\ --certs-update-server Additional info: