Bug 1650349

Summary: 6.3 to 6.4 Upgrade creates new path for foreman ssh keys and does not use the existing keys
Product: Red Hat Satellite Reporter: Jason Dickerson <jdickers>
Component: Remote ExecutionAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED WONTFIX QA Contact: Peter Ondrejka <pondrejk>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.4CC: aruzicka, chrobert, inecas, kkohli, pdwyer, vdeshpan
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-01 13:31:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jason Dickerson 2018-11-15 22:17:28 UTC 
Description of problem:
6.3 to 6.4 upgrade changes the path of the foreman ssh keys on the capsules from 

/var/lib/foreman-proxy/ssh

to

/usr/share/foreman-proxy/.ssh

As the path on the capsules is new, a new ssh key is generated.  It would be preferable to move the existing keys from the old path to the new path.  

This impacts the ability to run REX jobs.

Version-Release number of selected component (if applicable):  6.4


How reproducible:

Consistent


Steps to Reproduce:
1.Install Satellite 6.3 with an external capsule
2.Upgrade Satellite and Capsule to 6.4
3.

Actual results:
The Capsules will try to use a new key that has not been deployed to hosts.


Expected results:
Rex would use the same ssh keys before and after the upgrade.


Additional info:
Comment 6 Ivan Necas 2018-12-12 12:48:02 UTC 
I've checked and on the satellite server part, the cherry-pick is there, and everything seems to work. However, it seems we are missing the answer file migration on capsule side
Comment 8 Ivan Necas 2018-12-12 13:09:44 UTC 
A workaround: run this command on capsule:

    foreman-installer --foreman-proxy-plugin-remote-execution-ssh-ssh-identity-dir="/var/lib/foreman-proxy/ssh"

This should ensure that the original keys are being used for remote execution
Comment 9 Bryan Kearney 2020-05-01 13:31:53 UTC 
Satellite 6.4 is now End of Life. These bus will not be fixed on the 6.4 stream. Users of Satellite should upgrade to the latest version of Satellite to get access to the most current set of bugfixes and feature improvements.