Bug 1670604
| Summary: | Configuring SSL certs should enable certmonger service | ||
|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Brant Evans <brant.evans> |
| Component: | Appliance | Assignee: | Joe Vlcek <jvlcek> |
| Status: | CLOSED ERRATA | QA Contact: | Sudhir Mallamprabhakara <smallamp> |
| Severity: | medium | Docs Contact: | Red Hat CloudForms Documentation <cloudforms-docs> |
| Priority: | medium | ||
| Version: | 5.9.7 | CC: | abellott, dmetzger, jvlcek, obarenbo, simaishi |
| Target Milestone: | GA | ||
| Target Release: | 5.11.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 5.11.0.1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-12-12 13:35:22 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | Bug | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | CFME Core | Target Upstream Version: | |
| Embargoed: | |||
Brant suggested that the solution for this issue may simply be to issue an enable on the certmonger service after starting it. e.g. % systemctl status certmonger ● certmonger.service - Certificate monitoring and PKI enrollment Loaded: loaded (/usr/lib/systemd/system/certmonger.service; disabled; vendor preset: disabled) # Note it is "disabled" % systemctl status certmonger ● certmonger.service - Certificate monitoring and PKI enrollment Loaded: loaded (/usr/lib/systemd/system/certmonger.service; enabled; vendor preset: disabled) # Note it is "enabled" and will restart on reboot. New commit detected on ManageIQ/manageiq-appliance_console/master: https://github.com/ManageIQ/manageiq-appliance_console/commit/99af5e1f7182c35d147270dd2824022c4be3f9e8 commit 99af5e1f7182c35d147270dd2824022c4be3f9e8 Author: Joe VLcek <jvlcek> AuthorDate: Tue Feb 12 12:08:52 2019 -0500 Commit: Joe VLcek <jvlcek> CommitDate: Tue Feb 12 12:08:52 2019 -0500 Enable certmonger to restart on reboot Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1670604 lib/manageiq/appliance_console/certificate_authority.rb | 16 +- spec/certificate_authority_spec.rb | 56 +- 2 files changed, 69 insertions(+), 3 deletions(-) Appliance version: 5.11.0.8. When installing certs, there is a message: creating ssl certificates configuring apache to use new certs enabling certmonger to start on reboot The certmonger service is running after appliance reboot. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:4199 |
Description of problem: Using appliance_console_cli to configure SSL certificates uses certmonger, but does not enable the service to start after a reboot Version-Release number of selected component (if applicable): cfme-5.9.7.2-1.el7cf.x86_64 How reproducible: always Steps to Reproduce: (Requires an IDM server to be setup and configured) 1. Configure an appliance as normal so evmserverd processes start appliance_console_cli \ --region=1 \ --internal \ --username=root \ --password=redhat \ --key \ --dbdisk=/dev/vdb 2. Use appliance_console_cli to join the appliance to an IPA domain appliance_console_cli \ --ipaserver=idm.example.com \ --ipaprincipal=admin \ --ipapassword=redhat 3. Use appliance_console_cli to setup SSL Certs appliance_console_cli \ --ca=ipa \ --http-cert 4. View the status of the certmonger service (it will be "active (running)" systemctl status certmonger 5. Reboot the appliance 6. Login and view the status of the certmonger service (it will be "inactive (dead)") Actual results: certmonger service is not running after rebooting the appliance. Expected results: certmonger service is running after rebooting the appliance. Additional info: This can be worked around by issuing the command "systemctl enable certmonger" after step 3.