Bug 1858819
| Summary: | katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Ganesh Payelkar <gpayelka> |
| Component: | Installation | Assignee: | Chris Roberts <chrobert> |
| Status: | CLOSED ERRATA | QA Contact: | Devendra Singh <desingh> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.8.0 | CC: | chrobert, jjansky, jyejare, okhatavk, pmoravec, saydas, zhunting |
| Target Milestone: | 6.8.0 | Keywords: | Regression, Triaged |
| Target Release: | Unused | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | foreman-installer-2.1.2.2-1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-27 13:04:20 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** Bug 1860085 has been marked as a duplicate of this bug. *** *** Bug 1868028 has been marked as a duplicate of this bug. *** *** Bug 1873399 has been marked as a duplicate of this bug. *** Verified on 6.8 Snap14 Verification points: 1- Use git clone https://github.com/ekohl/ownca.git repository to create certificate # ./ownca ca Generating a 2048 bit RSA private key .+++ .......................................+++ writing new private key to 'private/cakey.crt' ----- # ./ownca cert xyz.com Generating a 2048 bit RSA private key ................................................+++ ...........................................................................................+++ writing new private key to './xyz.com/xyz.com.key' ----- Using configuration from ./openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :PRINTABLE:'xyz.com' Certificate is to be certified until Sep 9 15:54:21 2021 GMT (365 days) Write out database with 1 new entries Data Base Updated # cp cacert.crt xyz.com/ # cd xyz.com # openssl x509 -text -in xyz.com.crt -noout | grep -B1 DNS X509v3 Subject Alternative Name: DNS:xyz.com # katello-certs-check -c xyz.com.crt -k xyz.com.key -b cacert.crt Checking server certificate encoding: [OK] Checking expiration of certificate: [OK] Checking expiration of CA bundle: [OK] Checking if server certificate has CA:TRUE flag [OK] Checking for private key passphrase: [OK] Checking to see if the private key matches the certificate: [OK] Checking CA bundle against the certificate file: [OK] Checking CA bundle size: [OK] Checking Subject Alt Name on certificate [OK] Checking Key Usage extension on certificate for Key Encipherment [OK] Validation succeeded To install the Red Hat Satellite Server with the custom certificates, run: satellite-installer --scenario satellite \ --certs-server-cert "/root/ownca/xyz.com/xyz.com.crt" \ --certs-server-key "/root/ownca/xyz.com/xyz.com.key" \ --certs-server-ca-cert "/root/ownca/xyz.com/cacert.crt" To update the certificates on a currently running Red Hat Satellite installation, run: satellite-installer --scenario satellite \ --certs-server-cert "/root/ownca/xyz.com/xyz.com.crt" \ --certs-server-key "/root/ownca/xyz.com/xyz.com.key" \ --certs-server-ca-cert "/root/ownca/xyz.com/cacert.crt" \ --certs-update-server --certs-update-server-ca To use them inside a NEW $CAPSULE, rerun this command with -t capsule Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Satellite 6.8 release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:4366 |
Description of problem: katello-certs-check shows 'foreman-installer --scenario katello' instead of 'satellite-installer --scenario satellite' Version-Release number of selected component (if applicable): satellite-6.8.0-0.7.beta.el7sat.noarch foreman-installer-katello-2.1.0-1.el7sat.noarch How reproducible: New installation of 6.8 Beta Steps to Reproduce: 1. Install new satellite 2. Perform katello-certs-check with SSL certs 3. Actual results: # katello-certs-check -c satellite-server.crt -k satellite_cert_key.pem -b ca.crt Checking server certificate encoding: [OK] Checking expiration of certificate: [OK] Checking expiration of CA bundle: [OK] Checking if server certificate has CA:TRUE flag [OK] Checking for private key passphrase: [OK] Checking to see if the private key matches the certificate: [OK] Checking CA bundle against the certificate file: [OK] Checking CA bundle size: [OK] Checking Subject Alt Name on certificate [OK] Checking Key Usage extension on certificate for Key Encipherment [OK] Validation succeeded To install the Katello main server with the custom certificates, run: foreman-installer --scenario katello \ --certs-server-cert "/root/satellite_cert/satellite-server.crt" \ --certs-server-key "/root/satellite_cert/satellite_cert_key.pem" \ --certs-server-ca-cert "/root/satellite_cert/ca.crt" To update the certificates on a currently running Katello installation, run: foreman-installer --scenario katello \ --certs-server-cert "/root/satellite_cert/satellite-server.crt" \ --certs-server-key "/root/satellite_cert/satellite_cert_key.pem" \ --certs-server-ca-cert "/root/satellite_cert/ca.crt" \ --certs-update-server --certs-update-server-ca To use them inside a NEW $FOREMAN_PROXY, rerun this command with -t foreman-proxy Expected results: It must be "satellite-installer --scenario satellite" instead of "foreman-installer --scenario katello" Additional info: