Bug 2254383

Summary: Not possible to generate tar with custom certificates for Capsule
Product: Red Hat Satellite Reporter: Jan Jansky <jjansky>
Component: InstallationAssignee: Eric Helms <ehelms>
Status: CLOSED ERRATA QA Contact: Griffin Sullivan <gsulliva>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.15.0CC: ehelms, rlavi
Target Milestone: 6.15.0Keywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-04-23 17:16:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Jansky 2023-12-13 17:09:08 UTC 
Description of problem:
When trying to use custom certificates capsule-certs-generate returns below error

Traceback (most recent call last):
	15: from /usr/sbin/capsule-certs-generate:58:in `<main>'
	14: from /usr/share/gems/gems/kafo-7.3.0/lib/kafo/kafo_configure.rb:54:in `run'
	13: from /usr/share/gems/gems/clamp-1.3.2/lib/clamp/command.rb:140:in `run'
	12: from /usr/share/gems/gems/kafo-7.3.0/lib/kafo/kafo_configure.rb:184:in `run'
	11: from /usr/share/gems/gems/clamp-1.3.2/lib/clamp/command.rb:66:in `run'
	10: from /usr/share/gems/gems/kafo-7.3.0/lib/kafo/kafo_configure.rb:214:in `execute'
	 9: from /usr/share/gems/gems/kafo-7.3.0/lib/kafo/hooking.rb:65:in `execute'
	 8: from /usr/share/gems/gems/kafo-7.3.0/lib/kafo/hooking.rb:65:in `each'
	 7: from /usr/share/gems/gems/kafo-7.3.0/lib/kafo/hooking.rb:67:in `block in execute'
	 6: from /usr/share/gems/gems/kafo-7.3.0/lib/kafo/hook_context.rb:19:in `execute'
	 5: from /usr/share/gems/gems/kafo-7.3.0/lib/kafo/hook_context.rb:19:in `instance_eval'
	 4: from /usr/sbin/capsule-certs-generate:45:in `block in <main>'
	 3: from /usr/share/ruby/open3.rb:390:in `capture2e'
	 2: from /usr/share/ruby/open3.rb:208:in `popen2e'
	 1: from /usr/share/ruby/open3.rb:213:in `popen_run'
/usr/share/ruby/open3.rb:213:in `spawn': wrong first argument (ArgumentError)


Version-Release number of selected component (if applicable):
6.15.0.2.1

How reproducible:
Always

Steps to Reproduce:
1. Create custom ssl certificates
2. katello-certs-check -t capsule -k capsule.key -c capsule.pem -b CA.pem
...

Validation succeeded


  To use them inside a NEW $CAPSULE, run this command:

      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
                                   --certs-tar  "~/$CAPSULE-certs.tar" \
                                   --server-cert "/root/ssl/cap/capsule.pem" \
                                   --server-key "/root/ssl/cap/capsule.key" \
                                   --server-ca-cert "/root/ssl/cap/CA.pem"

  To use them inside an EXISTING $CAPSULE, run this command INSTEAD:

      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
                                   --certs-tar  "~/$CAPSULE-certs.tar" \
                                   --server-cert "/root/ssl/cap/capsule.pem" \
                                   --server-key "/root/ssl/cap/capsule.key" \
                                   --server-ca-cert "/root/ssl/cap/CA.pem" \
                                   --certs-update-server

3. run below

# CAPSULE=capsule.example.com
# capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
                                   --certs-tar  "~/$CAPSULE-certs.tar" \
                                   --server-cert "/root/ssl/cap/capsule.pem" \
                                   --server-key "/root/ssl/cap/capsule.key" \
                                   --server-ca-cert "/root/ssl/cap/CA.pem"

Actual results:

Traceback (most recent call last):
	15: from /usr/sbin/capsule-certs-generate:58:in `<main>'
	14: from /usr/share/gems/gems/kafo-7.3.0/lib/kafo/kafo_configure.rb:54:in `run'
	13: from /usr/share/gems/gems/clamp-1.3.2/lib/clamp/command.rb:140:in `run'
	12: from /usr/share/gems/gems/kafo-7.3.0/lib/kafo/kafo_configure.rb:184:in `run'
	11: from /usr/share/gems/gems/clamp-1.3.2/lib/clamp/command.rb:66:in `run'
	10: from /usr/share/gems/gems/kafo-7.3.0/lib/kafo/kafo_configure.rb:214:in `execute'
	 9: from /usr/share/gems/gems/kafo-7.3.0/lib/kafo/hooking.rb:65:in `execute'
	 8: from /usr/share/gems/gems/kafo-7.3.0/lib/kafo/hooking.rb:65:in `each'
	 7: from /usr/share/gems/gems/kafo-7.3.0/lib/kafo/hooking.rb:67:in `block in execute'
	 6: from /usr/share/gems/gems/kafo-7.3.0/lib/kafo/hook_context.rb:19:in `execute'
	 5: from /usr/share/gems/gems/kafo-7.3.0/lib/kafo/hook_context.rb:19:in `instance_eval'
	 4: from /usr/sbin/capsule-certs-generate:45:in `block in <main>'
	 3: from /usr/share/ruby/open3.rb:390:in `capture2e'
	 2: from /usr/share/ruby/open3.rb:208:in `popen2e'
	 1: from /usr/share/ruby/open3.rb:213:in `popen_run'
/usr/share/ruby/open3.rb:213:in `spawn': wrong first argument (ArgumentError)

Expected results:
...
Preparing installation Done                                              
  Success!

  To finish the installation, follow these steps:


Additional info:
If needed i can provide reproducer
Comment 1 Griffin Sullivan 2024-01-17 16:27:42 UTC 
Verified on 6.15.0 snap 6

capsule-certs-generate not throwing error when running with custom certs.

Steps to Reproduce:

Run steps from Comment 1.


Results:

Command succeeded.
Comment 5 errata-xmlrpc 2024-04-23 17:16:16 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.15.0 release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:2010