Bug 505325

Created attachment 347402 [details]
sosreport from proxy

Mirek to review the SSL error. 

The error at bottom :

API version: 5.3.0
WARNING: upon deactivation attempt: unknown error - <Fault -1:
'redstone.xmlrpc.XmlRpcFault: unhandled internal exception: No row with the
given identifier exists: [com.redhat.rhn.domain.server.ProxyInfo#1000010365]'>  

is already covered by bug 505170. 

Cliff

The problem is when CA password is entered in answer file:
This works:
 /usr/bin/rhn-ssl-tool --gen-server --no-rpm --set-hostname dhcp77-204.rhndev.redhat.com --dir=/root/ssl-build --set-country=US --set-city=Raleigh --set-state=NC --set-org="Red Hat" --set-org-unit=RHEN --set-email=whayutin --password 'foo'

But this (which we use) do not work:
P="--password 'foo'"
/usr/bin/rhn-ssl-tool --gen-server --no-rpm --set-hostname dhcp77-204.rhndev.redhat.com --dir=/root/ssl-build --set-country=US --set-city=Raleigh --set-state=NC --set-org="Red Hat" --set-org-unit=RHEN --set-email=whayutin $P

since it is taken as one parametr with space.
Will fix on monday.

Commited as b948594a5d12b523705271bf957cca89cdb43843
pass two parameters as two parameters
previous syntax has been read as one parameter "--password pswd"

iso 20090616
moving to ON_QA

When I put correct ssl password to the answer file, the configure-proxy.sh runs OK:

# /usr/sbin/configure-proxy.sh --answer-file=/tmp/answers.txt
RHN Parent [rlx-1-18.rhndev.redhat.com]: rlx-1-18.rhndev.redhat.com
Proxy version to activate [5.3]: 5.3
Traceback email [jpazdziora]: jpazdziora
Use SSL [1]: 1
CA Chain [/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT]: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
HTTP Proxy []: 
Regardless of whether you enabled SSL for the connection to the Spacewalk Parent
Server, you will be prompted to generate an SSL certificate.
This SSL certificate will allow client systems to connect to this Spacewalk Proxy
securely. Refer to the Spacewalk Proxy Installation Guide for more information.
Organization [Red Hat]: Red Hat
Organization Unit [Spacewalk]: Spacewalk
Common Name [Red Hat Test]: Red Hat Test
City [Raleigh]: Raleigh
State [NC]: NC
Country code [US]: US
Email [jpazdziora]: jpazdziora
API version: 5.3.0
RHN Proxy successfully deactivated.
RHN Proxy successfully activated.
Loaded plugins: rhnplugin
Setting up Install Process
Parsing package install arguments
Package spacewalk-proxy-management-0.5.7-7.el5sat.noarch already installed and latest version
Nothing to do
You do not have monitoring installed. Do you want to install it?
Will run 'yum install spacewalk-proxy-monitoring'. [N]: N
Using CA key at /root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY.
Generating SSL key and public certificate:
Installing SSL certificate for Apache and Jabberd:
Preparing packages for installation...
rhn-org-httpd-ssl-key-pair-vmware145.englab.brq-1.0-3
Create and populate configuration channel rhn_proxy_config_1000010320? [Y]: Y
Using server name rlx-1-18.rhndev.redhat.com
Creating config channel rhn_proxy_config_1000010320

Config channel rhn_proxy_config_1000010320 already exists
Using server name rlx-1-18.rhndev.redhat.com
Pushing to channel rhn_proxy_config_1000010320:
Local file /etc/httpd/conf.d/ssl.conf -> remote file /etc/httpd/conf.d/ssl.conf
Local file /etc/rhn/rhn.conf -> remote file /etc/rhn/rhn.conf
Local file /etc/rhn/cluster.ini -> remote file /etc/rhn/cluster.ini
Local file /etc/squid/squid.conf -> remote file /etc/squid/squid.conf
Local file /etc/httpd/conf.d/cobbler-proxy.conf -> remote file /etc/httpd/conf.d/cobbler-proxy.conf
Local file /etc/httpd/conf/httpd.conf -> remote file /etc/httpd/conf/httpd.conf
Local file /etc/httpd/conf.d/rhn_proxy.conf -> remote file /etc/httpd/conf.d/rhn_proxy.conf
Local file /etc/httpd/conf.d/proxy_broker.conf -> remote file /etc/httpd/conf.d/proxy_broker.conf
Local file /etc/httpd/conf.d/proxy_redirect.conf -> remote file /etc/httpd/conf.d/proxy_redirect.conf
Local file /etc/jabberd/c2s.xml -> remote file /etc/jabberd/c2s.xml
Local file /etc/jabberd/sm.xml -> remote file /etc/jabberd/sm.xml
Enabling Spacewalk Proxy.
Shutting down rhn-proxy...
Shutting down Jabber router:                               [  OK  ]
Stopping httpd:                                            [  OK  ]
Stopping squid: .                                          [  OK  ]
Done.
Starting rhn-proxy...
Starting squid: .                                          [  OK  ]
Starting httpd:                                            [  OK  ]
Starting Jabber services                                   [  OK  ]
Done.

When I put in wrong password, the configure-proxy.sh fails with

Generating SSL key and public certificate:

ERROR: web server's SSL certificate generation/signing failed:

Using configuration from /root/ssl-build/rhn-ca-openssl.cnf
unable to load CA private key
4618:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:325:
4618:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:425:

SSL key generation failed! Installation interrupted.
API version: 5.3.0
RHN Proxy successfully deactivated.

Therefore, the password is correctly used. Marking as VERIFIED.

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1433.html