Bug 505325
Summary: | Proxy cmd line installer failing to generate/sign SSL cert | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Satellite Proxy 5 | Reporter: | wes hayutin <whayutin> | ||||
Component: | Installer | Assignee: | Miroslav Suchý <msuchy> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Jeff Browning <jbrownin> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | urgent | ||||||
Version: | 530 | CC: | bperkins, cperry, jpazdziora | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | sat530 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2009-09-10 14:39:15 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 456999 | ||||||
Attachments: |
|
Description
wes hayutin
2009-06-11 14:03:16 UTC
Created attachment 347402 [details]
sosreport from proxy
Mirek to review the SSL error. The error at bottom : API version: 5.3.0 WARNING: upon deactivation attempt: unknown error - <Fault -1: 'redstone.xmlrpc.XmlRpcFault: unhandled internal exception: No row with the given identifier exists: [com.redhat.rhn.domain.server.ProxyInfo#1000010365]'> is already covered by bug 505170. Cliff The problem is when CA password is entered in answer file: This works: /usr/bin/rhn-ssl-tool --gen-server --no-rpm --set-hostname dhcp77-204.rhndev.redhat.com --dir=/root/ssl-build --set-country=US --set-city=Raleigh --set-state=NC --set-org="Red Hat" --set-org-unit=RHEN --set-email=whayutin --password 'foo' But this (which we use) do not work: P="--password 'foo'" /usr/bin/rhn-ssl-tool --gen-server --no-rpm --set-hostname dhcp77-204.rhndev.redhat.com --dir=/root/ssl-build --set-country=US --set-city=Raleigh --set-state=NC --set-org="Red Hat" --set-org-unit=RHEN --set-email=whayutin $P since it is taken as one parametr with space. Will fix on monday. Commited as b948594a5d12b523705271bf957cca89cdb43843 pass two parameters as two parameters previous syntax has been read as one parameter "--password pswd" iso 20090616 moving to ON_QA When I put correct ssl password to the answer file, the configure-proxy.sh runs OK: # /usr/sbin/configure-proxy.sh --answer-file=/tmp/answers.txt RHN Parent [rlx-1-18.rhndev.redhat.com]: rlx-1-18.rhndev.redhat.com Proxy version to activate [5.3]: 5.3 Traceback email [jpazdziora]: jpazdziora Use SSL [1]: 1 CA Chain [/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT]: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT HTTP Proxy []: Regardless of whether you enabled SSL for the connection to the Spacewalk Parent Server, you will be prompted to generate an SSL certificate. This SSL certificate will allow client systems to connect to this Spacewalk Proxy securely. Refer to the Spacewalk Proxy Installation Guide for more information. Organization [Red Hat]: Red Hat Organization Unit [Spacewalk]: Spacewalk Common Name [Red Hat Test]: Red Hat Test City [Raleigh]: Raleigh State [NC]: NC Country code [US]: US Email [jpazdziora]: jpazdziora API version: 5.3.0 RHN Proxy successfully deactivated. RHN Proxy successfully activated. Loaded plugins: rhnplugin Setting up Install Process Parsing package install arguments Package spacewalk-proxy-management-0.5.7-7.el5sat.noarch already installed and latest version Nothing to do You do not have monitoring installed. Do you want to install it? Will run 'yum install spacewalk-proxy-monitoring'. [N]: N Using CA key at /root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY. Generating SSL key and public certificate: Installing SSL certificate for Apache and Jabberd: Preparing packages for installation... rhn-org-httpd-ssl-key-pair-vmware145.englab.brq-1.0-3 Create and populate configuration channel rhn_proxy_config_1000010320? [Y]: Y Using server name rlx-1-18.rhndev.redhat.com Creating config channel rhn_proxy_config_1000010320 Config channel rhn_proxy_config_1000010320 already exists Using server name rlx-1-18.rhndev.redhat.com Pushing to channel rhn_proxy_config_1000010320: Local file /etc/httpd/conf.d/ssl.conf -> remote file /etc/httpd/conf.d/ssl.conf Local file /etc/rhn/rhn.conf -> remote file /etc/rhn/rhn.conf Local file /etc/rhn/cluster.ini -> remote file /etc/rhn/cluster.ini Local file /etc/squid/squid.conf -> remote file /etc/squid/squid.conf Local file /etc/httpd/conf.d/cobbler-proxy.conf -> remote file /etc/httpd/conf.d/cobbler-proxy.conf Local file /etc/httpd/conf/httpd.conf -> remote file /etc/httpd/conf/httpd.conf Local file /etc/httpd/conf.d/rhn_proxy.conf -> remote file /etc/httpd/conf.d/rhn_proxy.conf Local file /etc/httpd/conf.d/proxy_broker.conf -> remote file /etc/httpd/conf.d/proxy_broker.conf Local file /etc/httpd/conf.d/proxy_redirect.conf -> remote file /etc/httpd/conf.d/proxy_redirect.conf Local file /etc/jabberd/c2s.xml -> remote file /etc/jabberd/c2s.xml Local file /etc/jabberd/sm.xml -> remote file /etc/jabberd/sm.xml Enabling Spacewalk Proxy. Shutting down rhn-proxy... Shutting down Jabber router: [ OK ] Stopping httpd: [ OK ] Stopping squid: . [ OK ] Done. Starting rhn-proxy... Starting squid: . [ OK ] Starting httpd: [ OK ] Starting Jabber services [ OK ] Done. When I put in wrong password, the configure-proxy.sh fails with Generating SSL key and public certificate: ERROR: web server's SSL certificate generation/signing failed: Using configuration from /root/ssl-build/rhn-ca-openssl.cnf unable to load CA private key 4618:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:325: 4618:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:425: SSL key generation failed! Installation interrupted. API version: 5.3.0 RHN Proxy successfully deactivated. Therefore, the password is correctly used. Marking as VERIFIED. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1433.html |