Bug 746798

Summary: Update documentation about rhui-manager first launch
Product: Red Hat Update Infrastructure for Cloud Providers Reporter: James Slagle <jslagle>
Component: DocumentationAssignee: Lana Brindley <lbrindle>
Status: CLOSED CURRENTRELEASE QA Contact: wes hayutin <whayutin>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 2.0.1CC: kbidarka, mhideo, sghai
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-10-30 19:04:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description James Slagle 2011-10-17 19:43:44 UTC
Section 4.1 needs to be updated about the rhui-manager first launch.

After the user responds to the prompt about entering the full path to the CA key there is a new prompt that prompts the user for how many days the identity certificate should be valid for.  The default value is 3650 days, roughly 10 years.  

In the example text from the rhui-manager first launch, replace the following:

#############################################################################
A RHUI identity certificate is required to use RHUI Tools but was not found.
A new identity certificate will be generated now using the CA certificate
found at /etc/pki/rhui/entitlement-ca.crt.

......................................+++
........................+++
#############################################################################

with:

#############################################################################
A RHUI identity certificate is required to use RHUI Tools but was not found.
A new identity certificate will be generated now using the CA certificate
found at /root/ca-openshift.crt.

Enter the number of days the RHUI identity certificate will be valid.  
If the identity certificate ever expires, it will need to be 
regenerated using rhui-manager [Default: 3650]: 
......................................+++
........................+++
#############################################################################

The user can use whatever value they want, but if the certificate ever expires, it will need to be regenerated.  We may also want to add a note that the identity certificate is used for authenticating the CDS to the RHUA and securing the communication between the two.

Comment 1 wes hayutin 2011-10-17 20:01:43 UTC
set tracker bug. 746803

Comment 3 Lana Brindley 2011-10-24 02:35:57 UTC
<para>
	You will also be asked to enter the number of days that the identity certificate is valid for. The system will default to 3650 days (ten years). Once an identity certificate has expired, it will need to be regenerated. This procedure is detailed in <xref linkend="regenidcert" />.
</para>

Also updated the example as indicated. Please verify on stage.

Revision 2-13

LKB

Comment 4 Sachin Ghai 2011-10-24 12:10:37 UTC
Verified at stage at following link:

http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Update_Infrastructure/2.0/html/Installation_Guide/chap-Installation_Guide-RHUI_Manager.html#sect-Installation_Guide-RHUI_Manager-RHUI_Manager_First_Launch

under 4.1. RHUI Manager First Launch ==> step2

However in example 4.1 text, please add this statement:

>> Generating entitlement certificate serial number database file
>> /etc/pki/rhui/entitlement-ca.srl

exactly above the following:

>> A RHUI identity certificate is required to use RHUI Tools but was not found.
>> A new identity certificate will be generated now using the CA certificate
>> found at /etc/pki/rhui/entitlement-ca.crt.

Comment 5 Sachin Ghai 2011-10-24 12:12:48 UTC
Example screen should be like:

# rhui-manager 
An entitlement signing CA certificate is required to use RHUI Tools
but was not found.

Full path to the new signing CA certificate:
/root/certs/ca.crt

Full path to the new signing CA certificate private key:
/root/certs/ca.key

Generating entitlement certificate serial number database file
/etc/pki/rhui/entitlement-ca.srl
A RHUI identity certificate is required to use RHUI Tools but was not found.
A new identity certificate will be generated now using the CA certificate
found at /etc/pki/rhui/entitlement-ca.crt.

Enter the number of days the RHUI identity certificate will be valid.  
If the identity certificate ever expires, it will need to be 
regenerated using rhui-manager [Default: 3650]: 
........+++
....+++
Previous authentication credentials could not be found. Logging into
the RHUI.

If this is the first time using the RHUI, it is recommended to change
the user's password in the User Management section of RHUI Tools.

RHUI Username: admin
RHUI Password:

Comment 6 Lana Brindley 2011-10-24 18:44:57 UTC
(In reply to comment #5)
> Example screen should be like:
> 
> # rhui-manager 
> An entitlement signing CA certificate is required to use RHUI Tools
> but was not found.
> 
> Full path to the new signing CA certificate:
> /root/certs/ca.crt
> 
> Full path to the new signing CA certificate private key:
> /root/certs/ca.key
> 
> Generating entitlement certificate serial number database file
> /etc/pki/rhui/entitlement-ca.srl
> A RHUI identity certificate is required to use RHUI Tools but was not found.
> A new identity certificate will be generated now using the CA certificate
> found at /etc/pki/rhui/entitlement-ca.crt.
> 
> Enter the number of days the RHUI identity certificate will be valid.  
> If the identity certificate ever expires, it will need to be 
> regenerated using rhui-manager [Default: 3650]: 
> ........+++
> ....+++
> Previous authentication credentials could not be found. Logging into
> the RHUI.
> 
> If this is the first time using the RHUI, it is recommended to change
> the user's password in the User Management section of RHUI Tools.
> 
> RHUI Username: admin
> RHUI Password:

Done.

Revision 2-14

LKB