Bug 821644

Summary: Create new CLI command admin crl_regen for recovery process
Product: Red Hat Satellite Reporter: Lukas Zapletal <lzap>
Component: katello-agentAssignee: Lukas Zapletal <lzap>
Status: CLOSED ERRATA QA Contact: Og Maciel <omaciel>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.0.0CC: achan, cpelland, dmacpher, mmccune, omaciel, tstrachota
Target Milestone: UnspecifiedKeywords: Triaged, ZStream
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Registered clients received errors when attempting to connect to System Engine during backup recovery. This was due to a CRL mismatch between the client and the server. This patch regenerates the CRL ensuring that the CRL subsystem is correctly setup after restoration.
 Story Points: ---
Clone Of:
: 828313 (view as bug list) Environment:
Last Closed: 2012-12-04 19:45:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 828313, 835161    

Description Lukas Zapletal 2012-05-15 08:29:24 UTC 
When running backup recovery, there was one issue running the restore procedure though, my already-registered client was getting 403's in yum.  I think it may be the same symptom as another CRL issue I had earlier, so I'm going to req info from Ivan to see if restoring a several-day old CRL might cause this. 

https://bugzilla.redhat.com/show_bug.cgi?id=787184

The solution is to create create new CLI command

katello admin crl_regen

and API method/proxy that calls this in Candlepin.

This change will need release note for the BackupRecovery.html chapter:

Once recovery is finished and all systems are running, run the following command to regenerate CRL lists. Otherwise, yum clients will be giving 403 errors when connecting to CloudForms.
Comment 2 Mike McCune 2012-05-30 22:47:04 UTC 
This bug has no code modified for it, is there any reason it is ON_DEV?
Comment 3 Lukas Zapletal 2012-05-31 07:33:28 UTC 
6fa0971	

Merge pull request #151 from lzap/crl_regen_821644
Comment 10 Og Maciel 2012-10-04 16:53:16 UTC 
Verified using:

* candlepin-0.7.8-1.el6cf.noarch
* candlepin-selinux-0.7.8-1.el6cf.noarch
* candlepin-tomcat6-0.7.8-1.el6cf.noarch
* katello-1.1.12-12.el6cf.noarch
* katello-all-1.1.12-12.el6cf.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.1.8-1.el6cf.noarch
* katello-cli-1.1.8-6.el6cf.noarch
* katello-cli-common-1.1.8-6.el6cf.noarch
* katello-common-1.1.12-12.el6cf.noarch
* katello-configure-1.1.9-6.el6cf.noarch
* katello-glue-candlepin-1.1.12-12.el6cf.noarch
* katello-glue-pulp-1.1.12-12.el6cf.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.1.1-1.el6cf.noarch
* pulp-1.1.12-1.el6cf.noarch
* pulp-common-1.1.12-1.el6cf.noarch
* pulp-selinux-server-1.1.12-1.el6cf.noarch
Comment 12 errata-xmlrpc 2012-12-04 19:45:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-1543.html