Bug 842859
| Summary: | RHUI 2.0.3 -> 2.1 migration, doc to add ssl_ca_cert option in /etc/rhui-tools.conf [rhua] | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Update Infrastructure for Cloud Providers | Reporter: | wes hayutin <whayutin> | ||||||
| Component: | RHUA | Assignee: | mkovacik | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Martin Kočí <mkoci> | ||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | high | ||||||||
| Version: | 2.1 | CC: | jslagle, mkoci, snansi, tsanders, whayutin | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: |
When updating from Red Hat Update Infrastructure 2.0.3 to 2.1, the ssl_ca_cert configuration option is automatically added to /etc/rhui/rhui-tools.conf, if it is not present already.
|
Story Points: | --- | ||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2012-08-24 11:55:39 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
|
Description
wes hayutin
2012-07-24 18:19:12 UTC
We ought to be able to just update the code to assume the value for ssl_ca_cert is the default value (/etc/pki/rhua/rhua-ssl-ca-cert.crt) instead of requiring them to update the file. We can still add it to the README though. so since this is only an issue during an upgrade.. I'm not sure, but I think we have to handle it with an upgrade script in the rpm itself...
I've tested this and it works, just not sure if its the right way to do it
in rh-rhui-tools.spec
# -- post -------------------------------------------------------------------
%post
if grep "ssl_ca_cert" /etc/rhui/rhui-tools.conf
then
true
else
cp /etc/rhui/rhui-tools.conf /etc/rhui/rhui-tools.conf.rpmsave
sed -n 'H;${x;s/hostname: .*\n/ssl_ca_cert: \/etc\/pki\/rhua\/rhua-ssl-ca-cert.crt\n&/;p;}' > /etc/rhui/rhui-tools.conf.new
mv /etc/rhui/rhui-tools.conf.new /etc/rhui/rhui-tools.conf
fi
diff --git a/src/pulp/server/api/cds.py b/src/pulp/server/api/cds.py
index 8b29778..3cd7957 100644
--- a/src/pulp/server/api/cds.py
+++ b/src/pulp/server/api/cds.py
@@ -16,6 +16,7 @@ import datetime
import logging
import re
import sys
+import os
# Pulp
from pulp.common import dateutils
@@ -522,6 +523,8 @@ class CdsApi(BaseApi):
server_ca_certificate = None
if config.config.has_option('security', 'ssl_ca_certificate'):
ca_cert_file = config.config.get('security', 'ssl_ca_certificate')
+ elif os.path.isfile('/etc/pki/rhua/rhua-ssl-ca-cert.crt'):
+ ca_cert_file = '/etc/pki/rhua/rhua-ssl-ca-cert.crt'
try:
f = open(ca_cert_file, 'r')
disregard comment #3 [whayutin@minidoe tools]$ git show 55eb93191509ec22c9fa393f6a88e78c105254ed commit 55eb93191509ec22c9fa393f6a88e78c105254ed Author: Wes Hayutin <whayutin> Date: Mon Jul 30 12:03:50 2012 -0400 842859, add default option for ssl ca cert diff --git a/rhui-2.0/tools/src/rhui/tools/screens/client.py b/rhui-2.0/tools/src/rhui/tools/screens/client.py index 16c18e8..935b5a2 100644 --- a/rhui-2.0/tools/src/rhui/tools/screens/client.py +++ b/rhui-2.0/tools/src/rhui/tools/screens/client.py @@ -267,7 +267,7 @@ class ClientScreen(Screen): return None # Entitlement Certificate CA Certificate - answers['ca_cert'] = self.config.get("rhua", "ssl_ca_cert") + answers['ca_cert'] = self.config.get("rhua", "ssl_ca_cert", '/etc/pki/rhua/rhua-ssl-ca-cert.crt') self.prompt.write('') if answers['ca_cert'] is ABORT: Created attachment 603581 [details]
Disproving screen log
A stack dump showing the cert file couldn't be found---seems ON_DEV is appropriate...
Build: RHEL-6.3-RHUI-2.1-20120801.0-Server-x86_64-DVD1.iso
commit 5e521325526f528d01ef8fa923459fc91a51e2af
+%post
+if grep "ssl_ca_cert" /etc/rhui/rhui-tools.conf
+ then
+ true
+ else
+ cp /etc/rhui/rhui-tools.conf /etc/rhui/rhui-tools.conf.rpmsave
+ sed -n 'H;${x;s/hostname: .*\n/ssl_ca_cert: \/etc\/pki\/rhua\/rhua-ssl-ca-cert.crt\n&/;p;}' /etc/rhui/rhui-tools.conf > /etc/rhui/rhui-t
+ mv /etc/rhui/rhui-tools.conf.new /etc/rhui/rhui-tools.conf
+fi
+
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
When updating from Red Hat Update Infrastructure 2.0.3 to 2.1, the ssl_ca_cert configuration option is automatically added to /etc/rhui/rhui-tools.conf, if it is not present already.
Created attachment 604978 [details]
Verifying screen log
Verified that in build RHEL-6.3-RHUI-2.1-20120815.0-Server-x86_64-DVD1.iso, rh-rhui-tools version 2.1.10 the client configuration rpm build doesn't require explicit ca certificate path input anymore. See the screen log attached.
(In reply to comment #9) > Created attachment 604978 [details] > Verifying screen log > > Verified that in build RHEL-6.3-RHUI-2.1-20120815.0-Server-x86_64-DVD1.iso, > rh-rhui-tools version 2.1.10 the client configuration rpm build doesn't > require explicit ca certificate path input anymore. See the screen log > attached. That is, having updated the rhui from 2.0.3 to 2.1, no failure observed creating client configuration rpm. No modification of the configuration file required, it just works out-of-the-box without having to specify the ca cert path anymore. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2012-1205.html |