- Note: Need to set selinux to permissive on the box where the node is to be installed. - Need to note that the "node-certs-generate" command should be run on the Satellte 6 server. - What is the child in child-fqdn? Need to clarify that the child is the node. - Change "Content Definition View" to "Content View Definition" - For consistency, recommend adding the '-v' to the node-certs-generate (similar to node-install). Also, may want to note somewhere that the logs for those commands may be found in /var/log/kafo, in case the user needs to refer to them later. - After node-install and node-certs-generate, recommend that the user 'echo $?' to see the status of the command. If it returns 0, the command was successful; otherwise, it an error occured. If an error occured, the user may want to look over the logs in /var/log/kafo to debug the cause of the failure. - Need to indicate that "OAUTH_SECRET=$(cat /etc/katello/oauth_token-file)" needs to be from the Satellite 6 server itself, not on the node. The key part of that command is that the variable is populated with the value in /etc/katello/oauth_token-file on the Satellite server. - For consistency we should remove the #s from options 1 and 2
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release.
Changed: If configuring as a Content Node: Generate certificates for the Content Node from the Satellite server. to If configuring as a Content Node: Generate certificates for the Content Node from the Satellite server. Add the node-certs product to the Content Definition View for your product. to Add the node-certs product to the Content View Definition for your product. # node-certs-generate --child-fqdn satnode.example.com --katello-org "Satellite Infrastructure" --katello-user admin --katello-password admin --katello-activation-key node to # node-certs-generate -v --child-fqdn satnode.example.com --katello-org "Satellite Infrastructure" --katello-user admin --katello-password admin --katello-activation-key node All instances of "Run the following commands as the root user" to "Run the following commands as the root user on the Satellite Server" for OAUTH. Added: Prerequisite Set the SELinux permissions to permissive on the system designated as the Satellite node. Note: To test if the configuration is successful, run this command as the user on the node: # echo $? This command should return a "0" to indicate success. If it does not, check /var/log/kafo to debug the cause of failure. /var/log/kafo is the log file for the output generated by the commands node-certs-generate and node-install. TBC -> need the --help for node-generate-cert to fulfill the child-fqdn request. Mike, can you generate the list for me?
# node-certs-generate --help Usage: node-certs-generate [OPTIONS] Options: -i, --interactive Run in interactive mode -v, --verbose Display log on STDOUT instead of progressbar -n, --noop Run puppet in noop mode? (default: false) -d, --dont-save-answers Skip saving answers to answers.yaml? (default: true) --[no-]enable-node-certs Enable puppet module node_certs? (default: true) --katello-user Katello username used for creating repo with certs. This param indicates that we want to distribute the certs via Katello repo (default: nil) --katello-password Katello password (default: nil) --katello-repo-provider Provider name to create a repository in (default: "node-installer") --child-fqdn fqdn of the child node. REQUIRED (default: nil) --parent-fqdn fqdn of the parent node. Usually not need to be set. (default: "dhcp-8-30-77.lab.eng.rdu2.redhat.com") --katello-activation-key Activation key that registers the system with access to the cert repo (OPTIONAL) (default: nil) --katello-product Product name to create a repository in (default: "node-certs") --certs-tar path to tar file with certs to generate (default: nil) --regenerate regenerate certs for the node (default: false) --katello-org Organization name to create a repository in (default: "Katello Infrastructure") -h, --help print help