Bug 1162690 - katello-installer: set --certs-update-* options by default to true if --certs-server-* used
Summary: katello-installer: set --certs-update-* options by default to true if --certs...
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Docs Install Guide
Version: 6.0.4
Hardware: All
OS: Linux
low
medium
Target Milestone: Unspecified
Assignee: satellite-doc-list
QA Contact: satellite-doc-list
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-11-11 13:37 UTC by Pavel Moravec
Modified: 2019-09-26 16:28 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-06-13 05:34:11 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Pavel Moravec 2014-11-11 13:37:05 UTC
Description of problem:
Currently, when one (re)installs Sat6 with --certs-server-* options but forgets to add --certs-update-* options, installation fails. Please set default values of --certs-update-* parameters according to (non)presence of --certs-server-* parameters.

In particular:
- default value of --certs-update-* is false/nil
- _if_ --certs-server-* parameters set, use default value of --certs-update-* as true/yes
- an explicit setting of either --certs-update-* parameter overrides whatever of above default setting


Version-Release number of selected component (if applicable):
Satellite 6.0.4


How reproducible:
100%


Steps to Reproduce:
1. katello-installer
2. katello-installer --certs-server-cert <file> --certs-server-cert-req <file> --certs-server-key <file> --certs-server-ca-cert <file>


Actual results:
2nd installer fails with "422 unprocessable entity error", as --certs-update-* are false.


Expected results:
2nd installer succeeds as --certs-update-* is automatically set to true


Additional info:
Once this BZ is fixed, Will be "Procedure 2.3. Setting a Custom Server Certificate after running katello-installer" in installation still relevant or obsoleted?

Comment 2 tbrodbec 2015-01-21 15:32:58 UTC
Unless I misread the proposed resolution, using --certs-update-* as true/yes will not succeed on an initial installation as it expects the ssl-build structure to exist

[root@dirtdog-test ~]# katello-installer --certs-server-cert ssl/dirtdog-test.crt --certs-server-cert-req ssl/dirtdog-test.csr --certs-server-key ssl/dirtdog-test.key --certs-server-ca-cert ssl/cacert.crt --certs-update-server --certs-update-server-ca
Marking certificate /root/ssl-build/dirtdog-test.wutang.clan/dirtdog-test.wutang.clan-apache for update
/usr/share/ruby/fileutils.rb:1144:in `initialize': No such file or directory - /root/ssl-build/dirtdog-test.wutang.clan/dirtdog-test.wutang.clan-apache.update (Errno::ENOENT)
	from /usr/share/ruby/fileutils.rb:1144:in `open'
	from /usr/share/ruby/fileutils.rb:1144:in `rescue in block in touch'
	from /usr/share/ruby/fileutils.rb:1140:in `block in touch'
	from /usr/share/ruby/fileutils.rb:1138:in `each'
	from /usr/share/ruby/fileutils.rb:1138:in `touch'
	from /usr/share/katello-installer/hooks/pre/20-certs_update.rb:23:in `mark_for_update'
	from /usr/share/katello-installer/hooks/pre/20-certs_update.rb:38:in `block (4 levels) in load'
	from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/hooking.rb:32:in `instance_eval'
	from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/hooking.rb:32:in `block (4 levels) in load'
	from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/hook_context.rb:13:in `instance_exec'
	from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/hook_context.rb:13:in `execute'
	from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/hooking.rb:48:in `block in execute'
	from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/hooking.rb:47:in `each_pair'
	from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/hooking.rb:47:in `execute'
	from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/kafo_configure.rb:301:in `run_installation'
	from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/kafo_configure.rb:109:in `execute'
	from /usr/share/gems/gems/clamp-0.6.2/lib/clamp/command.rb:67:in `run'
	from /usr/share/gems/gems/clamp-0.6.2/lib/clamp/command.rb:125:in `run'
	from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/kafo_configure.rb:116:in `run'
	from /usr/sbin/katello-installer:9:in `<main>'

Comment 3 Bryan Kearney 2016-07-08 20:29:55 UTC
Per 6.3 planning, moving out non acked bugs to the backlog

Comment 5 Stephen Benjamin 2016-10-14 13:15:51 UTC
Created redmine issue http://projects.theforeman.org/issues/16934 from this bug

Comment 6 Chris Roberts 2017-01-28 01:33:56 UTC
Based on comment #2 I am going to close the redmine issue and make this a docs bug.

I do not see many cases from this and its something better to have in the docs then a installer hook. If you feel this is incorrect feel free to reopen the BZ.

- Chris Roberts

Comment 8 Andrew Dahms 2017-06-13 05:34:11 UTC
Since this bug was raised, the Installation Guide has been re-structured and a great deal of work performed on certificates.

Correct usage of this option is now called out in the Installation Guide in sections such as the following -

https://doc-stage.usersys.redhat.com/documentation/en-us/red_hat_satellite/6.2/html-single/installation_guide/#run_the_satellite_installer_with_custom_certificate_parameters

Closing.


Note You need to log in before you can comment on or make changes to this bug.