Description of problem: Currently, when one (re)installs Sat6 with --certs-server-* options but forgets to add --certs-update-* options, installation fails. Please set default values of --certs-update-* parameters according to (non)presence of --certs-server-* parameters. In particular: - default value of --certs-update-* is false/nil - _if_ --certs-server-* parameters set, use default value of --certs-update-* as true/yes - an explicit setting of either --certs-update-* parameter overrides whatever of above default setting Version-Release number of selected component (if applicable): Satellite 6.0.4 How reproducible: 100% Steps to Reproduce: 1. katello-installer 2. katello-installer --certs-server-cert <file> --certs-server-cert-req <file> --certs-server-key <file> --certs-server-ca-cert <file> Actual results: 2nd installer fails with "422 unprocessable entity error", as --certs-update-* are false. Expected results: 2nd installer succeeds as --certs-update-* is automatically set to true Additional info: Once this BZ is fixed, Will be "Procedure 2.3. Setting a Custom Server Certificate after running katello-installer" in installation still relevant or obsoleted?
Unless I misread the proposed resolution, using --certs-update-* as true/yes will not succeed on an initial installation as it expects the ssl-build structure to exist [root@dirtdog-test ~]# katello-installer --certs-server-cert ssl/dirtdog-test.crt --certs-server-cert-req ssl/dirtdog-test.csr --certs-server-key ssl/dirtdog-test.key --certs-server-ca-cert ssl/cacert.crt --certs-update-server --certs-update-server-ca Marking certificate /root/ssl-build/dirtdog-test.wutang.clan/dirtdog-test.wutang.clan-apache for update /usr/share/ruby/fileutils.rb:1144:in `initialize': No such file or directory - /root/ssl-build/dirtdog-test.wutang.clan/dirtdog-test.wutang.clan-apache.update (Errno::ENOENT) from /usr/share/ruby/fileutils.rb:1144:in `open' from /usr/share/ruby/fileutils.rb:1144:in `rescue in block in touch' from /usr/share/ruby/fileutils.rb:1140:in `block in touch' from /usr/share/ruby/fileutils.rb:1138:in `each' from /usr/share/ruby/fileutils.rb:1138:in `touch' from /usr/share/katello-installer/hooks/pre/20-certs_update.rb:23:in `mark_for_update' from /usr/share/katello-installer/hooks/pre/20-certs_update.rb:38:in `block (4 levels) in load' from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/hooking.rb:32:in `instance_eval' from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/hooking.rb:32:in `block (4 levels) in load' from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/hook_context.rb:13:in `instance_exec' from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/hook_context.rb:13:in `execute' from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/hooking.rb:48:in `block in execute' from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/hooking.rb:47:in `each_pair' from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/hooking.rb:47:in `execute' from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/kafo_configure.rb:301:in `run_installation' from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/kafo_configure.rb:109:in `execute' from /usr/share/gems/gems/clamp-0.6.2/lib/clamp/command.rb:67:in `run' from /usr/share/gems/gems/clamp-0.6.2/lib/clamp/command.rb:125:in `run' from /usr/share/gems/gems/kafo-0.6.4/lib/kafo/kafo_configure.rb:116:in `run' from /usr/sbin/katello-installer:9:in `<main>'
Per 6.3 planning, moving out non acked bugs to the backlog
Created redmine issue http://projects.theforeman.org/issues/16934 from this bug
Based on comment #2 I am going to close the redmine issue and make this a docs bug. I do not see many cases from this and its something better to have in the docs then a installer hook. If you feel this is incorrect feel free to reopen the BZ. - Chris Roberts
Since this bug was raised, the Installation Guide has been re-structured and a great deal of work performed on certificates. Correct usage of this option is now called out in the Installation Guide in sections such as the following - https://doc-stage.usersys.redhat.com/documentation/en-us/red_hat_satellite/6.2/html-single/installation_guide/#run_the_satellite_installer_with_custom_certificate_parameters Closing.