Bug 1313208 - rh_subscription has no concept of custom CA certificates
rh_subscription has no concept of custom CA certificates
Status: ON_QA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: cloud-init (Show other bugs)
7.4
All All
medium Severity medium
: rc
: 7.3
Assigned To: Lars Kellogg-Stedman
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-01 03:16 EST by Marcel Wysocki
Modified: 2017-07-31 09:35 EDT (History)
1 user (show)

See Also:
Fixed In Version: cloud-init-0.7.9-1
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marcel Wysocki 2016-03-01 03:16:52 EST
Description of problem:
rh_subscription runs before bootcmd, where I install the CA cert.
Ideally the module itself should have a way to install custom satellite certs

[   18.108960] cloud-init[808]: 2016-03-01 03:03:18,678 - cc_rh_subscription.py[WARNING]: Registration failed due to: Error: CA certificate for subscription service has not been installed.
[   18.109436] cloud-init[808]: 2016-03-01 03:03:18,678 - cc_rh_subscription.py[WARNING]: Registration failed or did not run completely
[   18.109741] cloud-init[808]: 2016-03-01 03:03:18,678 - cc_rh_subscription.py[WARNING]: rh_subscription plugin did not complete successfully
[   18.339075] cloud-init[808]: Retrieving http://satsatsat.sat.sat/pub/katello-ca-consumer-latest.noarch.rpm
[   18.340928] cloud-init[808]: Preparing...                          ########################################
[   18.342057] cloud-init[808]: Updating / installing...
[   18.342714] cloud-init[808]: katello-ca-consumer-satsatsat.########################################

Version-Release number of selected component (if applicable):
0.7.6
Comment 2 Lars Kellogg-Stedman 2017-01-16 13:36:52 EST
In the forthcoming 0.7.9 cloud-init package (which should be dropping Real Soon Now), the rh_subscription plugin now runs as part of cloud_config_modules, which comes after both bootcmd and write-files.  This should permit installation of custom certificates.

Note You need to log in before you can comment on or make changes to this bug.