Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1347242

Summary:	host certificate is not deleted from puppet CA when host is deleted if the host is unmanaged.
Product:	Red Hat Satellite	Reporter:	Johan Bergström <johan.bergstrom>
Component:	Puppet	Assignee:	satellite6-bugs <satellite6-bugs>
Status:	CLOSED WONTFIX	QA Contact:
Severity:	high	Docs Contact:
Priority:	unspecified
Version:	6.1.8	CC:	ben, bkearney, mlele, ogajduse, oprazak
Target Milestone:	Unspecified	Keywords:	Triaged
Target Release:	Unused
Hardware:	Unspecified
OS:	Unspecified
URL:	http://projects.theforeman.org/issues/13911
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2018-09-04 18:02:03 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Johan Bergström 2016-06-16 11:25:52 UTC

Description of problem:

When an unmanaged client in satellite6 is deleted the Puppet CA client certificate is not removed.


Version-Release number of selected component (if applicable):
6.1.9

How reproducible:
Always.

Steps to Reproduce:
1. Register a host, make sure it's unmanaged
2. Delete host
3. Check Infrastructure -> capsules -> certificates, cert is still there.

Actual results:

Host is deleted but old certificate is still there, which means re-registering host will fail on puppet.

Expected results:

Deleted host == deleted certificate etc.

Additional info:
Nothing happens in foreman-proxy/proxy.log when deleting unmanaged client. API call to remove cert is never executed.

Comment 1 Johan Bergström 2016-06-16 11:36:17 UTC

Related:

http://projects.theforeman.org/issues/8271
http://projects.theforeman.org/issues/13911

Comment 2 Bryan Kearney 2016-06-17 15:05:04 UTC

Connecting redmine issue http://projects.theforeman.org/issues/8271 from this bug

Comment 3 Bryan Kearney 2016-06-17 15:05:20 UTC

Connecting redmine issue http://projects.theforeman.org/issues/13911 from this bug

Comment 5 Bryan Kearney 2016-06-17 18:16:34 UTC

Upstream bug component is Provisioning

Comment 6 Bryan Kearney 2016-08-10 19:18:12 UTC

Upstream bug component is Configuration Management

Comment 7 Bryan Kearney 2016-08-10 20:19:15 UTC

Upstream bug component is Provisioning

Comment 8 Bryan Kearney 2016-08-10 22:18:50 UTC

Upstream bug component is Puppet

Comment 9 Billy Ray 2018-07-03 15:23:22 UTC

Can confirm this is still present in 1.17.  We use --foreman-unattended=false so we can use foreman as a puppet GUI without the provisioning features.  It's highly annoying that when this is used, deleting a host via the API/gui does not delete the puppet cert.  This issue needs some love!

Comment 10 Mihir Lele 2018-07-09 09:07:58 UTC

Do we have any local reproducer for this issue to get this bug moving?

Comment 11 Bryan Kearney 2018-09-04 18:02:03 UTC

Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in the product in the foreseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.

Comment 12 Ondrej Gajdusek 2018-09-06 14:59:32 UTC

This happens if the host is unmanaged.

Reproducer:
1. register the host via subscription-manager register --org --activationkey
2. unregister the host via sm
3. delete the host entry 

Satellite will create host and content host but the host has set "host": { "managed": "false" }. 

To fix this:
via WebUI:
1. Navigate to Hosts -> All hosts
2. Select the desired host
3. Click on "Edit" and then click on "Manage host" and confirm by hitting the Submit button
4. Then unregister the host by hitting the "Delete" button
Puppet agent (host's) certificate should be deleted at this moment.

via API:
HOST_ID=$(curl -s -m 30 -k -f -u ${SAT_USER}:${SAT_PASSWORD} https://${SATELLITE_SERVER}/api/hosts/?search=name="$(hostname)" | jq '.results[0].id')
curl -m 30 -k -X 'PUT' -H 'content-type: application/json' -d '{"host": {"managed": 1 }}' -u ${SAT_USER}:${SAT_PASSWORD} https://${SATELLITE_SERVER}/api/v2/hosts/${HOST_ID}
curl -m 30 -k -X 'DELETE' -u ${SAT_USER}:${SAT_PASSWORD} https://${SATELLITE_SERVER}/api/v2/hosts/${HOST_ID}


Is this behaviour expected or is it a bug?