Bug 1460335 - [RFE] Satellite cluster requires capsule-certs-generate to be ran on every node
[RFE] Satellite cluster requires capsule-certs-generate to be ran on every node
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Certificates (Show other bugs)
Unspecified Unspecified
medium Severity medium (vote)
: Unspecified
: --
Assigned To: Eric Helms
Katello QA List
: FutureFeature, Triaged
Depends On:
  Show dependency treegraph
Reported: 2017-06-09 14:05 EDT by Sean O'Keeffe
Modified: 2017-06-19 10:45 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-06-14 13:08:02 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Sean O'Keeffe 2017-06-09 14:05:24 EDT
Description of problem:
A Satellite cluster requires capsule-certs-generate to be ran on every Satellite. 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Build 2 Satellites, /var/lib/pgsql, /var/lib/mongodb, /var/lib/pulp on shared storage
- Start services on node 1, Stop services on node 2
- installer:
  - ensure various oauth_options are the same on both nodes
  - ensure db_passowrd options are the same on both nodes
  - provide the same custom certs with multiple dns alt names
  - ensure /etc/foreman/encryption_key.rb is the same on both nodes
4. confirm fail over works
  a. stop services on node 1 
  b. fail over storage
  c. start services on node 2
3. on the active node generate certs with custom certificates and register a capsule (all should be working)
4. fail over again and any communication with the proxy will fail from this node with SSL errors.
( running capsule-certs-generate on the both node will make it work )
You are also unable to register a Capsule against a node that hasn't also had capsule-certs-generate for that node ran on it.

Actual results:
SSL errors

Expected results:
Proxy comms to work

Additional info:
I can supply better details to reproduce this if required..
Comment 1 Sean O'Keeffe 2017-06-09 14:10:35 EDT
There is probably a valid explanation for this, I'm mainly failing this because:

1. To find out why this is the case?
2. If its possible to change this at all? As a user if I only have to run capsule-certs-generate on 1 Katello server that is a much better user experience (but also not the end of the world).
Comment 2 Sean O'Keeffe 2017-06-14 13:08:02 EDT
Closing this, this it not actually true. It seems I made an error in my testing.

Note You need to log in before you can comment on or make changes to this bug.