Red Hat Bugzilla – Bug 1460335
[RFE] Satellite cluster requires capsule-certs-generate to be ran on every node
Last modified: 2017-06-19 10:45:28 EDT
Description of problem: A Satellite cluster requires capsule-certs-generate to be ran on every Satellite. Version-Release number of selected component (if applicable): 6.2.9 How reproducible: 100% Steps to Reproduce: 1. Build 2 Satellites, /var/lib/pgsql, /var/lib/mongodb, /var/lib/pulp on shared storage - Start services on node 1, Stop services on node 2 - installer: - ensure various oauth_options are the same on both nodes - ensure db_passowrd options are the same on both nodes - provide the same custom certs with multiple dns alt names - ensure /etc/foreman/encryption_key.rb is the same on both nodes 4. confirm fail over works a. stop services on node 1 b. fail over storage c. start services on node 2 3. on the active node generate certs with custom certificates and register a capsule (all should be working) 4. fail over again and any communication with the proxy will fail from this node with SSL errors. ( running capsule-certs-generate on the both node will make it work ) You are also unable to register a Capsule against a node that hasn't also had capsule-certs-generate for that node ran on it. Actual results: SSL errors Expected results: Proxy comms to work Additional info: I can supply better details to reproduce this if required..
There is probably a valid explanation for this, I'm mainly failing this because: 1. To find out why this is the case? 2. If its possible to change this at all? As a user if I only have to run capsule-certs-generate on 1 Katello server that is a much better user experience (but also not the end of the world).
Closing this, this it not actually true. It seems I made an error in my testing.