Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1460335 - [RFE] Satellite cluster requires capsule-certs-generate to be ran on every node
Summary: [RFE] Satellite cluster requires capsule-certs-generate to be ran on every node
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Certificates
Version: 6.2.9
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: Unspecified
Assignee: Eric Helms
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-06-09 18:05 UTC by Sean O'Keeffe
Modified: 2024-02-28 20:32 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-06-14 17:08:02 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Sean O'Keeffe 2017-06-09 18:05:24 UTC
Description of problem:
A Satellite cluster requires capsule-certs-generate to be ran on every Satellite. 


Version-Release number of selected component (if applicable):
6.2.9


How reproducible:
100%

Steps to Reproduce:
1. Build 2 Satellites, /var/lib/pgsql, /var/lib/mongodb, /var/lib/pulp on shared storage
- Start services on node 1, Stop services on node 2
- installer:
  - ensure various oauth_options are the same on both nodes
  - ensure db_passowrd options are the same on both nodes
  - provide the same custom certs with multiple dns alt names
  - ensure /etc/foreman/encryption_key.rb is the same on both nodes
4. confirm fail over works
  a. stop services on node 1 
  b. fail over storage
  c. start services on node 2
3. on the active node generate certs with custom certificates and register a capsule (all should be working)
4. fail over again and any communication with the proxy will fail from this node with SSL errors.
( running capsule-certs-generate on the both node will make it work )
You are also unable to register a Capsule against a node that hasn't also had capsule-certs-generate for that node ran on it.

Actual results:
SSL errors


Expected results:
Proxy comms to work


Additional info:
I can supply better details to reproduce this if required..

Comment 1 Sean O'Keeffe 2017-06-09 18:10:35 UTC
There is probably a valid explanation for this, I'm mainly failing this because:

1. To find out why this is the case?
2. If its possible to change this at all? As a user if I only have to run capsule-certs-generate on 1 Katello server that is a much better user experience (but also not the end of the world).

Comment 2 Sean O'Keeffe 2017-06-14 17:08:02 UTC
Closing this, this it not actually true. It seems I made an error in my testing.


Note You need to log in before you can comment on or make changes to this bug.