Bug 1466688 - capsule-certs-generate --certs-tar does not accept relative path
Summary: capsule-certs-generate --certs-tar does not accept relative path
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Installer
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
medium vote
Target Milestone: Unspecified
Assignee: Ivan Necas
QA Contact: Peter Ondrejka
: 1500732 1528460 (view as bug list)
Depends On: 1243566
Blocks: 1525544
TreeView+ depends on / blocked
Reported: 2017-06-30 09:06 UTC by Roman Plevka
Modified: 2021-07-21 15:19 UTC (History)
10 users (show)

Fixed In Version: katello-installer-base-
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1525544 (view as bug list)
Last Closed: 2018-02-21 16:54:37 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 21128 0 Normal Closed capsule-certs-generate --certs-tar does not accept relative path 2021-02-05 23:00:17 UTC

Description Roman Plevka 2017-06-30 09:06:35 UTC
Description of problem:
This used to work with a relative path and I see no reason why it no longer should.
Also, the text color is leaking for some values.

# capsule-certs-generate --foreman-proxy-fqdn="intel-wildcatpass-02.khw.lab.eng.bos.redhat.com" --certs-tar intel-server-02.khw.aaa.bbb.ccc.whatever.com
Parameter certs-tar invalid: intel-server-02.khw.aaa.bbb.ccc.whatever.com is not one of regexes matching /^(([a-zA-Z]:[\\\/])|([\\\/][\\\/Error during configuration, exiting

Version-Release number of selected component (if applicable):

How reproducible:
# rpm -qa satellite

Steps to Reproduce:
1. capsule-certs-generate --foreman-proxy-fqdn="intel-wildcatpass-02.khw.lab.eng.bos.redhat.com" --certs-tar intel-server-02.khw.aaa.bbb.ccc.whatever.com

Actual results:
Parameter certs-tar invalid: intel-server-02.khw.aaa.bbb.ccc.whatever.com is not one of regexes matching /^(([a-zA-Z]:[\\\/])|([\\\/][\\\/Error during configuration, exiting

Expected results:
relative path should be supported and the error handling should be way better

Comment 3 jcallaha 2017-06-30 18:58:18 UTC
New installer documentation recommends using the absolute path.

foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY" --certs-tar "/root/$FOREMAN_PROXY-certs.tar"

Comment 4 Renzo Nuccitelli 2017-09-13 19:37:08 UTC
Just to add some more info, even absolute path on the form ~/foobar is not working on 6.3 snap 15. While docs have been updated as jcalla mentioned, the above path was present on official docs for 6.2 and bellow: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html/installation_guide/installing_capsule_server

Comment 5 Ivan Necas 2017-09-27 11:27:30 UTC
The absolute path with ~ is a known issue in docs: when the path is wrapped in "~", the expansion doesn't happen, the docs BZ is filed here https://bugzilla.redhat.com/show_bug.cgi?id=1470653

Comment 6 Ivan Necas 2017-09-27 13:21:52 UTC
Created redmine issue http://projects.theforeman.org/issues/21128 from this bug

Comment 7 Ivan Necas 2017-09-27 13:34:50 UTC
The proposed fix is here https://github.com/Katello/katello-installer/pull/542

Comment 8 Satellite Program 2017-09-27 14:04:45 UTC
Upstream bug assigned to inecas@redhat.com

Comment 9 Satellite Program 2017-09-27 14:04:50 UTC
Upstream bug assigned to inecas@redhat.com

Comment 10 Ivan Necas 2017-09-27 14:24:31 UTC
Also, ehelms pointed out the upstream already loosened the check on absolute path in the tar https://github.com/Katello/puppet-certs/commit/970a188e0b78f53e724ab0cfd602b50411d1128e#diff-6f053bc2767af0a9bee2ae428e2d64d9 

I think there were reasons why we had there a check on absolute path in the first place, therefore expanding in the pre_validations might be a better approach, but I would be probable ok with both of them.

Comment 12 Satellite Program 2017-10-03 18:05:03 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/21128 has been resolved.

Comment 13 Lukáš Hellebrandt 2017-10-11 11:59:24 UTC
*** Bug 1500732 has been marked as a duplicate of this bug. ***

Comment 14 Peter Ondrejka 2017-10-31 09:40:18 UTC
Also happens on satellite-installer --scenario capsule, which in turn affects satellite-change-hostname on capsule, so there is probably more tweaking to be done in docs. Wouldn't it be just better to make those tools accept relative paths, as everyone is used to this behavior from 6.2?

Comment 15 Stephen Wadeley 2017-11-15 09:11:32 UTC
Hello Ivan and Peter

Re: the tilde

We have been removing all quotation marks from paths and commands when not strictly required.

I think we can *just drop* the `~/` and *not* replace it with `/root` in the guides.

We say the commands should be run as root and when you log in your are in the root user's home directory.

If the reader follows the instructions as we write them then it will just work.

What do you think?

Thank you

Comment 16 Peter Ondrejka 2017-11-20 15:14:19 UTC
Hi Stephen, 

yes, now that we have the fix applied, it is ok to have just the file name supplied to --certs-tar

Comment 17 Peter Ondrejka 2017-11-20 15:47:04 UTC
When running on Sat 6.3 snap 25, --certs-tar accepts relative path as expected:

# capsule-certs-generate --foreman-proxy-fqdn ibm.example.com --certs-tar ibm.example.com-certs.tar
Installing             Done                                               [100%] [............]
ATTENTION. For Capsule upgrades:
  Please see official documentation for steps and parameters to use when upgrading a 6.2 Capsule to 6.3.

  To finish the installation, follow these steps:

  If you do not have the Capsule registered to the Satellite instance, then please do the following:

  1. yum -y localinstall http://lenovo.example.com/pub/katello-ca-consumer-latest.noarch.rpm
  2. subscription-manager register --org "Default_Organization"

  Once this is completed run the steps below to start the Capsule installation:

  1. Ensure that the satellite-capsule package is installed on the system.
  2. Copy the following file /root/ibm.example.com-certs.tar to the system ibm.example.com at the following location /root/ibm.example.com-certs.tar
  scp /root/ibm.example.com-certs.tar root@ibm.example.com:/root/ibm.example.com-certs.tar
  3. Run the following commands on the Capsule (possibly with the customized
     parameters, see satellite-installer --scenario capsule --help and
     documentation for more info on setting up additional services):

  satellite-installer --scenario capsule\
                      --foreman-proxy-content-parent-fqdn           "lenovo.example.com"\
                      --foreman-proxy-register-in-foreman           "true"\
                      --foreman-proxy-foreman-base-url              "https://lenovo.example.com"\
                      --foreman-proxy-trusted-hosts                 "lenovo.example.com"\
                      --foreman-proxy-trusted-hosts                 "ibm.example.com"\
                      --foreman-proxy-oauth-consumer-key            "zDFne2NBV8PMqPFSir73wxVQt9akYFko"\
                      --foreman-proxy-oauth-consumer-secret         "uQAJ54yxpLCS7sUgV26oumgAJLKJ9kho"\
                      --foreman-proxy-content-pulp-oauth-secret     "pkR7t9eERtcDTQYUeVA6HWBwtRqWrZG7"\
                      --foreman-proxy-content-certs-tar             "/root/ibm.example.com-certs.tar"\
                      --puppet-server-foreman-url                   "https://lenovo.example.com"
  The full log is at /var/log/foreman-proxy-certs-generate.log

imho the scp target in the instruction step 2. is bit too verbose, just "root@ibm.example.com:" would have the same effect, but that's a nitpick. I'm not able to install capsule using the generated command, but that is probably due to https://bugzilla.redhat.com/show_bug.cgi?id=1243566, therefore keeping this one on_qa until 1243566 resolves.

Comment 18 Peter Ondrejka 2017-12-12 14:14:59 UTC
Verified again on 6.3 snap 28, changing status as the blocking bug has been also verified

Comment 19 Brad Buckingham 2018-01-23 13:42:36 UTC
*** Bug 1528460 has been marked as a duplicate of this bug. ***

Comment 20 Satellite Program 2018-02-21 16:54:37 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> > 
> > For information on the advisory, and where to find the updated files, follow the link below.
> > 
> > If the solution does not work for you, open a new bug report.
> > 
> > https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.