Description of problem: A Satellite cluster requires capsules trust the 'default ca' on every Satellite server. Version-Release number of selected component (if applicable): 6.2.9 How reproducible: 100% Steps to Reproduce: 1. Build 2 Satellites, /var/lib/pgsql, /var/lib/mongodb, /var/lib/pulp on shared storage - Start services on node 1, Stop services on node 2 - installer: - ensure various oauth_options are the same on both nodes - ensure db_passoword options are the same on both nodes - provide the same custom certs with multiple dns alt names - ensure /etc/foreman/encryption_key.rb is the same on both nodes 4. confirm fail over works a. stop services on node 1 b. fail over storage c. start services on node 2 3. on the active node generate certs with custom certificates and register a capsule (all should be working) 4. fail over again and any communication with the proxy will fail from this node with SSL errors. Actual results: SSL errors Expected results: Proxy comms to work Additional info: I can supply better details to reproduce this if required..
I used https://github.com/sean797/ansible-role-foreman_installer#katello-cluster-with-custom-certificates to create my cluster.
Upstream bug assigned to sokeeffe
Thank you for your interest in Satellite 6. We have evaluated this request, and while we recognize that it is a valid request, we do not expect this to be implemented in the product in the foreseeable future. This is due to other priorities for the product, and not a reflection on the request itself. We are therefore closing this out as WONTFIX. If you have any concerns about this, please do not reopen. Instead, feel free to contact Red Hat Technical Support. Thank you.