Description of problem:
A Satellite cluster requires capsules trust the 'default ca' on every Satellite server.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Build 2 Satellites, /var/lib/pgsql, /var/lib/mongodb, /var/lib/pulp on shared storage
- Start services on node 1, Stop services on node 2
- ensure various oauth_options are the same on both nodes
- ensure db_passoword options are the same on both nodes
- provide the same custom certs with multiple dns alt names
- ensure /etc/foreman/encryption_key.rb is the same on both nodes
4. confirm fail over works
a. stop services on node 1
b. fail over storage
c. start services on node 2
3. on the active node generate certs with custom certificates and register a capsule (all should be working)
4. fail over again and any communication with the proxy will fail from this node with SSL errors.
Proxy comms to work
I can supply better details to reproduce this if required..
I used https://github.com/sean797/ansible-role-foreman_installer#katello-cluster-with-custom-certificates to create my cluster.