Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1500522 - [RFE] print warning if capsule-certs-generate --capsule-fqdn is same as satellite server's hostname
Summary: [RFE] print warning if capsule-certs-generate --capsule-fqdn is same as satel...
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Installation
Version: 6.2.11
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: 6.4.0
Assignee: Chris Roberts
QA Contact: Sanket Jagtap
URL: https://projects.theforeman.org/issue...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-10-10 20:10 UTC by Chris Duryee
Modified: 2019-11-05 23:09 UTC (History)
9 users (show)

Fixed In Version: katello-installer-base-3.4.5.16-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-03-07 18:31:33 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 21873 0 None None None 2017-12-05 15:31:01 UTC

Description Chris Duryee 2017-10-10 20:10:13 UTC 
Description of problem:

Occasionally, users will mix up the satellite hostname and capsule hostname when creating the capsule tarball, and will put the server hostname in --capsule-fqdn. If the capsule FQDN and parent FQDN match, the installer should print a warning to alert the user that what they are doing is probably not what they intend to do.

Version-Release number of selected component (if applicable): 6.2.11
Comment 5 Sanket Jagtap 2018-01-17 14:13:08 UTC 
Build:Satellite 6.3.0 snap32

I can see the fix is present but the validation isn't happening

[root@ibm-ls22-05 candlepin]# rpm -qa | grep satellite
satellite-6.3.0-23.0.el7sat.noarch
satellite-common-6.3.0-23.0.el7sat.noarch
satellite-installer-6.3.0.9-1.beta.el7sat.noarch
tfm-rubygem-foreman_theme_satellite-1.0.4.13-1.el7sat.noarch
satellite-cli-6.3.0-23.0.el7sat.noarch
[root@ibm-ls22-05 candlepin]# rpm -qa | grep capsule
[root@ibm-ls22-05 candlepin]# rpm -qa | grep katello
katello-client-bootstrap-1.4.2-1.el7sat.noarch
tfm-rubygem-katello_ostree-3.4.5.51-1.el7sat.noarch
katello-ca-consumer-sat-r220-02.lab.eng.rdu2.redhat.com-1.0-5.noarch
katello-debug-3.4.5-9.el7sat.noarch
foreman-installer-katello-3.4.5.18-1.el7sat.noarch
katello-common-3.4.5-9.el7sat.noarch
katello-3.4.5-9.el7sat.noarch
katello-selinux-3.0.2-1.el7sat.noarch
katello-service-3.4.5-9.el7sat.noarch
katello-certs-tools-2.4.0-1.el7sat.noarch
katello-server-ca-1.0-1.noarch
tfm-rubygem-katello-3.4.5.51-1.el7sat.noarch
katello-installer-base-3.4.5.18-1.el7sat.noarch
katello-default-ca-1.0-1.noarch
pulp-katello-1.0.2-1.el7sat.noarch
tfm-rubygem-hammer_cli_katello-0.11.3.4-1.el7sat.noarch


hostname -f
sat-host
[root@ibm-ls22-05 candlepin]# capsule-certs-generate --foreman-proxy-fqdn "sat-host" --certs-tar ~/aa-certs.tar
Installing             Done                                               [100%] [................................................................................................................................]
  Success!
ATTENTION. For Capsule upgrades:
  Please see official documentation for steps and parameters to use when upgrading a 6.2 Capsule to 6.3.

  To finish the installation, follow these steps:

  If you do not have the Capsule registered to the Satellite instance, then please do the following:

  1. yum -y localinstall http://sat-host/pub/katello-ca-consumer-latest.noarch.rpm
  2. subscription-manager register --org "Default_Organization"

  Once this is completed run the steps below to start the Capsule installation:

  1. Ensure that the satellite-capsule package is installed on the system.
  2. Copy the following file /root/aa-certs.tar to the system sat-host at the following location /root/aa-certs.tar
  scp /root/aa-certs.tar root@sat-host:/root/aa-certs.tar
  3. Run the following commands on the Capsule (possibly with the customized
     parameters, see satellite-installer --scenario capsule --help and
     documentation for more info on setting up additional services):

  satellite-installer --scenario capsule\
                      --foreman-proxy-content-parent-fqdn           "sat-host"\
                      --foreman-proxy-register-in-foreman           "true"\
                      --foreman-proxy-foreman-base-url              "https://sat-host"\
                      --foreman-proxy-trusted-hosts                 "sat-host"\
                      --foreman-proxy-trusted-hosts                 "sat-host"\
                      --foreman-proxy-oauth-consumer-key            "brwfXRcByhHfYx74Wmq5XQjqVNk7fcnW"\
                      --foreman-proxy-oauth-consumer-secret         "9kKDBhyzzDEqPoQRp8Tnpv5HgQpYggXP"\
                      --foreman-proxy-content-pulp-oauth-secret     "CGXMaAFk6y4H5Ki5iG6L3KBmhUBewPy5"\
                      --foreman-proxy-content-certs-tar             "/root/aa-certs.tar"\
                      --puppet-server-foreman-url                   "https://sat-host"
  The full log is at /var/log/foreman-proxy-certs-generate.log
Comment 6 Sanket Jagtap 2018-02-06 06:04:52 UTC 
 
Build: Satellite 6.3.0 snap35 


[root@hp-sl230sgen8-01 ~]# hostname --fqdn
sat-host
[root@hp-sl230sgen8-01 ~]# hostname --long
sat-host

I am still able to generate the capsule certs for satellite host 

capsule-certs-generate --foreman-proxy-fqdn sat-host --certs-tar ~/aa-certs.tar
Installing             Done                                               [100%] [................................................................................................................................]
  Success!
ATTENTION. For Capsule upgrades:
  Please see official documentation for steps and parameters to use when upgrading a 6.2 Capsule to 6.3.

  To finish the installation, follow these steps:

  If you do not have the Capsule registered to the Satellite instance, then please do the following:

  1. yum -y localinstall http://sat-host/pub/katello-ca-consumer-latest.noarch.rpm
  2. subscription-manager register --org "Default_Organization"

  Once this is completed run the steps below to start the Capsule installation:

  1. Ensure that the satellite-capsule package is installed on the system.
  2. Copy the following file /root/aa-certs.tar to the system sat-host at the following location /root/aa-certs.tar
  scp /root/aa-certs.tar root@sat-host:/root/aa-certs.tar
  3. Run the following commands on the Capsule (possibly with the customized
     parameters, see satellite-installer --scenario capsule --help and
     documentation for more info on setting up additional services):

  satellite-installer --scenario capsule\
                      --foreman-proxy-content-parent-fqdn           "sat-host"\
                      --foreman-proxy-register-in-foreman           "true"\
                      --foreman-proxy-foreman-base-url              "https://sat-host"\
                      --foreman-proxy-trusted-hosts                 "sat-host"\
                      --foreman-proxy-trusted-hosts                 "sat-host"\
                      --foreman-proxy-oauth-consumer-key            "BXxRnLJLfvr6SM4WXZfrC3pNGPQPjr5T"\
                      --foreman-proxy-oauth-consumer-secret         "Cycpow3A48XJ8NuqJKPCRAUrZn4y2NZZ"\
                      --foreman-proxy-content-pulp-oauth-secret     "SyhRsVTnbQkYqxQNKEgcxbTWXxBueYMM"\
                      --foreman-proxy-content-certs-tar             "/root/aa-certs.tar"\
                      --puppet-server-foreman-url                   "https://sat-host"
  The full log is at /var/log/foreman-proxy-certs-generate.log
[root@hp-sl230sgen8-01 ~]# hostname
sat-host
[root@hp-sl230sgen8-01 ~]# rpm -qa | grep satellite
tfm-rubygem-foreman_theme_satellite-1.0.4.16-1.el7sat.noarch
satellite-cli-6.3.0-23.0.el7sat.noarch
satellite-6.3.0-23.0.el7sat.noarch
satellite-common-6.3.0-23.0.el7sat.noarch
satellite-installer-6.3.0.12-1.el7sat.noarch
[root@hp-sl230sgen8-01 ~]# rpm -qa | grep capsule
[root@hp-sl230sgen8-01 ~]# rpm -qa | grep capsule
[root@hp-sl230sgen8-01 ~]# rpm -qa | grep katello
katello-server-ca-1.0-1.noarch
katello-selinux-3.0.2-1.el7sat.noarch
katello-client-bootstrap-1.5.1-1.el7sat.noarch
tfm-rubygem-katello-3.4.5.58-1.el7sat.noarch
tfm-rubygem-hammer_cli_katello-0.11.3.5-1.el7sat.noarch
katello-certs-tools-2.4.0-1.el7sat.noarch
katello-service-3.4.5-15.el7sat.noarch
katello-ca-consumer-sat-r220-02.lab.eng.rdu2.redhat.com-1.0-5.noarch
katello-default-ca-1.0-1.noarch
tfm-rubygem-katello_ostree-3.4.5.58-1.el7sat.noarch
pulp-katello-1.0.2-1.el7sat.noarch
katello-installer-base-3.4.5.26-1.el7sat.noarch
katello-common-3.4.5-15.el7sat.noarch
katello-3.4.5-15.el7sat.noarch
katello-debug-3.4.5-15.el7sat.noarch
foreman-installer-katello-3.4.5.26-1.el7sat.noarch
Comment 10 Chris Roberts 2018-03-07 18:31:33 UTC 
Works upstream, marking this closed, should get pulled into 6.4
Note You need to log in before you can comment on or make changes to this bug.