Bug 1500522 - [RFE] print warning if capsule-certs-generate --capsule-fqdn is same as satellite server's hostname
Summary: [RFE] print warning if capsule-certs-generate --capsule-fqdn is same as satel...
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Installer
Version: 6.2.11
Hardware: Unspecified
OS: Unspecified
medium
medium vote
Target Milestone: 6.4.0
Assignee: Chris Roberts
QA Contact: Sanket Jagtap
URL: https://projects.theforeman.org/issue...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-10-10 20:10 UTC by Chris Duryee
Modified: 2019-11-05 23:09 UTC (History)
9 users (show)

Fixed In Version: katello-installer-base-3.4.5.16-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-03-07 18:31:33 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 21873 0 None None None 2017-12-05 15:31:01 UTC

Description Chris Duryee 2017-10-10 20:10:13 UTC
Description of problem:

Occasionally, users will mix up the satellite hostname and capsule hostname when creating the capsule tarball, and will put the server hostname in --capsule-fqdn. If the capsule FQDN and parent FQDN match, the installer should print a warning to alert the user that what they are doing is probably not what they intend to do.

Version-Release number of selected component (if applicable): 6.2.11

Comment 5 Sanket Jagtap 2018-01-17 14:13:08 UTC
Build:Satellite 6.3.0 snap32

I can see the fix is present but the validation isn't happening

[root@ibm-ls22-05 candlepin]# rpm -qa | grep satellite
satellite-6.3.0-23.0.el7sat.noarch
satellite-common-6.3.0-23.0.el7sat.noarch
satellite-installer-6.3.0.9-1.beta.el7sat.noarch
tfm-rubygem-foreman_theme_satellite-1.0.4.13-1.el7sat.noarch
satellite-cli-6.3.0-23.0.el7sat.noarch
[root@ibm-ls22-05 candlepin]# rpm -qa | grep capsule
[root@ibm-ls22-05 candlepin]# rpm -qa | grep katello
katello-client-bootstrap-1.4.2-1.el7sat.noarch
tfm-rubygem-katello_ostree-3.4.5.51-1.el7sat.noarch
katello-ca-consumer-sat-r220-02.lab.eng.rdu2.redhat.com-1.0-5.noarch
katello-debug-3.4.5-9.el7sat.noarch
foreman-installer-katello-3.4.5.18-1.el7sat.noarch
katello-common-3.4.5-9.el7sat.noarch
katello-3.4.5-9.el7sat.noarch
katello-selinux-3.0.2-1.el7sat.noarch
katello-service-3.4.5-9.el7sat.noarch
katello-certs-tools-2.4.0-1.el7sat.noarch
katello-server-ca-1.0-1.noarch
tfm-rubygem-katello-3.4.5.51-1.el7sat.noarch
katello-installer-base-3.4.5.18-1.el7sat.noarch
katello-default-ca-1.0-1.noarch
pulp-katello-1.0.2-1.el7sat.noarch
tfm-rubygem-hammer_cli_katello-0.11.3.4-1.el7sat.noarch


hostname -f
sat-host
[root@ibm-ls22-05 candlepin]# capsule-certs-generate --foreman-proxy-fqdn "sat-host" --certs-tar ~/aa-certs.tar
Installing             Done                                               [100%] [................................................................................................................................]
  Success!
ATTENTION. For Capsule upgrades:
  Please see official documentation for steps and parameters to use when upgrading a 6.2 Capsule to 6.3.

  To finish the installation, follow these steps:

  If you do not have the Capsule registered to the Satellite instance, then please do the following:

  1. yum -y localinstall http://sat-host/pub/katello-ca-consumer-latest.noarch.rpm
  2. subscription-manager register --org "Default_Organization"

  Once this is completed run the steps below to start the Capsule installation:

  1. Ensure that the satellite-capsule package is installed on the system.
  2. Copy the following file /root/aa-certs.tar to the system sat-host at the following location /root/aa-certs.tar
  scp /root/aa-certs.tar root@sat-host:/root/aa-certs.tar
  3. Run the following commands on the Capsule (possibly with the customized
     parameters, see satellite-installer --scenario capsule --help and
     documentation for more info on setting up additional services):

  satellite-installer --scenario capsule\
                      --foreman-proxy-content-parent-fqdn           "sat-host"\
                      --foreman-proxy-register-in-foreman           "true"\
                      --foreman-proxy-foreman-base-url              "https://sat-host"\
                      --foreman-proxy-trusted-hosts                 "sat-host"\
                      --foreman-proxy-trusted-hosts                 "sat-host"\
                      --foreman-proxy-oauth-consumer-key            "brwfXRcByhHfYx74Wmq5XQjqVNk7fcnW"\
                      --foreman-proxy-oauth-consumer-secret         "9kKDBhyzzDEqPoQRp8Tnpv5HgQpYggXP"\
                      --foreman-proxy-content-pulp-oauth-secret     "CGXMaAFk6y4H5Ki5iG6L3KBmhUBewPy5"\
                      --foreman-proxy-content-certs-tar             "/root/aa-certs.tar"\
                      --puppet-server-foreman-url                   "https://sat-host"
  The full log is at /var/log/foreman-proxy-certs-generate.log

Comment 6 Sanket Jagtap 2018-02-06 06:04:52 UTC
 
Build: Satellite 6.3.0 snap35 


[root@hp-sl230sgen8-01 ~]# hostname --fqdn
sat-host
[root@hp-sl230sgen8-01 ~]# hostname --long
sat-host

I am still able to generate the capsule certs for satellite host 

capsule-certs-generate --foreman-proxy-fqdn sat-host --certs-tar ~/aa-certs.tar
Installing             Done                                               [100%] [................................................................................................................................]
  Success!
ATTENTION. For Capsule upgrades:
  Please see official documentation for steps and parameters to use when upgrading a 6.2 Capsule to 6.3.

  To finish the installation, follow these steps:

  If you do not have the Capsule registered to the Satellite instance, then please do the following:

  1. yum -y localinstall http://sat-host/pub/katello-ca-consumer-latest.noarch.rpm
  2. subscription-manager register --org "Default_Organization"

  Once this is completed run the steps below to start the Capsule installation:

  1. Ensure that the satellite-capsule package is installed on the system.
  2. Copy the following file /root/aa-certs.tar to the system sat-host at the following location /root/aa-certs.tar
  scp /root/aa-certs.tar root@sat-host:/root/aa-certs.tar
  3. Run the following commands on the Capsule (possibly with the customized
     parameters, see satellite-installer --scenario capsule --help and
     documentation for more info on setting up additional services):

  satellite-installer --scenario capsule\
                      --foreman-proxy-content-parent-fqdn           "sat-host"\
                      --foreman-proxy-register-in-foreman           "true"\
                      --foreman-proxy-foreman-base-url              "https://sat-host"\
                      --foreman-proxy-trusted-hosts                 "sat-host"\
                      --foreman-proxy-trusted-hosts                 "sat-host"\
                      --foreman-proxy-oauth-consumer-key            "BXxRnLJLfvr6SM4WXZfrC3pNGPQPjr5T"\
                      --foreman-proxy-oauth-consumer-secret         "Cycpow3A48XJ8NuqJKPCRAUrZn4y2NZZ"\
                      --foreman-proxy-content-pulp-oauth-secret     "SyhRsVTnbQkYqxQNKEgcxbTWXxBueYMM"\
                      --foreman-proxy-content-certs-tar             "/root/aa-certs.tar"\
                      --puppet-server-foreman-url                   "https://sat-host"
  The full log is at /var/log/foreman-proxy-certs-generate.log
[root@hp-sl230sgen8-01 ~]# hostname
sat-host
[root@hp-sl230sgen8-01 ~]# rpm -qa | grep satellite
tfm-rubygem-foreman_theme_satellite-1.0.4.16-1.el7sat.noarch
satellite-cli-6.3.0-23.0.el7sat.noarch
satellite-6.3.0-23.0.el7sat.noarch
satellite-common-6.3.0-23.0.el7sat.noarch
satellite-installer-6.3.0.12-1.el7sat.noarch
[root@hp-sl230sgen8-01 ~]# rpm -qa | grep capsule
[root@hp-sl230sgen8-01 ~]# rpm -qa | grep capsule
[root@hp-sl230sgen8-01 ~]# rpm -qa | grep katello
katello-server-ca-1.0-1.noarch
katello-selinux-3.0.2-1.el7sat.noarch
katello-client-bootstrap-1.5.1-1.el7sat.noarch
tfm-rubygem-katello-3.4.5.58-1.el7sat.noarch
tfm-rubygem-hammer_cli_katello-0.11.3.5-1.el7sat.noarch
katello-certs-tools-2.4.0-1.el7sat.noarch
katello-service-3.4.5-15.el7sat.noarch
katello-ca-consumer-sat-r220-02.lab.eng.rdu2.redhat.com-1.0-5.noarch
katello-default-ca-1.0-1.noarch
tfm-rubygem-katello_ostree-3.4.5.58-1.el7sat.noarch
pulp-katello-1.0.2-1.el7sat.noarch
katello-installer-base-3.4.5.26-1.el7sat.noarch
katello-common-3.4.5-15.el7sat.noarch
katello-3.4.5-15.el7sat.noarch
katello-debug-3.4.5-15.el7sat.noarch
foreman-installer-katello-3.4.5.26-1.el7sat.noarch

Comment 10 Chris Roberts 2018-03-07 18:31:33 UTC
Works upstream, marking this closed, should get pulled into 6.4


Note You need to log in before you can comment on or make changes to this bug.