Bug 1523880 - katello-change-hostname fails when Satellite uses custom certs
Summary: katello-change-hostname fails when Satellite uses custom certs
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Backup & Restore
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: Unspecified
Assignee: John Mitsch
QA Contact: jcallaha
URL:
Whiteboard:
Depends On:
Blocks: 1533259 1533951
TreeView+ depends on / blocked
 
Reported: 2017-12-08 23:50 UTC by sthirugn@redhat.com
Modified: 2023-10-06 17:41 UTC (History)
5 users (show)

Fixed In Version: katello-3.0.0-33
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1533951 (view as bug list)
Environment:
Last Closed: 2018-02-05 16:30:17 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 22181 0 Normal Closed katello-change-hostname fails when using custom certs 2020-11-18 16:45:32 UTC

Description sthirugn@redhat.com 2017-12-08 23:50:24 UTC
Description of problem:
katello-change-hostname fails when Satellite uses custom certs

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Install Satellite6 with custom certs
2.Use katello-change-hostname to rename the satellite.

Actual results:
katello-change-hostname errored (I lost the pastebin where I saved the actual error.)

Expected results:
No error and rename works fine.

Additional info:

Comment 4 sthirugn@redhat.com 2018-01-03 22:05:21 UTC
This issue was found in 6.2.z.

Comment 5 John Mitsch 2018-01-08 23:59:41 UTC
Created redmine issue http://projects.theforeman.org/issues/22181 from this bug

Comment 6 John Mitsch 2018-01-10 20:28:03 UTC
We may need to pull in https://bugzilla.redhat.com/show_bug.cgi?id=1501980, its an issue for 6.3, but not sure if its affecting 6.2. If so, it affects hostname change w/ custom certs.

Comment 11 jcallaha 2018-01-19 16:43:52 UTC
Verified in Satellite 6.2.14 Snap 3. k-c-h is working perfectly with custom certs on both RHEL 6 and RHEL 7.

Helper script to generate custom certs. https://gist.github.com/JacobCallahan/f865e29c8abb8ed79f411c7fae081dd2

Verification steps:

1. Generate new custom certs
2. Rerun satellite installer with custom certs.
3. Edit cert generator to remove genca step (line 9)
4. Generate certs for the hostname you are changing to
5. Run k-c-h, specifying the custom cert locations

Result:

-bash-4.2# katello-change-hostname -u admin -p changeme -y \
-c "/root/ownca/test.com/test.com.crt"\
-r "/root/ownca/test.com/test.com.crt.req"\
-k "/root/ownca/test.com/test.com.key" test.com

Checking custom certificates

Checking hostname validity

Checking overall health of server

Checking credentials

Updating default Capsule
Updating installation media paths
updating hostname in /etc/hostname
setting hostname
checking if hostname was changed
stopping services
Redirecting to /bin/systemctl stop foreman-tasks.service
Redirecting to /bin/systemctl stop httpd.service
Redirecting to /bin/systemctl stop pulp_workers.service
Redirecting to /bin/systemctl stop foreman-proxy.service
Redirecting to /bin/systemctl stop pulp_streamer.service
Redirecting to /bin/systemctl stop pulp_resource_manager.service
Redirecting to /bin/systemctl stop pulp_celerybeat.service
Redirecting to /bin/systemctl stop smart_proxy_dynflow_core.service
Redirecting to /bin/systemctl stop tomcat.service
Redirecting to /bin/systemctl stop squid.service
Redirecting to /bin/systemctl stop qdrouterd.service
Redirecting to /bin/systemctl stop qpidd.service
Redirecting to /bin/systemctl stop postgresql.service
Redirecting to /bin/systemctl stop mongod.service
deleting old certs
backed up /var/www/html/pub to /var/www/html/pub/dell-per720xd-01.rhts.eng.bos.redhat.com-201801191131.backup
updating hostname in /etc/hosts
updating hostname in foreman installer scenarios
removing last_scenario.yml file
re-running the installer
satellite-installer --scenario satellite -v --certs-server-ca-cert /root/ownca/dell-per720xd-01.rhts.eng.bos.redhat.com/cacert.crt --certs-server-cert /root/ownca/test.com/test.com.crt --certs-server-key /root/ownca/test.com/test.com.key --certs-server-cert-req /root/ownca/test.com/test.com.crt.req --certs-regenerate=true --foreman-proxy-register-in-foreman true
...
  Success!
  * Satellite is running at https://test.com
  * To install additional capsule on separate machine continue by running:

      capsule-certs-generate --capsule-fqdn "$CAPSULE" --certs-tar "~/$CAPSULE-certs.tar"

  The full log is at /var/log/foreman-installer/satellite.log
[ INFO 2018-01-19 11:34:20 verbose] pulp.conf is already present, skipping
[ INFO 2018-01-19 11:34:20 verbose] All hooks in group post finished
Restarting puppet services
Redirecting to /bin/systemctl restart puppet.service
**** Hostname change complete! **** 
IMPORTANT:

You will have to install the new bootstrap rpm and reregister all clients and Capsules with subscription-manager 
(update organization and environment arguments appropriately):

  yum remove -y katello-ca-consumer*
  rpm -Uvh http://test.com/pub/katello-ca-consumer-latest.noarch.rpm
  subscription-manager register --org="Default_Organization" --environment="Library" --force

Then reattach subscriptions to the client(s) and run: 

  subscription-manager refresh
  yum repolist


On all Capsules, you will need to re-run the satellite-installer with this command:

satellite-installer --capsule-parent-fqdn test.com \
                                --foreman-proxy-foreman-base-url  https://test.com \
                                --foreman-proxy-trusted-hosts test.com

Short hostnames have not been updated, please update those manually.



Bonus: Using default certs, the k-c-h help output doesn't mention specifying custom cert parameters.

-bash-4.2# katello-change-hostname --help
Usage: katello-change-hostname HOSTNAME [OPTIONS]

Example:
 katello-change-hostname foo.example.com -u admin -p changeme

Options
    -u, --username USERNAME          admin username (required)
    -p, --password PASSWORD          admin password (required)
    -g, --program PROGRAM            name of the program you are modifying (defaults to satellite)
    -S, --scenario SCENARIO          name of the scenario you are modifying (defaults to satellite)
    -y, --assumeyes                  Answer yes for all questions
    -h, --help                       help

Comment 12 Bryan Kearney 2018-02-05 16:30:17 UTC
THis was fixed in 6.2.14.


Note You need to log in before you can comment on or make changes to this bug.