Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1533951 - katello-change-hostname fails when Satellite uses custom certs
Summary: katello-change-hostname fails when Satellite uses custom certs
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Backup & Restore
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: Unspecified
Assignee: John Mitsch
QA Contact: jcallaha
URL:
Whiteboard:
Depends On: 1523880
Blocks: 1533259
TreeView+ depends on / blocked
 
Reported: 2018-01-12 15:57 UTC by Brad Buckingham
Modified: 2019-04-01 20:27 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1523880
Environment:
Last Closed: 2018-02-21 16:54:17 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 22181 0 Normal Closed katello-change-hostname fails when using custom certs 2020-11-18 16:45:24 UTC

Comment 2 Satellite Program 2018-01-12 21:13:16 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/22181 has been resolved.
Comment 4 jcallaha 2018-02-08 19:27:41 UTC 
Verified in Satellite 6.3 Snap 35.

Helper script to generate custom certs. https://gist.github.com/JacobCallahan/f865e29c8abb8ed79f411c7fae081dd2

Verification steps:

1. Generate new custom certs
2. Rerun satellite installer with custom certs.
3. Edit cert generator to remove genca step (line 9)
4. Generate certs for the hostname you are changing to
5. Run s-c-h, specifying the custom cert locations

Result:

-bash-4.2# satellite-change-hostname -u admin -p changeme -y -c "/root/ownca/test.com/test.com.crt" -r "/root/ownca/test.com/test.com.crt.req" -k "/root/ownca/test.com/test.com.key" test.com
{:program=>"foreman", :scenario=>"satellite", :system_check=>false, :username=>"admin", :password=>"changeme", :confirm=>true, :custom_cert=>"/root/ownca/test.com/test.com.crt", :custom_cert_req=>"/root/ownca/test.com/test.com.crt.req", :custom_key=>"/root/ownca/test.com/test.com.key"}

Checking custom certificates

Checking hostname validity

Checking overall health of server

Checking credentials

Updating default Capsule
Updating installation media paths
updating hostname in /etc/hostname
setting hostname
checking if hostname was changed
stopping services
Redirecting to /bin/systemctl stop foreman-tasks.service
Redirecting to /bin/systemctl stop httpd.service
Redirecting to /bin/systemctl stop pulp_celerybeat.service
Redirecting to /bin/systemctl stop foreman-proxy.service
Redirecting to /bin/systemctl stop pulp_streamer.service
Redirecting to /bin/systemctl stop pulp_resource_manager.service
Redirecting to /bin/systemctl stop smart_proxy_dynflow_core.service
Redirecting to /bin/systemctl stop pulp_workers.service
Redirecting to /bin/systemctl stop tomcat.service
Redirecting to /bin/systemctl stop squid.service
Redirecting to /bin/systemctl stop qdrouterd.service
Redirecting to /bin/systemctl stop qpidd.service
Redirecting to /bin/systemctl stop postgresql.service
Redirecting to /bin/systemctl stop mongod.service
removing old cert rpms
Warning: RPMDB altered outside of yum.
deleting old certs
backed up /var/www/html/pub to /var/www/html/pub/ibm-x3550m3-07.lab.eng.brq.redhat.com-20180208201950.backup
updating hostname in /etc/hosts
updating hostname in foreman installer scenarios
backing up last_scenario.yaml
removing last_scenario.yaml
re-running the installer
foreman-installer --scenario satellite -v --disable-system-checks --certs-server-ca-cert /root/ownca/ibm-x3550m3-07.lab.eng.brq.redhat.com/cacert.crt --certs-server-cert /root/ownca/test.com/test.com.crt --certs-server-key /root/ownca/test.com/test.com.key --certs-server-cert-req /root/ownca/test.com/test.com.crt.req --certs-regenerate=true --foreman-proxy-register-in-foreman true
cleaning up temporary files
[ INFO 2018-02-08 20:20:26 verbose] Executing hooks in group pre_migrations
...
[ INFO 2018-02-08 20:23:00 verbose] Executing hooks in group post
  Success!
  * Satellite is running at https://test.com

  * To install an additional Capsule on separate machine continue by running:

      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" --certs-tar "/root/$CAPSULE-certs.tar"

  * To upgrade an existing 6.2 Capsule to 6.3:
      Please see official documentation for steps and parameters to use when upgrading a 6.2 Capsule to 6.3.

  The full log is at /var/log/foreman-installer/satellite.log
[ INFO 2018-02-08 20:23:01 verbose] pulp.conf is already present, skipping
[ INFO 2018-02-08 20:23:01 verbose] All hooks in group post finished
[ INFO 2018-02-08 20:23:01 verbose] Installer finished in 157.780472521 seconds
Restarting puppet services
Redirecting to /bin/systemctl restart puppet.service
**** Hostname change complete! ****
IMPORTANT:

  You will have to install the new bootstrap rpm and reregister all clients and Capsules with subscription-manager
  (update organization and environment arguments appropriately):

  yum remove -y katello-ca-consumer*
  rpm -Uvh http://test.com/pub/katello-ca-consumer-latest.noarch.rpm
  subscription-manager register --org="Default_Organization" --environment="Library" --force

  Then reattach subscriptions to the client(s) and run:

  subscription-manager refresh
  yum repolist


  On all Capsules, you will need to re-run the foreman-installer with this command:

  foreman-installer --foreman-proxy-content-parent-fqdn test.com \
                                  --foreman-proxy-foreman-base-url  https://test.com \
                                  --foreman-proxy-trusted-hosts test.com

  Short hostnames have not been updated, please update those manually.
Comment 5 Satellite Program 2018-02-21 16:54:17 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> 
> For information on the advisory, and where to find the updated files, follow the link below.
> 
> If the solution does not work for you, open a new bug report.
> 
> https://access.redhat.com/errata/RHSA-2018:0336
Note You need to log in before you can comment on or make changes to this bug.