Bug 1544995 - Satellite installer should enable options to allow me to secure the SSLProtocols used by Tomcat
Summary: Satellite installer should enable options to allow me to secure the SSLProtoc...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Installer
Version: Unspecified
Hardware: Unspecified
OS: Unspecified
high
medium vote
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Sanket Jagtap
URL:
Whiteboard:
: 1477666 (view as bug list)
Depends On:
Blocks: 1545876
TreeView+ depends on / blocked
 
Reported: 2018-02-14 01:05 UTC by Rich Jerrido
Modified: 2019-06-13 21:26 UTC (History)
9 users (show)

Fixed In Version: katello-installer-base-3.4.5.27-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-13 13:29:48 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:1126 None None None 2018-04-13 13:31:33 UTC
Github theforeman puppet-candlepin pull 96 None None None 2018-03-13 16:39:30 UTC
Foreman Issue Tracker 22567 None None None 2018-02-14 01:07:13 UTC
Red Hat Knowledge Base (Solution) 26833 None None None 2018-04-13 13:53:40 UTC
Red Hat Bugzilla 1478087 None MODIFIED Tomcat is unaware of sslProtocols setting according to catalina logs 2019-07-22 13:29:18 UTC

Internal Links: 1478087

Description Rich Jerrido 2018-02-14 01:05:55 UTC
Description of problem:

In the Satellite use case, the server.xml file for Tomcat is configured/managed via puppet. 

I would like the sslProtocols & sslEnabledProtocols values to be exposed as puppet parameters so that I can override them with custom hiera.

Comment 4 Tomer Brisker 2018-02-22 08:18:02 UTC
*** Bug 1477666 has been marked as a duplicate of this bug. ***

Comment 8 Sanket Jagtap 2018-03-28 09:01:24 UTC
Build: Satellite 6.3.1 snap1


grep candlepin /etc/foreman-installer/custom-hiera.yaml
candlepin::tls_versions: ['1.2', '1.3']
[root@sgi-uv20-01 ~]# grep /etc/
Display all 273 possibilities? (y or n)
[root@sgi-uv20-01 ~]# grep ssl /etc/tomcat/server.xml 
               sslProtocols="TLSv1.2"
               sslEnabledProtocols="TLSv1.2"
[root@sgi-uv20-01 ~]# satellite-installer 
Installing             Done                                               [100%] [................................................................................................................................]
  Success!
  * Satellite is running at https://sat-host

  * To install an additional Capsule on separate machine continue by running:

      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" --certs-tar "/root/$CAPSULE-certs.tar"

  * To upgrade an existing 6.2 Capsule to 6.3:
      Please see official documentation for steps and parameters to use when upgrading a 6.2 Capsule to 6.3.

  The full log is at /var/log/foreman-installer/satellite.log
[root@sgi-uv20-01 ~]# grep ssl /etc/tomcat/server.xml 
               sslProtocols="TLSv1.2,TLSv1.3"
               sslEnabledProtocols="TLSv1.2,TLSv1.3"

Comment 10 errata-xmlrpc 2018-04-13 13:29:48 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1126


Note You need to log in before you can comment on or make changes to this bug.