Bug 1564825 - Bootstrap script fails with an error `SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:579)` while migrating systems registered with portal(using RHSM) to Red Hat Satellite 6.
Summary: Bootstrap script fails with an error `SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 aler...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Bootstrap
Version: 6.2.14
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: Unspecified
Assignee: Rich Jerrido
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-08 03:41 UTC by Amar Huchchanavar
Modified: 2019-08-12 16:08 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-25 08:24:32 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Amar Huchchanavar 2018-04-08 03:41:46 UTC
Description of problem:
Bootstrap script fails with an error `SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:579)` while migrating systems registered with portal(using RHSM) to Red Hat Satellite 6. 

~~~
[RUNNING], [2018-04-07 23:21:20], [/usr/sbin/subscription-manager register --org 'Orion' --name 'm1.sat6.gsslab.pnq.redhat.com' --activationkey 'RHEL7'  --serverurl=https://satellite62.example.com:443/rhsm --baseurl=https://satellite62.example.com/pulp/repos --force] 
[ERROR], [2018-04-07 23:21:21], EXITING: [/usr/sbin/subscription-manager register --org 'Orion' --name 'client1.example.com' --activationkey 'RHEL7'  --serverurl=https://satellite62.example.com:443/rhsm --baseurl=https://satellite62.example.com/pulp/repos --force] failed to execute properly.
Unable to verify server's identity: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:579)
Unregistering from: satellite62.example.com:443/rhsm
~~~

Version-Release number of selected component (if applicable):
Satellite 6.2

How reproducible:
Always

Steps to Reproduce:
1.Register any RHSM compatible system to the portal.
2.Now, use bootstrap script to migrate it over Satellite 6.

Actual results:
Unable to verify server's identity: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:579)
Unregistering from: satellite62.example.com:443/rhsm


Expected results:
System should get registered to satellite6 without any issues.

Additional info:
This issue occurs because bootstrap script is unable to unregister system from a previously registered parent. i.e RHSM.
The reason why it is unable to unregister system is, we are changing rhsm.conf entries with 'katello-ca-consumer-latest.noarch.rpm' prior to unregistering the system.

Comment 2 Rich Jerrido 2018-04-25 08:23:10 UTC
Migration from RHSM or SAM was not supported in katello-client-bootstrap-1.3.0, which is included with Satellite 6.2. 

This capability was fixed as part of https://bugzilla.redhat.com/show_bug.cgi?id=1478769, and is included in katello-client-bootstrap-1.5.1, which is included in 6.3 (or newer). 

We will not be backporting a newer version of the bootstrap script to Satellite 6.2.


Note You need to log in before you can comment on or make changes to this bug.