Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1599446

Summary: [RFE] Upgrade fails on finding capsule-certs.tar file
Product: Red Hat Satellite Reporter: Taft Sanders <tasander>
Component: CertificatesAssignee: Chris Roberts <chrobert>
Status: CLOSED CANTFIX QA Contact: Stephen Wadeley <swadeley>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.3.2CC: bkearney, chrobert, ehelms, mlele, tasander, wpinheir
Target Milestone: UnspecifiedKeywords: FutureFeature, Triaged
Target Release: Unused   
Hardware: x86_64   
OS: All   
URL: https://projects.theforeman.org/issues/25377
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-06-16 18:27:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Taft Sanders 2018-07-09 20:43:59 UTC 
Description of problem:
When issuing upgrade on Satellite Capsule 6.3.2, the installer fails if it is unable to find the referenced certs.tar file in the capsule-answers.yaml file.

Version-Release number of selected component (if applicable):
6.3.2

How reproducible:
Everytime

Steps to Reproduce:
1. Remove the certs.tar file from the Capsule
2. Run the installer with the '--upgrade' flag
3. 

Actual results:
Installer fails to find the certs.tar file and exits with the following:
The certs tar file generated by the server is not present at /root/capsule.redhat.com-certs.tar, exiting.
[ERROR 2018-07-09 16:15:54 verbose] The certs tar file generated by the server is not present at /root/capsule.redhat.com-certs.tar, exiting.

Expected results:
No issues

Additional info:
This is not a fresh install, and the Capsule server was already at version 6.3.2. The server has been a Capsule server since 6.2.0. 

Workaround is to either comment out the 'certs_tar:' parameter in the /etc/foreman-installer/scenarios.d/capsule-answers.yaml file or remove the value from the parameter, then continue with the upgrade.
Comment 1 Bryan Kearney 2018-08-09 17:19:10 UTC 
Taft, why was this file removed? What is the business drievr for removing it.
Comment 2 Taft Sanders 2018-08-13 12:31:01 UTC 
Hey Bryan,

In the past, I have seen others copy this file to /tmp which will get removed after most reboots. The main question around this Bugzilla is why is this file is needed if all certs have been exported from it to their designated locations on the Capsule server. If a backup of the file is needed, I suggest we copy the tarball from the location is exists and place it somewhere (maybe in /etc/pki/katello or /etc/pki/katello-certs-tools) to keep it in a safe location. It is very unfortunate to see a fresh install fail its first upgrade because the certs tarball was copied to a temporary directory.
Comment 3 Bryan Kearney 2018-08-13 13:18:09 UTC 
Eric, can you comment on above? Is this an easy/necessary fix?
Comment 4 Eric Helms 2018-08-13 14:57:13 UTC 
Copying it somewhere might be the easiest solution. The problem arises when trying to determine did the user intentionally remove this file or did the user forget to specify the file. The installer cannot easily determine which situation is present and prefers to protect the user from attempting an install or upgrade without having the certs tarball present which it may be required. We could try some logic that says if /root/ssl-build exists, skip the certs tarball existence check.
Comment 6 Chris Roberts 2018-11-02 16:38:10 UTC 
*** Bug 1448681 has been marked as a duplicate of this bug. ***
Comment 7 Ewoud Kohl van Wijngaarden 2018-12-06 10:13:10 UTC 
Passing --reset-foreman-proxy-content-certs-tar while running --upgrade doesn't require editing the answers file.
Comment 9 Bryan Kearney 2020-06-08 20:03:45 UTC 
Upstream bug assigned to chrobert
Comment 10 Bryan Kearney 2020-06-08 20:03:46 UTC 
Upstream bug assigned to chrobert
Comment 11 Bryan Kearney 2020-06-09 15:00:48 UTC 
The Satellite Team is attempting to provide an accurate backlog of bugzilla requests which we feel will be resolved in the next few releases. We do not believe this bugzilla will meet that criteria, and have plans to close it out in 1 month. This is not a reflection on the validity of the request, but a reflection of the many priorities for the product. If you have any concerns about this, feel free to contact Red Hat Technical Support or your account team. If we do not hear from you, we will close this bug out. Thank you.
Comment 12 Chris Roberts 2020-06-10 17:29:41 UTC 
Bryan,

I confirmed this is still an issue. With all the install work going on upstream and --upgrade being depreciated, I will write a KCS for this and close this out.

- Chris
Comment 13 Chris Roberts 2020-06-16 18:27:23 UTC 
Closing with KCS that gives a workaround. With all of the installer changes being made for Satellite 7.0 trying to implement a workaround would not be worth the return value with --upgrade and checks being removed in favor of the new updated foreman-installer.