Description of problem: When issuing upgrade on Satellite Capsule 6.3.2, the installer fails if it is unable to find the referenced certs.tar file in the capsule-answers.yaml file. Version-Release number of selected component (if applicable): 6.3.2 How reproducible: Everytime Steps to Reproduce: 1. Remove the certs.tar file from the Capsule 2. Run the installer with the '--upgrade' flag 3. Actual results: Installer fails to find the certs.tar file and exits with the following: The certs tar file generated by the server is not present at /root/capsule.redhat.com-certs.tar, exiting. [ERROR 2018-07-09 16:15:54 verbose] The certs tar file generated by the server is not present at /root/capsule.redhat.com-certs.tar, exiting. Expected results: No issues Additional info: This is not a fresh install, and the Capsule server was already at version 6.3.2. The server has been a Capsule server since 6.2.0. Workaround is to either comment out the 'certs_tar:' parameter in the /etc/foreman-installer/scenarios.d/capsule-answers.yaml file or remove the value from the parameter, then continue with the upgrade.
Taft, why was this file removed? What is the business drievr for removing it.
Hey Bryan, In the past, I have seen others copy this file to /tmp which will get removed after most reboots. The main question around this Bugzilla is why is this file is needed if all certs have been exported from it to their designated locations on the Capsule server. If a backup of the file is needed, I suggest we copy the tarball from the location is exists and place it somewhere (maybe in /etc/pki/katello or /etc/pki/katello-certs-tools) to keep it in a safe location. It is very unfortunate to see a fresh install fail its first upgrade because the certs tarball was copied to a temporary directory.
Eric, can you comment on above? Is this an easy/necessary fix?
Copying it somewhere might be the easiest solution. The problem arises when trying to determine did the user intentionally remove this file or did the user forget to specify the file. The installer cannot easily determine which situation is present and prefers to protect the user from attempting an install or upgrade without having the certs tarball present which it may be required. We could try some logic that says if /root/ssl-build exists, skip the certs tarball existence check.
*** Bug 1448681 has been marked as a duplicate of this bug. ***
Passing --reset-foreman-proxy-content-certs-tar while running --upgrade doesn't require editing the answers file.
Upstream bug assigned to chrobert
The Satellite Team is attempting to provide an accurate backlog of bugzilla requests which we feel will be resolved in the next few releases. We do not believe this bugzilla will meet that criteria, and have plans to close it out in 1 month. This is not a reflection on the validity of the request, but a reflection of the many priorities for the product. If you have any concerns about this, feel free to contact Red Hat Technical Support or your account team. If we do not hear from you, we will close this bug out. Thank you.
Bryan, I confirmed this is still an issue. With all the install work going on upstream and --upgrade being depreciated, I will write a KCS for this and close this out. - Chris
Closing with KCS that gives a workaround. With all of the installer changes being made for Satellite 7.0 trying to implement a workaround would not be worth the return value with --upgrade and checks being removed in favor of the new updated foreman-installer.