Description of problem: Satellite-installer in Sat6.4 does not work for custom ssl certs # satellite-installer --scenario satellite --certs-server-cert /root/satellite.example.com.cert.pem --certs-server-key /root/satellite.example.com.key.pem --certs-server-ca-cert /root/ca-chain.cert.pem --certs-update-server --certs-update-server-ca Resetting puppet server version param... Marking certificate /root/ssl-build/satellite.example.com/satellite.example.com-apache for update Marking certificate /root/ssl-build/satellite.example.com/satellite.example.com-foreman-proxy for update Marking certificate /root/ssl-build/katello-server-ca for update Command '/usr/sbin/katello-certs-check -c "/root/satellite.example.com.cert.pem" -r "/root/satellite.example.com.csr.pem" -k "/root/satellite.example.com.key.pem" -b "/root/ca-chain.cert.pem"' exited with 1: /usr/sbin/katello-certs-check: illegal option -- r Verifies, that custom ssl cert files are usable as part of the Katello installation. usage: /usr/sbin/katello-certs-check -c CERT_FILE -k KEY_FILE -b CA_BUNDLE_FILE Version-Release number of selected component (if applicable): Satellite 6.4 Snap 17 How reproducible: Always Steps to Reproduce: 1. Install satellite 6.4 from latest snap 2. Run satellite-installer with custom ssl certificate options. # satellite-installer --scenario satellite --certs-server-cert /root/satellite.example.com.cert.pem --certs-server-key /root/satellite.example.com.key.pem --certs-server-ca-cert /root/ca-chain.cert.pem --certs-update-server --certs-update-server-ca 3. Actual results: Installer fails for the katello-certs-check command option. Expected results: The installer should work with the custom ssl cert parameters Additional info:
Seems like a regression of #1233431
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/24632 has been resolved.
Version tested: Satellite 6.4 snap 20 Resetting puppet server version param... Marking certificate /root/ssl-build/satellite/satellite-apache for update Marking certificate /root/ssl-build/satellite/satellite-foreman-proxy for update Marking certificate /root/ssl-build/katello-server-ca for update Installing Debug: Prefetching cli resources for foreman_confi [78%] [.................................................. ] katello-certs-check command fixed in installer but going forward installer failed due https://bugzilla.redhat.com/show_bug.cgi?id=1625615 Will verify once BZ1625615 will ON_QA.
VERIFIED Version tested: Satellite 6.4 snap 21 # satellite-installer --scenario satellite\ > --certs-server-cert "/root/ownca/satellite-hostname/satellite-hostname.crt"\ > --certs-server-key "/root/ownca/satellite-hostname/satellite-hostname.key"\ > --certs-server-ca-cert "/root/ownca/satellite-hostname/cacert.crt"\ > --certs-update-server --certs-update-server-ca Resetting puppet server version param... Marking certificate /root/ssl-build/satellite-hostname/satellite-hostname-apache for update Marking certificate /root/ssl-build/satellite-hostname/satellite-hostname-foreman-proxy for update Marking certificate /root/ssl-build/katello-server-ca for update Installing Done [100%] [.............................................] Success! * Satellite is running at https://satellite-hostname * To install an additional Capsule on separate machine continue by running: capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" --certs-tar "/root/$CAPSULE-certs.tar" * To upgrade an existing 6.3 Capsule to 6.4: Please see official documentation for steps and parameters to use when upgrading a 6.3 Capsule to 6.4. The full log is at /var/log/foreman-installer/satellite.log
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2927