Bug 1627280 - katello-certs-check output for capsule prints FOREMAN_PROXY
Summary: katello-certs-check output for capsule prints FOREMAN_PROXY
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Branding
Version: 6.4
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: 6.4.2
Assignee: satellite6-bugs
QA Contact: jcallaha
URL:
Whiteboard:
Depends On:
Blocks: 1625255
TreeView+ depends on / blocked
 
Reported: 2018-09-10 14:37 UTC by Nikhil Kathole
Modified: 2019-10-30 19:28 UTC (History)
6 users (show)

Fixed In Version: katello-installer-base-3.7.0.11-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-02-13 19:08:20 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1600866 0 unspecified CLOSED katello-certs-check print "foreman-installer --scenario katello" and "foreman-proxy-certs-generate" on sat 6.4 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 1625255 0 unspecified CLOSED change expected output of katello-certs-check 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHBA-2019:0345 0 None None None 2019-02-13 19:08:25 UTC

Internal Links: 1600866 1625255

Description Nikhil Kathole 2018-09-10 14:37:12 UTC
Description of problem:

katello-certs-check output for capsule prints FOREMAN_PROXY (In sat 6.3, it was CAPSULE)


  To use them inside a NEW $FOREMAN_PROXY, run this command:

      capsule-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY"\
                                   --certs-tar  "~/$FOREMAN_PROXY-certs.tar"\
                                   --server-cert "/root/server.valid.crt"\
                                   --server-key "/root/server.key"\
                                   --server-ca-cert "/root/rootCA.pem"\

  To use them inside an EXISTING $FOREMAN_PROXY, run this command INSTEAD:

      capsule-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY"\
                                   --certs-tar  "~/$FOREMAN_PROXY-certs.tar"\
                                   --server-cert "/root/server.valid.crt"\
                                   --server-key "/root/server.key"\
                                   --server-ca-cert "/root/rootCA.pem"\
                                   --certs-update-server



Version-Release number of selected component (if applicable):

Satellite 6.4 snap 21


How reproducible: always


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results: 

To use them inside a NEW $CAPSULE, run this command:

      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE"\
                                   --certs-tar  "~/$CAPSULE-certs.tar"\
                                   --server-cert "/root/server.valid.crt"\
                                   --server-key "/root/server.key"\
                                   --server-ca-cert "/root/rootCA.pem"\

  To use them inside an EXISTING $CAPSULE, run this command INSTEAD:

      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE"\
                                   --certs-tar  "~/$CAPSULE-certs.tar"\
                                   --server-cert "/root/server.valid.crt"\
                                   --server-key "/root/server.key"\
                                   --server-ca-cert "/root/rootCA.pem"\
                                   --certs-update-server


Additional info:

Comment 6 Mike McCune 2019-02-11 16:24:32 UTC
With 6.4.2 SNAP 1 we see the updated help text with the word Capsule:

#  capsule-certs-generate --foreman-proxy-fqdn ...
...
[snip]
...

  3. Run the following commands on the Capsule (possibly with the customized
     parameters, see satellite-installer --scenario capsule --help and
     documentation for more info on setting up additional services):

  satellite-installer --scenario capsule\
                      --foreman-proxy-content-parent-fqdn           "sat-r220-01.lab.eng.rdu2.redhat.com"\
                      --foreman-proxy-register-in-foreman           "true"\
                      --foreman-proxy-foreman-base-url              "https://sat-r220-01.lab.eng.rdu2.redhat.com"\
                      --foreman-proxy-trusted-hosts                 "sat-r220-01.lab.eng.rdu2.redhat.com"\

Comment 9 jcallaha 2019-02-12 16:01:31 UTC
Verification updated

[root@capsule-6-5-qa-rhel7 capsule-6-5-qa-rhel7.rhsm-qe-1.example.com]# katello-certs-check -c "$name.crt" -k "$name.key" -b cacert.crt
Checking server certificate encoding: 
[OK]

Checking expiration of certificate: 
[OK]

Checking expiration of CA bundle: 
[OK]

Checking if server certificate has CA:TRUE flag 
[OK]

Checking to see if the private key matches the certificate: 
[OK]

Checking CA bundle against the certificate file: 
[OK]

Checking Subject Alt Name on certificate 
[OK]

Checking Key Usage extension on certificate for Key Encipherment 
[OK]

Validation succeeded


  To use them inside a NEW $CAPSULE, run this command:

      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
                                --certs-tar  "~/$CAPSULE-certs.tar" \
                                --server-cert "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com.crt" \
                                --server-key "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com.key" \
                                --server-ca-cert "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/cacert.crt" \

  To use them inside an EXISTING $CAPSULE, run this command INSTEAD:

      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
                                --certs-tar  "~/$CAPSULE-certs.tar" \
                                --server-cert "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com.crt" \
                                --server-key "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com.key" \
                                --server-ca-cert "/root/ownca/capsule-6-5-qa-rhel7.rhsm-qe-1.example.com/cacert.crt" \
                                --certs-update-server

Comment 11 errata-xmlrpc 2019-02-13 19:08:20 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0345


Note You need to log in before you can comment on or make changes to this bug.