1706277 – katello-certs-check output print foreman-installer/ katello/foreman-proxy-certs-generate on sat 6.6

Bug 1706277 - katello-certs-check output print foreman-installer/ katello/foreman-proxy-certs-generate on sat 6.6

Summary: katello-certs-check output print foreman-installer/ katello/foreman-proxy-cer...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Certificates
Sub Component:
Version:	6.6.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	6.6.0
Assignee:	Chris Roberts
QA Contact:	Nikhil Kathole
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-05-04 02:17 UTC by Nikhil Kathole
Modified:	2024-02-28 20:32 UTC (History)
CC List:	2 users (show)
Fixed In Version:	foreman-installer-1.22.0.6-1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-10-22 12:47:30 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2019:3172	0	None	None	None	2019-10-22 12:47:40 UTC

Description Nikhil Kathole 2019-05-04 02:17:18 UTC

Description of problem:


To install the Katello main server with the custom certificates, run:

    foreman-installer --scenario katello \
                      --certs-server-cert "/root/server.valid.crt" \
                      --certs-server-key "/root/server.key" \
                      --certs-server-ca-cert "/root/rootCA.pem"

To update the certificates on a currently running Katello installation, run:

    foreman-installer --scenario katello \
                      --certs-server-cert "/root/server.valid.crt" \
                      --certs-server-key "/root/server.key" \
                      --certs-server-ca-cert "/root/rootCA.pem" \
                      --certs-update-server --certs-update-server-ca



  To use them inside a NEW $FOREMAN_PROXY, run this command:

      foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY" \
                                   --certs-tar  "~/$FOREMAN_PROXY-certs.tar" \
                                   --server-cert "/root/server.valid.crt" \
                                   --server-key "/root/server.key" \
                                   --server-ca-cert "/root/rootCA.pem" \

  To use them inside an EXISTING $FOREMAN_PROXY, run this command INSTEAD:

      foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY" \
                                   --certs-tar  "~/$FOREMAN_PROXY-certs.tar" \
                                   --server-cert "/root/server.valid.crt" \
                                   --server-key "/root/server.key" \
                                   --server-ca-cert "/root/rootCA.pem" \
                                   --certs-update-server


Version-Release number of selected component (if applicable):

Satellite 6.6 snap 1


How reproducible: always


Steps to Reproduce:
1.katello-certs-check -c server.valid.crt -k server.key -b rootCA.pem


Actual results:

Output has upstream names  foreman-proxy-certs-generate/FOREMAN-PROXY/foreman-installer/katello.

Expected results:

Output should use capsule-certs-generate/CAPSULE/satellite-installer/satellite.


Additional info:

Comment 5 Nikhil Kathole 2019-06-30 18:21:58 UTC

FailedQA

Version tested:
Satellite 6.6.0 snap 9

# rpm -qa | grep installer
foreman-installer-1.22.0.5-1.el7sat.noarch
foreman-installer-katello-1.22.0.5-1.el7sat.noarch
satellite-installer-6.6.0.12-1.beta.el7sat.noarch


For satellite:

Validation succeeded


To install the Red Hat Satellite Server with the custom certificates, run:

    satellite-installer --scenario satellite \
                        --certs-server-cert "/root/server.valid.crt" \
                        --certs-server-key "/root/server.key" \
                        --certs-server-ca-cert "/root/rootCA.pem"

To update the certificates on a currently running Red Hat Satellite installation, run:

    satellite-installer --scenario satellite \
                        --certs-server-cert "/root/server.valid.crt" \
                        --certs-server-key "/root/server.key" \
                        --certs-server-ca-cert "/root/rootCA.pem" \
                        --certs-update-server --certs-update-server-ca

For capsule:

To use them inside a NEW $CAPSULE, run this command:

      foreman-proxy-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
                                   --certs-tar  "~/$CAPSULE-certs.tar" \
                                   --server-cert "/root/server.valid.crt" \
                                   --server-key "/root/server.key" \
                                   --server-ca-cert "/root/rootCA.pem" \

  To use them inside an EXISTING $CAPSULE, run this command INSTEAD:

      foreman-proxy-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
                                   --certs-tar  "~/$CAPSULE-certs.tar" \
                                   --server-cert "/root/server.valid.crt" \
                                   --server-key "/root/server.key" \
                                   --server-ca-cert "/root/rootCA.pem" \
                                   --certs-update-server


foreman-proxy-certs-generate should replaced with capsule-certs-generate.

Comment 9 Nikhil Kathole 2019-07-07 08:56:05 UTC

VERIFIED

version tested:
Satellite 6.6.0 snap 10

To install the Red Hat Satellite Server with the custom certificates, run:

    satellite-installer --scenario satellite \
                        --certs-server-cert "/root/server.valid.crt" \
                        --certs-server-key "/root/server.key" \
                        --certs-server-ca-cert "/root/rootCA.pem"

To update the certificates on a currently running Red Hat Satellite installation, run:

    satellite-installer --scenario satellite \
                        --certs-server-cert "/root/server.valid.crt" \
                        --certs-server-key "/root/server.key" \
                        --certs-server-ca-cert "/root/rootCA.pem" \
                        --certs-update-server --certs-update-server-ca


To use them inside a NEW $CAPSULE, run this command:

      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
                             --certs-tar  "~/$CAPSULE-certs.tar" \
                             --server-cert "/root/server.valid.crt" \
                             --server-key "/root/server.key" \
                             --server-ca-cert "/root/rootCA.pem" \

  To use them inside an EXISTING $CAPSULE, run this command INSTEAD:

      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
                             --certs-tar  "~/$CAPSULE-certs.tar" \
                             --server-cert "/root/server.valid.crt" \
                             --server-key "/root/server.key" \
                             --server-ca-cert "/root/rootCA.pem" \
                             --certs-update-server

Comment 11 errata-xmlrpc 2019-10-22 12:47:30 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3172

Note You need to log in before you can comment on or make changes to this bug.