Bug 1706277 - katello-certs-check output print foreman-installer/ katello/foreman-proxy-certs-generate on sat 6.6
Summary: katello-certs-check output print foreman-installer/ katello/foreman-proxy-cer...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Certificates
Version: 6.6.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: 6.6.0
Assignee: Chris Roberts
QA Contact: Nikhil Kathole
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-05-04 02:17 UTC by Nikhil Kathole
Modified: 2019-10-22 12:47 UTC (History)
2 users (show)

Fixed In Version: foreman-installer-1.22.0.6-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-10-22 12:47:30 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:3172 None None None 2019-10-22 12:47:40 UTC

Description Nikhil Kathole 2019-05-04 02:17:18 UTC
Description of problem:


To install the Katello main server with the custom certificates, run:

    foreman-installer --scenario katello \
                      --certs-server-cert "/root/server.valid.crt" \
                      --certs-server-key "/root/server.key" \
                      --certs-server-ca-cert "/root/rootCA.pem"

To update the certificates on a currently running Katello installation, run:

    foreman-installer --scenario katello \
                      --certs-server-cert "/root/server.valid.crt" \
                      --certs-server-key "/root/server.key" \
                      --certs-server-ca-cert "/root/rootCA.pem" \
                      --certs-update-server --certs-update-server-ca



  To use them inside a NEW $FOREMAN_PROXY, run this command:

      foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY" \
                                   --certs-tar  "~/$FOREMAN_PROXY-certs.tar" \
                                   --server-cert "/root/server.valid.crt" \
                                   --server-key "/root/server.key" \
                                   --server-ca-cert "/root/rootCA.pem" \

  To use them inside an EXISTING $FOREMAN_PROXY, run this command INSTEAD:

      foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY" \
                                   --certs-tar  "~/$FOREMAN_PROXY-certs.tar" \
                                   --server-cert "/root/server.valid.crt" \
                                   --server-key "/root/server.key" \
                                   --server-ca-cert "/root/rootCA.pem" \
                                   --certs-update-server


Version-Release number of selected component (if applicable):

Satellite 6.6 snap 1


How reproducible: always


Steps to Reproduce:
1.katello-certs-check -c server.valid.crt -k server.key -b rootCA.pem


Actual results:

Output has upstream names  foreman-proxy-certs-generate/FOREMAN-PROXY/foreman-installer/katello.

Expected results:

Output should use capsule-certs-generate/CAPSULE/satellite-installer/satellite.


Additional info:

Comment 5 Nikhil Kathole 2019-06-30 18:21:58 UTC
FailedQA

Version tested:
Satellite 6.6.0 snap 9

# rpm -qa | grep installer
foreman-installer-1.22.0.5-1.el7sat.noarch
foreman-installer-katello-1.22.0.5-1.el7sat.noarch
satellite-installer-6.6.0.12-1.beta.el7sat.noarch


For satellite:

Validation succeeded


To install the Red Hat Satellite Server with the custom certificates, run:

    satellite-installer --scenario satellite \
                        --certs-server-cert "/root/server.valid.crt" \
                        --certs-server-key "/root/server.key" \
                        --certs-server-ca-cert "/root/rootCA.pem"

To update the certificates on a currently running Red Hat Satellite installation, run:

    satellite-installer --scenario satellite \
                        --certs-server-cert "/root/server.valid.crt" \
                        --certs-server-key "/root/server.key" \
                        --certs-server-ca-cert "/root/rootCA.pem" \
                        --certs-update-server --certs-update-server-ca

For capsule:

To use them inside a NEW $CAPSULE, run this command:

      foreman-proxy-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
                                   --certs-tar  "~/$CAPSULE-certs.tar" \
                                   --server-cert "/root/server.valid.crt" \
                                   --server-key "/root/server.key" \
                                   --server-ca-cert "/root/rootCA.pem" \

  To use them inside an EXISTING $CAPSULE, run this command INSTEAD:

      foreman-proxy-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
                                   --certs-tar  "~/$CAPSULE-certs.tar" \
                                   --server-cert "/root/server.valid.crt" \
                                   --server-key "/root/server.key" \
                                   --server-ca-cert "/root/rootCA.pem" \
                                   --certs-update-server


foreman-proxy-certs-generate should replaced with capsule-certs-generate.

Comment 9 Nikhil Kathole 2019-07-07 08:56:05 UTC
VERIFIED

version tested:
Satellite 6.6.0 snap 10

To install the Red Hat Satellite Server with the custom certificates, run:

    satellite-installer --scenario satellite \
                        --certs-server-cert "/root/server.valid.crt" \
                        --certs-server-key "/root/server.key" \
                        --certs-server-ca-cert "/root/rootCA.pem"

To update the certificates on a currently running Red Hat Satellite installation, run:

    satellite-installer --scenario satellite \
                        --certs-server-cert "/root/server.valid.crt" \
                        --certs-server-key "/root/server.key" \
                        --certs-server-ca-cert "/root/rootCA.pem" \
                        --certs-update-server --certs-update-server-ca


To use them inside a NEW $CAPSULE, run this command:

      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
                             --certs-tar  "~/$CAPSULE-certs.tar" \
                             --server-cert "/root/server.valid.crt" \
                             --server-key "/root/server.key" \
                             --server-ca-cert "/root/rootCA.pem" \

  To use them inside an EXISTING $CAPSULE, run this command INSTEAD:

      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
                             --certs-tar  "~/$CAPSULE-certs.tar" \
                             --server-cert "/root/server.valid.crt" \
                             --server-key "/root/server.key" \
                             --server-ca-cert "/root/rootCA.pem" \
                             --certs-update-server

Comment 11 errata-xmlrpc 2019-10-22 12:47:30 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3172


Note You need to log in before you can comment on or make changes to this bug.