Bug 1922867 - Global Registration: register host command fails on host with curl error
Summary: Global Registration: register host command fails on host with curl error
Keywords:
Status: CLOSED DUPLICATE of bug 1916307
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Registration
Version: 6.9.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Stephen Wadeley
URL:
Whiteboard:
: 1922944 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-02-01 00:22 UTC by Gary Scarborough
Modified: 2021-02-12 08:55 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-02-12 08:55:28 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Gary Scarborough 2021-02-01 00:22:27 UTC
Description of problem:

The new "Register Host" feature fails on host due to a curl error.  But I am able to register using the normal method.  I am using /etc/hosts for domain name requests,.


[root@gsnode1 ~]# curl -X GET "https://gssat69.usersys.redhat.com:9090/register?location_id=2&organization_id=1" -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjo0LCJpYXQiOjE2MTIxMzgzMDEsImp0aSI6ImFmZTJiZTg1ZDU2YTZjYmIxZmYzMjRmZDIxMmE5ODlmZDhlNjQ2NGMyNjAwNTVkZjg1MTVjYzQ1M2MyZjJiZmUiLCJleHAiOjE2MTIxNTI3MDF9.ehcEcr_0CoFkmNXIsJVTF0gQCgtw8IxNXEV0GKGBmvI' | bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
[root@gsnode1 ~]# rpm -Uvh http://gssat69/pub/katello-ca-consumer-latest.noarch.rpm
Retrieving http://gssat69/pub/katello-ca-consumer-latest.noarch.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:katello-ca-consumer-gssat69.users################################# [100%]
[root@gsnode1 ~]# subscription-manager register
Registering to: gssat69.usersys.redhat.com:443/rhsm
Username: admin
Password: 
Environment: Library
The system has been registered with ID: ed001ffd-538d-4aa8-86dd-49e84305ed62
The registered system name is: gsnode1.usersys.redhat.com
[root@gsnode1 ~]# 



Version-Release number of selected component (if applicable):
6.9.0 beta


How reproducible:

Failure happens ever time I try it.

Steps to Reproduce:
1.  Frsh install of satellite 6.9 beta
2.  Try to register a host using the new feature
3.

Actual results:

curl command fails

Expected results:

Registration should complete.

Comment 1 Gary Scarborough 2021-02-01 01:11:05 UTC
So I was the admin user when I generated this command.  Later the command worked and subsequent registration attempts worked.

MAybe it was just my setup.

Comment 2 Stephen Wadeley 2021-02-02 09:31:59 UTC
see also:



Bug 1922944 - Getting "curl:(51)" error while registering with Global Registration Curl command but registration with activation key works.

Comment 3 Brad Buckingham 2021-02-04 11:55:09 UTC
Hi Gary,

Can you take a quick look at bug 1922944?  The 2 bugzillas look like they may be duplicates, but would like to get your feedback.  Thanks!

Comment 4 Leos Stejskal 2021-02-05 12:42:05 UTC
Hi,
this is correct behavior, the problem is that you don't have installed CA on the registered host machine. 

There are two ways how to fix it:
1. - Run command with "--insecure" parameter (in latest snap should be part of UI form)
2. - Deploy CA file on the host & then run curl command again

Comment 5 Leos Stejskal 2021-02-05 12:43:52 UTC
*** Bug 1922944 has been marked as a duplicate of this bug. ***

Comment 6 Gary Scarborough 2021-02-07 21:37:12 UTC
Brad,

Yeah, that other BZ was a duplicate.  As Leos mentioned, --insecure worked and allowed the command to run.  So as long as the --insecure option is in the gui, I guess this bug can be closed.


Sorry for the delay, this past week has been busy.

Comment 7 Leos Stejskal 2021-02-08 10:44:07 UTC
I want to correct myself,
--insecure option is not in the latest snap yet, the PR is still waiting for merge:
https://gitlab.sat.engineering.redhat.com/satellite6/foreman/-/merge_requests/559

Comment 9 Leos Stejskal 2021-02-12 08:55:28 UTC
Missing --insecure in form will be fixed in https://bugzilla.redhat.com/show_bug.cgi?id=1916307
Meanwhile you can manually update curl call with '--insecure' parameter.
MR for 6.9: https://gitlab.sat.engineering.redhat.com/satellite6/foreman/-/merge_requests/559

*** This bug has been marked as a duplicate of bug 1916307 ***


Note You need to log in before you can comment on or make changes to this bug.