Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2173020

Summary: Despite successful restore of capsule from the backup, Ui complains of "self signed certificate in certificate chain" for the capsule
Product: Red Hat Satellite Reporter: Sayan Das <saydas>
Component: Satellite MaintainAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED MIGRATED QA Contact: Satellite QE Team <sat-qe-bz-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.13.0CC: ehelms
Target Milestone: UnspecifiedKeywords: MigratedToJIRA, Regression, Triaged
Target Release: Unused   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-06-06 16:09:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sayan Das 2023-02-23 17:26:01 UTC 
Description of problem:

Even after successfully restoring a capsule server from backup, Visiting Satellite UI --> Infrastructure --> Capsules shows the external capsule in an error state and logs are filled with errors like 

SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)


Version-Release number of selected component (if applicable):

satellite-capsule-6.13.0-6.el8sat.noarch
rubygem-foreman_maintain-1.2.4-1.el8sat.noarch
satellite-maintain-0.0.1-1.el8sat.noarch



How reproducible:

Always

Steps to Reproduce:
1. Install a Satellite 6.13 and Capsule 6.13 and sync some stuff in both
2. Take offline backup ( without pulp ) of both and save them in a network storage
3. Rebuild the OS for both of the VMs with same hostname\IP\Networking as the old OS
4. Follow "14.1. Restoring from a Full Backup" from https://dxp-docp-prod.apps.ext-waf.spoke.prod.us-west-2.aws.paas.redhat.com/documentation/en-us/red_hat_satellite/6.13/html-single/administering_red_hat_satellite/index?lb_target=preview#Restoring_from_a_Full_Backup_admin to restore the backups on satellite and then capsule


Actual results:

--> Satellite successfully restored without any errors and operating fine
--> Capsule successfully restored without any errors but 

   ** Visiting Sat UI --> Infrastructure --> Capsules page shows the capsule in an Error state. 
   ** If we click open the capsule entry we get to see multiple errors like "SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)"


Expected results:


No such errors. 

It's either a flaw in the restore process or we are missing some intermediate steps in the documentation for the capsule part of the restoration.


Additional info:

NOTE: I tested with the both online and offline backups of capsules and the result remains the same.

And I cannot immediately confirm if it's a regression or not as I had last tested this process on 6.9 and it had worked but never had tested it afterwards ( until now ).
Comment 1 Sayan Das 2023-02-23 17:47:39 UTC 
To fix this, I additionally had to do these steps :

* Force re-register the capsule


* On Satellite:

# capsule-certs-generate --foreman-proxy-fqdn capsule613.example.com --certs-tar /root/capsule613.example.com-certs.tar --certs-update-all

* And then

--> scp the /root/capsule613.example.com-certs.tar file on the capsule

--> Execute the instructions provided by capsule-certs-generate, on the capsule server

--> Refresh the features of capsule from satellite server. 

    # hammer capsule refresh-features --name capsule613.example.com 


Is it expected that, I would need to execute these steps to complete the restoration of the capsule server?
Comment 2 Brad Buckingham 2023-02-27 14:12:08 UTC 
Hi Eric,

Can someone on platform answer the question in comment 1?

Thanks!
Comment 4 Eric Helms 2024-06-06 16:09:07 UTC 
This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there.

Due to differences in account names between systems, some fields were not replicated.  Be sure to add yourself to Jira issue's "Watchers" field to continue receiving updates and add others to the "Need Info From" field to continue requesting information.

To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "SAT-" followed by an integer.  You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like:

"Bugzilla Bug" = 1234567

In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues. You can also visit https://access.redhat.com/articles/7032570 for general account information.
Comment 5 Red Hat Bugzilla 2024-10-05 04:25:51 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days