Description of problem: cannot generate SSL key pair with rhn-ssl-tool Version-Release number of selected component (if applicable): rpm -qf `which rhn-ssl-tool` spacewalk-certs-tools-0.5.5-3.el4sat.noarch rhnlib-2.1.4-5.el4.noarch up2date-4.8.1-33.el4.x86_64 How reproducible: always Steps to Reproduce: 1. cd /root 2. rhn-ssl-tool --gen-server 3. rhn-ssl-tool --gen-ca Actual results: . . . Generating web server's SSL certificate request: ./ssl-build/xen44.englab.brq/server.csr Using distinguished names: --set-country = "US" --set-state = "North Carolina" --set-city = "Raleigh" --set-org = "Example Corp. Inc." --set-org-unit = "unit" --set-hostname = "xen44.englab.brq.redhat.com" --set-email = "admin" Backup made: 'server.csr' --> 'server.csr.1' Rotated: server.csr --> server.csr.1 Generating/signing web server's SSL certificate: server.crt Backup made: 'server.crt' --> 'server.crt.1' Rotated: server.crt --> server.crt.1 ...working... ERROR: unhandled exception occurred: Traceback (most recent call last): File "/usr/bin/rhn-ssl-tool", line 58, in ? sys.exit(mod.main() or 0) File "/usr/share/rhn/certs/rhn_ssl_tool.py", line 1221, in main ret = _main() or 0 File "/usr/share/rhn/certs/rhn_ssl_tool.py", line 1189, in _main genServerRpm(DEFS, options.verbose) File "/usr/share/rhn/certs/rhn_ssl_tool.py", line 1029, in genServerRpm raise Exception("No jabber/jabberd user on system") Exception: No jabber/jabberd user on system Expected results: no traceback Additional info: RHN proxy requires SSL key pair for installation.
when I add users jabber+jabberd, then it works
Description of the problem: when we are installing proxy using webui installer from hosted, it do not have "enable push" option - which is perfectly valid since hosted do not support this. When push is not enabled, then jabberd is not installed - still perfectly valid since we do not need it for anything. But rhn_ssl_tool.py expect jabberd user since commit 023fc16f4aca7c477730246f945200290c6f2f52
Accepted. Assigning to Devan per commit: http://git.fedorahosted.org/git/?p=spacewalk.git;a=commitdiff; h=023fc16f4aca7c477730246f945200290c6f2f52 Should be a simple check.
Two ways to go about this, I'm making a choice for one but will document both incase anyone sees any problems with it. (1) Change the ownership to fall back on root:root if jabberd user isn't found. (very easy) (2) Don't include jabberd.pem in the generated rpm at all if jabberd user isn't found on the system where the rpm is built. I'm taking path (1) as I don't really know for sure how this RPM could be used and it seems less likely to introduce problems elsewhere if we keep the jabberd cert included.
[17:09] <dgoodwin> msuchy: just drafting a comment now I think I have a feeling which direction to take [17:09] <dgoodwin> msuchy: comment posted [17:15] <msuchy> dgoodwin: I'm not sure with 1) what will happen if you install proxy withou jabber, run this toll, install resulted package (therefore as root:root) and then reinstall proxy with jabber and generate new package, will it be then installed as jabberd:jabberd ? [17:15] <msuchy> dgoodwin: I suppose that 2) can be safe [17:15] <dgoodwin> should come out as jabberd:jabberd if you regenerate the rpm and re-install [17:15] <dgoodwin> hmmm maybe [17:16] <dgoodwin> i will test, a root:root jabberd 0600 is probably useless anyhow [17:16] <msuchy> dgoodwin: yeah, correct 1) will work, but I will personaly vote for 2) [17:17] <dgoodwin> msuchy: yeah i think i agree with you, i'll change that and go with 2)
Implemented option (2) and tested upgrades from versions with and without the cert, seems to work fine. Committed to: spacewalk.git: 3b28f1a152a00d3dee084494c9cac79f9c38243b satellite.git: 9583f21ad84032be78ee6f1697e4d692cbe3d5d5
Mistake on my part, this ticket is not yet on QA, the commit was made after the merge.
Moved this ON_QA when infact I missed the merge window. Back to modified.
reproduced with old and it works with latest version: spacewalk-certs-tools-0.5.5-5.el4sat Created cert works with RHN proxy 5.2 PASS
verified in stage
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1433.html