Bug 499789 - Command line proxy install issues on s390x
Command line proxy install issues on s390x
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite Proxy 5
Classification: Red Hat
Component: Installer (Show other bugs)
530
All Linux
low Severity high
: ---
: ---
Assigned To: Miroslav Suchý
Jeff Browning
:
Depends On:
Blocks: 456999 486216
  Show dependency treegraph
 
Reported: 2009-05-08 03:20 EDT by Jeff Browning
Modified: 2009-09-10 10:38 EDT (History)
2 users (show)

See Also:
Fixed In Version: sat530
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-10 10:38:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jeff Browning 2009-05-08 03:20:52 EDT
Description of problem:
There are a couple of the problems with the install process on s390x. First, there is an instruction in the install process as follows:

[root@rhndev5 ~]# configure-proxy.sh 
Proxy version to activate [0.5]: 5.3
RHN Parent [rlx-0-06.rhndev.redhat.com]: 
Traceback email []: jbrownin@redhat.com
Use SSL [Y/n]: Y
CA Chain [/usr/share/rhn/RHNS-CA-CERT]: 
Please do copy your CA key and public certificate from rlx-0-06.rhndev.redhat.com to 
/root/ssl-build directory. You may want to execute this command:
 scp 'root@rlx-0-06.rhndev.redhat.com:/root/ssl-build/RHN-ORG-{PRIVATE-SSL-KEY,TRUSTED-SSL-CERT}' /root/ssl-build

The problem is that, apparently, there is no ssl-build directory on s390x. Running this command simply creates a file in /root named ssl-build that contains the same text as the two files targeted for copying.

Manually creating this folder and then running the scp command will get you past this step. Later, however, you run into this:

Using CA key at /root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY.
grep: /root/ssl-build/latest.txt: No such file or directory
Generating distributable RPM for CA public certificate:
Copying CA public certificate to /var/www/html/pub for distribution to clients:
Generating SSL key and public certificate:
CA password: 

ERROR: can't find a file that should have been created during an earlier step:
       /root/ssl-build/rhn-ca-openssl.cnf

       rhn-ssl-tool --help
SSL key generation failed! Installation interrupted.
API version: 5.3.0 Beta
RHN Proxy successfully deactivated.


Version-Release number of selected component (if applicable):
[root@rhndev5 ~]# rpm -q spacewalk-proxy-installer
spacewalk-proxy-installer-0.5.25-4.el4sat


How reproducible:
100%

Steps to Reproduce:
1. Provision a fresh s390x
2. Register the box to a 530 Sat
3. Give it provisioning and assign it to the tools channel
4. up2date -u or yum update
5. up2date -i or yum install spacewalk-proxy-installer
6. Copy the cert from the Sat to the s390x box
7. configure-proxy.sh and follow the prompts
  
Actual results:
The apparent lack of a /root/ssl-build directory on an s390x system is causing problems for the proxy installer.

Expected results:
This should be a condition that is handled gracefully.

Additional info:
Confirmed for s390x RHEL4. Will be checking on RHEL5 ASAP. There seems to be something wrong with the rhndevX systems in general at the moment, and I am unable to reprovision to RHEL5 to check this there.
Comment 1 Jeff Browning 2009-05-08 03:40:53 EDT
Confirmed. The same issue exists in RHEL5 on s390x.
Comment 2 Jeff Browning 2009-05-08 14:30:36 EDT
This is also an issue on s390.
Comment 3 Miroslav Suchý 2009-05-12 08:18:58 EDT
I will only address in this bug nonexistence of /root/ssl-build (it is problem not relevant to arch).  The remaining is addressed in BZ 500215
Commited as bed27954cf50a8bd37ba016ea2bd560cea59c661
Will be fixed in spacewalk-proxy-installer-0.5.25-5-sat

I added there note, that this directory should be created first and make SSL_BUILD_DIR as option.
Comment 4 Jeff Browning 2009-05-21 16:55:17 EDT
The wording of the message now says:

Please do copy your CA key and public certificate from rlx-0-06.rhndev.redhat.com to 
/root/ssl-build directory. You may want to execute this command:
 mkdir ; scp 'root@rlx-0-06.rhndev.redhat.com:/root/ssl-build/RHN-ORG-{PRIVATE-SSL-KEY,TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}' 


To make it more clear what must happen, perhaps should say something like:

You may want to create the /root/ssl-build directory if it does not already exist and execute this command:
scp 'root@rlx-0-06.rhndev.redhat.com:/root/ssl-build/RHN-ORG-{PRIVATE-SSL-KEY,TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}'


As it stands, it's not explicitly clear what the user must do. It's likely they can figure it out, but we should be as clear as possible.
Comment 5 Miroslav Suchý 2009-05-22 09:24:37 EDT
I split the check into two. 
I first check existence of /root/ssl-build at the begginging of script.
If it do not exist you will get:
  Error: ssl build directory $SSL_BUILD_DIR do not exist.

In that scp command was error. Now it is:
  
 Please do copy your CA key and public certificate from $RHN_PARENT to 
 /root/ssl-build directory. You may want to execute this command:
  scp 'root@$RHN_PARENT:/root/ssl-build/{RHN-ORG-PRIVATE-SSL-KEY,RHN-ORG-TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}' $SSL_BUILD_DIR


Commmit 3d4c98195b6770db30d1ca240e92f781e43b4e44
Comment 6 Miroslav Suchý 2009-05-28 13:06:20 EDT
*** Bug 503058 has been marked as a duplicate of this bug. ***
Comment 7 Jeff Browning 2009-06-15 05:59:21 EDT
Verified
Comment 8 Tomas Lestach 2009-09-08 11:56:52 EDT
Following test plan with s390x in #Description ... (however this is not a s390x issue).

I was asked to create manually the /root/ssl-build directory and afterwards to scopy the CA key, CA configuration file and the public certificate from the satellite.

[root@z206 ~]# configure-proxy.sh 
Error: ssl build directory /root/ssl-build does not exist. Please create this directory.

[root@z206 ~]# mkdir /root/ssl-build

[root@z206 ~]# configure-proxy.sh 
RHN Parent [rhndev2.z900.redhat.com]: 
CA Chain [/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT]: 
Please do copy your CA key and public certificate from rhndev2.z900.redhat.com to 
/root/ssl-build directory. You may want to execute this command:
 scp 'root@rhndev2.z900.redhat.com:/root/ssl-build/{RHN-ORG-PRIVATE-SSL-KEY,RHN-ORG-TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}' /root/ssl-build

[root@z206 ~]# scp 'root@rhndev2.z900.redhat.com:/root/ssl-build/{RHN-ORG-PRIVATE-SSL-KEY,RHN-ORG-TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}' /root/ssl-build
The authenticity of host 'rhndev2.z900.redhat.com (10.10.16.72)' can't be established.
RSA key fingerprint is f1:39:74:8a:08:a5:b7:cd:cc:c0:32:c8:7d:5e:ce:98.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rhndev2.z900.redhat.com,10.10.16.72' (RSA) to the list of known hosts.
root@rhndev2.z900.redhat.com's password: 
RHN-ORG-PRIVATE-SSL-KEY                        100% 1751     1.7KB/s   00:00    
RHN-ORG-TRUSTED-SSL-CERT                       100% 5288     5.2KB/s   00:00    
rhn-ca-openssl.cnf                             100% 2153     2.1KB/s   00:00    

After I run configure-proxy.sh for the 3rd time, proxy was successfully installed.

Stage validated -> RELEASE_PENDING
Comment 9 Brandon Perkins 2009-09-10 10:38:47 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1433.html

Note You need to log in before you can comment on or make changes to this bug.