Bug 499789 - Command line proxy install issues on s390x
Summary: Command line proxy install issues on s390x
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite Proxy 5
Classification: Red Hat
Component: Installer
Version: 530
Hardware: All
OS: Linux
low
high
Target Milestone: ---
Assignee: Miroslav Suchý
QA Contact: Jeff Browning
URL:
Whiteboard:
Depends On:
Blocks: 456999 486216
TreeView+ depends on / blocked
 
Reported: 2009-05-08 07:20 UTC by Jeff Browning
Modified: 2009-09-10 14:38 UTC (History)
2 users (show)

Fixed In Version: sat530
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-10 14:38:47 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Jeff Browning 2009-05-08 07:20:52 UTC
Description of problem:
There are a couple of the problems with the install process on s390x. First, there is an instruction in the install process as follows:

[root@rhndev5 ~]# configure-proxy.sh 
Proxy version to activate [0.5]: 5.3
RHN Parent [rlx-0-06.rhndev.redhat.com]: 
Traceback email []: jbrownin
Use SSL [Y/n]: Y
CA Chain [/usr/share/rhn/RHNS-CA-CERT]: 
Please do copy your CA key and public certificate from rlx-0-06.rhndev.redhat.com to 
/root/ssl-build directory. You may want to execute this command:
 scp 'root.redhat.com:/root/ssl-build/RHN-ORG-{PRIVATE-SSL-KEY,TRUSTED-SSL-CERT}' /root/ssl-build

The problem is that, apparently, there is no ssl-build directory on s390x. Running this command simply creates a file in /root named ssl-build that contains the same text as the two files targeted for copying.

Manually creating this folder and then running the scp command will get you past this step. Later, however, you run into this:

Using CA key at /root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY.
grep: /root/ssl-build/latest.txt: No such file or directory
Generating distributable RPM for CA public certificate:
Copying CA public certificate to /var/www/html/pub for distribution to clients:
Generating SSL key and public certificate:
CA password: 

ERROR: can't find a file that should have been created during an earlier step:
       /root/ssl-build/rhn-ca-openssl.cnf

       rhn-ssl-tool --help
SSL key generation failed! Installation interrupted.
API version: 5.3.0 Beta
RHN Proxy successfully deactivated.


Version-Release number of selected component (if applicable):
[root@rhndev5 ~]# rpm -q spacewalk-proxy-installer
spacewalk-proxy-installer-0.5.25-4.el4sat


How reproducible:
100%

Steps to Reproduce:
1. Provision a fresh s390x
2. Register the box to a 530 Sat
3. Give it provisioning and assign it to the tools channel
4. up2date -u or yum update
5. up2date -i or yum install spacewalk-proxy-installer
6. Copy the cert from the Sat to the s390x box
7. configure-proxy.sh and follow the prompts
  
Actual results:
The apparent lack of a /root/ssl-build directory on an s390x system is causing problems for the proxy installer.

Expected results:
This should be a condition that is handled gracefully.

Additional info:
Confirmed for s390x RHEL4. Will be checking on RHEL5 ASAP. There seems to be something wrong with the rhndevX systems in general at the moment, and I am unable to reprovision to RHEL5 to check this there.

Comment 1 Jeff Browning 2009-05-08 07:40:53 UTC
Confirmed. The same issue exists in RHEL5 on s390x.

Comment 2 Jeff Browning 2009-05-08 18:30:36 UTC
This is also an issue on s390.

Comment 3 Miroslav Suchý 2009-05-12 12:18:58 UTC
I will only address in this bug nonexistence of /root/ssl-build (it is problem not relevant to arch).  The remaining is addressed in BZ 500215
Commited as bed27954cf50a8bd37ba016ea2bd560cea59c661
Will be fixed in spacewalk-proxy-installer-0.5.25-5-sat

I added there note, that this directory should be created first and make SSL_BUILD_DIR as option.

Comment 4 Jeff Browning 2009-05-21 20:55:17 UTC
The wording of the message now says:

Please do copy your CA key and public certificate from rlx-0-06.rhndev.redhat.com to 
/root/ssl-build directory. You may want to execute this command:
 mkdir ; scp 'root.redhat.com:/root/ssl-build/RHN-ORG-{PRIVATE-SSL-KEY,TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}' 


To make it more clear what must happen, perhaps should say something like:

You may want to create the /root/ssl-build directory if it does not already exist and execute this command:
scp 'root.redhat.com:/root/ssl-build/RHN-ORG-{PRIVATE-SSL-KEY,TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}'


As it stands, it's not explicitly clear what the user must do. It's likely they can figure it out, but we should be as clear as possible.

Comment 5 Miroslav Suchý 2009-05-22 13:24:37 UTC
I split the check into two. 
I first check existence of /root/ssl-build at the begginging of script.
If it do not exist you will get:
  Error: ssl build directory $SSL_BUILD_DIR do not exist.

In that scp command was error. Now it is:
  
 Please do copy your CA key and public certificate from $RHN_PARENT to 
 /root/ssl-build directory. You may want to execute this command:
  scp 'root@$RHN_PARENT:/root/ssl-build/{RHN-ORG-PRIVATE-SSL-KEY,RHN-ORG-TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}' $SSL_BUILD_DIR


Commmit 3d4c98195b6770db30d1ca240e92f781e43b4e44

Comment 6 Miroslav Suchý 2009-05-28 17:06:20 UTC
*** Bug 503058 has been marked as a duplicate of this bug. ***

Comment 7 Jeff Browning 2009-06-15 09:59:21 UTC
Verified

Comment 8 Tomas Lestach 2009-09-08 15:56:52 UTC
Following test plan with s390x in #Description ... (however this is not a s390x issue).

I was asked to create manually the /root/ssl-build directory and afterwards to scopy the CA key, CA configuration file and the public certificate from the satellite.

[root@z206 ~]# configure-proxy.sh 
Error: ssl build directory /root/ssl-build does not exist. Please create this directory.

[root@z206 ~]# mkdir /root/ssl-build

[root@z206 ~]# configure-proxy.sh 
RHN Parent [rhndev2.z900.redhat.com]: 
CA Chain [/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT]: 
Please do copy your CA key and public certificate from rhndev2.z900.redhat.com to 
/root/ssl-build directory. You may want to execute this command:
 scp 'root.redhat.com:/root/ssl-build/{RHN-ORG-PRIVATE-SSL-KEY,RHN-ORG-TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}' /root/ssl-build

[root@z206 ~]# scp 'root.redhat.com:/root/ssl-build/{RHN-ORG-PRIVATE-SSL-KEY,RHN-ORG-TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}' /root/ssl-build
The authenticity of host 'rhndev2.z900.redhat.com (10.10.16.72)' can't be established.
RSA key fingerprint is f1:39:74:8a:08:a5:b7:cd:cc:c0:32:c8:7d:5e:ce:98.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rhndev2.z900.redhat.com,10.10.16.72' (RSA) to the list of known hosts.
root.redhat.com's password: 
RHN-ORG-PRIVATE-SSL-KEY                        100% 1751     1.7KB/s   00:00    
RHN-ORG-TRUSTED-SSL-CERT                       100% 5288     5.2KB/s   00:00    
rhn-ca-openssl.cnf                             100% 2153     2.1KB/s   00:00    

After I run configure-proxy.sh for the 3rd time, proxy was successfully installed.

Stage validated -> RELEASE_PENDING

Comment 9 Brandon Perkins 2009-09-10 14:38:47 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1433.html


Note You need to log in before you can comment on or make changes to this bug.