Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 821644

Summary: Create new CLI command admin crl_regen for recovery process
Product: Red Hat Satellite Reporter: Lukas Zapletal <lzap>
Component: katello-agentAssignee: Lukas Zapletal <lzap>
Status: CLOSED ERRATA QA Contact: Og Maciel <omaciel>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.0.0CC: achan, cpelland, dmacpher, mmccune, omaciel, tstrachota
Target Milestone: UnspecifiedKeywords: Triaged, ZStream
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Registered clients received errors when attempting to connect to System Engine during backup recovery. This was due to a CRL mismatch between the client and the server. This patch regenerates the CRL ensuring that the CRL subsystem is correctly setup after restoration.
 Story Points: ---
Clone Of:
: 828313 (view as bug list) Environment:
Last Closed: 2012-12-04 19:45:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 828313, 835161    

Description Lukas Zapletal 2012-05-15 08:29:24 UTC 
When running backup recovery, there was one issue running the restore procedure though, my already-registered client was getting 403's in yum.  I think it may be the same symptom as another CRL issue I had earlier, so I'm going to req info from Ivan to see if restoring a several-day old CRL might cause this. 

https://bugzilla.redhat.com/show_bug.cgi?id=787184

The solution is to create create new CLI command

katello admin crl_regen

and API method/proxy that calls this in Candlepin.

This change will need release note for the BackupRecovery.html chapter:

Once recovery is finished and all systems are running, run the following command to regenerate CRL lists. Otherwise, yum clients will be giving 403 errors when connecting to CloudForms.
Comment 2 Mike McCune 2012-05-30 22:47:04 UTC 
This bug has no code modified for it, is there any reason it is ON_DEV?
Comment 3 Lukas Zapletal 2012-05-31 07:33:28 UTC 
6fa0971	

Merge pull request #151 from lzap/crl_regen_821644
Comment 10 Og Maciel 2012-10-04 16:53:16 UTC 
Verified using:

* candlepin-0.7.8-1.el6cf.noarch
* candlepin-selinux-0.7.8-1.el6cf.noarch
* candlepin-tomcat6-0.7.8-1.el6cf.noarch
* katello-1.1.12-12.el6cf.noarch
* katello-all-1.1.12-12.el6cf.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.1.8-1.el6cf.noarch
* katello-cli-1.1.8-6.el6cf.noarch
* katello-cli-common-1.1.8-6.el6cf.noarch
* katello-common-1.1.12-12.el6cf.noarch
* katello-configure-1.1.9-6.el6cf.noarch
* katello-glue-candlepin-1.1.12-12.el6cf.noarch
* katello-glue-pulp-1.1.12-12.el6cf.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.1.1-1.el6cf.noarch
* pulp-1.1.12-1.el6cf.noarch
* pulp-common-1.1.12-1.el6cf.noarch
* pulp-selinux-server-1.1.12-1.el6cf.noarch
Comment 12 errata-xmlrpc 2012-12-04 19:45:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-1543.html