Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 821644 - Create new CLI command admin crl_regen for recovery process
Summary: Create new CLI command admin crl_regen for recovery process
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: katello-agent
Version: 6.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: Unspecified
Assignee: Lukas Zapletal
QA Contact: Og Maciel
URL:
Whiteboard:
Depends On:
Blocks: 828313 835161
TreeView+ depends on / blocked
 
Reported: 2012-05-15 08:29 UTC by Lukas Zapletal
Modified: 2019-09-26 15:53 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Registered clients received errors when attempting to connect to System Engine during backup recovery. This was due to a CRL mismatch between the client and the server. This patch regenerates the CRL ensuring that the CRL subsystem is correctly setup after restoration.
Clone Of:
: 828313 (view as bug list)
Environment:
Last Closed: 2012-12-04 19:45:43 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:1543 0 normal SHIPPED_LIVE Important: CloudForms System Engine 1.1 update 2012-12-05 00:39:57 UTC

Description Lukas Zapletal 2012-05-15 08:29:24 UTC 
When running backup recovery, there was one issue running the restore procedure though, my already-registered client was getting 403's in yum.  I think it may be the same symptom as another CRL issue I had earlier, so I'm going to req info from Ivan to see if restoring a several-day old CRL might cause this. 

https://bugzilla.redhat.com/show_bug.cgi?id=787184

The solution is to create create new CLI command

katello admin crl_regen

and API method/proxy that calls this in Candlepin.

This change will need release note for the BackupRecovery.html chapter:

Once recovery is finished and all systems are running, run the following command to regenerate CRL lists. Otherwise, yum clients will be giving 403 errors when connecting to CloudForms.
Comment 2 Mike McCune 2012-05-30 22:47:04 UTC 
This bug has no code modified for it, is there any reason it is ON_DEV?
Comment 3 Lukas Zapletal 2012-05-31 07:33:28 UTC 
6fa0971	

Merge pull request #151 from lzap/crl_regen_821644
Comment 10 Og Maciel 2012-10-04 16:53:16 UTC 
Verified using:

* candlepin-0.7.8-1.el6cf.noarch
* candlepin-selinux-0.7.8-1.el6cf.noarch
* candlepin-tomcat6-0.7.8-1.el6cf.noarch
* katello-1.1.12-12.el6cf.noarch
* katello-all-1.1.12-12.el6cf.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.1.8-1.el6cf.noarch
* katello-cli-1.1.8-6.el6cf.noarch
* katello-cli-common-1.1.8-6.el6cf.noarch
* katello-common-1.1.12-12.el6cf.noarch
* katello-configure-1.1.9-6.el6cf.noarch
* katello-glue-candlepin-1.1.12-12.el6cf.noarch
* katello-glue-pulp-1.1.12-12.el6cf.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.1.1-1.el6cf.noarch
* pulp-1.1.12-1.el6cf.noarch
* pulp-common-1.1.12-1.el6cf.noarch
* pulp-selinux-server-1.1.12-1.el6cf.noarch
Comment 12 errata-xmlrpc 2012-12-04 19:45:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-1543.html
Note You need to log in before you can comment on or make changes to this bug.