Bug 842859 - RHUI 2.0.3 -> 2.1 migration, doc to add ssl_ca_cert option in /etc/rhui-tools.conf [rhua]
Summary: RHUI 2.0.3 -> 2.1 migration, doc to add ssl_ca_cert option in /etc/rhui-tools...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Update Infrastructure for Cloud Providers
Classification: Red Hat
Component: RHUA
Version: 2.1
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: ---
Assignee: mkovacik
QA Contact: Martin Kočí
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-07-24 18:19 UTC by wes hayutin
Modified: 2012-08-24 13:28 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
When updating from Red Hat Update Infrastructure 2.0.3 to 2.1, the ssl_ca_cert configuration option is automatically added to /etc/rhui/rhui-tools.conf, if it is not present already.
Clone Of:
Environment:
Last Closed: 2012-08-24 11:55:39 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Disproving screen log (32.97 KB, text/plain)
2012-08-10 16:21 UTC, mkovacik 		no flags Details
Verifying screen log (69.33 KB, text/plain)
2012-08-16 16:46 UTC, mkovacik 		no flags Details
Show Obsolete (1) View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2012:1205 0 normal SHIPPED_LIVE RHUI 2.1 Enhancement Update 2012-08-24 15:52:31 UTC

Description wes hayutin 2012-07-24 18:19:12 UTC 
Description of problem:

migration from 2.0.3 -> 2.1

Found a slight diff between rhui 2.0.3 and rhui 2.1

A user will have to manually add:

ssl_ca_cert: /etc/pki/rhua/rhua-ssl-ca-cert.crt

to the rhua section in rhui-tools.conf
Comment 1 James Slagle 2012-07-26 15:22:36 UTC 
We ought to be able to just update the code to assume the value for ssl_ca_cert is the default value (/etc/pki/rhua/rhua-ssl-ca-cert.crt) instead of requiring them to update the file.  We can still add it to the README though.
Comment 2 wes hayutin 2012-07-26 19:49:44 UTC 
so since this is only an issue during an upgrade.. I'm not sure, but I think we have to handle it with an upgrade script in the rpm itself...

I've tested this and it works, just not sure if its the right way to do it 


in rh-rhui-tools.spec
 
# -- post -------------------------------------------------------------------
%post
if grep "ssl_ca_cert" /etc/rhui/rhui-tools.conf
 then
  true
 else
  cp /etc/rhui/rhui-tools.conf /etc/rhui/rhui-tools.conf.rpmsave
  sed -n  'H;${x;s/hostname: .*\n/ssl_ca_cert: \/etc\/pki\/rhua\/rhua-ssl-ca-cert.crt\n&/;p;}' > /etc/rhui/rhui-tools.conf.new
  mv /etc/rhui/rhui-tools.conf.new /etc/rhui/rhui-tools.conf
fi
Comment 3 wes hayutin 2012-07-30 15:01:55 UTC 
diff --git a/src/pulp/server/api/cds.py b/src/pulp/server/api/cds.py
index 8b29778..3cd7957 100644
--- a/src/pulp/server/api/cds.py
+++ b/src/pulp/server/api/cds.py
@@ -16,6 +16,7 @@ import datetime
 import logging
 import re
 import sys
+import os
 
 # Pulp
 from pulp.common import dateutils
@@ -522,6 +523,8 @@ class CdsApi(BaseApi):
         server_ca_certificate = None
         if config.config.has_option('security', 'ssl_ca_certificate'):
             ca_cert_file = config.config.get('security', 'ssl_ca_certificate')
+        elif os.path.isfile('/etc/pki/rhua/rhua-ssl-ca-cert.crt'):
+            ca_cert_file = '/etc/pki/rhua/rhua-ssl-ca-cert.crt'
 
             try:
                 f = open(ca_cert_file, 'r')
Comment 4 wes hayutin 2012-08-03 12:17:03 UTC 
disregard comment #3


[whayutin@minidoe tools]$ git show 55eb93191509ec22c9fa393f6a88e78c105254ed
commit 55eb93191509ec22c9fa393f6a88e78c105254ed
Author: Wes Hayutin <whayutin>
Date:   Mon Jul 30 12:03:50 2012 -0400

    842859, add default option for ssl ca cert

diff --git a/rhui-2.0/tools/src/rhui/tools/screens/client.py b/rhui-2.0/tools/src/rhui/tools/screens/client.py
index 16c18e8..935b5a2 100644
--- a/rhui-2.0/tools/src/rhui/tools/screens/client.py
+++ b/rhui-2.0/tools/src/rhui/tools/screens/client.py
@@ -267,7 +267,7 @@ class ClientScreen(Screen):
             return None
 
         # Entitlement Certificate CA Certificate
-        answers['ca_cert'] = self.config.get("rhua", "ssl_ca_cert")
+        answers['ca_cert'] = self.config.get("rhua", "ssl_ca_cert", '/etc/pki/rhua/rhua-ssl-ca-cert.crt')
         self.prompt.write('')
 
         if answers['ca_cert'] is ABORT:
Comment 5 mkovacik 2012-08-10 16:21:12 UTC 
Created attachment 603581 [details]
Disproving screen log

A stack dump showing the cert file couldn't be found---seems ON_DEV is appropriate...

Build: RHEL-6.3-RHUI-2.1-20120801.0-Server-x86_64-DVD1.iso
Comment 6 wes hayutin 2012-08-10 17:17:17 UTC 
commit 5e521325526f528d01ef8fa923459fc91a51e2af


+%post
+if grep "ssl_ca_cert" /etc/rhui/rhui-tools.conf
+ then
+  true
+ else
+  cp /etc/rhui/rhui-tools.conf /etc/rhui/rhui-tools.conf.rpmsave
+  sed -n  'H;${x;s/hostname: .*\n/ssl_ca_cert: \/etc\/pki\/rhua\/rhua-ssl-ca-cert.crt\n&/;p;}' /etc/rhui/rhui-tools.conf > /etc/rhui/rhui-t
+  mv /etc/rhui/rhui-tools.conf.new /etc/rhui/rhui-tools.conf
+fi
+
Comment 8 Shikha 2012-08-16 09:10:29 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
When updating from Red Hat Update Infrastructure 2.0.3 to 2.1, the ssl_ca_cert configuration option is automatically added to /etc/rhui/rhui-tools.conf, if it is not present already.
Comment 9 mkovacik 2012-08-16 16:46:01 UTC 
Created attachment 604978 [details]
Verifying screen log

Verified that in build RHEL-6.3-RHUI-2.1-20120815.0-Server-x86_64-DVD1.iso, rh-rhui-tools version 2.1.10 the client configuration rpm build doesn't require explicit ca certificate path input anymore. See the screen log attached.
Comment 10 mkovacik 2012-08-16 16:48:40 UTC 
(In reply to comment #9)
> Created attachment 604978 [details]
> Verifying screen log
> 
> Verified that in build RHEL-6.3-RHUI-2.1-20120815.0-Server-x86_64-DVD1.iso,
> rh-rhui-tools version 2.1.10 the client configuration rpm build doesn't
> require explicit ca certificate path input anymore. See the screen log
> attached.

That is, having updated the rhui from 2.0.3 to 2.1, no failure observed creating client configuration rpm. No modification of the configuration file required, it just works out-of-the-box without having to specify the ca cert path anymore.
Comment 12 errata-xmlrpc 2012-08-24 11:55:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2012-1205.html
Note You need to log in before you can comment on or make changes to this bug.