Bug 876740 - rhn_register TUI should not auto-fail if no ssl cert
rhn_register TUI should not auto-fail if no ssl cert
Status: CLOSED CURRENTRELEASE
Product: Spacewalk
Classification: Community
Component: Clients (Show other bugs)
1.9
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Stephen Herr
Red Hat Satellite QA List
:
Depends On:
Blocks: 878057 space19
  Show dependency treegraph
 
Reported: 2012-11-14 15:25 EST by Stephen Herr
Modified: 2013-03-06 13:34 EST (History)
1 user (show)

See Also:
Fixed In Version: rhn-client-tools-1.9.4-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 878057 (view as bug list)
Environment:
Last Closed: 2013-03-06 13:34:02 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stephen Herr 2012-11-14 15:25:09 EST
Now that RHN Hosted integration has been ripped out of rhn_register, either the default serverURL should not be https or the rhn_register tui should be trained to not auto-fail if it cannot find the sslCACert. Personally I lean towards leaving the default url (which is now just an example url that does not actually work) as https, because that is the preferred protocol.

However, it is entirely conceivable that the user will modify the url during registration to not be https, so if the ssl cert is not there we should not error at the beginning. Rather, we should throw the error once we try to register with the https url and the ssl cert is not there.
Comment 1 Stephen Herr 2012-11-15 16:38:07 EST
Upon further investigation, updating the error message is the best solution without adding additional screens to the TUI. The TUI right now does not have a screen where you can modify the serverURL, nor does it have a screen where you can identify the SSL cert if it can't find the one in the config file.

Because there is no screen where the user can modify the serverURL, there is never a chance for the user to choose to use http instead of https. The TUI just assumes that the values in /etc/sysconfig/rhn/up2date are correct. So I feel that the best and minimally-invasive change at this point is to simply update the error message to be more descriptive.

I have changed the text below:
ERROR: can not find RHN CA file: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

From:
Please verify the value of sslCACert in /etc/sysconfig/rhn/up2date

To:
Please verify the values of sslCACert and serverURL in /etc/sysconfig/rhn/up2date. You can either make the serverURL use http instead of https, or you can download the SSL cert from your Satellite, place it in /usr/share/rhn, and ensure sslCACert points to it.

Committed to Spacewalk master: b77d99bbdde73290f242599eb9f08b06a17c5271
Comment 2 Jan Pazdziora 2012-11-16 09:27:44 EST
(In reply to comment #1)
> Upon further investigation, updating the error message is the best solution
> without adding additional screens to the TUI. The TUI right now does not
> have a screen where you can modify the serverURL, nor does it have a screen

I feel we probably should have this one.

On RHEL 6, starting rhn_register

does

            ┌┤ Attempting to contact the Red Hat Network server. ├─┐
            │                                                      │ 
            │ We are attempting to contact the Red Hat Network   ↑ │ 
            │ server at https://xmlrpc.rhn.redhat.com/XMLRPC.    ▮ │ 

as the first screen (without asking anything), and if I remove RHNS-CA-CERT, it fails with

            │       ┌───────────┤ Fatal Error ├────────────┐     ▒ │ 
            │       │                                      │     ▒ │ 
            │       │ ERROR: can not find RHNS CA file:    │     ▒ │ 
            │       │ /usr/share/rhn/RHNS-CA-CERT          │     ▒ │ 
            │       │                                      │     ▒ │ 
            │       │ Please verify the value of sslCACert │     ▒ │ 
            │       │ in /etc/sysconfig/rhn/up2date        │     ▒ │ 
            │       │                                      │     ▒ │ 
            │       │               ┌────┐                 │     ▒ │ 
            │       │               │ OK │                 │     ▒ │ 
            │       │               └────┘                 │     ▒ │ 
            │       │                                      │     ▒ │ 
            │       │                                      │     ▒ │ 
            │       └──────────────────────────────────────┘     ▒ │ 

We probably want to replace this initial probe to https://xmlrpc.rhn.redhat.com/XMLRPC with a textfield'ed screen where the user will be able to enter the URL.
Comment 3 Stephen Herr 2012-11-16 16:13:03 EST
I have added a new screen like so:

   ┌─────────────┤ Enter your Red Hat Network Satellite URL. ├──────────────┐   
   │                                                                        │   
   │ Please enter the location of your Red Hat Network Satellite server and │   
   │ of its SSL certificate. The SSL certificate is only required if you    │   
   │ will be connecting over https (recommended).                           │   
   |                                                                        |   
   │         Satellite URL: sherr-desktop.usersys.redhat.com/XMLRPC_        │   
   │       SSL certificate: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT_        │   
   │                                                                        │   
   │        ┌──────┐               ┌──────┐              ┌────────┐         │   
   │        │ Next │               │ Back │              │ Cancel │         │   
   │        └──────┘               └──────┘              └────────┘         │   
   │                                                                        │   
   │                                                                        │   
   └────────────────────────────────────────────────────────────────────────┘

This is the first thing you see after the welcome screen, and I have moved the connection test to happen after immediately after this screen and before the login / password info screen.

Committed to Spacewalk master: 8ff6da73dbf04955e57541d93c0dce3d47136d91
Comment 4 Stephen Herr 2012-11-28 14:36:38 EST
I have added a697bc9f58f2b54e41c543ea1789687f16ac8eb0
The Satellite URL will now auto-correct common mistakes, such as leaving off the /XMLRPC or https://. In addition, several messages have been updated to say "Red Hat Network Satellite" instead of "Red Hat Network".
Comment 5 Stephen Herr 2012-11-28 15:01:37 EST
and e8115186aaeea1196b4750a8ec16594eb341126d
Comment 6 Stephen Herr 2013-03-01 12:06:41 EST
Marking bug as ON_QA since tonight's build of Spacewalk nightly is a release candidate for Spacewalk 1.9.
Comment 7 Stephen Herr 2013-03-06 13:34:02 EST
Spacewalk 1.9 has been released.

https://fedorahosted.org/spacewalk/wiki/ReleaseNotes19

Note You need to log in before you can comment on or make changes to this bug.