994565 – Upgrade of pulp server clobbers the /etc/pki/pulp/ca.crt and breaks httpd

Bug 994565 - Upgrade of pulp server clobbers the /etc/pki/pulp/ca.crt and breaks httpd

Summary: Upgrade of pulp server clobbers the /etc/pki/pulp/ca.crt and breaks httpd

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Pulp
Classification:	Retired
Component:	z_other
Sub Component:
Version:	2.1.1
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	unspecified
Target Milestone:	---
Target Release:	2.3.0
Assignee:	Jeff Ortel
QA Contact:	Preethi Thomas
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-08-07 13:57 UTC by Tim Hughes
Modified:	2013-12-09 14:29 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-12-09 14:29:50 UTC
Embargoed:

Attachments	(Terms of Use)

Description Tim Hughes 2013-08-07 13:57:29 UTC

Description of problem:

Upgrade of pulp server clobbers the /etc/pki/pulp/ca.crt and breaks httpd  

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:

1. Install pulp-server-2.1.1-1.el6.noarch on Centos6 
2. modify /etc/pki/pulp/ca.crt to be your own certificate
2. Install pulp-server-2.1.3-1.el6.noarch
3. service httpd restart


Actual results:

httpd restart fails. See error at the bottom of page.

Expected results:

I think maybe the certs should be marked as config in the rpm

[root@ld4repo02 tmp]# rpm -qc pulp-server
/etc/httpd/conf.d/pulp.conf
/etc/pulp/logging/basic.cfg
/etc/pulp/logging/db.cfg
/etc/pulp/logging/unit_tests.cfg
/etc/pulp/server.conf


Additional info:


error from log file /var/log/httpd/ssl_error_log

[Wed Aug 07 12:04:22 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Aug 07 12:04:22 2013] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!?
[Wed Aug 07 12:04:22 2013] [error] Unable to configure RSA server private key
[Wed Aug 07 12:04:22 2013] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

Comment 1 Jeff Ortel 2013-09-19 23:08:05 UTC

https://github.com/pulp/pulp/pull/627

Comment 2 Jeff Ortel 2013-09-25 21:15:06 UTC

Generated on new install only.

Comment 3 Jeff Ortel 2013-09-26 15:36:31 UTC

build: 2.3.0-0.15.alpha

Comment 4 Preethi Thomas 2013-09-30 15:11:36 UTC

verified,
Upgraded 2.2 to 2.3 

[root@sun-x4200-01 ~]# ls -l /etc/pki/pulp/
total 12
-rw-r--r--. 1 apache apache 1143 Sep  6 17:16 ca.crt
-rw-r--r--. 1 apache apache 1679 Sep  6 17:16 ca.key
drwxr-xr-x. 2 apache apache 4096 Sep  6 17:17 content
[root@sun-x4200-01 ~]# 

[root@sun-x4200-01 ~]# yum update @pulp-server @pulp-admin
Loaded plugins: product-id, rhnplugin, security, subscription-manager

[root@sun-x4200-01 ~]# ls -l /etc/pki/pulp/
total 12
-rw-r--r--. 1 apache apache 1143 Sep  6 17:16 ca.crt
-rw-r--r--. 1 apache apache 1679 Sep  6 17:16 ca.key
drwxr-xr-x. 2 apache apache 4096 Sep 26 16:44 content

Comment 5 Preethi Thomas 2013-12-09 14:29:50 UTC

Pulp 2.3 released.

Note You need to log in before you can comment on or make changes to this bug.