Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1358807 - capsule-installer doesn't properly clean up custom certs when providing new certs during an install
Summary: capsule-installer doesn't properly clean up custom certs when providing new c...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Installer
Version: 6.1.9
Hardware: Unspecified
OS: Unspecified
high
high vote
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-21 14:06 UTC by Craig Donnelly
Modified: 2018-09-04 18:02 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-09-04 18:02:18 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1171841 None None None 2016-07-21 14:48:56 UTC

Description Craig Donnelly 2016-07-21 14:06:10 UTC
Description of problem:
A run of capsule-installer where you provide an updated certs-tar file that has correct custom certs inside will not properly clean up previous custom certs that had issues/were incorrect.

Ex. Ran capsule-installer with certs signed by the wrong CA, then attempting to correct.

Version-Release number of selected component (if applicable):
6.1.9

How reproducible:
Always.

Steps to Reproduce:
1. Run capsule-installer with a certs-tar containing custom certs signed by the wrong CA compared to the Satellite. (This will fail with 422, etc..)
2. Regenerate the certs-tar with proper certs signed by same CA.
3. Run capsule-installer with the new certs-tar.

Actual results:
Install still fails.

Expected results:
Install should succeed with new certs.

Additional info:
I have not been able to narrow down the exact cause, but the workaround to this issue is to remove all files inside the following folders for a successful install:

1. /root/ssl-build
2. /etc/pki/katello/*
3. /etc/pki/katello-certs-tools/*

Comment 2 Bryan Kearney 2018-09-04 18:02:18 UTC
Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in the product in the foreseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.


Note You need to log in before you can comment on or make changes to this bug.