Fixes #20440 - Don't delete the CA in katello-change-hostname

[johnpmitsch]

The CA no longer has to be deleted now that
this is fixed

This makes the re-registration process for clients/proxies easier

[theforeman-bot]

Issues: #20440

[johnpmitsch]

TODO: check if remote execution can run the commands for the clients after script runs

[johnpmitsch]

@jturel
To test out packaging scripts, I generally spin up a katello 3.4 box and run the following as root

yum install -y git vim
cd ~
git clone https://github.com/Katello/katello-packaging
cd katello-packaging/
git remote add fork https://github.com/johnpmitsch/katello-packaging
git fetch fork
cd ~
ln -s katello-packaging/katello/katello-change-hostname katello-change-hostname
chmod a+x katello-change-hostname 

That will add my fork and then you can checkout my branch (or whatever method of PR checkout you prefer)

Since the big concern with this PR is making sure clients and capsules can easily re-register, its best to test this with a proxy and client registered (You can use vagrant box centos7-foreman-proxy-3.4 to easily spin up a foreman-proxy). It would be a good idea to have some content available on each as well.

Then run this to change the hostname on katello:
./katello-change-hostname -u admin -p changeme -d newhostname.example.com

After that finishes, run through the instructions given at the output of the script to re-register clients/proxies
Then double check you can still communicate with the proxy/clients (Sync repos, attach subscriptions). You'll have to add the new hostname to /etc/hosts on them as well.

Test out anything else you would like, it also would be a good idea to check /etc/pki/katello/certs/katello-default-ca.crt before and after to make sure it actually didn't change.

[johnpmitsch]

After changing the hostname, I was able to use the remote execution plugin to re-register my clients

[johnpmitsch]

For some reason the message at the end isn't showing the new hostname despite it being an instance variable, looking into why

[jturel]

@johnpmitsch

Once I got everything set up I was able to change my hostname and re-register my client successfully. However, I could not get my proxy re-registered. My steps were:

• create katello3.4(FQDN centos7-katello-3-4.strangeways.example.com) and proxy config w/ forklift
• used master branch katello-change-hostname to change to centos7-katello-3-4.example.com
  did not re-register client or proxy at this point
• used code from this PR to katello-change-hostname back to katello-3-4.strangeways.example.com
• re-registered RHEL client successfully w/ the noted instructions
• re-registering proxy failed
  foreman-installer --foreman-proxy-content-parent-fqdn centos7-katello-3-4.strangeways.example.com --disable-system-checks

/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[centos7-foreman-proxy-3-4.example.com]: Could not evaluate: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed in get request to: https://centos7-katello-3-4.strangeways.example.com/api/v2/smart_p
roxies?search=name=%22centos7-foreman-proxy-3-4.example.com%22
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_resource/rest_v3.rb:89:in rescue in request' /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_resource/rest_v3.rb:71:in request'
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:6:in proxy' /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:13:in id'
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:17:in `exists?'

Let me know if anything seems off about those steps. I am leaving everything in place so we can debug as needed.

[johnpmitsch]

@jturel hey if I am reading this right, it looks like this is what happened:

• You ran hostname change with the master branch version of the script, which changed the CA
• No proxies/clients were re-registered, which means they were still trying to use the old CA
• You ran hostname change again with the PR checkout, which kept the CA (which is new) the same
• Proxies are still using the old CA, which means they can't communicate with the katello server

The steps to test should look like this (sorry for not making them clear the first time):

• Setup Katello server, client, and foreman-proxy-with-content
• Make sure everything is happy and can sync/communicate
• Change the hostname on the katello server using this PR checkout, this won't change the CA.
• Follow instructions at the end of the script
• Check that everything can communicate/sync.

[jturel]

Followed the correct testing method and this worked just fine for me. The script output is also much better than it was previously. Good stuff!

[johnpmitsch]

@ehelms
bats run was successful on a k3.4 box with changed hostname

[root@changeme ~]# bats --tap forklift/bats/fb-content-katello.bats 
1..32
ok 1 Create an Empty Organization
ok 2 create an Organization
ok 3 create a product
ok 4 create package repository
ok 5 upload package
ok 6 sync repository
ok 7 create puppet repository
ok 8 upload puppet module
ok 9 create lifecycle environment
ok 10 create content view
ok 11 add repo to content view
ok 12 publish content view
ok 13 promote content view
ok 14 create activation key
ok 15 disable auto-attach
ok 16 add subscription to activation key
ok 17 install subscription manager
ok 18 register subscription manager
ok 19 check content host is registered
ok 20 enable content view repo
ok 21 install katello-host-tools
ok 22 install package locally
ok 23 check available errata
ok 24 install katello-agent
ok 25 30 sec of sleep for groggy gofers
ok 26 install package remotely (katello-agent)
ok 27 install errata remotely (katello-agent)
ok 28 add puppet module to content view
ok 29 publish content view
ok 30 promote content view
ok 31 # skip add puppetclass to host
ok 32 # skip puppet run applies dummy module

[johnpmitsch]

@ehelms I'll wait for you to approve before merging