Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refs #8756: Deploy the server_ca to the Capsule directories for RHSM. #44

Merged
merged 1 commit into from Jan 21, 2015
Merged

Refs #8756: Deploy the server_ca to the Capsule directories for RHSM. #44

merged 1 commit into from Jan 21, 2015

Conversation

ehelms
Copy link
Member

@ehelms ehelms commented Jan 21, 2015

This fixes an issue where for stand alone Capsules that didn't have
access to the server_ca (since it was not deployed) the bootstrap
RPM would fail to be created. Further, this removes the unused
candlepin-local.pem which in reality was just the root CA cert.

@stbenjam
Copy link
Member

ACK

@ehelms
Copy link
Member Author

ehelms commented Jan 21, 2015

@stbenjam I need to push some updates to this change I encountered last night.

@ehelms
Refs #8756: Deploy the server_ca to the Capsule directories for RHSM.
9bf22a9 
This fixes an issue where for stand alone Capsules that didn't have
access to the server_ca (since it was not deployed) the bootstrap
RPM would fail to be created. Further, this removes the unused
candlepin-local.pem which in reality was just the root CA cert.
@ehelms
Copy link
Member Author

ehelms commented Jan 21, 2015

Updated.

@stbenjam
Copy link
Member

ACK

ehelms added a commit that referenced this pull request Jan 21, 2015
@ehelms
Merge pull request #44 from ehelms/refs-8756-2
61e92bf 
Refs #8756: Deploy the server_ca to the Capsule directories for RHSM.
@ehelms ehelms merged commit 61e92bf into theforeman:master Jan 21, 2015
iNecas
iNecas reviewed May 19, 2015
View reviewed changes
manifests/katello.pp
@@ -36,10 +37,9 @@
dir => $katello_www_pub_dir,
summary => $candlepin_consumer_summary,
description => $candlepin_consumer_description,
files => ["${rhsm_ca_dir}/candlepin-local.pem:644=${certs::ssl_build_dir}/${certs::default_ca_name}.crt",
"${rhsm_ca_dir}/katello-server-ca.pem:644 =${certs::ssl_build_dir}/${certs::server_ca_name}.crt"],
files => ["${rhsm_ca_dir}/katello-server-ca.pem:644 =${certs::pki_dir}/certs/${certs::server_ca_name}.crt"],
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this change compatible with katello-agent https://github.com/Katello/katello-agent/blob/master/etc/gofer/plugins/katelloplugin.conf. Btw. default_ca != server_ca, it's only coincidence they are the same, when using self-signed generated certs, but are different when using custom certs for ssl.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussed w/ @iNecas on IRC and it appears this breaks the agent with custom certs. RHSM would be using the server_ca but qpid-dispatch-router would be using default_ca.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The BZ describing the issue is here https://bugzilla.redhat.com/show_bug.cgi?id=1222912

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok... so lets get a Redmine issue and fix it :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ehelms @stbenjam @iNecas