-
Notifications
You must be signed in to change notification settings - Fork 148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #28158 - Remove csr flag in hostname-change #4254
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the whole custom_cert_req
option doesn't make sense anymore. We don't support submitting a CSR but using our CA anymore. Should we nuke the whole option?
@ekohl +1 to nuking it everywhere, I will check other places and open pr's as needed if I find |
+1 to removing the whole option and all the instances in the script where it's used |
@chris1984 is this still an option in the scenario answers file?
If not, it can be removed too. Seems like we could just check the certificate and key anyways. |
Thanks for catching that, ill update again and test |
@johnpmitsch updated and retested: Success!
* Katello is running at https://newhost.katello.lan
* To install an additional Foreman proxy on separate machine continue by running:
foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY" --certs-tar "/root/$FOREMAN_PROXY-certs.tar"
The full log is at /var/log/foreman-installer/katello.log
[ INFO 2019-10-31T19:06:33 verbose] All hooks in group post finished
[ INFO 2019-10-31T19:06:33 verbose] Installer finished in 410.142111066 seconds
Restarting puppet services
Redirecting to /bin/systemctl restart puppet.service
**** Hostname change complete! **** |
@johnpmitsch tested with custom certs as well: Installer run with custom certs: foreman-installer --scenario katello -v \
--certs-server-cert "/root/ownca/dhcp-8-29-17.lab.eng.rdu2.redhat.com/dhcp-8-29-17.lab.eng.rdu2.redhat.com.crt" \
--certs-server-key "/root/ownca/dhcp-8-29-17.lab.eng.rdu2.redhat.com/dhcp-8-29-17.lab.eng.rdu2.redhat.com.key" \
--certs-server-ca-cert "/root/ownca/cacert.crt" katello-change-hostname cert1.katello.lan -u admin -p mB9jvP3eZHTWpFm3 -c /root/ownca/cert1.katello.lan/cert1.katello.lan.crt -k /root/ownca/cert1.katello.lan/cert1.katello.lan.key Installer run with new certs: Success!
* Katello is running at https://cert1.katello.lan
* To install an additional Foreman proxy on separate machine continue by running:
foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY" --certs-tar "/root/$FOREMAN_PROXY-certs.tar"
The full log is at /var/log/foreman-installer/katello.log
[ INFO 2019-11-01T12:47:30 verbose] All hooks in group post finished
[ INFO 2019-11-01T12:47:30 verbose] Installer finished in 395.949488721 seconds
Restarting puppet services
Redirecting to /bin/systemctl restart puppet.service
**** Hostname change complete! **** Will file issues around adding an rfe to provide a ca flag and also to check if the hostname is in /etc/hosts too |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! I'll leave it up to @ekohl to confirm his concerns were addressed
Thanks! Just after merging I realized that this package isn't a nightly so until you bump the release, it won't be released. |
@ekohl thanks I will open a PR to bump the release |
Should this (and the release bump?) be pulled in to rpm/1.24 as well? |
@tbrisker yes, this is a good one to cherry pick. Mind doing the honors? |
No description provided.