Fixes #28158 - Remove csr flag in hostname-change

[chris1984]

No description provided.

[ekohl]

I think the whole custom_cert_req option doesn't make sense anymore. We don't support submitting a CSR but using our CA anymore. Should we nuke the whole option?

[chris1984]

@ekohl +1 to nuking it everywhere, I will check other places and open pr's as needed if I find -r/csr anywhere. Also updated

[johnpmitsch]

I think the whole custom_cert_req option doesn't make sense anymore.

+1 to removing the whole option and all the instances in the script where it's used

[johnpmitsch]

@chris1984 is this still an option in the scenario answers file?

foreman-packaging/packages/katello/katello/hostname-change.rb

Line 167 in 1c1ae69

scenario_answers["certs"]["server_cert_req"]

If not, it can be removed too. Seems like we could just check the certificate and key anyways.

[chris1984]

@chris1984 is this still an option in the scenario answers file?

foreman-packaging/packages/katello/katello/hostname-change.rb

Line 167 in 1c1ae69

scenario_answers["certs"]["server_cert_req"]

If not, it can be removed too. Seems like we could just check the certificate and key anyways.

Thanks for catching that, ill update again and test

[chris1984]

@johnpmitsch updated and retested:

  Success!
  * Katello is running at https://newhost.katello.lan
  * To install an additional Foreman proxy on separate machine continue by running:

      foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY" --certs-tar "/root/$FOREMAN_PROXY-certs.tar"
  The full log is at /var/log/foreman-installer/katello.log
[ INFO 2019-10-31T19:06:33 verbose] All hooks in group post finished
[ INFO 2019-10-31T19:06:33 verbose] Installer finished in 410.142111066 seconds
Restarting puppet services
Redirecting to /bin/systemctl restart puppet.service
**** Hostname change complete! ****

[chris1984]

@johnpmitsch tested with custom certs as well:

Installer run with custom certs:

foreman-installer --scenario katello -v \
                      --certs-server-cert "/root/ownca/dhcp-8-29-17.lab.eng.rdu2.redhat.com/dhcp-8-29-17.lab.eng.rdu2.redhat.com.crt" \
                      --certs-server-key "/root/ownca/dhcp-8-29-17.lab.eng.rdu2.redhat.com/dhcp-8-29-17.lab.eng.rdu2.redhat.com.key" \
                      --certs-server-ca-cert "/root/ownca/cacert.crt"

katello-change-hostname cert1.katello.lan -u admin -p mB9jvP3eZHTWpFm3 -c /root/ownca/cert1.katello.lan/cert1.katello.lan.crt -k /root/ownca/cert1.katello.lan/cert1.katello.lan.key

Installer run with new certs:

  Success!
  * Katello is running at https://cert1.katello.lan
  * To install an additional Foreman proxy on separate machine continue by running:

      foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY" --certs-tar "/root/$FOREMAN_PROXY-certs.tar"
  The full log is at /var/log/foreman-installer/katello.log
[ INFO 2019-11-01T12:47:30 verbose] All hooks in group post finished
[ INFO 2019-11-01T12:47:30 verbose] Installer finished in 395.949488721 seconds
Restarting puppet services
Redirecting to /bin/systemctl restart puppet.service
**** Hostname change complete! ****

Will file issues around adding an rfe to provide a ca flag and also to check if the hostname is in /etc/hosts too

[johnpmitsch]

Looks good! I'll leave it up to @ekohl to confirm his concerns were addressed

[ekohl]

Thanks! Just after merging I realized that this package isn't a nightly so until you bump the release, it won't be released.

[chris1984]

@ekohl thanks I will open a PR to bump the release

[tbrisker]

Should this (and the release bump?) be pulled in to rpm/1.24 as well?

[ekohl]

@tbrisker yes, this is a good one to cherry pick. Mind doing the honors?

[tbrisker]

@ekohl - sure, #4391