Plugins » Katello

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1222912
Description of problem:
When using custom certificates (issued by commercial or user custom ca), the katello-agent is not able to authorize against the qpid.

Version-Release number of selected component (if applicable):
6.1.0

How reproducible:
Always

Steps to Reproduce:
1. issue custom certificates outside of the installer (https://github.com/iNecas/ownca can be used to do so)
2. configure the katello to use the certificates https://github.com/Katello/katello-installer#custom-server-certificates
3. register a client
4. install the katello-agent

Actual results:

The logs complain about not being able to connect to the qpid. The installation tasks from katello time-out

Expected results:

everything works

Additional info:

The issue was introduced by https://github.com/Katello/puppet-certs/pull/44, with incorrect assumption that the server_ca and candlepin-local ca are always the same (which is not true, when the commercial CA is used as a server_ca). Therefore, we can't use the rhsm settings for using in the agent https://github.com/Katello/katello-agent/pull/20, as that's different use-case and different CA to be used: the rhsm needs a CA to verify that the sat6 server is valid, while the agent uses it for verifying the client certs of the qpid broker.

I also ask for automating this workflow to avoid regressions