Project

General

Profile

Bug #15700

When default-ca is updated, it doesn't update the nssdb

Added by Ivan Necas about 3 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Installer
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1356955
Description of problem:
When a new default-ca gets generated (which should be pretty rare case)
and can happen for example when the /root/ssl-build directory is removed
without a backup, the installer generates a new ca, but it fails
updating the nssdb with the new ca, which causes issues when connecting
to qpid later.

Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. foreman-installer --scenario=katello
2. rm -rf /root/ssl-build
3. foreman-installer
Actual results:
qpid-config --ssl-certificate /etc/pki/katello/certs/java-client.crt --ssl-key /etc/pki/katello/private/java-client.key -b 'amqps://sat-snap-rhel7.example.com:5671' add exchange topic event --durable returned 1 instead of one of [0]
/Stage[main]/Certs::Candlepin/Exec[create candlepin qpid exchange]/returns: change from notrun to 0 failed: qpid-config --ssl-certificate /etc/pki/katello/certs/java-client.crt --ssl-key /etc/pki/katello/private/java-client.key -b 'amqps://sat-snap-rhel7.example.com:5671' add exchange topic event --durable returned 1 instead of one of [0]
/Stage[main]/Certs::Candlepin/Exec[create candlepin qpid exchange]: Failed to call refresh: qpid-config --ssl-certificate /etc/pki/katello/certs/java-client.crt --ssl-key /etc/pki/katello/private/java-client.key -b 'amqps://sat-snap-rhel7.example.com:5671' add exchange topic event --durable returned 1 instead of one of [0]
/Stage[main]/Certs::Candlepin/Exec[create candlepin qpid exchange]: qpid-config --ssl-certificate /etc/pki/katello/certs/java-client.crt --ssl-key /etc/pki/katello/private/java-client.key -b 'amqps://sat-snap-rhel7.example.com:5671' add exchange topic event --durable returned 1 instead of one of [0]
Expected results:
the new ca is deployed successfully

Associated revisions

Revision 0854e86e (diff)
Added by Ivan Necas about 3 years ago

Fixes #15700 - make sure change of certs propagates changes in nssdb (#94)

History

#1 Updated by Ivan Necas about 3 years ago

  • Subject changed from When default-ca is updated, it doesn't update the nssdb to When default-ca is updated, it doesn't update the nssdb
  • Status changed from New to Ready For Testing
  • Assignee set to Ivan Necas

#2 Updated by Ivan Necas about 3 years ago

  • Pull request https://github.com/Katello/puppet-certs/pull/94 added

#3 Updated by Justin Sherrill about 3 years ago

  • Legacy Backlogs Release (now unused) set to 162

#4 Updated by Justin Sherrill almost 3 years ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF