Bug #15931
closed
katello installer doesn't fully support cname alternate cname for satellite server
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1160344
Description of problem:
hostname: xyz123-us.acme.com
cname: satellite.acme.com
katello-installer --foreman-db-password foreman --foreman-db-username foreman --katello-proxy-url http://applicationwebproxy.acme.com --katello-proxy-port 8080 --certs-ca-common-name "satellite.acme.com" --certs-node-fqdn "satellite.acme.com" --capsule-parent-fqdn "satellite.acme.com" --foreman-foreman-url="https://satellite.acme.com" --foreman-admin-password changeme
it does not update /etc/pulp/server.conf [messaging] and [tasks] sections with CNAME and i get
Nov 4 00:41:59 totlx90101 pulp: celery.worker.consumer:ERROR: consumer: Cannot connect to qpid://guest@xyz123-us.acme.com:5671//: Connection hostname 'xyz123-us.acme.com' does not match names from peer certificate: ['satellite.acme.com', u'satellite.acme.com'].
Nov 4 00:41:59 xyz123-us pulp: celery.worker.consumer:ERROR: Trying again in 12.00 seconds...
Nov 4 00:41:59 xyz123-us pulp: celery.worker.consumer:ERROR:
I have manually modified /etc/pulp/server.conf and everything seems to be working now.
Version-Release number of selected component (if applicable):
Current Satellite 6
How reproducible:
See above
Actual results:
Expected results:
pulp should correctly set /etc/pulp/server.conf
Additional info:
Customer can use a cname as a way to have a hotbackup of the Satellite server for DR purposes. This removes requirements to change certs.
The alternative approach requires cert changes.
Updating the hostname of a Red Hat Satellite 6 Server and updating associated SSL certificates.
https://access.redhat.com/solutions/1232133
Reference to other BZs for cname support
[RFE] CNAME and SRV record support in foreman
https://bugzilla.redhat.com/show_bug.cgi?id=1045613
Updated by 
Updated by 
Updated by