Project

General

Profile

Bug #15932

capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy

Added by Stephen Benjamin about 3 years ago. Updated about 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Installer
Target version:
Difficulty:
medium
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1300211
Description of problem:
capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy

Version-Release number of selected component (if applicable):
Satellite 6.1.4

How reproducible:
100%

Steps to Reproduce:
1. Execute capsule-certs-generate command for the fist time and extract the contents of the # capsule-certs-generate --capsule-fqdn capsule.example.com --certs-tar /tmp/capsule.tar.gz # tar -xvzf /tmp/capsule.tar.gz
ssl-build/katello-default-ca-1.0-1.noarch.rpm
ssl-build/katello-server-ca-1.0-1.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-apache-1.0-1.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-apache-1.0-2.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-foreman-client-1.0-1.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-foreman-proxy-1.0-2.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-foreman-proxy-client-1.0-1.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-puppet-client-1.0-1.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-qpid-broker-1.0-1.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-qpid-client-cert-1.0-1.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-qpid-router-client-1.0-1.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-qpid-router-server-1.0-1.noarch.rpm

2. Re-run the capsule installer with the --certs-update-server option Which would only update the apache package, but not the foreman-proxy

  1. capsule-certs-generate --capsule-fqdn capsule.example.com --certs-tar /tmp/capsule.tar.gz --certs-update-server
  2. tar -xvzf capsule.tar.gz
    ssl-build/katello-default-ca-1.0-1.noarch.rpm
    ssl-build/katello-server-ca-1.0-1.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-apache-1.0-1.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-apache-1.0-3.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-foreman-client-1.0-1.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-foreman-proxy-1.0-2.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-foreman-proxy-client-1.0-1.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-puppet-client-1.0-1.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-qpid-broker-1.0-1.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-qpid-client-cert-1.0-1.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-qpid-router-client-1.0-1.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-qpid-router-server-1.0-1.noarch.rpm

Actual results:
foreman-proxy related RPMs gets updated correctly with the new CA, but fails to update the version that gets appended to the RPM causing the confusion.

Expected results:
RPMs should be appened with correct version

Additional info:
Problem seems to from the code of /bin/katello-ssl-tool
#find RPMs in the directory as well.
filenames = glob.glob("%s-*.noarch.rpm" % server_rpm)
if filenames:
filename = sortRPMs(filenames)[-1]
h = get_package_header(filename)
if hdr is None:
hdr = h
else:
comp = hdrLabelCompare(h, hdr)
if comp > 0:
hdr = h

It grabs rpms like this "capsule.example.com-foreman-proxy-*.noarch.rpm" in that dir, sort it, and reckons the last one is the latest one.

But the satellite also has a rpm called "capsule.example.com-foreman-proxy-client-1.0-*.noarch.rpm" in the same directory!!

glob.glob("%s-*.noarch.rpm" % server_rpm) matches that perfectly as well. Since it always sits at the bottom of the sorted list:

(i.e.)
...
xxx-foreman-proxy-1.xxx
xxx-foreman-proxy-client-1.xxx

the release # the code fetched is always wrong.

As a result, the capsule.example.com-foreman-proxy rpm is generated with the right content, but wrong release number.

Since we have a capsule.example.com-foreman-proxy-client-1.0-1.noarch.rpm in the same folder, the generated capsule.example.com-foreman-proxy rpm will always be 1.0-2.

History

#1 Updated by Justin Sherrill about 3 years ago

  • Legacy Backlogs Release (now unused) set to 114
  • Difficulty set to medium

Also available in: Atom PDF