Project

General

Profile

Actions
Copy link

Bug #15932

closed

capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy

Added by Stephen Benjamin almost 8 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Installer
Target version:
Katello 3.17.0
Difficulty:
medium
Triaged:
Yes
Bugzilla link:
1300211
Pull request:
https://github.com/Katello/katello-certs-tools/pull/26
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1300211
Description of problem:
capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy

Version-Release number of selected component (if applicable):
Satellite 6.1.4

How reproducible:
100%

Steps to Reproduce:
1. Execute capsule-certs-generate command for the fist time and extract the contents of the # capsule-certs-generate --capsule-fqdn capsule.example.com --certs-tar /tmp/capsule.tar.gz # tar -xvzf /tmp/capsule.tar.gz
ssl-build/katello-default-ca-1.0-1.noarch.rpm
ssl-build/katello-server-ca-1.0-1.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-apache-1.0-1.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-apache-1.0-2.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-foreman-client-1.0-1.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-foreman-proxy-1.0-2.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-foreman-proxy-client-1.0-1.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-puppet-client-1.0-1.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-qpid-broker-1.0-1.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-qpid-client-cert-1.0-1.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-qpid-router-client-1.0-1.noarch.rpm
ssl-build/capsule.example.com/capsule.example.com-qpid-router-server-1.0-1.noarch.rpm

2. Re-run the capsule installer with the --certs-update-server option Which would only update the apache package, but not the foreman-proxy

  1. capsule-certs-generate --capsule-fqdn capsule.example.com --certs-tar /tmp/capsule.tar.gz --certs-update-server
  2. tar -xvzf capsule.tar.gz
    ssl-build/katello-default-ca-1.0-1.noarch.rpm
    ssl-build/katello-server-ca-1.0-1.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-apache-1.0-1.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-apache-1.0-3.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-foreman-client-1.0-1.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-foreman-proxy-1.0-2.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-foreman-proxy-client-1.0-1.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-puppet-client-1.0-1.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-qpid-broker-1.0-1.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-qpid-client-cert-1.0-1.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-qpid-router-client-1.0-1.noarch.rpm
    ssl-build/capsule.example.com/capsule.example.com-qpid-router-server-1.0-1.noarch.rpm

Actual results:
foreman-proxy related RPMs gets updated correctly with the new CA, but fails to update the version that gets appended to the RPM causing the confusion.

Expected results:
RPMs should be appened with correct version

Additional info:
Problem seems to from the code of /bin/katello-ssl-tool
#find RPMs in the directory as well.
filenames = glob.glob("%s-*.noarch.rpm" % server_rpm)
if filenames:
filename = sortRPMs(filenames)[-1]
h = get_package_header(filename)
if hdr is None:
hdr = h
else:
comp = hdrLabelCompare(h, hdr)
if comp > 0:
hdr = h

It grabs rpms like this "capsule.example.com-foreman-proxy-*.noarch.rpm" in that dir, sort it, and reckons the last one is the latest one.

But the satellite also has a rpm called "capsule.example.com-foreman-proxy-client-1.0-*.noarch.rpm" in the same directory!!

glob.glob("%s-*.noarch.rpm" % server_rpm) matches that perfectly as well. Since it always sits at the bottom of the sorted list:

(i.e.)
...
xxx-foreman-proxy-1.xxx
xxx-foreman-proxy-client-1.xxx

the release # the code fetched is always wrong.

As a result, the capsule.example.com-foreman-proxy rpm is generated with the right content, but wrong release number.

Since we have a capsule.example.com-foreman-proxy-client-1.0-1.noarch.rpm in the same folder, the generated capsule.example.com-foreman-proxy rpm will always be 1.0-2.

Actions
Copy link
 #1

Updated by Justin Sherrill over 7 years ago

  • translation missing: en.field_release set to 114
  • Difficulty set to medium
Actions
Copy link
 #2

Updated by Ewoud Kohl van Wijngaarden almost 4 years ago

  • Status changed from New to Closed
  • Target version changed from Katello Backlog to Katello 4.0.0
  • Triaged set to No

Not quite sure why it wasn't closed automatically.

Actions
Copy link
 #3

Updated by Jonathon Turel almost 4 years ago

  • Triaged changed from No to Yes
  • Pull request https://github.com/Katello/katello-certs-tools/pull/26 added
Actions
Copy link
 #4

Updated by Chris Roberts almost 4 years ago

  • Target version changed from Katello 4.0.0 to Katello 3.17.0
Actions
Copy link

Also available in: Atom PDF