Bug #16906
closed
Capsule does not work with certificate with key of 16384 bits
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1383996
Description of problem:
Running the installer to update the certifictes fails refreshing the internal proxy features, at least when remote execution is enabled.
[ INFO 2016-10-12 10:28:27 verbose] Class[Foreman_proxy::Register]: Scheduling refresh of Foreman_smartproxy[li-lc-1578.hag.hilti.com]
[ERROR 2016-10-12 10:28:57 verbose] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[li-lc-1578.hag.hilti.com]: Failed to call refresh: Proxy li-lc-1578.hag.hilti.com cannot be registered (500 Internal Server Error): N/A
[ERROR 2016-10-12 10:28:57 verbose] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[li-lc-1578.hag.hilti.com]: Proxy li-lc-1578.hag.hilti.com cannot be registered (500 Internal Server Error): N/A
[ INFO 2016-10-12 10:28:57 verbose] /usr/share/ruby/vendor_ruby/puppet/util/errors.rb:106:in `fail'
[ INFO 2016-10-12 10:28:57 verbose] /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v2.rb:7:in `raise_error'
[ INFO 2016-10-12 10:28:57 verbose] /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v2.rb:101:in `rescue in refresh_features!'
[ INFO 2016-10-12 10:28:57 verbose] /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v2.rb:99:in `refresh_features!'
[ INFO 2016-10-12 10:28:57 verbose] /usr/share/foreman-installer/modules/foreman/lib/puppet/type/foreman_smartproxy.rb:49:in `refresh'
[ INFO 2016-10-12 10:28:57 verbose] /usr/share/ruby/vendor_ruby/puppet/transaction/event_manager.rb:101:in `process_callback'
Command user to update the certificates:
satellite-installer --scenario=satellite --verbose --certs-update-server --certs-update-server-ca --certs-server-cert sat6certA.example.com.cer --certs-server-cert-req sat6certA.example.com.req --certs-server-key sat6certA.example.com.key --certs-server-ca-cert sat6certA.example.com.ca-bundle
Fragement from the production.log that shows that the proxy wants to communciates, but fails because certifictes changed
2016-10-12 10:28:53 [app] [I] Authorized user foreman_api_admin(API Admin)
2016-10-12 10:28:53 [app] [W] Action failed
| ProxyAPI::ProxyException: ERF12-9411 [ProxyAPI::ProxyException]: Unable to fetch public key ([OpenSSL::SSL::SSLError]: SSL_connect returned=1 errno=0 state=
SSLv3 read server session ticket A: sslv3 alert il...) for Capsule https://li-lc-1578.hag.hilti.com:9090/ssh
| /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_remote_execution-0.3.0.12/app/lib/proxy_api/remote_execution_ssh.rb:11:in `rescue in pubkey'
| /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_remote_execution-0.3.0.12/app/lib/proxy_api/remote_execution_ssh.rb:9:in `pubkey'
| /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_remote_execution-0.3.0.12/app/models/concerns/foreman_remote_execution/smart_proxy_extensions.rb:15:in
`update_pubkey'
| /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_remote_execution-0.3.0.12/app/models/concerns/foreman_remote_execution/smart_proxy_extensions.rb:22:in
`refresh_with_remote_execution'
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1. Isntall Sat6 without custom certificates, enable remote execution
2. Make sure internal proxy has feature remote execution
3. Update the certificates on the Sat6 server
Actual results:
Failure in installer
Expected results:
Success
Additional info:
Updated by Stephen Benjamin over 8 years ago
- Subject changed from Updating certificates installer fails when internal proxy with remote execution is enabled to Capsule does not work with certificate with key of 16384 bits
Updated by Justin Sherrill over 8 years ago
- Translation missing: en.field_release set to 114
Updated by Ewoud Kohl van Wijngaarden over 1 year ago
- Status changed from New to Rejected
- Triaged set to No
Closing for its age. If it's still relevant, please open an new issue against the installer project.