Project

General

Profile

Bug #16945

Capsule Installer does not honor virtual fqdn in load-balance scenario

Added by Stephen Benjamin over 5 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Category:
Installer
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1375697
Description of problem:

Using the Satellite6 HA LoadBalancing Reference architecture as a guide has the customer creating a multi-host certificate bundle, and then applying it to multiple capsules.

However, when the subsequent "satellite-installer --scenario capsule" is used to apply those certs to the capsule, the resulting "katello-ca-consumer-latest" that is created on each capsule contains a /usr/bin/katello-rhsm-consumer script that references the name of each individual capsule (KATELLO_SERVER=) rather than that of the load-balanced name.

Version-Release number of selected component (if applicable):

Red Hat Satellite 6.2.1

How reproducible:

Steps to Reproduce:
1. Following sections 5.2.1.7 and 5.2.1.8 of the reference architecure (https://access.redhat.com/sites/default/files/attachments/sat6ha-lb-refarch.pdf), Create a tar bundle for multiple capsules and use that with the satellite-installer on the capsules to apply the certificate bundle.

Actual results:

The resulting katello-ca-consumer rpm will contain a /usr/bin/katello-rhsm-consumer with a KATELLO_SERVER= set to the actual fqdn of each individual capsule.

Expected results:

The resulting katello-ca-consumer rpm should contain a /usr/bin/katello-rhsm-consumer file with a KATELLO_SERVER set to the fqdn of $1 that was specified when using the "katello-multi-host-certs.sh" script in Appendix C.10 of the above Reference Architecture.  (In other words, the virtual fqdn representing all of the capsules)

Additional info:

According to the customer, the class in /usr/share/katello-installer-base/modules/certs/manifests/katello.pp was not honoring the "node_fqdn" override and was instead always just using the capsules fqdn.

Making the following changes allowed for the correct Virtual fqdn to be represented in the /usr/bin/katello-rhsm-consumer script.

However, it is unknown what other effects this may have.


$ diff /usr/share/katello-installer-base/modules/certs/manifests/katello.pp.orig /usr/share/katello-installer-base/modules/certs/manifests/katello.pp
3c3
< $hostname = $fqdn,
---

$hostname = $::certs::node_fqdn,

19,20c19,20
< $candlepin_consumer_name = "katello-ca-consumer-${::fqdn}"
< $candlepin_consumer_summary = "Subscription-manager consumer certificate for Katello instance ${::fqdn}"
---

$candlepin_consumer_name = "katello-ca-consumer-${hostname}"
$candlepin_consumer_summary = "Subscription-manager consumer certificate for Katello instance ${hostname}"

Associated revisions

Revision 24dd0917 (diff)
Added by Stephen Benjamin over 5 years ago

fixes #16945 - use node_fqdn for consumer cert RPM generation (#107)

History

#1 Updated by Anonymous over 5 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

#2 Updated by Eric Helms over 5 years ago

  • Subject changed from Capsule Installer does not honor virtual fqdn in load-balance scenario to Capsule Installer does not honor virtual fqdn in load-balance scenario
  • Assignee set to Stephen Benjamin
  • Legacy Backlogs Release (now unused) set to 197

Also available in: Atom PDF