Project

General

Profile

Bug #17955

Cannot generate certificates for proxy

Added by Daniel Lobato Garcia over 5 years ago. Updated almost 4 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Tooling
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

foreman-proxy-certs-generate doesn't seem to understand neither of the required arguments to create the certificates tar.

[root@mandy-rheaves ~]# foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY" --certs-tar "$FOREMAN_PROXY.tar" 
ERROR: Unrecognised option '--foreman-proxy-fqdn'

See: 'foreman-proxy-certs-generate --help'

History

#1 Updated by Daniel Lobato Garcia over 5 years ago

The command is being referenced all over the installer, manual, some READMEs... so even if the args are wrong (I don't think they are) it should be fixed, otherwise we'll have to go through a lot of docs to fix.

#2 Updated by Daniel Lobato Garcia over 5 years ago

Also, the validation function is failing. I had to change "/usr/share/katello-installer-base/modules/certs/manifests/foreman_proxy_content.pp" to even get to this. The params are undefined and NOT listed under --help

+  if $certs_tar == undef { fail "--certs-tar must be present" }
+  if $foreman_proxy_fqdn == undef { fail "--foreman-proxy-fqdn must be present" }
-  validate_present($certs_tar)
-  validate_present($foreman_proxy_fqdn)

#3 Updated by Stephen Benjamin over 5 years ago

  • Status changed from New to Need more information

Works for me, see below. Can you run foreman-proxy-certs-generate with `-v` and provide the full output?

What version of Katello are you using?

[root@bye-puppet ~]# foreman-proxy-certs-generate --foreman-proxy-fqdn foo.example.com --certs-tar foo.example.com.tar
Installing             Done                                               [100%] [...........................................................................................................................................................]
  Success!

  To finish the installation, follow these steps:

  If you do not have the smartproxy registered to the Katello instance, then please do the following:

  1. yum -y localinstall http://bye-puppet.example.com/pub/katello-ca-consumer-latest.noarch.rpm
  2. subscription-manager register --org "Default_Organization" 

  Once this is completed run the steps below to start the smartproxy installation:

  1. Ensure that the foreman-installer-katello package is installed on the system.
  2. Copy foo.example.com.tar to the system foo.example.com
  3. Run the following commands on the Foreman proxy (possibly with the customized
     parameters, see foreman-installer --scenario foreman-proxy-content --help and
     documentation for more info on setting up additional services):

  foreman-installer --scenario foreman-proxy-content\
                    --foreman-proxy-content-parent-fqdn           "bye-puppet.example.com"\
                    --foreman-proxy-register-in-foreman           "true"\
                    --foreman-proxy-foreman-base-url              "https://bye-puppet.example.com"\
                    --foreman-proxy-trusted-hosts                 "bye-puppet.example.com"\
                    --foreman-proxy-trusted-hosts                 "foo.example.com"\
                    --foreman-proxy-oauth-consumer-key            "74ovnXJxbhg9SqCwyKadJfPz3QsqKZQb"\
                    --foreman-proxy-oauth-consumer-secret         "aqcEafuodN2GXirLF3SZHwRhJcSxwtBS"\
                    --foreman-proxy-content-pulp-oauth-secret     "N2nWwZS7KZ8ogeKkS4dCKinGeQ4LeoTs"\
                    --foreman-proxy-content-certs-tar             "foo.example.com.tar"\
                    --puppet-server-foreman-url                   "https://bye-puppet.example.com" 
  The full log is at /var/log/foreman-proxy-certs-generate.log

#4 Updated by Justin Sherrill over 5 years ago

  • Legacy Backlogs Release (now unused) set to 166

#5 Updated by Justin Sherrill over 5 years ago

  • Status changed from Need more information to Rejected

Closing due to inactivity, feel free to reopen if this is still a problem.
Thanks!

Also available in: Atom PDF