Bug #18987
--certs-regenerate-ca should also regenerate ueber certificates
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1434948
Description of problem:
When regenerating the CA certificates on Katello the ueber certificates should also be regenerated. Otherwise, downstream Proxies will run into issues with synchronizing content.
How reproducible:
Always.
Steps to Reproduce:
1. Delete contents of /root/ssl-build and /root/ssl-build/<KAT_FQDN>
2. # katello-installer --certs-update-all --certs-regenerate-ca --certs-regenerate
3. Generate and install new certificate bundle for Proxies
4. Observe that Proxy content synchronization fails
nectar.downloaders.threaded:ERROR: Skipping requests to <KAT_FQDN> due to repeated connection failures: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:579)
Actual results:
- ueber certificate is still based off of old CA
- Proxy content synchronization fails
Expected results:
- ueber certificate has been refreshed against the new CA
- Proxy content synchronization is successful
Additional info:
Can be worked around by manually deleting the old ueber certificates in Candlepin.
Perhaps the installer can run this rake task in upstream that regenerates the ueber certificates:
Associated revisions
Refs #18987 - Do not stub over Settings[]
This test will fail when Settings[] is called
with unexpected keys.
History
#1
Updated by John Mitsch over 5 years ago
- Subject changed from --certs-regenerate-ca should also regenerate ueber certificates to --certs-regenerate-ca should also regenerate ueber certificates
- Description updated (diff)
#2
Updated by John Mitsch over 5 years ago
- Target version set to 178
#3
Updated by Brad Buckingham about 5 years ago
- Target version changed from 178 to 181
#4
Updated by The Foreman Bot about 5 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/Katello/katello/pull/6728 added
#5
Updated by Walden Raines about 5 years ago
- Legacy Backlogs Release (now unused) set to 211
#6
Updated by Brad Buckingham about 5 years ago
- Target version changed from 181 to 187
#7
Updated by John Mitsch about 5 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset katello|a0541934a469879d381d0cb4d4437bd0020979f9.
#8
Updated by The Foreman Bot almost 5 years ago
- Pull request https://github.com/Katello/katello/pull/6947 added
Fixes #18987 - Check ueber certs on each proxy sync