Project

General

Profile

Bug #26623

foreman-proxy-certs-generate is missing parameters between katello 3.10 and 3.11

Added by Evgeni Golov 7 months ago. Updated 6 months ago.

Status:
Closed
Priority:
High
Assignee:
Category:
-
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

hellokatello on IRC discovered that f-p-c-g does not properly work on Katello 3.11 and newer (aka since "the installer merge"), as it has fewer parameters than before (e.g. --certs-update-server is missing)

Associated revisions

Revision b26d33f9 (diff)
Added by Evgeni Golov 6 months ago

Fixes #26623 - copy update certs hooks to katello-certs

History

#1 Updated by Evgeni Golov 7 months ago

nightly:

# foreman-proxy-certs-generate --help 
Usage:
    foreman-proxy-certs-generate [OPTIONS]

Options:

= Generic:
    --[no-]colors                 Use color output on STDOUT (default: true)
    --color-of-background COLOR   Your terminal background is :bright or :dark (default: :dark)
    --dont-save-answers           Skip saving answers to '/usr/share/foreman-installer/katello-certs/scenarios.d/foreman-proxy-certs-answers.yaml'? (default: true)
    --ignore-undocumented         Ignore inconsistent parameter documentation (default: false)
    -i, --interactive             Run in interactive mode
    --log-level LEVEL             Log level for log file output (default: :debug)
    -n, --noop                    Run puppet in noop mode? (default: false)
    -p, --profile                 Run puppet in profile mode? (default: false)
    -s, --skip-checks-i-know-better Skip all system checks (default: false)
    --skip-puppet-version-check   Skip check for compatible Puppet versions (default: false)
    -v, --verbose                 Display log on STDOUT instead of progressbar
    -l, --verbose-log-level LEVEL Log level for verbose mode output (default: "info")
    -S, --scenario SCENARIO       Use installation scenario
    --disable-scenario SCENARIO   Disable installation scenario
    --enable-scenario SCENARIO    Enable installation scenario
    --list-scenarios              List available installation scenarios
    --force                       Force change of installation scenario
    --compare-scenarios           Show changes between last used scenario and the scenario specified with -S or --scenario argument
    --migrations-only             Apply migrations to a selected scenario and exit
    --[no-]parser-cache           Force use or bypass of Puppet module parser cache
    -h, --help                    print help
    --full-help                   print complete help
    --[no-]enable-certs           Enable 'certs' puppet module (default: true)
    --[no-]enable-foreman-proxy-certs Enable 'foreman_proxy_certs' puppet module (default: true)

= Module certs:
    --cname                       The alternative names of the host the generated certificates
                                  should be for (current: [])
    --node-fqdn                   The fqdn of the host the generated certificates
                                  should be for (current: "pipeline-katello-nightly-centos7.yatsu.example.com")
    --server-ca-cert              Path to the CA that issued the ssl certificates for https
                                  if not specified, the default CA will be used (current: UNDEF)
    --server-cert                 Path to the ssl certificate for https
                                  if not specified, the default CA will generate one (current: UNDEF)
    --server-cert-req             Path to the ssl certificate request for https
                                  if not specified, the default CA will generate one (current: UNDEF)
    --server-key                  Path to the ssl key for https
                                  if not specified, the default CA will generate one (current: UNDEF)
    --tar-file                    Use a tarball with certificates rather than generate
                                  new ones. This can be used on another node which is
                                  not the CA. (current: UNDEF)

= Module foreman_proxy_certs:
    --certs-tar                   Path to tar file with certs to generate (current: UNDEF)
    --foreman-proxy-cname         additional names of the foreman proxy (current: ["[]"])
    --foreman-proxy-fqdn          FQDN of the foreman proxy (current: "pipeline-katello-nightly-centos7.yatsu.example.com")
    --parent-fqdn                 FQDN of the parent node. Does not usually
                                  need to be set. (current: "pipeline-katello-nightly-centos7.yatsu.example.com")

Only commonly used options have been displayed.
Use --full-help to view the complete list.

3.7 (the only I have handy)

# foreman-proxy-certs-generate --help
Usage:
    foreman-proxy-certs-generate [OPTIONS]

Options:

= Generic:
    --reset                       This option will drop the Katello database and clear all subsequent backend data stores.You will lose all data! Unfortunately we
                                  can't detect a failure at the moment so you should verify the success
                                  manually. e.g. dropping can fail when DB is currently in use. (default: false)
    --clear-pulp-content          This option will clear all Pulp content from disk located in '/var/lib/pulp/content/'. (default: false)
    --clear-puppet-environments   This option will clear all published Puppet environments from disk. (default: false)
    --disable-system-checks       This option will skip the system checks for memory. (default: false)
    --force-upgrade-steps         This option will force upgrade steps to run that are normally only run once. (default: false)
    --certs-update-server         This option will enforce an update of the HTTPS certificates (default: false)
    --certs-update-server-ca      This option will enforce an update of the CA used for HTTPS certificates. (default: false)
    --certs-update-all            This option will enforce an update of all the certificates for given host (default: false)
    --certs-reset                 This option will reset any custom certificates and use the self-signed CA instead. Note that any clients will need to be updated with the latest katello-ca-consumer RPM, and any external proxies will need to have the certs updated by generating a new certs tarball. (default: false)
    --certs-skip-check            This option will cause skipping the certificates sanity check. Use with caution (default: false)
    --upgrade                     Run the steps necessary for an upgrade such as migrations, rake tasks, etc. (default: false)
    --disable-resolve-mismatches  This will disable the resolving of mismatches between the application and backend services, during upgrade.  The steps will still run in a non-commit mode to show what would have been changed. (default: false)
    --[no-]colors                 Use color output on STDOUT (default: true)
    --color-of-background COLOR   Your terminal background is :bright or :dark (default: :dark)
    --dont-save-answers           Skip saving answers to '/tmp/foreman-proxy-certs-answer20190416-15313-1j5b57x.yaml'? (default: true)
    --ignore-undocumented         Ignore inconsistent parameter documentation (default: false)
    -i, --interactive             Run in interactive mode
    --log-level LEVEL             Log level for log file output (default: :debug)
    -n, --noop                    Run puppet in noop mode? (default: false)
    -p, --profile                 Run puppet in profile mode? (default: false)
    -s, --skip-checks-i-know-better Skip all system checks (default: false)
    --skip-puppet-version-check   Skip check for compatible Puppet versions (default: false)
    -v, --verbose                 Display log on STDOUT instead of progressbar
    -l, --verbose-log-level LEVEL Log level for verbose mode output (default: "info")
    -S, --scenario SCENARIO       Use installation scenario
    --disable-scenario SCENARIO   Disable installation scenario
    --enable-scenario SCENARIO    Enable installation scenario
    --list-scenarios              List available installation scenarios
    --force                       Force change of installation scenario
    --compare-scenarios           Show changes between last used scenario and the scenario specified with -S or --scenario argument
    --migrations-only             Apply migrations to a selected scenario and exit
    --[no-]parser-cache           Force use or bypass of Puppet module parser cache
    -h, --help                    print help
    --full-help                   print complete help
    --[no-]enable-certs           Enable 'certs' puppet module (default: true)
    --[no-]enable-foreman-proxy-certs Enable 'foreman_proxy_certs' puppet module (default: true)

= Module certs:
    --cname                       The alternative names of the host the generated certificates
                                  should be for (current: [])
    --node-fqdn                   The fqdn of the host the generated certificates
                                  should be for (current: "blah.example.com")
    --server-ca-cert              Path to the CA that issued the ssl certificates for https
                                  if not specified, the default CA will be used (current: UNDEF)
    --server-cert                 Path to the ssl certificate for https
                                  if not specified, the default CA will generate one (current: UNDEF)
    --server-cert-req             Path to the ssl certificate request for https
                                  if not specified, the default CA will generate one (current: UNDEF)
    --server-key                  Path to the ssl key for https
                                  if not specified, the default CA will generate one (current: UNDEF)

= Module foreman_proxy_certs:
    --certs-tar                   Path to tar file with certs to generate (current: UNDEF)
    --foreman-proxy-cname         additional names of the foreman proxy (current: [])
    --foreman-proxy-fqdn          FQDN of the foreman proxy (current: "blah.example.com")
    --parent-fqdn                 FQDN of the parent node. Does not usually
                                  need to be set. (current: "blah.example.com")

Only commonly used options have been displayed.
Use --full-help to view the complete list.

#2 Updated by Evgeni Golov 7 months ago

workaround:
cp /usr/share/foreman-installer/katello/hooks/boot/20-certs_update.rb /usr/share/foreman-installer/katello-certs/hooks/boot/

#3 Updated by Tomer Brisker 7 months ago

  • Target version set to 1.22.0

#4 Updated by The Foreman Bot 6 months ago

  • Assignee set to Evgeni Golov
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-installer/pull/355 added

#5 Updated by Evgeni Golov 6 months ago

  • Status changed from Ready For Testing to Closed

#6 Updated by Tomer Brisker 6 months ago

  • Fixed in Releases 1.22.0 added

Also available in: Atom PDF