Node Update

This email is for people using Katello Devel environment.

After the next git pull from katello master you might notice an error that looks like -> http://fpaste.org/322051/31886114/ . This is related to the recent merge of Nodes work to master, where we move to certs world from oauth world when talking to pulp.

The Fix:
I did the following
On my main box
$ cd /katello-deploy/katello-installer
$ librarian-puppet update
$ cd …
$ vagrant rsync <DEV BOX>
$ vagrant ssh <DEV BOX>
$ sudo su -
$ cd /vagrant/katello-installer
$ ./bin/katello-devel-installer

That installed the new certs for me, I was able to then do the normal rake katello:reset and continue.

Thanks Partha for sharing this.

Pulp node removal [1] switched from Oauth to cert authentication for
pulp when contacting both the main server and a pulp server on a
capsule. The Cert locations are set here [2] and one can generate certs
on an existing environment with these two commands:

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout
/etc/pki/katello/private/pulp-client.key

  • leave everything blank except the common name which is admin

openssl x509 -req -days 360 -in CSR.csr -CA
/etc/pki/katello/certs/katello-server-ca.crt -CAkey
/etc/pki/katello/private/katello-default-ca.key -CAcreateserial -out
/etc/pki/katello/certs/pulp-client.crt

This should get any existing environments working with the latest
changes in Katello. Let me know if you have any questions or run into
any trouble.

Thanks,
John

  1. https://github.com/Katello/katello/pull/5778

https://github.com/Katello/katello/blob/master/app/models/setting/katello.rb#L24-L25

··· On 02/12/2016 07:14 PM, Partha Aji wrote: > This email is for people using Katello Devel environment. > > After the next git pull from katello master you might notice an error that looks like -> http://fpaste.org/322051/31886114/ . This is related to the recent merge of Nodes work to master, where we move to certs world from oauth world when talking to pulp. > > The Fix: > I did the following > On my main box > $ cd /katello-deploy/katello-installer > $ librarian-puppet update > $ cd .. > $ vagrant rsync > $ vagrant ssh > $ sudo su - > $ cd /vagrant/katello-installer > $ ./bin/katello-devel-installer > > That installed the new certs for me, I was able to then do the normal rake katello:reset and continue. > >


John Mitsch
Red Hat Engineering
860-967-7285
irc: jomitsch

In the future can we make the subject of messages like this one something along the lines of:

"UPDATE YOUR SANDBOX WITH THESE INSTRUCTIONS OR IT WILL BREAK!!"

Thanks,
Walden

··· ----- Original Message ----- From: "Partha Aji" To: foreman-dev@googlegroups.com Sent: Friday, February 12, 2016 7:14:22 PM Subject: [foreman-dev] Node Update ....

This email is for people using Katello Devel environment.

After the next git pull from katello master you might notice an error that looks like -> http://fpaste.org/322051/31886114/ . This is related to the recent merge of Nodes work to master, where we move to certs world from oauth world when talking to pulp.

The Fix:
I did the following
On my main box
$ cd /katello-deploy/katello-installer
$ librarian-puppet update
$ cd …
$ vagrant rsync
$ vagrant ssh
$ sudo su -
$ cd /vagrant/katello-installer
$ ./bin/katello-devel-installer

That installed the new certs for me, I was able to then do the normal rake katello:reset and continue.


You received this message because you are subscribed to the Google Groups “foreman-dev” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

> Thanks Partha for sharing this.
>
> Pulp node removal [1] switched from Oauth to cert authentication for
> pulp when contacting both the main server and a pulp server on a
> capsule. The Cert locations are set here [2] and one can generate
> certs on an existing environment with these two commands:
>
> openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout
> /etc/pki/katello/private/pulp-client.key
> - leave everything blank except the common name which is admin
>
> openssl x509 -req -days 360 -in CSR.csr -CA
> /etc/pki/katello/certs/katello-server-ca.crt -CAkey
> /etc/pki/katello/private/katello-default-ca.key -CAcreateserial -out
> /etc/pki/katello/certs/pulp-client.crt
>
> This should get any existing environments working with the latest
> changes in Katello. Let me know if you have any questions or run into
> any trouble.
>
> Thanks,
> John

One thing that john forgot was that (depending on when you installed
your dev environment last) you may need to edit:
/etc/httpd/conf.d/05-katello-ssl.conf

removing line:

SSLOptions +StdEnvVars +ExportCertData +FakeBasicAuth

and adding:

SSLUsername SSL_CLIENT_S_DN_CN

Then simply restart httpd. It may be easier to simply reinstall a new
dev environment if you also need to pull in pulp 2.8.

-Justin

··· On 02/15/2016 08:39 AM, John Mitsch wrote:
  1. https://github.com/Katello/katello/pull/5778

https://github.com/Katello/katello/blob/master/app/models/setting/katello.rb#L24-L25

On 02/12/2016 07:14 PM, Partha Aji wrote:

This email is for people using Katello Devel environment.

After the next git pull from katello master you might notice an error
that looks like -> http://fpaste.org/322051/31886114/ . This is
related to the recent merge of Nodes work to master, where we move to
certs world from oauth world when talking to pulp.

The Fix:
I did the following
On my main box
$ cd /katello-deploy/katello-installer
$ librarian-puppet update
$ cd …
$ vagrant rsync
$ vagrant ssh
$ sudo su -
$ cd /vagrant/katello-installer
$ ./bin/katello-devel-installer

That installed the new certs for me, I was able to then do the normal
rake katello:reset and continue.