This email is for people using Katello Devel environment.
After the next git pull from katello master you might notice an error that looks like -> http://fpaste.org/322051/31886114/ . This is related to the recent merge of Nodes work to master, where we move to certs world from oauth world when talking to pulp.
The Fix:
I did the following
On my main box
$ cd /katello-deploy/katello-installer
$ librarian-puppet update
$ cd …
$ vagrant rsync <DEV BOX>
$ vagrant ssh <DEV BOX>
$ sudo su -
$ cd /vagrant/katello-installer
$ ./bin/katello-devel-installer
That installed the new certs for me, I was able to then do the normal rake katello:reset and continue.
Thanks Partha for sharing this.
Pulp node removal [1] switched from Oauth to cert authentication for
pulp when contacting both the main server and a pulp server on a
capsule. The Cert locations are set here [2] and one can generate certs
on an existing environment with these two commands:
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout
/etc/pki/katello/private/pulp-client.key
- leave everything blank except the common name which is admin
openssl x509 -req -days 360 -in CSR.csr -CA
/etc/pki/katello/certs/katello-server-ca.crt -CAkey
/etc/pki/katello/private/katello-default-ca.key -CAcreateserial -out
/etc/pki/katello/certs/pulp-client.crt
This should get any existing environments working with the latest
changes in Katello. Let me know if you have any questions or run into
any trouble.
Thanks,
John
- https://github.com/Katello/katello/pull/5778
-
https://github.com/Katello/katello/blob/master/app/models/setting/katello.rb#L24-L25
···
On 02/12/2016 07:14 PM, Partha Aji wrote:
> This email is for people using Katello Devel environment.
>
> After the next git pull from katello master you might notice an error that looks like -> http://fpaste.org/322051/31886114/ . This is related to the recent merge of Nodes work to master, where we move to certs world from oauth world when talking to pulp.
>
> The Fix:
> I did the following
> On my main box
> $ cd /katello-deploy/katello-installer
> $ librarian-puppet update
> $ cd ..
> $ vagrant rsync
> $ vagrant ssh
> $ sudo su -
> $ cd /vagrant/katello-installer
> $ ./bin/katello-devel-installer
>
> That installed the new certs for me, I was able to then do the normal rake katello:reset and continue.
>
>
–
John Mitsch
Red Hat Engineering
860-967-7285
irc: jomitsch
In the future can we make the subject of messages like this one something along the lines of:
"UPDATE YOUR SANDBOX WITH THESE INSTRUCTIONS OR IT WILL BREAK!!"
Thanks,
Walden
···
----- Original Message -----
From: "Partha Aji"
To: foreman-dev@googlegroups.com
Sent: Friday, February 12, 2016 7:14:22 PM
Subject: [foreman-dev] Node Update ....
This email is for people using Katello Devel environment.
After the next git pull from katello master you might notice an error that looks like -> http://fpaste.org/322051/31886114/ . This is related to the recent merge of Nodes work to master, where we move to certs world from oauth world when talking to pulp.
The Fix:
I did the following
On my main box
$ cd /katello-deploy/katello-installer
$ librarian-puppet update
$ cd …
$ vagrant rsync
$ vagrant ssh
$ sudo su -
$ cd /vagrant/katello-installer
$ ./bin/katello-devel-installer
That installed the new certs for me, I was able to then do the normal rake katello:reset and continue.
–
You received this message because you are subscribed to the Google Groups “foreman-dev” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
> Thanks Partha for sharing this.
>
> Pulp node removal [1] switched from Oauth to cert authentication for
> pulp when contacting both the main server and a pulp server on a
> capsule. The Cert locations are set here [2] and one can generate
> certs on an existing environment with these two commands:
>
> openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout
> /etc/pki/katello/private/pulp-client.key
> - leave everything blank except the common name which is admin
>
> openssl x509 -req -days 360 -in CSR.csr -CA
> /etc/pki/katello/certs/katello-server-ca.crt -CAkey
> /etc/pki/katello/private/katello-default-ca.key -CAcreateserial -out
> /etc/pki/katello/certs/pulp-client.crt
>
> This should get any existing environments working with the latest
> changes in Katello. Let me know if you have any questions or run into
> any trouble.
>
> Thanks,
> John
One thing that john forgot was that (depending on when you installed
your dev environment last) you may need to edit:
/etc/httpd/conf.d/05-katello-ssl.conf
removing line:
SSLOptions +StdEnvVars +ExportCertData +FakeBasicAuth
and adding:
SSLUsername SSL_CLIENT_S_DN_CN
Then simply restart httpd. It may be easier to simply reinstall a new
dev environment if you also need to pull in pulp 2.8.
-Justin
···
On 02/15/2016 08:39 AM, John Mitsch wrote:
- https://github.com/Katello/katello/pull/5778
-
https://github.com/Katello/katello/blob/master/app/models/setting/katello.rb#L24-L25
On 02/12/2016 07:14 PM, Partha Aji wrote:
This email is for people using Katello Devel environment.
After the next git pull from katello master you might notice an error
that looks like -> http://fpaste.org/322051/31886114/ . This is
related to the recent merge of Nodes work to master, where we move to
certs world from oauth world when talking to pulp.
The Fix:
I did the following
On my main box
$ cd /katello-deploy/katello-installer
$ librarian-puppet update
$ cd …
$ vagrant rsync
$ vagrant ssh
$ sudo su -
$ cd /vagrant/katello-installer
$ ./bin/katello-devel-installer
That installed the new certs for me, I was able to then do the normal
rake katello:reset and continue.