Bug #10670
closed
katello-agent doesn't work when custom certs are used
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1222912
Description of problem:
When using custom certificates (issued by commercial or user custom ca), the katello-agent is not able to authorize against the qpid.
Version-Release number of selected component (if applicable):
6.1.0
How reproducible:
Always
Steps to Reproduce:
1. issue custom certificates outside of the installer (https://github.com/iNecas/ownca can be used to do so)
2. configure the katello to use the certificates https://github.com/Katello/katello-installer#custom-server-certificates
3. register a client
4. install the katello-agent
Actual results:
The logs complain about not being able to connect to the qpid. The installation tasks from katello time-out
Expected results:
everything works
Additional info:
The issue was introduced by https://github.com/Katello/puppet-certs/pull/44, with incorrect assumption that the server_ca and candlepin-local ca are always the same (which is not true, when the commercial CA is used as a server_ca). Therefore, we can't use the rhsm settings for using in the agent https://github.com/Katello/katello-agent/pull/20, as that's different use-case and different CA to be used: the rhsm needs a CA to verify that the sat6 server is valid, while the agent uses it for verifying the client certs of the qpid broker.
I also ask for automating this workflow to avoid regressions
Updated by The Foreman Bot almost 9 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/Katello/katello-agent/pull/23 added
- Pull request deleted (
)
Updated by Ivan Necas almost 9 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset katello-agent|2d7f81d679a595dc674b4a9c4e604b7e56c51262.
Updated by Eric Helms almost 9 years ago
- translation missing: en.field_release set to 55
- Triaged changed from No to Yes