Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-18615

[RFE] Provide an alternate method of katello-ca-cosumer to populate custom SSL certs on client systems

XMLWordPrintable

    • Alternate method to refresh certificates
    • False
    • Hide

      None

      Show
      None
    • False
    • Release Notes
    • 2,800
    • 0% To Do, 0% In Progress, 100% Done
    • Hide
      .Provisioning templates for reconfiguring a self-signed CA certificate on hosts

      Satellite now provides public provisioning templates.
      You can use the templates to refresh your self-signed CA certificate on hosts when you renew the CA certificate on Satellite Server.
      You can use the following public provisioning templates:

      `foreman_ca_refresh`:: This template renders a shell script. You can use this template to execute the script on hosts, for example by using remote execution, to configure the CA certificate on hosts automatically.
      `foreman_raw_ca`:: This template renders raw content of the CA certificate. You can use this template to download the CA certificate and configure it on your hosts manually.

      For more information, see {ManagingHostsDocURL}refreshing-the-self-signed-ca-certificate-on-hosts[Refreshing the self-signed CA certificate on hosts] in _{ManagingHostsDocTitle}_.

      link:https://issues.redhat.com/browse/SAT-18615[Jira:SAT-18615]

      .Job templates for running remote scripts on hosts

      Satellite now provides job templates that you can use to download a script from a URL and execute the script on a host.
      You can use one of the following REX templates to run a script from an URL:

      * `Download and run a script` in the `Commands` job category for the Script remote execution provider.
      * `Download and execute a script` in the `Ansible Commands` job category for the Ansible remote execution provider.
      Show
      .Provisioning templates for reconfiguring a self-signed CA certificate on hosts Satellite now provides public provisioning templates. You can use the templates to refresh your self-signed CA certificate on hosts when you renew the CA certificate on Satellite Server. You can use the following public provisioning templates: `foreman_ca_refresh`:: This template renders a shell script. You can use this template to execute the script on hosts, for example by using remote execution, to configure the CA certificate on hosts automatically. `foreman_raw_ca`:: This template renders raw content of the CA certificate. You can use this template to download the CA certificate and configure it on your hosts manually. For more information, see {ManagingHostsDocURL}refreshing-the-self-signed-ca-certificate-on-hosts[Refreshing the self-signed CA certificate on hosts] in _{ManagingHostsDocTitle}_. link: https://issues.redhat.com/browse/SAT-18615 [Jira: SAT-18615 ] .Job templates for running remote scripts on hosts Satellite now provides job templates that you can use to download a script from a URL and execute the script on a host. You can use one of the following REX templates to run a script from an URL: * `Download and run a script` in the `Commands` job category for the Script remote execution provider. * `Download and execute a script` in the `Ansible Commands` job category for the Ansible remote execution provider.
    • Enhancement
    • Rocket
    • 3.12.0
    • Done

      1. Proposed title of this feature request

      A similar option like curl command from Global Registration method, to update\refresh SSL certs on the client systems connected with satellite\capsule instead of using katello-ca-consumer rpm

      2. What is the nature and description of the request?

      Introduction of a snippet\template which can be used to generate a curl command and use the same to update\refresh SSL certs on the client systems

      3. Why does the customer need this? (List the business requirements here)

      This RFE is an extension of https://bugzilla.redhat.com/show_bug.cgi?id=2124052 basically.

      Since katello-ca-consumer rpm has been deprecated and no longer being used for registration purposes, If SSL CA changes in satellite, Then end-users have only one option left with them i.e. completely re-register the system.

      But It should not be required. We should have a similar option present to generate a curl command, that will help deploying the new SSL CA on the client systems.

      4. How would the customer like to achieve this? (List the functional requirements here)

      In the same was as we generate and use the curl command for Global Registration method

      5. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.

      • Install satellite
      • Register a client system
      • Install custom SSL certs on satellite
      • Use the new feature to update the CA on the client system

      6. Is there already an existing RFE upstream or in Red Hat Bugzilla?

      No

      7. Does the customer have any specific time-line dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?

      Satellite 6.13 or as soon as it's feasible

      8. Is the sales team involved in this request and do they have any additional input?

      NA

      9. List any affected packages or components.

      foreman

      10. Would the customer be able to assist in testing this functionality if implemented?

      RH support can

              rhn-engineering-sshtein Shimon Shtein
              rhn-support-saydas Sayan Das
              Shubham Ganar Shubham Ganar
              Lena Ansorgová Lena Ansorgová
              Votes:
              1 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: