Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-19377

capsule-certs-generate modifies a file foreman-proxy-certs.yaml under /usr/share making rpm verify fail

XMLWordPrintable

    • None
    • None
    • None
    • None

      Description of problem:
      capsule-certs-generate modifies a file foreman-proxy-certs.yaml under /usr/share making rpm verify fail.

      Before:
      ~~~
      ~# ls -l /usr/share/foreman-installer/katello-certs/scenarios.d/foreman-proxy-certs.yaml
      rw-rr-. 1 root root 912 Sep 6 20:22 /usr/share/foreman-installer/katello-certs/scenarios.d/foreman-proxy-certs.yaml

      :~# rpm -V foreman-installer-katello
      S.5....T. c /etc/foreman-installer/scenarios.d/foreman-proxy-content.yaml
      S.5....T. c /etc/foreman-installer/scenarios.d/katello.yaml
      ~~~

      Create certs for a dummy capsule
      ~~~
      ~# CAPSULE="dummy.example.com"; capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" --certs-tar "/root/$CAPSULE-certs.tar"
      Preparing installation Done
      Success!

      To finish the installation, follow these steps:

      If you do not have the Capsule registered to the Satellite instance, then please do the following:

      1. yum -y localinstall http://example.satellite.com/pub/katello-ca-consumer-latest.noarch.rpm
      2. subscription-manager register --org "Default_Organization"

      Once this is completed run the steps below to start the Capsule installation:

      1. Ensure that the satellite-capsule package is installed on the system.
      2. Copy the following file /root/dummy.example.com-certs.tar to the system dummy.example.com at the following location /root/dummy.example.com-certs.tar
      scp /root/dummy.example.com-certs.tar root@dummy.example.com:/root/dummy.example.com-certs.tar
      3. Run the following commands on the Capsule (possibly with the customized
      parameters, see satellite-installer --scenario capsule --help and
      documentation for more info on setting up additional services):

      satellite-installer \
      --scenario capsule \
      --certs-tar-file "/root/dummy.example.com-certs.tar"\
      --foreman-proxy-register-in-foreman "true"\
      --foreman-proxy-foreman-base-url "https://example.satellite.com"\
      --foreman-proxy-trusted-hosts "example.satellite.com"\
      --foreman-proxy-trusted-hosts "dummy.example.com"\
      --foreman-proxy-oauth-consumer-key "fWVNkiLBSUbjwWHfXZRSEmAuYDMQUhp5"\
      --foreman-proxy-oauth-consumer-secret "U925QwN4taN8EBKvBvaMu7MhyDuPs2b4"
      ~~~

      After rpm validate is failing, the file scenarios.d/foreman-proxy-certs.yaml in /usr/share is modifed and also written with 600 instead of the rpm defoined 644
      ~~~
      :~# rpm -V foreman-installer-katello
      S.5....T. c /etc/foreman-installer/scenarios.d/foreman-proxy-content.yaml
      S.5....T. c /etc/foreman-installer/scenarios.d/katello.yaml
      SM5....T. /usr/share/foreman-installer/katello-certs/scenarios.d/foreman-proxy-certs.yaml

      ~# ls -l /usr/share/foreman-installer/katello-certs/scenarios.d/foreman-proxy-certs.yaml
      rw------. 1 root root 998 Nov 25 11:20 /usr/share/foreman-installer/katello-certs/scenarios.d/foreman-proxy-certs.yaml
      ~~~

      Version-Release number of selected component (if applicable):
      6.11

      Actual results:
      File is modified and permissions are changed.

      Expected results:
      File should not be modified and permission should remain intact.

      Additional info:

              jira-bugzilla-migration RH Bugzilla Integration
              rhn-support-vdeshpan Vedashree Deshpande
              RH Bugzilla Integration RH Bugzilla Integration
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: