Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-29480

How to configure the External PostgreSQL database Server to use SSL to Connect Red Hat Satellite 6 securely?

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • 0
    • Platform
    • Important
    • None

      Description of problem:

      Configure the External PostgreSQL database for Red Hat Satellite 6 over SSL
       

      https://docs.redhat.com/en/documentation/red_hat_satellite/6.15/html-single/installing_satellite_server_in_a_connected_network_environment/index#Configuring_Server_to_Use_External_Databases_satellite

      =========================================

      We support configuring external PostgreSQL databases for Red Hat Satellite 6 over SSL. However, the current documentation lacks detail and can be made more user-friendly. Please enhance the following section:
      ~~~~~~~~~~~~~~~~~~~~~~~~~
      To enable the Secure Sockets Layer (SSL) protocol for these external databases, add the following options:

      --foreman-db-root-cert <path_to_CA>
      --foreman-db-sslmode verify-full
      --foreman-proxy-content-pulpcore-postgresql-ssl true
      --foreman-proxy-content-pulpcore-postgresql-ssl-root-ca <path_to_CA>
      --katello-candlepin-db-ssl true
      --katello-candlepin-db-ssl-ca <path_to_CA>
      --katello-candlepin-db-ssl-verify true
      ~~~~~~~~~~~~~~~~~~~~~~~~~

      Recently, while assisting a customer with configuring an external PostgreSQL database for Red Hat Satellite 6 over SSL, the process failed with the following error:
      ~~~~~~~~~~~~~~~~~~~~~~~~~~
      2024-10-04 10:52:55 [INFO ] [configure] /Stage[main]/Pulpcore::Database/Pulpcore::Admin[migrate --noinput]/Exec[pulpcore-manager migrate --noinput]/returns: django.db.utils.OperationalError: connection failed: Permission denied
      2024-10-04 10:52:55 [ERROR ] [configure] 'pulpcore-manager migrate --noinput' returned 1 instead of one of [0]
      2024-10-04 10:52:55 [ERROR ] [configure] /Stage[main]/Pulpcore::Database/Pulpcore::Admin[migrate --noinput]/Exec[pulpcore-manager migrate --noinput]/returns: change from 'notrun' to ['0'] failed: 'pulpcore-manager migrate --noinput' returned 1 instead of one of [0]
      ~~~~~~~~~~~~~~~~~~~~~~~~~~

      Issue:

      The error was traced back to insufficient permissions for the pulp user to access the SSL certificate files. The issue was resolved by updating the certificate file permissions.

      Request:

      Please coordinate with the component owner to clarify the correct permissions needed for the certificate files and update the documentation accordingly.

      These additions will help users avoid common configuration errors and ensure smoother SSL setups.

              Unassigned Unassigned
              rhn-support-sadas Satyajit Das
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: