Direct the users to use the new CA refresh script instead of the rpm #11079
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -143,8 +143,7 @@ def next_steps_message | |||||
| You will have to install the new bootstrap rpm and reregister all clients and #{@plural_proxy} with subscription-manager | ||||||
| (update organization and environment arguments appropriately): | ||||||
|
|
||||||
| set -o pipefail && curl -sS "http://#{@new_hostname}/unattended/public/foreman-ca-refresh" | bash | ||||||
|
There was a problem hiding this comment. Is this what you want?
Suggested change
There was a problem hiding this comment. No. When curl fails, we want to stop bash from running, otherwise the return code of the action would be There was a problem hiding this comment. When the hostname changes on the server, we don't need to perform a CA refresh, we need to perform a sub-man configuration update (to point to the new hostname). There was a problem hiding this comment. @ehelms I take your point about changing from re-registration to reconfiguration. There was a problem hiding this comment. Not the CA certificate since it is not tied to a hostname. There was a problem hiding this comment. I guess, if its only about changing the subscription-manager configuration, something like this is sufficient: https://github.com/theforeman/foreman/blob/develop/app/views/unattended/provisioning_templates/snippet/subscription_manager_setup.erb#L108 ? Then we should also get rid of and rewrite |
||||||
| subscription-manager register --org="Default_Organization" --environment="Library" --force | ||||||
|
There was a problem hiding this comment. Is this the default way to register? I think, using a activation key is more common. Or should is use the HostRegistration template for the whole process? There was a problem hiding this comment. Host registration is actually a good idea, but we can't put here the command that initiates it, since each invocation generates a new token. There was a problem hiding this comment. As I stated above, changing the hostname should not require clients to be re-registered, only re-configured. |
||||||
|
|
||||||
| Then reattach subscriptions to the client(s) and run: | ||||||
|
There was a problem hiding this comment. attach is no longer necessary with SCA? There was a problem hiding this comment. @ianballou any thoughts on this one? I don't mind doing the change, but open to suggestions about what is needed here. |
||||||
|
|
||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please fix this comment.
Maybe something like:
You will have to apply the new katello-ca-consumer and reregister all clients and #{@plural_proxy} with subscription-manager
Comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems entirely wrong. Just because the hostname changes does not require re-registration of a host.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we change Foreman's host name, we will definitely need to reconfigure rhsm to point to the new server, and sometimes (depends if the cert is self-managed for example) we will need the CA to be updated. I think that simplifying the procedure takes precedence here, and having a single procedure will do us good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
None of that requires a host to be re-registered.