Git Product home page Git Product logo

katello-certs-tools's Introduction

Katello

Build Status Code Climate

Full documentation is at https://www.theforeman.org/plugins/katello/

About

Katello is a systems life cycle management plugin to Foreman. Katello allows you to manage thousands of machines with one click. Katello can pull content from remote repositories into isolated environments, and make subscriptions management a breeze.

Currently, it is able to handle Fedora and Red Hat Enterprise Linux based systems.

Development

The most common way to set up Katello for development is to use forklift. This will set up a virtual machine with the Katello codebase checked out. Please use the forklift documentation found in the repository for how to get started with forklift.

If you have questions about or issues with deploying a development environment, feel free to ask for assistance in #theforeman-dev IRC channel on libera.chat or via the community forum

Test Run

At this point, the development environment should be completely setup and the Katello engine functionality available. To verify this, go to your Foreman checkout:

  1. Start the development server

    cd $GITDIR/foreman

bundle exec foreman start

  2. Access Foreman in your browser (e.g. https://<hostname>/). Note that while Rails will listen on port 3000, the dev installer will set up a reverse proxy so HTTPS on port 443 will work.

  3. The first time you do this, you will need to accept the self-signed certificate on port 3808 by first visiting https://<hostname>:3808

  4. Login to Foreman (default: admin and changeme)

  5. If you go to https://<hostname>/about and view the "Plugins" tab, you should see a "Katello" plugin listed.

Reset Development Environment

In order to reset the development environment, all backend data and the database needs to be reset. To reiterate, the following will destroy all data in Pulp, Candlepin and your Foreman/Katello database. From the Foreman checkout run:

rake katello:reset

Found a bug?

That's rather unfortunate. But don't worry! We can help. Just file a bug in our project tracker.

Contributing

See the developer documentation.

Annotated Pulp and Candlepin Workflows and test Scenarios

See the annotation docs for more information.

Contact & Resources

Documentation

Most of our documentation (both for users and developers) can be found at theforeman.org.

katello-certs-tools's People

Contributors

beav avatar ehelms avatar ekohl avatar evgeni avatar inecas avatar jlsherrill avatar jmontleon avatar jturel avatar lachlansimpson avatar pablomh avatar parthaa avatar sean797 avatar stbenjam avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

sean797 paulsd lachlansimpson ehelms ekohl evgeni jlsherrill jturel upadhyeammit pablomh

katello-certs-tools's Issues

Increase Keylength for the apache Certificate

When using just the foreman-installer, the keylength will be set at 4096 Bit.
But with Katello the Keylength will be set at 2048 Bit.

I think it would be nice, changing the Keylength from 2048 Bit to 4096 Bit

2.8.1 breaks Candlepin AMQP Broker

Ohai,

the change in 363f0e1 has broken the AMQP Broker part of Candlepin. Tomcat starts, but fails to listen on port 61613. Looking at /var/log/tomcat/localhost.<date>.log one sees the following traceback:

1) Error injecting constructor, java.io.IOException: Could not read key
  at org.candlepin.pki.CertificateReader.<init>(CertificateReader.java:50)
  at org.candlepin.guice.CandlepinModule.bindPki(CandlepinModule.java:303)
  while locating org.candlepin.pki.CertificateReader
    for the 1st parameter of org.candlepin.pki.impl.JSSPKIUtility.<init>(JSSPKIUtility.java:101)
  while locating org.candlepin.pki.impl.JSSPKIUtility
  at org.candlepin.guice.CandlepinModule.bindPki(CandlepinModule.java:302)
  while locating org.candlepin.pki.PKIUtility
Caused by: java.io.IOException: Could not read key
        at org.candlepin.pki.impl.ProviderBasedPrivateKeyReader$PKCS8EncryptedPrivateKeyPemParser.decode(ProviderBasedPrivateKeyReader.java:210)
        at org.candlepin.pki.PrivateKeyReader$PrivateKeyPemParser.decode(PrivateKeyReader.java:47)
        at org.candlepin.pki.impl.ProviderBasedPrivateKeyReader.readPem(ProviderBasedPrivateKeyReader.java:156)
        at org.candlepin.pki.impl.ProviderBasedPrivateKeyReader.read(ProviderBasedPrivateKeyReader.java:82)
        at org.candlepin.pki.impl.ProviderBasedPrivateKeyReader.read(ProviderBasedPrivateKeyReader.java:60)
        at org.candlepin.pki.CertificateReader.readPrivateKey(CertificateReader.java:78)
        at org.candlepin.pki.CertificateReader.<init>(CertificateReader.java:58)
        at org.candlepin.pki.CertificateReader$$FastClassByGuice$$d3225fea.newInstance(<generated>)
        at com.google.inject.internal.DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:89)
        at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:114)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
        at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:168)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39)
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42)
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:65)
        at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:113)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306)
        at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:62)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
        at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:168)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39)
        at com.google.inject.internal.InternalInjectorCreator.loadEagerSingletons(InternalInjectorCreator.java:213)
        at com.google.inject.internal.InternalInjectorCreator.injectDynamically(InternalInjectorCreator.java:184)
        at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:111)
        at com.google.inject.Guice.createInjector(Guice.java:87)
        at org.jboss.resteasy.plugins.guice.GuiceResteasyBootstrapServletContextListener.contextInitialized(GuiceResteasyBootstrapServletContextListener.java:56)
        at org.candlepin.guice.CandlepinContextListener.contextInitialized(CandlepinContextListener.java:133)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5127)
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5643)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
        at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1260)
        at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:2002)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.5.13 SecretKeyFactory not available
        at java.base/javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:122)
        at java.base/javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:168)
        at org.candlepin.pki.impl.ProviderBasedPrivateKeyReader$PKCS8EncryptedPrivateKeyPemParser.decode(ProviderBasedPrivateKeyReader.java:203)
        ... 42 more

I debugged this a bit further and found the following interesting:

  • the change of the CRYPTO constant to aes265 is fine
  • the change to using openssl genpkey in genServerKey is fine
  • the change to using openssl genpkey in genPrivateCaKey is what's breaking it
  • I think the issue is the format of /etc/candlepin/certs/candlepin-ca.key (it starts with BEGIN RSA PRIVATE KEY in the working case, and with BEGIN ENCRYPTED PRIVATE KEY in the failing case)
    if I convert the key with openssl rsa -in candlepin-ca.key -passin pass:<password> -passout pass:<password> -aes256 Candlepin starts working again.

I don't really understand why the change to the CA key (which the Artemis broker doesn't even need, IMHO) breaks it, but I guess it's safest to just revert the genpkey part of the change and fix it at a later point.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.