- Issued:
- 2015-01-16
- Updated:
- 2015-01-16
RHBA-2015:0054 - Red Hat Satellite 6 server bug fix update
Synopsis
Red Hat Satellite 6 server bug fix update
Type/Severity
Bug Fix Advisory
Topic
Updated the following packages to fix several bugs in Red Hat Satellite 6:
foreman foreman-proxy katello-agent pulp pulp-nodes pulp-puppet pulp-rpm ruby193-rubygem-fog ruby193-rubygem-foreman-tasks
packages. These packages are now available in Red Hat Satellite 6.
Description
Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
This update fixes the following bugs: *BZ1107690 When cloud_init attempts to contact Foreman to complete the phone_home action, it fails with a HTTP 500 error due to incorrect data being transmitted in the POST header. To rectify this error, post settings are now being cleared when attempting to complete the phone_home action.
*BZ1119910 katello-installer fails to execute when the host system has restrictive umasks. The restrictive umasks affects permissions and access to the keystore and certain cert files. This fix will set the umask to the required value for installation to make sure that the installation goes through properly.
*BZ1128296 When synchronizing content, the User Interface fails to complete the synchronization process and hangs indefinitely, despite the pulp logs registering errors. This error was caused by an incomplete URL. All URL parameters must contain the full address and requires the "http" or "https" protocol. Pre-validation checks have been implemented to check the proxy URL and provide an error message should the proxy URL fail to comply with the requirements.
*BZ1139152 katello-remove fails to remove the ruby193-rubygem-foreman-tasks package on a RHEL 7 system because of preun script errors related to turning off services. The preun script used the chkconfig command to turn off tasks which is not compatible with RHEL 7. This fix corrects the preun script to include the correct commands for different RHEL versions. katello-remove should correctly remove the package.
*BZ1142861 When provisioning a VMWare virtual machine that is in a cluster in a folder, the provisioning process fails with the error "Failed to create a compute VMWare (VMWare) instance client.example.com: cluster is required for this operation". Red Hat Satellite could not detect clusters within folders. This fix adds support for clusters located below folders as well as VMWare machine setups in a non-clustered environment.
*BZ1152720 Foreman Smart Proxy failed to verify SSL certificates. This permits any client with access to the API to make requests and perform actions. Foreman Smart Proxy now runs a check on SSL certificates to verify identity, forbidding HTTPS requests when there is no client SSL certificate.
*BZ1159327 On a Satellite server using an http proxy connection, selecting repositories fails with an SSL_connect error. Some proxy servers do not support SSLv23 and TLS 1.2 which Red Hat Satellite requires. To fix this issue, Satellite now allows the administrator to specify a SSL version via the /etc/foreman/plugins/katello.yaml.
*BZ1165301 When executing a daily sync plan, the synchronization process freezes with "Sync Incomplete" resulting in pulp errors in the log file. The error occurs when the downloaded packages are being verified wherein the checksum_type is being reported as SHA while pulp explicitly handles SHA1. To fix this issue, the verification process returns the "SHA" value to "SHA1" to comply with pulp requirements.
*BZ1168010 On a RHEL 7 system, ruby upgrades changed the accepted format for io.popen resulting in ssh puppet commands being incorrectly formatted. This prevented the commands from executing. The format has been corrected in this fix.
*BZ1173228 RHEV/ovirt instances with non self-signed server certificates could not connect to the Satellite server. To fix this issue, the CA field has been changed to an editable field so that administrators can provide the correct CA or CA chain in the correct order.
All Red Hat Satellite 6 users are advised to upgrade to these updated packages to resolve the bugs above.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via Red Hat Subscription Management. Details on how to use Red Hat Subscription Management are available at https://access.redhat.com/articles/433903.
NOTE: This update requires additional steps to complete beyond just installing new packages. To complete this update please follow the steps outlined below:
To update your Satellite or Capsule with this or other errata please follow these instructions:
SATELLITE SERVER
I. Shut down all Satellite related services. During this time managed hosts will not be able to install packages or apply configuration, so plan accordingly.
katello-service stop
Shutting down Katello services... Stopping httpd: [ OK ] celery init v10.0. ...
II. update packages via yum
yum clean all
yum update
This step will download and install any available Satellite errata as well as any other pending updates (such as RHEL) to Satellite 6 server. Review the list of packages being updated and accept with Y/N
III. Perform data migration
service mongod start
sudo -u apache pulp-manage-db
katello-service start
foreman-rake katello:reindex
these steps may take some amount of time, let them run to completion. After the last command is complete your Satellite is ready for use.
CAPSULE SERVER
I. Stop all services: The Satellite Capsule currently lacks a wrapper utility to start/stop all associated services so they must be stopped manually. See this article to see how to stop all services:
for i in pulp_celerybeat pulp_resource_manager pulp_workers httpd foreman-proxy; do service $i stop; done
II. update packages via yum
yum clean all
yum update
This step will download and install any available Satellite Capsule errata as well as any other pending updates (such as RHEL) to Satellite 6 Capsule server. Review the list of packages being updated and accept with Y/N
III. Perform data migration
sudo -u apache pulp-manage-db
this step may take some amount of time, let it run to completion.
III. Restart services:
for i in pulp_celerybeat pulp_resource_manager pulp_workers httpd foreman-proxy; do service $i start; done
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Satellite | 6.0 | x86_64 |
| Red Hat Satellite | 6.0 | x86_64 |
| Red Hat Satellite Capsule | 6.0 | x86_64 |
| Red Hat Satellite Capsule | 6.0 | x86_64 |
Updated Packages
- ruby193-rubygem-foreman-tasks-0.6.9-1.2.el7sat.src.rpm
- foreman-postgresql-1.6.0.51-1.el7sat.noarch.rpm
- pulp-rpm-2.4.4-1.1.el6sat.src.rpm
- foreman-proxy-1.6.0.33-1.el7sat.noarch.rpm
- katello-agent-1.5.3-7.el6sat.noarch.rpm
- foreman-postgresql-1.6.0.51-1.el6sat.noarch.rpm
- pulp-2.4.4-1.el6sat.src.rpm
- pulp-nodes-child-2.4.4-1.el7sat.noarch.rpm
- ruby193-rubygem-foreman-tasks-0.6.9-1.2.el6sat.noarch.rpm
- pulp-server-2.4.4-1.el6sat.noarch.rpm
- katello-installer-0.0.67-1.el7sat.noarch.rpm
- python-pulp-puppet-common-2.4.4-1.el7sat.noarch.rpm
- pulp-rpm-handlers-2.4.4-1.1.el7sat.noarch.rpm
- foreman-ovirt-1.6.0.51-1.el6sat.noarch.rpm
- katello-installer-0.0.67-1.el6sat.src.rpm
- pulp-rpm-plugins-2.4.4-1.1.el7sat.noarch.rpm
- python-pulp-common-2.4.4-1.el7sat.noarch.rpm
- ruby193-rubygem-foreman-tasks-0.6.9-1.2.el7sat.noarch.rpm
- foreman-libvirt-1.6.0.51-1.el7sat.noarch.rpm
- pulp-rpm-admin-extensions-2.4.4-1.1.el6sat.noarch.rpm
- pulp-rpm-handlers-2.4.4-1.1.el6sat.noarch.rpm
- pulp-selinux-2.4.4-1.el7sat.noarch.rpm
- python-pulp-common-2.4.4-1.el6sat.noarch.rpm
- foreman-proxy-1.6.0.33-1.el6sat.src.rpm
- pulp-nodes-2.4.4-1.el7sat.src.rpm
- ruby193-rubygem-fog-1.21.0-3.2.el7sat.noarch.rpm
- pulp-2.4.4-1.el7sat.src.rpm
- katello-agent-1.5.3-7.el7sat.src.rpm
- python-pulp-client-lib-2.4.4-1.el6sat.noarch.rpm
- ruby193-rubygem-foreman-tasks-0.6.9-1.2.el6sat.src.rpm
- katello-installer-0.0.67-1.el6sat.noarch.rpm
- foreman-gce-1.6.0.51-1.el7sat.noarch.rpm
- pulp-nodes-common-2.4.4-1.el6sat.noarch.rpm
- foreman-proxy-1.6.0.33-1.el6sat.noarch.rpm
- katello-agent-1.5.3-7.el7sat.noarch.rpm
- pulp-puppet-admin-extensions-2.4.4-1.el7sat.noarch.rpm
- pulp-puppet-plugins-2.4.4-1.el7sat.noarch.rpm
- pulp-admin-client-2.4.4-1.el7sat.noarch.rpm
- pulp-nodes-common-2.4.4-1.el7sat.noarch.rpm
- python-pulp-agent-lib-2.4.4-1.el7sat.noarch.rpm
- pulp-nodes-parent-2.4.4-1.el6sat.noarch.rpm
- pulp-puppet-admin-extensions-2.4.4-1.el6sat.noarch.rpm
- pulp-puppet-plugins-2.4.4-1.el6sat.noarch.rpm
- pulp-nodes-child-2.4.4-1.el6sat.noarch.rpm
- foreman-1.6.0.51-1.el7sat.src.rpm
- foreman-vmware-1.6.0.51-1.el6sat.noarch.rpm
- python-pulp-bindings-2.4.4-1.el7sat.noarch.rpm
- katello-installer-0.0.67-1.el7sat.src.rpm
- foreman-ovirt-1.6.0.51-1.el7sat.noarch.rpm
- pulp-rpm-admin-extensions-2.4.4-1.1.el7sat.noarch.rpm
- foreman-compute-1.6.0.51-1.el7sat.noarch.rpm
- pulp-server-2.4.4-1.el7sat.noarch.rpm
- ruby193-rubygem-fog-1.21.0-3.2.el6sat.noarch.rpm
- pulp-nodes-2.4.4-1.el6sat.src.rpm
- pulp-puppet-2.4.4-1.el6sat.src.rpm
- python-pulp-puppet-common-2.4.4-1.el6sat.noarch.rpm
- pulp-admin-client-2.4.4-1.el6sat.noarch.rpm
- foreman-1.6.0.51-1.el6sat.src.rpm
- katello-agent-1.5.3-7.el6sat.src.rpm
- pulp-nodes-parent-2.4.4-1.el7sat.noarch.rpm
- python-pulp-agent-lib-2.4.4-1.el6sat.noarch.rpm
- foreman-gce-1.6.0.51-1.el6sat.noarch.rpm
- pulp-selinux-2.4.4-1.el6sat.noarch.rpm
- python-pulp-bindings-2.4.4-1.el6sat.noarch.rpm
- pulp-rpm-plugins-2.4.4-1.1.el6sat.noarch.rpm
- python-pulp-client-lib-2.4.4-1.el7sat.noarch.rpm
- pulp-puppet-tools-2.4.4-1.el7sat.noarch.rpm
- foreman-1.6.0.51-1.el7sat.noarch.rpm
- foreman-libvirt-1.6.0.51-1.el6sat.noarch.rpm
- python-pulp-rpm-common-2.4.4-1.1.el6sat.noarch.rpm
- ruby193-rubygem-fog-1.21.0-3.2.el6sat.src.rpm
- foreman-1.6.0.51-1.el6sat.noarch.rpm
- ruby193-rubygem-fog-1.21.0-3.2.el7sat.src.rpm
- pulp-puppet-tools-2.4.4-1.el6sat.noarch.rpm
- foreman-proxy-1.6.0.33-1.el7sat.src.rpm
- pulp-puppet-2.4.4-1.el7sat.src.rpm
- foreman-vmware-1.6.0.51-1.el7sat.noarch.rpm
- pulp-rpm-2.4.4-1.1.el7sat.src.rpm
- foreman-compute-1.6.0.51-1.el6sat.noarch.rpm
- python-pulp-rpm-common-2.4.4-1.1.el7sat.noarch.rpm
Fixes
- This content is not included.BZ - 1107690
- This content is not included.BZ - 1119910
- This content is not included.BZ - 1128296
- This content is not included.BZ - 1139152
- This content is not included.BZ - 1165301
- This content is not included.BZ - 1168010
- This content is not included.BZ - 1173228
CVEs
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.