[Satellite6] Where can I get information what is the latest version of katello-ca-consumer package?

Solution Verified - Updated 2 Aug 2024

Environment

Red Hat Satellite 6

Issue

some Content Host having SSL issues when communicating / registering to Satellite or Capsule
knowing the Content Host has installed katello-ca-consumer version 1.0-X, how can I check if it is the latest one?

Resolution

There are several options available:

Check the "latest" symbolic link on the Satellite

If you are connected to the Satellite, check where /var/www/html/pub/katello-ca-consumer-latest.noarch.rpm points to. Be aware of this bug where the symlink points to an older RPM (issue fixed since Satellite 6.2)

Reinstall `katello-ca-consumer` package

Run rpm -Uvh http://satellite-or-capsule.example.com/pub/katello-ca-consumer-latest.noarch.rpm on the Content Host to get the latest package. Checking what version is installed provides the answer, and also the Content Host is assured to have the newest package version. Note that services using the package (like goferd) needs to be restarted to reload the certificates.

Check via web browser

In a web browser, open http://satellite-or-capsule.example.com/pub/ and check katello-ca-consumer-latest.noarch.rpm file there. To know the package version, find highest *1.0-X.noarch.rpm number there.

In `katello_ssl_build_dir` collected by `foreman-debug`

Below check works well for Satellite only, not for Capsule. Search for <satellite.fqdn>-apache- files in katello_ssl_build_dir file listing /root/ssl-build. Below commands print them (assuming user is in foreman-debug tarball):

fqdn=$(grep "^fqdn =>" facts | awk '{ print $3 }')   # gets me FQDN of the Satellite
grep "/root/ssl-build/${fqdn}/${fqdn}-apache-" katello_ssl_build_dir | grep noarch | awk '{ print $11 }' | sort

In installer logs collected by `foreman-debug`:

Works for both Capsule and Satellite, but only in case of complete logs (e.g. sosreport calling foreman-debug truncates logs to 50000 lines)

grep for katello-certs-gen-rpm in /var/log/katello-installer or /var/log/capsule-installer directory and find highest --release X number there, like:

[DEBUG 2015-10-17 23:17:14 main]  Executing '/usr/bin/katello-certs-gen-rpm --name katello-ca-consumer-my-capsule.example.com --version 1.0 --release 4 --packager None --vendor None --group Applications/System --summary Subscription-manager consumer certificate for Katello instance my-capsule.example.com --description Consumer certificate and post installation script that configures rhsm. --requires subscription-manager --post /var/www/html/pub/rhsm-katello-reconfigure /etc/rhsm/ca/katello-default-ca.pem:644=/etc/pki/katello/certs/katello-default-ca.crt /etc/rhsm/ca/katello-server-ca.pem:64

Here the package version is 1.0-4.

For more KB articles/solutions related to Red Hat Satellite 6.x SSL Certificates Issues, please refer to the Consolidated Troubleshooting Article for Red Hat Satellite 6.x SSL Certificates Issues

SBR

SysMgmt

Product(s)

Red Hat Satellite

Components

foreman

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.