Description
Problem description
When migrating Uyuni from 2024.08 to 2024.12 I ran into an error where the RHN-ORG-TRUSTED-SSL-CERT was not migrated to /usr/share/susemanager/salt/certs/RHN-ORG-TRUSTED-SSL-CERT.
Due to this, the states under /usr/share/susemanager/salt/certs did not fail, but emptied the local CA File on all clients and no client was able to get updates with a "SSL certificate problem: unable to get local issuer certifiacte" error.
After copying the cert to the /usr/share/susemanager/salt/certs directory and executing the highstate again, the certs got rolled out again, and updates are working
cp /etc/pki/trust/anchors/LOCAL-RHN-ORG-TRUSTED-SSL-CERT /usr/share/susemanager/salt/certs/RHN-ORG-TRUSTED-SSL-CERT
The Main Problem is, that this "fix" is not reboot persistant, so everytime we restart the Uyuni Server the /usr/share/susemanager/salt/certs/RHN-ORG-TRUSTED-SSL-CERT is emtpy again and we have to manually copy the Filecontent
Steps to reproduce
- check filesize in /usr/share/susemanager/salt/certs/RHN-ORG-TRUSTED-SSL-CERT
- reboot
- check filesize in /usr/share/susemanager/salt/certs/RHN-ORG-TRUSTED-SSL-CERT again
Uyuni version
Information for package Uyuni-Server-release:
---------------------------------------------
Repository : @System
Name : Uyuni-Server-release
Version : 2024.12-241000.225.1.uyuni5
Arch : x86_64
Vendor : obs://build.opensuse.org/systemsmanagement:Uyuni
Support Level : unknown
Installed Size : 1.4 KiB
Installed : Yes (automatically)
Status : up-to-date
Source package : Uyuni-Server-release-2024.12-241000.225.1.uyuni5.src
Upstream URL : https://www.uyuni-project.org/
Summary : Uyuni Server
Description :
Uyuni lets you efficiently manage physical, virtual,
and cloud-based Linux systems. It provides automated and cost-effective
configuration and software management, asset management, and system
provisioning.Uyuni proxy version (if used)
Useful logs
I found nothing in the logs...Additional information
I installed a fresh Testserver to see if this is a generall problem.
There i discovered that the Cert is copied there while uyuni is starting and emtpy on default...
uyuni-server:~ # reboot
...
uyuni-server:~ # mgrctl term
...
uyuni-server:/ # date && ls -la /usr/share/susemanager/salt/certs
Fri Feb 7 10:54:16 AM CET 2025
total 24
drwxr-xr-x. 1 root root 186 Dec 19 14:07 .
drwxr-xr-x. 1 root root 702 Dec 19 14:07 ..
-rw-r--r--. 1 root root 335 Dec 13 15:12 debian.sls
-rw-r--r--. 1 root root 430 Dec 13 15:12 init.sls
lrwxrwxrwx. 1 root root 10 Dec 13 15:12 openeuler.sls -> redhat.sls
-rw-r--r--. 1 root root 623 Dec 13 15:12 redhat.sls
-rw-r--r--. 1 root root 0 Dec 19 14:07 RHN-ORG-TRUSTED-SSL-CERT
-rw-r--r--. 1 root root 835 Dec 13 15:12 suse.sls
-rw-r--r--. 1 root root 395 Dec 13 15:12 update-multi-cert.sh
uyuni-server:/ # date && ls -la /usr/share/susemanager/salt/certs
Fri Feb 7 10:54:17 AM CET 2025
total 28
drwxr-xr-x. 1 root root 48 Dec 19 14:07 .
drwxr-xr-x. 1 root root 10 Dec 19 14:07 ..
-rw-r--r--. 1 root root 335 Dec 13 15:12 debian.sls
-rw-r--r--. 1 root root 430 Dec 13 15:12 init.sls
lrwxrwxrwx. 1 root root 10 Dec 13 15:12 openeuler.sls -> redhat.sls
-rw-r--r--. 1 root root 623 Dec 13 15:12 redhat.sls
-rw-r--r--. 1 root root 2602 Feb 7 10:54 RHN-ORG-TRUSTED-SSL-CERT
-rw-r--r--. 1 root root 835 Dec 13 15:12 suse.sls
-rw-r--r--. 1 root root 395 Dec 13 15:12 update-multi-cert.sh
uyuni-server:/ #
I guess that on my migrated installation we have a problem with the mechanism that copies the certfile to the salt states...
Any ideas how to fix this?
Thanks for your help!
Max