Capsule sync fails with "Connection hostname 'localhost' does not match names from peer certificate"
Environment
- Red Hat Satellite 6.3
Issue
- After upgrade from Satellite 6.2 to 6.3, Capsule sync fails and seeing the following error from logs.
Mar 1 14:31:06 blrhcap01 pulp: celery.beat:ERROR: beat: Connection error: ("Connection hostname 'localhost' does not match names from peer certificate: ['satellite.example.com', u'satellite.example.com']",). Trying again in 12.0 seconds...
Mar 1 14:31:06 blrhcap01 pulp: celery.worker.consumer:ERROR: (3029-31488) consumer: Cannot connect to qpid://localhost:5671//: ("Connection hostname 'localhost' does not match names from peer certificate: ['satellite.example.com', u'satellite.example.com']",).
Mar 1 14:31:06 blrhcap01 pulp: celery.worker.consumer:ERROR: (3029-31488) Trying again in 12.00 seconds...
Mar 1 14:31:06 blrhcap01 pulp: celery.worker.consumer:ERROR: (3029-31488)
- Upgraded capsule content sync fails with 'Pulp message bus connection issue'.
Resolution
- Generated new Capsule certificate on Satellite server as follows and activated on Capsule.
For Capsule Server with a Default Server Certificate:
# capsule-certs-generate --foreman-proxy-fqdn mycapsule.example.com \
--certs-tar mycapsule.example.com-certs.tar --certs-update-all
For Capsule Server with a Custom Server Certificate:
# capsule-certs-generate --foreman-proxy-fqdn capsule.example.com \
--certs-tar /root/capsule_cert/capsule_certs.tar \
--server-cert /root/capsule_cert/capsule_cert.pem \
--server-cert-req /root/capsule_cert/capsule_cert_csr.pem \
--server-key /root/capsule_cert/capsule_cert_key.pem \
--server-ca-cert /root/sat_cert/ca_cert_bundle.pem \
--certs-update-server --certs-update-all
refer: 4.7.6. Configuring Capsule Server with a Custom Server Certificate.
Note: Do not remove '--certs-update-all'
- Copy the archive file to the Capsule Server.
# scp mycapsule.example.com-certs.tar mycapsule.example.com:~/
- Perform the upgrade by running the installer script with the --upgrade option
# satellite-installer --scenario capsule --upgrade \
--foreman-proxy-content-certs-tar mycapsule.example.com-certs.tar \
--certs-update-all --certs-regenerate true --certs-deploy true
- See 2.4. Upgrading Capsule Servers to get more information on upgrading Capsule server.
Root Cause
- Incomplete Capsule upgrade causes hostname change from Capsule.example.com to 'localhost'.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
