Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update procedure Registering a Host to RH Satellite #780

Merged
merged 1 commit into from
Nov 12, 2021
Merged

Update procedure Registering a Host to RH Satellite #780

merged 1 commit into from
Nov 12, 2021

Conversation

Lennonka
Copy link
Contributor

@Lennonka Lennonka commented Oct 26, 2021
edited
Loading

Cherry-pick into:

  • Foreman 3.0
  • Foreman 2.5 (Satellite 6.10)

@Lennonka
Copy link
Contributor Author

@stejskalleos Hi Leos, review time! :) Do you know whether it should be cherry-picked to Foreman 3.0 as well?

@Lennonka Lennonka force-pushed the SATDOC-495-host-registration-ux-improvements branch 2 times, most recently from 906ff69 to fc7471c Compare October 26, 2021 17:48
@Lennonka Lennonka force-pushed the SATDOC-495-host-registration-ux-improvements branch from fc7471c to 6b87481 Compare October 27, 2021 10:44
@Lennonka Lennonka marked this pull request as ready for review November 1, 2021 13:17
maximiliankolb
maximiliankolb requested changes Nov 4, 2021
View reviewed changes
guides/doc-Managing_Hosts/topics/proc_registering-a-host.adoc Outdated Show resolved Hide resolved
guides/doc-Managing_Hosts/topics/proc_registering-a-host.adoc Show resolved Hide resolved
guides/doc-Managing_Hosts/topics/proc_registering-a-host.adoc Outdated Show resolved Hide resolved
guides/doc-Managing_Hosts/topics/proc_registering-a-host.adoc Outdated Show resolved Hide resolved
guides/doc-Managing_Hosts/topics/proc_registering-a-host.adoc Outdated Show resolved Hide resolved
guides/doc-Managing_Hosts/topics/proc_registering-a-host.adoc Outdated Show resolved Hide resolved
guides/doc-Managing_Hosts/topics/proc_registering-a-host.adoc Outdated Show resolved Hide resolved
guides/doc-Managing_Hosts/topics/proc_registering-a-host.adoc Outdated Show resolved Hide resolved
guides/doc-Managing_Hosts/topics/proc_registering-a-host.adoc Outdated Show resolved Hide resolved
@Lennonka Lennonka force-pushed the SATDOC-495-host-registration-ux-improvements branch from 6b87481 to bb6bbe5 Compare November 11, 2021 14:16
@lzap
Copy link
Member

lzap commented Nov 11, 2021

To avoid confusion, what we suggest:

# update-ca-trust enable
# update-ca-trust
# curl -sS https://{foreman-example-com}/register

That is the recommended option. Alternatively, we can mention this:

# curl --insecure -sS https://{foreman-example-com}/register

@Lennonka Lennonka force-pushed the SATDOC-495-host-registration-ux-improvements branch from bb6bbe5 to ad51876 Compare November 11, 2021 14:30
lzap
lzap reviewed Nov 11, 2021
View reviewed changes
guides/doc-Managing_Hosts/topics/proc_registering-a-host.adoc Outdated
# update-ca-trust enable
# update-ca-trust
# curl -sS https://{foreman-example-com}/register ...
----
+
If an attacker, located in the network between {Project} and a host, fetches the CA file from the first insecure call, the attacker will be able to access the content of the API calls to and from the registered host and the JSON Web Tokens (JWT).
Therefore, if you have chosen to deploy SSH keys during registration, the attacker will be able to access the host using the SSH key.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest to move "To do this" after this paragraph.

Then break it up into two snippets: one with the update-ca-trust commands (both) and one with the curl command. That should be divided by some filler, something like "To register a host, use the following command".

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To elaborate this more (I had a meeting sorry), update-ca-trust and curl is one way to do it, the other way is just insecure curl. So we want these two snippets, while I mentioned breaking up the one on line 66-70, that is actually not necessary. Depending on how you like, you might or might not break it I do not insist. It is just we need to have the curl command twice (with and without the insecure option).

I hope it makes sense.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it.
However, I think that the "To do this" paragraph would better fit right after "It is recommended", otherwise the flow doesn't make sense IMHO. Check it out in changed files.

@Lennonka Lennonka force-pushed the SATDOC-495-host-registration-ux-improvements branch from ad51876 to 469d5e7 Compare November 11, 2021 17:01
lzap
lzap approved these changes Nov 12, 2021
View reviewed changes
Copy link
Member

@lzap lzap left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, please file against 2.5 if this is 6.10 material, thanks! Merging.

@lzap lzap merged commit dd39020 into theforeman:master Nov 12, 2021
@Lennonka Lennonka deleted the SATDOC-495-host-registration-ux-improvements branch November 18, 2021 16:07
@Lennonka Lennonka restored the SATDOC-495-host-registration-ux-improvements branch November 25, 2021 13:43
@Lennonka Lennonka mentioned this pull request Nov 25, 2021
Merged
@Lennonka Lennonka deleted the SATDOC-495-host-registration-ux-improvements branch November 25, 2021 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stejskalleos stejskalleos stejskalleos requested changes

@lzap lzap lzap approved these changes

@maximiliankolb maximiliankolb Awaiting requested review from maximiliankolb

Assignees

@maximiliankolb maximiliankolb

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Lennonka @lzap @maximiliankolb @stejskalleos