action #34108
closed[sle][functional][y] Network Installations - remote installation over https with self-signed certificate
0%
Description
Acceptance criteria¶
- AC1: At least one scenario for each relevant SLE+openSUSE product conducting an installation using a https-repo with self-signed certificate
Suggestions¶
- https://openqa.suse.de has a SUSE-valid, self-signed certificate so maybe it is simply possible to use https in the MIRROR_HTTP variable however currently in lib/bootloader_setup.pm we do not type the https protocol nor does there seem to be a bootloader menu option for HTTPS explicitly
- Find out (documentation, IRC, bug) how one can use https … if at all
- Adapt test to explicitly use https as remote repo
Updated by okurz about 6 years ago
- Copied from action #15148: [sle][functional][y] Network Installations - HTTPS added
Updated by okurz almost 6 years ago
- Target version changed from Milestone 18 to Milestone 18
Updated by okurz almost 6 years ago
- Description updated (diff)
- Due date set to 2018-08-28
- Assignee set to okurz
openqa_clone_job_osd --skip-chained-deps 1853834 TEST=gnome_https MIRROR_HTTP=https://openqa.suse.de/assets/repo/SLE-12-SP4-Server-DVD-x86_64-Build0292-Media1 _GROUP="Test Development: SLE 12 SP4"
-> Created job #1857779: sle-12-SP4-Server-MINI-ISO-x86_64-Build0292-gnome_http@64bit -> https://openqa.suse.de/t1857779
Updated by okurz almost 6 years ago
- Description updated (diff)
- Status changed from In Progress to Workable
- Assignee deleted (
okurz)
This did not work, see in https://openqa.suse.de/tests/1857779/file/video.ogv#t=10.54,10.58 that we do not enter the protocol and have selected the "HTTP" option in before. I guess documentation needs to be checked if we should set explicitly https://… or a different menu option or if it is simply not supported.
Updated by dheidler almost 6 years ago
What do you mean with "this didn't work"?
What did you expect?
Updated by okurz almost 6 years ago
dheidler wrote:
What do you mean with "this didn't work"?
What happened in the test that the prefix "https" was stripped when entering so I doubt that https is actually used
What did you expect?
I expected that either there is a menu option in the bootloader to select HTTPS explicitly or when we enter "https:/…" in the HTTP variable it would use https – but we did not enter https.
Updated by okurz over 5 years ago
https://en.opensuse.org/index.php?title=SDB:Linuxrc mentions "https" so at least something should work
Updated by JERiveraMoya over 5 years ago
It might be that we only have available HTTP, HTTPS is not an option as is displayed here https://openqa.suse.de/tests/1954582#step/bootloader/10. Probably is that https installation is only available through SMT: https://www.suse.com/documentation/sled-12/book_sle_deployment/data/sec_i_yast2_startup.html
Updated by JERiveraMoya over 5 years ago
I tried in a VM using these boot options: ssl.certs=0 install=https://openqa.suse.de/assets/repo/SLE-12-SP4-Server-DVD-x86_64-Build0351-Media1 and it seems to work because setting up a non-existing build the installer complains about it.
Updated by riafarov over 5 years ago
- Status changed from Workable to In Progress
- Assignee set to riafarov
Updated by riafarov over 5 years ago
So for SLES it's fairly easy, except that we cannot do zVM installations as url is too long. For openSUSE we have can use https, but we have root certificate installed, so it's not self-signed.
s
Updated by riafarov over 5 years ago
- Status changed from In Progress to Feedback
https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/5633 for the tests,
https://gitlab.suse.de/openqa/scripts/commit/6cc6ef307f40fdb2663c5d000b619b04b536cc4a changes to rsync.pl to set https mirror
Updated by riafarov over 5 years ago
- Due date changed from 2018-08-28 to 2018-09-11
Pr merged an hour ago
Updated by riafarov over 5 years ago
Added test suite for all product under development
Updated by riafarov over 5 years ago
- Status changed from Feedback to Resolved
I've cross checked the parent ticket, and it's totally different scope, as it's about booting over http and not remote installation with https repos. I resolve this ticket with part done for SLE.
@okurz, please create tickets accordingly. I believe installation over https is not a priority, but we need to test boot over http(s) which is supported for SLE 15 only as of now, and potentially in openSUSE.
Updated by riafarov over 5 years ago
- Target version changed from Milestone 18 to Milestone 19
Updated by riafarov over 5 years ago
- Status changed from Feedback to Resolved
As confirmed with PO, we have done what's feasible right now.