Bug 1122623
Summary: | Install fails if host puppet certs have already been generated | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Justin Sherrill <jsherril> |
Component: | Installation | Assignee: | Martin Bacovsky <mbacovsk> |
Status: | CLOSED ERRATA | QA Contact: | Andrew Kofink <akofink> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.0.3 | CC: | akofink, asanders, bbuckingham, bkearney, dcleal, jmontleo, jsherril, mmccune, mmello, nmiao, ohadlevy, pmoravec, rvdwees, sauchter, toordog, xdmoon |
Target Milestone: | Unspecified | Keywords: | ReleaseNotes, Triaged |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
URL: | http://projects.theforeman.org/issues/15241 | ||
Whiteboard: | |||
Fixed In Version: | katello-installer-base-3.0.0.50-1 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-07-27 11:14:34 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1115190, 1190823 |
Description
Justin Sherrill
2014-07-23 16:13:03 UTC
Created redmine issue http://projects.theforeman.org/issues/10766 from this bug Puppet is not able to generate proper CA certificates when the client certificate was already generated. In practice it checks if the /var/lib/puppet/ssl exists and if so it skips the CA cert generation. With the existing possibility of having custom ssl dir and existing puppet CA elsewhere it is difficult to detect the situation. With the default installation the installer fails to start httpd on missing - revocation list for foreman apache (/var/lib/puppet/ssl/ca/ca_crl.pem) - ca cert when installed with passenger and puppet ran as master (/var/lib/puppet/ssl/ca/ca_crt.pem) My proposal is to add hook guessing if these these two files will be missing and failing with suggestion of possible fixes. The PR with the hook was pushed to foreman-installer for review and discussion and can be eventually used in katello installer and Satellite installer. I think it would be welcome to have an argument to cleanup the environment after a failed install attempt. I faced the issue described here and tried to reinstall 2-3 times before I find this post and the release note. Result, there is more to clean up on a multiple install attempt than the puppet ssl folder when thing didn't work from the first time and one tried to troubleshoot it. Would it be possible to create a cleanup flag that would reset the environment to as if the package just been installed and kastelo-installer never ran? Just a note: same applies to capsule-installer so a fix needs to be applicable to Capsule installation as well. Reset docs contact <> daobrien Created redmine issue http://projects.theforeman.org/issues/15241 from this bug As installer hooks are not shared among Foreman and Katello/Satellite scenarios I proposed the same patch also to Katello installer. Moving to POST since upstream bug http://projects.theforeman.org/issues/15241 has been closed Verified. Version tested: satellite-6.2.0-19.1.el7sat.noarch After installing puppet and ensuring the ssl certificate was created, installing Satellite yields the following expected output: The file /var/lib/puppet/ssl/certs/ca.pem does not exist. - is Puppet already installed without Puppet CA? You can remove the existing certificates with 'rm -rf /var/lib/puppet/ssl' to get Puppet CA properly configured. - if you use custom Puppet SSL directory (--foreman-proxy-ssldir) make sure the directory exists and contain the CA certificate. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1501 *** Bug 1187264 has been marked as a duplicate of this bug. *** |