Bug 1227757

Summary:

katello-installer fails when used with custom certificate

Product:

Red Hat Satellite

Reporter:

Tazim Kolhar <tkolhar>

Component:

Hammer

Assignee:

Katello Bug Bin <katello-bugs>

Status:

CLOSED CURRENTRELEASE

QA Contact:

Tazim Kolhar <tkolhar>

Severity:

medium

Docs Contact:

Priority:

unspecified

Version:

6.1.0

CC:

bkearney, cwelton, ehelms, inecas, sghai

Target Milestone:

Unspecified

Target Release:

Unused

Hardware:

x86_64

OS:

Linux

URL:

http://projects.theforeman.org/issues/10591

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2015-08-12 13:58:01 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
foreman-debug attached	none

Description Tazim Kolhar 2015-06-03 12:40:13 UTC

Created attachment 1034291 [details]
foreman-debug attached

Description of problem:
katello-installer fails when used with custom certificate

Version-Release number of selected component (if applicable):
# rpm -qa | grep foreman
foreman-1.7.2.25-1.el7sat.noarch
ruby193-rubygem-foreman-tasks-0.6.12.5-1.el7sat.noarch
ruby193-rubygem-foreman_gutterball-0.0.1.9-1.el7sat.noarch
tyan-gt24-11.rhts.eng.bos.redhat.com-foreman-client-1.0-1.noarch
tyan-gt24-11.rhts.eng.bos.redhat.com-foreman-proxy-client-1.0-1.noarch
ruby193-rubygem-foreman_docker-1.2.0.14-1.el7sat.noarch
foreman-debug-1.7.2.25-1.el7sat.noarch
foreman-ovirt-1.7.2.25-1.el7sat.noarch
ruby193-rubygem-foreman-redhat_access-0.1.0-1.el7sat.noarch
rubygem-hammer_cli_foreman_bootdisk-0.1.2.7-1.el7sat.noarch
rubygem-hammer_cli_foreman_docker-0.0.3.6-1.el7sat.noarch
foreman-selinux-1.7.2.13-1.el7sat.noarch
ruby193-rubygem-foreman_bootdisk-4.0.2.13-1.el7sat.noarch
foreman-vmware-1.7.2.25-1.el7sat.noarch
ruby193-rubygem-foreman_hooks-0.3.7-2.el7sat.noarch
rubygem-hammer_cli_foreman_discovery-0.0.1.10-1.el7sat.noarch
foreman-proxy-1.7.2.4-1.el7sat.noarch
tyan-gt24-11.rhts.eng.bos.redhat.com-foreman-proxy-1.0-2.noarch
foreman-gce-1.7.2.25-1.el7sat.noarch
rubygem-hammer_cli_foreman-0.1.4.12-1.el7sat.noarch
foreman-compute-1.7.2.25-1.el7sat.noarch
ruby193-rubygem-foreman_discovery-2.0.0.14-1.el7sat.noarch
rubygem-hammer_cli_foreman_tasks-0.0.3.4-1.el7sat.noarch
foreman-libvirt-1.7.2.25-1.el7sat.noarch
foreman-postgresql-1.7.2.25-1.el7sat.noarch


How reproducible:
everytime

Steps to Reproduce:
1.1. issue custom certificates outside of the installer (https://github.com/iNecas/ownca can be used to do so)
2.configure the katello to use the certificates https://github.com/Katello/katello-installer#custom-server-certificates

3.# katello-installer --certs-server-cert /root/ownca/tyan-gt24-11.rhts.eng.bos.redhat.com/tyan-gt24-11.rhts.eng.bos.redhat.com.crt --certs-server-cert-req /root/ownca/tyan-gt24-11.rhts.eng.bos.redhat.com/tyan-gt24-11.rhts.eng.bos.redhat.com.crt.req --certs-server-key /root/ownca/tyan-gt24-11.rhts.eng.bos.redhat.com/tyan-gt24-11.rhts.eng.bos.redhat.com.key --certs-server-ca-cert /root/ownca/cacert.crt --certs-update-server --certs-update-server-ca
Marking certificate /root/ssl-build/tyan-gt24-11.rhts.eng.bos.redhat.com/tyan-gt24-11.rhts.eng.bos.redhat.com-apache for update
Marking certificate /root/ssl-build/tyan-gt24-11.rhts.eng.bos.redhat.com/tyan-gt24-11.rhts.eng.bos.redhat.com-foreman-proxy for update
Marking certificate /root/ssl-build/katello-server-ca for update
Installing             Info: START 618                                    [0%] [Installing             Debug: /Stage[main]/Pulp::Service/notify: subscrib [0%] [Installing             Debug: /Stage[main]/Apache::Default_mods/Apache::M [0%] [Installing             Debug: /Stage[main]/Apache::Mod::Ssl/Apache::Mod[s [0%] [Installing             Debug: /Stage[main]/Pulp::Config/File[/etc/pulp/se [0%] [Installing             Debug: /Stage[main]/Qpid::Router::Config/Concat_bu [0%] [Installing             Debug: /Stage[main]/Apache::Mod::Headers/Apache::M [0%] [Installing             Info: Applying configuration version '1433333320'  [0%] [Installing             Info: RESOURCE File[/var/lib/puppet/concat]        [0%] [Installing             Info: RESOURCE File[/var/lib/puppet/concat/bin/con [0%] [Installing             Info: RESOURCE Package[mongodb_client]             [0%] [Installing             Info: RESOURCE Kafo_configure::Yaml_to_class[forem [1%] [Installing             Info: RESOURCE Apache::Mod[access_compat]          [3%] [Installing             Info: RESOURCE Postgresql::Server::Db[candlepin]   [5%] [Installing             Debug: Executing '/usr/bin/rpm -Uvh --force /root/ [7%] [Installing             Notice: /Stage[main]/Certs/Ca[katello-server-ca]/e [7%] [Installing             Info: RESOURCE Kafo_configure::Yaml_to_class[capsu [8%] [Installing             Info: RESOURCE Ca[katello-default-ca]              [9%] [Installing             Info: RESOURCE Cert[tyan-gt24-11.rhts.eng.bos.redh [10%] Installing             Info: RESOURCE Exec[Create Puppet Reports dir]     [10%] Installing             Info: RESOURCE Apache::Mod[authz_core]             [13%] Installing             Info: RESOURCE Cert[tyan-gt24-11.rhts.eng.bos.redh [14%] Installing             Info: RESOURCE Concat_fragment[qdrouter+footer.con [15%] Installing             Info: RESOURCE Package[foreman-selinux]            [16%] Installing             Info: RESOURCE File[/etc/foreman-proxy/settings.d/ [19%] Installing             Info: RESOURCE Cert[tyan-gt24-11.rhts.eng.bos.redh [19%] Installing             Info: RESOURCE Kafo_configure::Yaml_to_class[katel [21%] Installing             Info: RESOURCE File[/etc/httpd/conf/httpd.conf]    [26%] Installing             Info: RESOURCE File[vhost_alias.load]              [28%] Installing             Info: RESOURCE File[dir.load]                      [32%] Installing             Info: RESOURCE File[systemd-override]              [36%] Installing             Debug: /Stage[main]/Postgresql::Server::Config/Con [39%] Installing             Debug: Executing '/usr/bin/systemctl is-active ela [41%] Installing             Info: RESOURCE Apache::Mod[deflate]                [44%] Installing             Debug: /File[/var/lib/puppet/concat/_etc_candlepin [47%] Installing             Info: RESOURCE Concat[/etc/httpd/conf/ports.conf]  [50%] Installing             Info: RESOURCE File[rewrite.load]                  [52%] Installing             Info: RESOURCE Apache::Mod[authz_host]             [55%] Installing             Info: RESOURCE Pubkey[/etc/pki/katello/certs/katel [58%] Installing             Info: RESOURCE Postgresql::Server::Pg_hba_rule[loc [60%] Installing             Info: RESOURCE Concat[/var/lib/pgsql/data/pg_hba.c [62%] Installing             Info: RESOURCE Cert[tyan-gt24-11.rhts.eng.bos.redh [63%] Installing             Info: RESOURCE Service[postgresqld]                [64%] Installing             Debug: /Stage[main]/Gutterball::Database/Postgresq [65%] Installing             Debug: /Stage[main]/Foreman::Database::Postgresql/ [66%] Installing             Debug: /Stage[main]/Candlepin::Database::Postgresq [67%] Installing             Debug: /Stage[main]/Candlepin::Database::Postgresq [67%] Installing             Debug: /Stage[main]/Gutterball::Database/Postgresq [68%] Installing             Debug: /Stage[main]/Gutterball::Database/Postgresq [69%] Installing             Debug: /Stage[main]/Candlepin::Database::Postgresq [70%] Installing             Info: RESOURCE File[/etc/mongodb.conf]             [72%] Installing             Debug: /Stage[main]/Gutterball::Database/Postgresq [72%] Installing             Debug: /Stage[main]/Gutterball::Database/Postgresq [74%] Installing             Debug: Class[Certs]: The container Stage[main] wil [76%] Installing             Debug: Executing '/usr/bin/rpm -Uvh --force /root/ [76%] Installing             Notice: /Stage[main]/Certs::Apache/Cert[tyan-gt24- [76%] Installing             Notice: /Stage[main]/Certs::Apache/Pubkey[/etc/pki [76%] Installing             Info: RESOURCE Cert[gutterball-certs]              [77%] Installing             Debug: /Stage[main]/Foreman::Database::Postgresql/ [78%] Installing             Info: RESOURCE Group[qpidd]                        [80%] Installing             Debug: /File[/etc/httpd/conf.d/05-foreman.d]/selty [82%] Installing             Debug: /File[/etc/httpd/conf.d/dav_fs.load]/seluse [82%] Installing             Debug: /File[/etc/httpd/conf.d/filter.load]/seltyp [82%] Installing             Debug: /File[/etc/httpd/conf.d/alias.load]/seluser [82%] Installing             Debug: /File[/etc/httpd/conf.d/negotiation.load]/s [82%] Installing             Debug: /File[/etc/httpd/conf.d/auth_digest.load]/s [82%] Installing             Info: RESOURCE File[/etc/httpd/conf.d/05-foreman-s [83%] Installing             Info: RESOURCE Cert[tyan-gt24-11.rhts.eng.bos.redh [84%] Installing             Notice: /Stage[main]/Certs::Foreman_proxy/Cert[tya [85%] Installing             Info: RESOURCE Pubkey[/etc/foreman-proxy/ssl_ca.pe [85%] Installing             Info: RESOURCE Exec[concat_/etc/httpd/conf/ports.c [88%] Installing             Debug: /Stage[main]/Foreman::Config/Cron[daily sum [90%] Installing             Info: RESOURCE File[/usr/share/foreman/public]     [92%] Installing             Notice: /Stage[main]/Foreman::Database/Foreman_con [94%] Installing             Notice: /Stage[main]/Foreman::Database/Foreman::Ra [94%] Installing             Debug: Executing '/usr/bin/systemctl is-active pup [96%] Installing             Info: RESOURCE File[/etc/foreman-proxy/settings.d/ [98%] Installing             Info: RESOURCE Foreman_proxy::Settings_file[dhcp]  [99%] Installing             Info: RESOURCE File[/etc/foreman-proxy/settings.d/ [99%] Installing             Info: /Stage[main]/Certs::Katello/File[/var/www/ht [99%] Installing             Notice: /Stage[main]/Certs::Katello/Certs_bootstra [99%]  Could not start Service[foreman-proxy]: Execution of '/usr/share/katello-installer/modules/service_wait/bin/service-wait start foreman-proxy' returned 1: Redirecting to /bin/systemctl start  foreman-proxy.service
Installing             Error: Could not start Service[foreman-proxy]: Exe [99%]  /Stage[main]/Foreman_proxy::Service/Service[foreman-proxy]/ensure: change from stopped to running failed: Could not start Service[foreman-proxy]: Execution of '/usr/share/katello-installer/modules/service_wait/bin/service-wait start foreman-proxy' returned 1: Redirecting to /bin/systemctl start  foreman-proxy.service
Installing             Info: RESOURCE Cert[tyan-gt24-11.rhts.eng.bos.redh [99%] Installing             Debug: /Stage[main]/Certs::Gutterball/Certs::Sslto [99%] Installing             Info: RESOURCE Cert[java-client]                   [99%] Installing             Debug: Executing '/usr/bin/systemctl is-active qpi [99%] Installing             Debug: /Stage[main]/Certs::Candlepin/Exec[create c [99%] Installing             Debug: /Stage[main]/Certs::Candlepin/Exec[import c [99%] Installing             Notice: /Stage[main]/Certs::Candlepin/Exec[import  [99%] Installing             Info: RESOURCE Service[tomcat]                     [99%] Installing             Info: RESOURCE Cert[tyan-gt24-11.rhts.eng.bos.redh [99%] Installing             Info: RESOURCE Cert[tyan-gt24-11.rhts.eng.bos.redh [99%] Installing             Info: RESOURCE File[/etc/httpd/conf.d/pulp_docker. [99%] Installing             Info: RESOURCE Exec[selinux_pulp_manage_puppet]    [99%] Installing             Debug: Executing '/usr/bin/systemctl is-enabled pu [99%] Installing             Debug: Executing '/usr/bin/systemctl is-enabled ht [99%]  Could not start Service[httpd]: Execution of '/usr/share/katello-installer/modules/service_wait/bin/service-wait start httpd' returned 1: Redirecting to /bin/systemctl start  httpd.service
Installing             Error: Could not start Service[httpd]: Execution o [99%]  /Stage[main]/Apache::Service/Service[httpd]/ensure: change from stopped to running failed: Could not start Service[httpd]: Execution of '/usr/share/katello-installer/modules/service_wait/bin/service-wait start httpd' returned 1: Redirecting to /bin/systemctl start  httpd.service
Installing             Warning: /Stage[main]/Capsule::Dispatch_router/Qpi [99%] Installing             Notice: /Stage[main]/Foreman::Database/Foreman::Ra [99%] Installing             Notice: /Stage[main]/Foreman::Database/Foreman::Ra [99%] Installing             Debug: Foreman::Rake[apipie:cache]: The container  [99%] Installing             Debug: /Stage[main]/Foreman::Service/Service[forem [99%] Installing             Debug: Stored state in 0.13 seconds                [99%] Installing             Done                                               [100%]Installing             Done                                               [100%] []
  Something went wrong! Check the log for ERROR-level output
  The full log is at /var/log/katello-installer/katello-installer.log


Actual results:
katello-installer failed

Expected results:
katello-installer worked

Additional info:
foreman-debug attached

Comment 2 Ivan Necas 2015-06-03 12:44:16 UTC

Fixed as part of http://projects.theforeman.org/issues/10591

Comment 5 Tazim Kolhar 2015-06-12 07:56:41 UTC

VERIFIED:
# rpm -qa  | grep foreman
ruby193-rubygem-foreman_discovery-2.0.0.15-1.el7sat.noarch
foreman-libvirt-1.7.2.27-1.el7sat.noarch
ruby193-rubygem-foreman_gutterball-0.0.1.9-1.el7sat.noarch
ruby193-rubygem-foreman_docker-1.2.0.14-1.el7sat.noarch
rubygem-hammer_cli_foreman_discovery-0.0.1.10-1.el7sat.noarch
foreman-selinux-1.7.2.13-1.el7sat.noarch
dell-pe1955-02.rhts.eng.bos.redhat.com-foreman-proxy-1.0-2.noarch
foreman-compute-1.7.2.27-1.el7sat.noarch
foreman-gce-1.7.2.27-1.el7sat.noarch
ruby193-rubygem-foreman-redhat_access-0.2.0-8.el7sat.noarch
rubygem-hammer_cli_foreman-0.1.4.14-1.el7sat.noarch
foreman-debug-1.7.2.27-1.el7sat.noarch
foreman-vmware-1.7.2.27-1.el7sat.noarch
ruby193-rubygem-foreman-tasks-0.6.12.8-1.el7sat.noarch
rubygem-hammer_cli_foreman_tasks-0.0.3.4-1.el7sat.noarch
rubygem-hammer_cli_foreman_docker-0.0.3.7-1.el7sat.noarch
foreman-proxy-1.7.2.5-1.el7sat.noarch
dell-pe1955-02.rhts.eng.bos.redhat.com-foreman-client-1.0-1.noarch
ruby193-rubygem-foreman_bootdisk-4.0.2.13-1.el7sat.noarch
dell-pe1955-02.rhts.eng.bos.redhat.com-foreman-proxy-client-1.0-1.noarch
foreman-ovirt-1.7.2.27-1.el7sat.noarch
rubygem-hammer_cli_foreman_bootdisk-0.1.2.7-1.el7sat.noarch
foreman-1.7.2.27-1.el7sat.noarch
ruby193-rubygem-foreman_hooks-0.3.7-2.el7sat.noarch
foreman-postgresql-1.7.2.27-1.el7sat.noarch

steps:
1.1. issue custom certificates outside of the installer (https://github.com/iNecas/ownca can be used to do so)
2.configure the katello to use the certificates https://github.com/Katello/katello-installer#custom-server-certificates
# katello-installer --certs-server-cert /root/ownca/dell-pe1955-02.rhts.eng.bos.redhat.com/dell-pe1955-02.rhts.eng.bos.redhat.com.crt --certs-server-cert-req /root/ownca/dell-pe1955-02.rhts.eng.bos.redhat.com/dell-pe1955-02.rhts.eng.bos.redhat.com.crt.req --certs-server-key /root/ownca/dell-pe1955-02.rhts.eng.bos.redhat.com/dell-pe1955-02.rhts.eng.bos.redhat.com.key --certs-server-ca-cert /root/ownca/cacert.crt --certs-update-server --certs-update-server-ca
Installing             Done                                               [100%] []
  Success!
  * Katello is running at https://dell-pe1955-02.rhts.eng.bos.redhat.com
      Initial credentials are admin / q2PWbLddoDFteTCo

Comment 6 Bryan Kearney 2015-08-11 13:23:08 UTC

This bug is slated to be released with Satellite 6.1.

Comment 7 Bryan Kearney 2015-08-12 13:58:01 UTC

This bug was fixed in version 6.1.1 of Satellite which was released on 12 August, 2015.