Bug 801549

Summary:	After katello-configure thumbslug fails to start with Unable to load the ssl keystore
Product:	[Retired] Subscription Asset Manager	Reporter:	Eric Sammons <esammons>
Component:	katello-configure	Assignee:	Martin Bacovsky <mbacovsk>
Status:	CLOSED CURRENTRELEASE	QA Contact:	SAM QE List <sam-qe-list>
Severity:	urgent	Docs Contact:
Priority:	urgent
Version:	1.0.0	CC:	mbacovsk, taw
Target Milestone:	rc	Keywords:	Triaged
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:
Clones:	803492 (view as bug list)		Environment:	katello-configure-0.1.104-1.el6.noarch
Last Closed:	2012-04-27 00:19:56 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Bug Depends On:
Bug Blocks:	703617, 803492

Description Eric Sammons 2012-03-08 19:52:03 UTC

Description of problem:
When katello-configure is run a keystore is create in /etc/pki/katello/keystore; however, /etc/thumbslug/thumbslug.conf expects the ssl.keystore to be at /etc/candlepin/certs/keystore.  Because the keystore is not available to thumbslug, starting thumbslug will result in the following being logged to error.log.

Mar 08 14:23:08 [main] INFO  org.candlepin.thumbslug.ssl.SslContextFactory - reading keystore
Mar 08 14:23:08 [main] ERROR org.candlepin.thumbslug.Main - Unable to load the ssl keystore. Check that ssl.keystore and ssl.keystore.password are set correctly.
org.candlepin.thumbslug.ssl.SslKeystoreException: Failed to initialize the server-side SSLContext.
        at org.candlepin.thumbslug.ssl.SslContextFactory.getServerContext(SslContextFactory.java:83)
        at org.candlepin.thumbslug.Main.configureSSL(Main.java:67)
        at org.candlepin.thumbslug.Main.main(Main.java:136)
Caused by: java.io.FileNotFoundException: /etc/candlepin/certs/keystore (No such file or directory)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:137)
        at org.candlepin.thumbslug.ssl.SslContextFactory.getServerContext(SslContextFactory.java:68)
        ... 2 more
Mar 08 14:44:48 [main] INFO  org.candlepin.thumbslug.ssl.SslContextFactory - reading keystore
Mar 08 14:44:48 [main] ERROR org.candlepin.thumbslug.Main - Unable to load the ssl keystore. Check that ssl.keystore and ssl.keystore.password are set correctly.
org.candlepin.thumbslug.ssl.SslKeystoreException: Failed to initialize the server-side SSLContext.
        at org.candlepin.thumbslug.ssl.SslContextFactory.getServerContext(SslContextFactory.java:83)
        at org.candlepin.thumbslug.Main.configureSSL(Main.java:67)
        at org.candlepin.thumbslug.Main.main(Main.java:136)
Caused by: java.io.FileNotFoundException: /etc/candlepin/certs/keystore (No such file or directory)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:137)
        at org.candlepin.thumbslug.ssl.SslContextFactory.getServerContext(SslContextFactory.java:68)


Reproduce:
1. yum install -y katello-headpin-all
2. katello-configure --deployment=sam
3. service thumbslug status
   or 
   ps -ef|grep thumbslug|grep -v grep

Results:
Thumbslug daemon is not running

Comment 1 Martin Bacovsky 2012-03-08 20:55:05 UTC

Commit hash: 6b140a440b6051f854e8bfd7f6a50e0bb99fb60d

- fixed thumbslug.conf to pint to /etc/pki/katello/keystore
- /etc/pki/katello/keystore is owned by root.katello
- user thumbslug was added to katello group

Test install:
# katello-configure --deployment=headpin
WARNING: FQDN is not set!
Starting Katello configuration
The top-level log file is [/var/log/katello/katello-configure-20120308-214310/main.log]
Creating Katello database user
############################################################ ... OK
Creating Katello database
############################################################ ... OK
Creating Candlepin database user
############################################################ ... OK
Creating Candlepin database
############################################################ ... OK
Candlepin setup
############################################################ ... OK
Populating Katello database schema
############################################################ ... OK
Initializing Katello data
############################################################ ... OK
[root@sam-test ~]# service thumbslug status
thumbslug (pid  3222) is running...
[root@sam-test ~]# tail /var/log/thumbslug/error.log
Mar 08 21:46:27 [main] INFO  org.candlepin.thumbslug.ssl.SslContextFactory - reading keystore
Mar 08 21:46:28 [main] WARN  org.candlepin.thumbslug.Main - Running Thumbslug on port 8088
Mar 08 21:46:28 [shutdownHook] WARN  org.candlepin.thumbslug.Main - Shutting down...
Mar 08 21:46:29 [main] INFO  org.candlepin.thumbslug.ssl.SslContextFactory - reading keystore
Mar 08 21:46:30 [main] WARN  org.candlepin.thumbslug.Main - Running Thumbslug on port 8088
[root@sam-test ~]# ls -la /etc/pki/katello/
total 12
drwxr-x---.  2 root katello 4096 Mar  8 21:43 .
drwxr-xr-x. 11 root root    4096 Mar  8 21:43 ..
-rw-r-----.  1 root katello 2866 Mar  8 21:43 keystore
[root@sam-test ~]# cat /etc/group|grep ^katello
katello:x:495:thumbslug,tomcat
[root@sam-test ~]#