Description of problem: The capsule installation fails when the system is already registered to the Satellite server and to the Puppet master. Before running the capsule installer puppet agent is already configured and working. [root@capsulexx ~]# puppet agent -tv Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve information from environment production source(s) puppet://dhcp145-230.rdu.redhat.com/plugins Info: Caching catalog for capsulexx.hq.gsslab.rdu.redhat.com Info: Applying configuration version '1422173424' Notice: Finished catalog run in 0.04 seconds Version-Release number of selected component (if applicable): Red Hat Satellite 6.0.7 How reproducible: 100% Steps to Reproduce: 1. Create the SSL certificates on the Satellite server [root@dhcp145-230 ~]# capsule-certs-generate --capsule-fqdn capsulexx.usersys.redhat.com --certs-tar ~/capsulexx.usersys.redhat.com.tar 2. Install the Capsule using the certificates created. [root@capsulexx puppet]# capsule-installer --parent-fqdn "dhcp145-230.rdu.redhat.com"\ > --register-in-foreman "true"\ > --foreman-oauth-key "2WfTrt2eC6VPsHKraRwapKr3Z2nNSfbj"\ > --foreman-oauth-secret "PqQ9W5WwhCgDg4cRfw5V2mmFJ382LJFJ"\ > --pulp-oauth-secret "QnRMy4ejFCUAjuLHxZp6sM9bQgPHsfeU"\ > --certs-tar "/root/capsulexx.usersys.redhat.com.tar"\ > --puppet "true"\ > --puppetca "true"\ > --pulp "true" system identity: 54367bd8-61b7-4d90-9d80-653c3d83b8ae [.....SNIP.....] /usr/bin/puppet cert --generate capsulexx.usersys.redhat.com returned 23 instead of one of [0] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: change from notrun to 0 failed: /usr/bin/puppet cert --generate capsulexx.usersys.redhat.com returned 23 instead of one of [0] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]: Failed to call refresh: /usr/bin/puppet cert --generate capsulexx.usersys.redhat.com returned 23 instead of one of [0] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]: /usr/bin/puppet cert --generate capsulexx.usersys.redhat.com returned 23 instead of one of [0] Installing Done [100%] [.................................................................................................] Something went wrong! Check the log for ERROR-level output The full log is at /var/log/katello-installer/capsule-installer.log 3. The system will fail because the puppet certificate already exists at /var/lib/puppet/ssl directory [root@capsulexx puppet]# tree -ugsp /var/lib/puppet/ssl/ /var/lib/puppet/ssl/ |-- [drwxr-xr-x puppet puppet 82] ca | |-- [-rw-r----- puppet puppet 3243] ca_key.pem | |-- [-rw-r--r-- puppet puppet 800] ca_pub.pem | |-- [drwxr-x--- puppet puppet 6] private | |-- [drwxr-xr-x puppet puppet 6] requests | `-- [drwxr-xr-x puppet puppet 6] signed |-- [drwxr-xr-x puppet puppet 51] certificate_requests | `-- [-rw-r--r-- puppet puppet 1618] capsulexx.hq.gsslab.rdu.redhat.com.pem |-- [drwxr-xr-x puppet puppet 64] certs | |-- [-rw-r--r-- puppet puppet 2004] ca.pem | `-- [-rw-r--r-- puppet puppet 1992] capsulexx.hq.gsslab.rdu.redhat.com.pem |-- [-rw-r--r-- puppet puppet 1954] crl.pem |-- [drwxr-x--- puppet puppet 6] private |-- [drwxr-x--- puppet puppet 90] private_keys | |-- [-rw-r----- puppet puppet 3243] capsulexx.hq.gsslab.rdu.redhat.com.pem | `-- [-rw-r----- puppet puppet 3243] capsulexx.usersys.redhat.com.pem `-- [drwxr-xr-x puppet puppet 90] public_keys |-- [-rw-r--r-- puppet puppet 800] capsulexx.hq.gsslab.rdu.redhat.com.pem `-- [-rw-r--r-- puppet puppet 800] capsulexx.usersys.redhat.com.pem Actual results: Capsule installation fails because the SSL certificates for puppet already exists on the deployed system Expected results: The capsule installer should clean the SSL certificates or warning the user that the Puppet certificates already exists and then exist the installer or provide an option --force-clean-puppet-ssl-certificate.
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release.
To workaround this issue, clean the SSL certificates as displayed below: on the Satellite server ==== puppet cert clean capsulexx.rdu.redhat.com on the Capsule ===== # find /var/lib/puppet/ssl/ -type f -exec rm -f {} \; # find /etc/puppet/ -iname "*pem" -type f -exec rm -f {} \; Then re-run the capsuler-installer [root@capsulexx ~]# capsule-installer --parent-fqdn "dhcp145-230.rdu.redhat.com" --register-in-foreman "true" --foreman-oauth-key "2WfTrt2eC6VPsHKraRwapKr3Z2nNSfbj" --foreman-oauth-secret "PqQ9W5WwhCgDg4cRfw5V2mmFJ382LJFJ" --pulp-oauth-secret "QnRMy4ejFCUAjuLHxZp6sM9bQgPHsfeU" --certs-tar "/root/capsulexx.usersys.redhat.com.tar" --puppet "true" --puppetca "true" --pulp "true" [...SNIP...] system identity: 54367bd8-61b7-4d90-9d80-653c3d83b8ae Installing Done [100%] [.................................................................................................] Success! * Capsule is running at https://capsulexx.usersys.redhat.com:9090 The full log is at /var/log/katello-installer/capsule-installer.log
*** This bug has been marked as a duplicate of bug 1122623 ***