1227757 – katello-installer fails when used with custom certificate

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1227757 - katello-installer fails when used with custom certificate

Summary: katello-installer fails when used with custom certificate

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Hammer
Sub Component:
Version:	6.1.0
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	Unspecified
Assignee:	Katello Bug Bin
QA Contact:	Tazim Kolhar
Docs Contact:
URL:	http://projects.theforeman.org/issues...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-06-03 12:40 UTC by Tazim Kolhar
Modified:	2018-08-30 21:57 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-08-12 13:58:01 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
foreman-debug attached (249.16 KB, application/x-xz) 2015-06-03 12:40 UTC, Tazim Kolhar	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	10591	0	None	None	None	2016-04-22 16:32:52 UTC

Description Tazim Kolhar 2015-06-03 12:40:13 UTC

Created attachment 1034291 [details]
foreman-debug attached

Description of problem:
katello-installer fails when used with custom certificate

Version-Release number of selected component (if applicable):
# rpm -qa | grep foreman
foreman-1.7.2.25-1.el7sat.noarch
ruby193-rubygem-foreman-tasks-0.6.12.5-1.el7sat.noarch
ruby193-rubygem-foreman_gutterball-0.0.1.9-1.el7sat.noarch
tyan-gt24-11.rhts.eng.bos.redhat.com-foreman-client-1.0-1.noarch
tyan-gt24-11.rhts.eng.bos.redhat.com-foreman-proxy-client-1.0-1.noarch
ruby193-rubygem-foreman_docker-1.2.0.14-1.el7sat.noarch
foreman-debug-1.7.2.25-1.el7sat.noarch
foreman-ovirt-1.7.2.25-1.el7sat.noarch
ruby193-rubygem-foreman-redhat_access-0.1.0-1.el7sat.noarch
rubygem-hammer_cli_foreman_bootdisk-0.1.2.7-1.el7sat.noarch
rubygem-hammer_cli_foreman_docker-0.0.3.6-1.el7sat.noarch
foreman-selinux-1.7.2.13-1.el7sat.noarch
ruby193-rubygem-foreman_bootdisk-4.0.2.13-1.el7sat.noarch
foreman-vmware-1.7.2.25-1.el7sat.noarch
ruby193-rubygem-foreman_hooks-0.3.7-2.el7sat.noarch
rubygem-hammer_cli_foreman_discovery-0.0.1.10-1.el7sat.noarch
foreman-proxy-1.7.2.4-1.el7sat.noarch
tyan-gt24-11.rhts.eng.bos.redhat.com-foreman-proxy-1.0-2.noarch
foreman-gce-1.7.2.25-1.el7sat.noarch
rubygem-hammer_cli_foreman-0.1.4.12-1.el7sat.noarch
foreman-compute-1.7.2.25-1.el7sat.noarch
ruby193-rubygem-foreman_discovery-2.0.0.14-1.el7sat.noarch
rubygem-hammer_cli_foreman_tasks-0.0.3.4-1.el7sat.noarch
foreman-libvirt-1.7.2.25-1.el7sat.noarch
foreman-postgresql-1.7.2.25-1.el7sat.noarch


How reproducible:
everytime

Steps to Reproduce:
1.1. issue custom certificates outside of the installer (https://github.com/iNecas/ownca can be used to do so)
2.configure the katello to use the certificates https://github.com/Katello/katello-installer#custom-server-certificates

3.# katello-installer --certs-server-cert /root/ownca/tyan-gt24-11.rhts.eng.bos.redhat.com/tyan-gt24-11.rhts.eng.bos.redhat.com.crt --certs-server-cert-req /root/ownca/tyan-gt24-11.rhts.eng.bos.redhat.com/tyan-gt24-11.rhts.eng.bos.redhat.com.crt.req --certs-server-key /root/ownca/tyan-gt24-11.rhts.eng.bos.redhat.com/tyan-gt24-11.rhts.eng.bos.redhat.com.key --certs-server-ca-cert /root/ownca/cacert.crt --certs-update-server --certs-update-server-ca
Marking certificate /root/ssl-build/tyan-gt24-11.rhts.eng.bos.redhat.com/tyan-gt24-11.rhts.eng.bos.redhat.com-apache for update
Marking certificate /root/ssl-build/tyan-gt24-11.rhts.eng.bos.redhat.com/tyan-gt24-11.rhts.eng.bos.redhat.com-foreman-proxy for update
Marking certificate /root/ssl-build/katello-server-ca for update
Installing             Info: START 618                                    [0%] [Installing             Debug: /Stage[main]/Pulp::Service/notify: subscrib [0%] [Installing             Debug: /Stage[main]/Apache::Default_mods/Apache::M [0%] [Installing             Debug: /Stage[main]/Apache::Mod::Ssl/Apache::Mod[s [0%] [Installing             Debug: /Stage[main]/Pulp::Config/File[/etc/pulp/se [0%] [Installing             Debug: /Stage[main]/Qpid::Router::Config/Concat_bu [0%] [Installing             Debug: /Stage[main]/Apache::Mod::Headers/Apache::M [0%] [Installing             Info: Applying configuration version '1433333320'  [0%] [Installing             Info: RESOURCE File[/var/lib/puppet/concat]        [0%] [Installing             Info: RESOURCE File[/var/lib/puppet/concat/bin/con [0%] [Installing             Info: RESOURCE Package[mongodb_client]             [0%] [Installing             Info: RESOURCE Kafo_configure::Yaml_to_class[forem [1%] [Installing             Info: RESOURCE Apache::Mod[access_compat]          [3%] [Installing             Info: RESOURCE Postgresql::Server::Db[candlepin]   [5%] [Installing             Debug: Executing '/usr/bin/rpm -Uvh --force /root/ [7%] [Installing             Notice: /Stage[main]/Certs/Ca[katello-server-ca]/e [7%] [Installing             Info: RESOURCE Kafo_configure::Yaml_to_class[capsu [8%] [Installing             Info: RESOURCE Ca[katello-default-ca]              [9%] [Installing             Info: RESOURCE Cert[tyan-gt24-11.rhts.eng.bos.redh [10%] Installing             Info: RESOURCE Exec[Create Puppet Reports dir]     [10%] Installing             Info: RESOURCE Apache::Mod[authz_core]             [13%] Installing             Info: RESOURCE Cert[tyan-gt24-11.rhts.eng.bos.redh [14%] Installing             Info: RESOURCE Concat_fragment[qdrouter+footer.con [15%] Installing             Info: RESOURCE Package[foreman-selinux]            [16%] Installing             Info: RESOURCE File[/etc/foreman-proxy/settings.d/ [19%] Installing             Info: RESOURCE Cert[tyan-gt24-11.rhts.eng.bos.redh [19%] Installing             Info: RESOURCE Kafo_configure::Yaml_to_class[katel [21%] Installing             Info: RESOURCE File[/etc/httpd/conf/httpd.conf]    [26%] Installing             Info: RESOURCE File[vhost_alias.load]              [28%] Installing             Info: RESOURCE File[dir.load]                      [32%] Installing             Info: RESOURCE File[systemd-override]              [36%] Installing             Debug: /Stage[main]/Postgresql::Server::Config/Con [39%] Installing             Debug: Executing '/usr/bin/systemctl is-active ela [41%] Installing             Info: RESOURCE Apache::Mod[deflate]                [44%] Installing             Debug: /File[/var/lib/puppet/concat/_etc_candlepin [47%] Installing             Info: RESOURCE Concat[/etc/httpd/conf/ports.conf]  [50%] Installing             Info: RESOURCE File[rewrite.load]                  [52%] Installing             Info: RESOURCE Apache::Mod[authz_host]             [55%] Installing             Info: RESOURCE Pubkey[/etc/pki/katello/certs/katel [58%] Installing             Info: RESOURCE Postgresql::Server::Pg_hba_rule[loc [60%] Installing             Info: RESOURCE Concat[/var/lib/pgsql/data/pg_hba.c [62%] Installing             Info: RESOURCE Cert[tyan-gt24-11.rhts.eng.bos.redh [63%] Installing             Info: RESOURCE Service[postgresqld]                [64%] Installing             Debug: /Stage[main]/Gutterball::Database/Postgresq [65%] Installing             Debug: /Stage[main]/Foreman::Database::Postgresql/ [66%] Installing             Debug: /Stage[main]/Candlepin::Database::Postgresq [67%] Installing             Debug: /Stage[main]/Candlepin::Database::Postgresq [67%] Installing             Debug: /Stage[main]/Gutterball::Database/Postgresq [68%] Installing             Debug: /Stage[main]/Gutterball::Database/Postgresq [69%] Installing             Debug: /Stage[main]/Candlepin::Database::Postgresq [70%] Installing             Info: RESOURCE File[/etc/mongodb.conf]             [72%] Installing             Debug: /Stage[main]/Gutterball::Database/Postgresq [72%] Installing             Debug: /Stage[main]/Gutterball::Database/Postgresq [74%] Installing             Debug: Class[Certs]: The container Stage[main] wil [76%] Installing             Debug: Executing '/usr/bin/rpm -Uvh --force /root/ [76%] Installing             Notice: /Stage[main]/Certs::Apache/Cert[tyan-gt24- [76%] Installing             Notice: /Stage[main]/Certs::Apache/Pubkey[/etc/pki [76%] Installing             Info: RESOURCE Cert[gutterball-certs]              [77%] Installing             Debug: /Stage[main]/Foreman::Database::Postgresql/ [78%] Installing             Info: RESOURCE Group[qpidd]                        [80%] Installing             Debug: /File[/etc/httpd/conf.d/05-foreman.d]/selty [82%] Installing             Debug: /File[/etc/httpd/conf.d/dav_fs.load]/seluse [82%] Installing             Debug: /File[/etc/httpd/conf.d/filter.load]/seltyp [82%] Installing             Debug: /File[/etc/httpd/conf.d/alias.load]/seluser [82%] Installing             Debug: /File[/etc/httpd/conf.d/negotiation.load]/s [82%] Installing             Debug: /File[/etc/httpd/conf.d/auth_digest.load]/s [82%] Installing             Info: RESOURCE File[/etc/httpd/conf.d/05-foreman-s [83%] Installing             Info: RESOURCE Cert[tyan-gt24-11.rhts.eng.bos.redh [84%] Installing             Notice: /Stage[main]/Certs::Foreman_proxy/Cert[tya [85%] Installing             Info: RESOURCE Pubkey[/etc/foreman-proxy/ssl_ca.pe [85%] Installing             Info: RESOURCE Exec[concat_/etc/httpd/conf/ports.c [88%] Installing             Debug: /Stage[main]/Foreman::Config/Cron[daily sum [90%] Installing             Info: RESOURCE File[/usr/share/foreman/public]     [92%] Installing             Notice: /Stage[main]/Foreman::Database/Foreman_con [94%] Installing             Notice: /Stage[main]/Foreman::Database/Foreman::Ra [94%] Installing             Debug: Executing '/usr/bin/systemctl is-active pup [96%] Installing             Info: RESOURCE File[/etc/foreman-proxy/settings.d/ [98%] Installing             Info: RESOURCE Foreman_proxy::Settings_file[dhcp]  [99%] Installing             Info: RESOURCE File[/etc/foreman-proxy/settings.d/ [99%] Installing             Info: /Stage[main]/Certs::Katello/File[/var/www/ht [99%] Installing             Notice: /Stage[main]/Certs::Katello/Certs_bootstra [99%]  Could not start Service[foreman-proxy]: Execution of '/usr/share/katello-installer/modules/service_wait/bin/service-wait start foreman-proxy' returned 1: Redirecting to /bin/systemctl start  foreman-proxy.service
Installing             Error: Could not start Service[foreman-proxy]: Exe [99%]  /Stage[main]/Foreman_proxy::Service/Service[foreman-proxy]/ensure: change from stopped to running failed: Could not start Service[foreman-proxy]: Execution of '/usr/share/katello-installer/modules/service_wait/bin/service-wait start foreman-proxy' returned 1: Redirecting to /bin/systemctl start  foreman-proxy.service
Installing             Info: RESOURCE Cert[tyan-gt24-11.rhts.eng.bos.redh [99%] Installing             Debug: /Stage[main]/Certs::Gutterball/Certs::Sslto [99%] Installing             Info: RESOURCE Cert[java-client]                   [99%] Installing             Debug: Executing '/usr/bin/systemctl is-active qpi [99%] Installing             Debug: /Stage[main]/Certs::Candlepin/Exec[create c [99%] Installing             Debug: /Stage[main]/Certs::Candlepin/Exec[import c [99%] Installing             Notice: /Stage[main]/Certs::Candlepin/Exec[import  [99%] Installing             Info: RESOURCE Service[tomcat]                     [99%] Installing             Info: RESOURCE Cert[tyan-gt24-11.rhts.eng.bos.redh [99%] Installing             Info: RESOURCE Cert[tyan-gt24-11.rhts.eng.bos.redh [99%] Installing             Info: RESOURCE File[/etc/httpd/conf.d/pulp_docker. [99%] Installing             Info: RESOURCE Exec[selinux_pulp_manage_puppet]    [99%] Installing             Debug: Executing '/usr/bin/systemctl is-enabled pu [99%] Installing             Debug: Executing '/usr/bin/systemctl is-enabled ht [99%]  Could not start Service[httpd]: Execution of '/usr/share/katello-installer/modules/service_wait/bin/service-wait start httpd' returned 1: Redirecting to /bin/systemctl start  httpd.service
Installing             Error: Could not start Service[httpd]: Execution o [99%]  /Stage[main]/Apache::Service/Service[httpd]/ensure: change from stopped to running failed: Could not start Service[httpd]: Execution of '/usr/share/katello-installer/modules/service_wait/bin/service-wait start httpd' returned 1: Redirecting to /bin/systemctl start  httpd.service
Installing             Warning: /Stage[main]/Capsule::Dispatch_router/Qpi [99%] Installing             Notice: /Stage[main]/Foreman::Database/Foreman::Ra [99%] Installing             Notice: /Stage[main]/Foreman::Database/Foreman::Ra [99%] Installing             Debug: Foreman::Rake[apipie:cache]: The container  [99%] Installing             Debug: /Stage[main]/Foreman::Service/Service[forem [99%] Installing             Debug: Stored state in 0.13 seconds                [99%] Installing             Done                                               [100%]Installing             Done                                               [100%] []
  Something went wrong! Check the log for ERROR-level output
  The full log is at /var/log/katello-installer/katello-installer.log


Actual results:
katello-installer failed

Expected results:
katello-installer worked

Additional info:
foreman-debug attached

Comment 2 Ivan Necas 2015-06-03 12:44:16 UTC

Fixed as part of http://projects.theforeman.org/issues/10591

Comment 5 Tazim Kolhar 2015-06-12 07:56:41 UTC

VERIFIED:
# rpm -qa  | grep foreman
ruby193-rubygem-foreman_discovery-2.0.0.15-1.el7sat.noarch
foreman-libvirt-1.7.2.27-1.el7sat.noarch
ruby193-rubygem-foreman_gutterball-0.0.1.9-1.el7sat.noarch
ruby193-rubygem-foreman_docker-1.2.0.14-1.el7sat.noarch
rubygem-hammer_cli_foreman_discovery-0.0.1.10-1.el7sat.noarch
foreman-selinux-1.7.2.13-1.el7sat.noarch
dell-pe1955-02.rhts.eng.bos.redhat.com-foreman-proxy-1.0-2.noarch
foreman-compute-1.7.2.27-1.el7sat.noarch
foreman-gce-1.7.2.27-1.el7sat.noarch
ruby193-rubygem-foreman-redhat_access-0.2.0-8.el7sat.noarch
rubygem-hammer_cli_foreman-0.1.4.14-1.el7sat.noarch
foreman-debug-1.7.2.27-1.el7sat.noarch
foreman-vmware-1.7.2.27-1.el7sat.noarch
ruby193-rubygem-foreman-tasks-0.6.12.8-1.el7sat.noarch
rubygem-hammer_cli_foreman_tasks-0.0.3.4-1.el7sat.noarch
rubygem-hammer_cli_foreman_docker-0.0.3.7-1.el7sat.noarch
foreman-proxy-1.7.2.5-1.el7sat.noarch
dell-pe1955-02.rhts.eng.bos.redhat.com-foreman-client-1.0-1.noarch
ruby193-rubygem-foreman_bootdisk-4.0.2.13-1.el7sat.noarch
dell-pe1955-02.rhts.eng.bos.redhat.com-foreman-proxy-client-1.0-1.noarch
foreman-ovirt-1.7.2.27-1.el7sat.noarch
rubygem-hammer_cli_foreman_bootdisk-0.1.2.7-1.el7sat.noarch
foreman-1.7.2.27-1.el7sat.noarch
ruby193-rubygem-foreman_hooks-0.3.7-2.el7sat.noarch
foreman-postgresql-1.7.2.27-1.el7sat.noarch

steps:
1.1. issue custom certificates outside of the installer (https://github.com/iNecas/ownca can be used to do so)
2.configure the katello to use the certificates https://github.com/Katello/katello-installer#custom-server-certificates
# katello-installer --certs-server-cert /root/ownca/dell-pe1955-02.rhts.eng.bos.redhat.com/dell-pe1955-02.rhts.eng.bos.redhat.com.crt --certs-server-cert-req /root/ownca/dell-pe1955-02.rhts.eng.bos.redhat.com/dell-pe1955-02.rhts.eng.bos.redhat.com.crt.req --certs-server-key /root/ownca/dell-pe1955-02.rhts.eng.bos.redhat.com/dell-pe1955-02.rhts.eng.bos.redhat.com.key --certs-server-ca-cert /root/ownca/cacert.crt --certs-update-server --certs-update-server-ca
Installing             Done                                               [100%] []
  Success!
  * Katello is running at https://dell-pe1955-02.rhts.eng.bos.redhat.com
      Initial credentials are admin / q2PWbLddoDFteTCo

Comment 6 Bryan Kearney 2015-08-11 13:23:08 UTC

This bug is slated to be released with Satellite 6.1.

Comment 7 Bryan Kearney 2015-08-12 13:58:01 UTC

This bug was fixed in version 6.1.1 of Satellite which was released on 12 August, 2015.

Note You need to log in before you can comment on or make changes to this bug.