Description of problem: After satellite-change-hostname, candlepin service not starting. # hammer ping candlepin: Status: FAIL Server Response: candlepin_auth: Status: FAIL Server Response: pulp: Status: ok Server Response: Duration: 174ms pulp_auth: Status: ok Server Response: Duration: 101ms foreman_tasks: Status: ok Server Response: Duration: 5ms # katello-service status -b Redirecting to 'foreman-maintain service' Running Status Services ================================================================================ Get status of applicable services: Displaying the following service(s): rh-mongodb34-mongod, postgresql, qdrouterd, qpidd, squid, pulp_celerybeat, pulp_resource_manager, pulp_streamer, pulp_workers, smart_proxy_dynflow_core, tomcat, dynflowd, httpd, puppetserver, foreman-proxy | displaying rh-mongodb34-mongod [OK] | displaying postgresql [OK] | displaying qdrouterd [OK] | displaying qpidd [OK] | displaying squid [OK] | displaying pulp_celerybeat [OK] / displaying pulp_resource_manager [OK] / displaying pulp_streamer [OK] / displaying pulp_workers [OK] / displaying smart_proxy_dynflow_core [OK] / displaying tomcat [OK] / displaying dynflowd [OK] / displaying httpd [OK] / displaying puppetserver [OK] - displaying foreman-proxy [OK] - All services are running [OK] -------------------------------------------------------------------------------- Version-Release number of selected component (if applicable): Satellite 6.6 snap 1 How reproducible: always Steps to Reproduce: 1. Install satellite 6.6 2. satellite-change-hostname qe-testing-rhel7.example.com -y -u admin -p changeme Actual results: After hostname change is successful, candlepin is down. Expected results: Candlepin should not fail. Additional info:
I can reproduce this. The problem seems to be that the installer does not refresh the Candlepin/Tomcat keystore.
workaround: rm /etc/candlepin/certs/candlepin-ca.* /etc/candlepin/certs/keystore satellite-installer
I think this may need an update in the code that does the change hostname itself. That code attempts to delete certificates to have the installer regenerate them. This is fragile if the installation moves certificates around which we have done in 6.6 in some cases. https://github.com/theforeman/foreman-packaging/blob/rpm/develop/packages/katello/katello/hostname-change.rb#L327 https://github.com/theforeman/puppet-certs/commit/1f3ca4fb3a0702f0cf78ca2ebc8f630cde3140e2 https://github.com/theforeman/puppet-candlepin/commit/59590d9207541dcc7bdea1e7c38752e50bc6d284
Created redmine issue https://projects.theforeman.org/issues/26751 from this bug
Upstream bug assigned to egolov
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/26751 has been resolved.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:3172