Hide Forgot
katello-change-hostname fails with ERROR when /opt/puppetlabs/bin/puppetserver ca setup tried to replace existing certs/keys during installer run <pre> # katello-change-hostname qe-foreman-rhel7-tier1.example.com -y -u admin -p changeme Checking hostname validity Checking overall health of server Checking credentials Updating default Foreman Proxy Updating installation media paths updating hostname in /etc/hostname setting hostname checking if hostname was changed stopping services removing old cert rpms deleting old certs backed up /var/www/html/pub to /var/www/html/pub/qe-foreman-rhel7.example.com-20190708104807.backup updating hostname in /etc/hosts updating hostname in foreman installer scenarios backing up last_scenario.yaml removing last_scenario.yaml re-running the installer foreman-installer --scenario katello -v --disable-system-checks --certs-regenerate=true --foreman-proxy-register-in-foreman true restoring last_scenario.yaml cleaning up temporary files [ INFO 2019-07-08T10:48:37 verbose] Executing hooks in group pre_migrations ... [ WARN 2019-07-08T10:49:26 verbose] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Error: [ WARN 2019-07-08T10:49:26 verbose] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/ca_crt.pem' [ WARN 2019-07-08T10:49:26 verbose] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/ca_crl.pem' [ WARN 2019-07-08T10:49:26 verbose] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/infra_crl.pem' [ WARN 2019-07-08T10:49:26 verbose] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/certs/ca.pem' [ WARN 2019-07-08T10:49:26 verbose] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/crl.pem' [ WARN 2019-07-08T10:49:26 verbose] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/ca_pub.pem' [ WARN 2019-07-08T10:49:26 verbose] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/inventory.txt' [ WARN 2019-07-08T10:49:26 verbose] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/infra_inventory.txt' [ WARN 2019-07-08T10:49:26 verbose] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/infra_serials' [ WARN 2019-07-08T10:49:26 verbose] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/serial' [ WARN 2019-07-08T10:49:26 verbose] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/root_key.pem' [ WARN 2019-07-08T10:49:26 verbose] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/ca_key.pem' [ WARN 2019-07-08T10:49:26 verbose] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: If you would really like to replace your CA, please delete the existing files first. [ WARN 2019-07-08T10:49:26 verbose] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Note that any certificates that were issued by this CA will become invalid if you [ WARN 2019-07-08T10:49:26 verbose] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: replace it! [ERROR 2019-07-08T10:49:26 verbose] '/opt/puppetlabs/bin/puppetserver ca setup' returned 1 instead of one of [0] </pre> On nightly there is extra line saying "restoring last_scenario.yaml" while downstream 6.6 is OK without this line <pre> foreman-1.23.0-0.12.develop.20190707155541git1100d84.el7.noarch katello-3.13.0-0.3.master.el7.noarch katello-common-3.13.0-0.3.master.el7.noarch </pre>
Created from redmine issue https://projects.theforeman.org/issues/27255
Upstream bug assigned to jturel@redhat.com
The change for this problem contained two fixes: The puppet error which was reported does not affect 6.6, however, satellite(katello)-change-hostname was broken for Capsules and that fix is included. To test: - Register a 6.6 capsule to a Satellite - On the Satellite use 'foreman-proxy-content-certs-generate' to generate the tarball of certs for the new desired hostname of the Capsule - Transfer the tarball to the capsule - Change the hostname on the Capsule: satellite-change-hostname newcapsulehostname.example.com --certs-tar <path to tarball> -u admin -p changeme The command should succeed. In previous snaps it would fail due to giving the installer an invalid parameter: foreman-proxy-content-certs-tar
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/27255 has been resolved.
Verfied on Satellite 6.6 snap 19 using command from problem description. Hostname is successfully changed. Output: ... [ WARN 2019-09-13T08:28:53 verbose] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: executed successfully ... **** Hostname change complete! ****
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:3172