Bug 1733250 - katello-change-hostname fails with ERROR '/opt/puppetlabs/bin/puppetserver ca setup' returned 1 instead of one of [0]
Summary: katello-change-hostname fails with ERROR '/opt/puppetlabs/bin/puppetserver ca...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Infrastructure
Version: 6.6.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: 6.6.0
Assignee: Jonathon Turel
QA Contact: Peter Dragun
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-25 14:10 UTC by Jonathon Turel
Modified: 2019-10-22 19:49 UTC (History)
2 users (show)

Fixed In Version: katello-3.12.0-2
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-10-22 19:49:44 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 27255 0 Normal Resolved katello-change-hostname fails with ERROR '/opt/puppetlabs/bin/puppetserver ca setup' returned 1 instead of one of [0] 2021-01-28 21:05:26 UTC

Description Jonathon Turel 2019-07-25 14:10:44 UTC
katello-change-hostname fails with ERROR when /opt/puppetlabs/bin/puppetserver ca setup tried to replace existing certs/keys during installer run

<pre>
# katello-change-hostname qe-foreman-rhel7-tier1.example.com -y -u admin -p changeme

Checking hostname validity

Checking overall health of server

Checking credentials

Updating default Foreman Proxy
Updating installation media paths
updating hostname in /etc/hostname
setting hostname
checking if hostname was changed
stopping services
removing old cert rpms
deleting old certs
backed up /var/www/html/pub to /var/www/html/pub/qe-foreman-rhel7.example.com-20190708104807.backup
updating hostname in /etc/hosts
updating hostname in foreman installer scenarios
backing up last_scenario.yaml
removing last_scenario.yaml
re-running the installer
foreman-installer --scenario katello -v --disable-system-checks --certs-regenerate=true --foreman-proxy-register-in-foreman true
restoring last_scenario.yaml
cleaning up temporary files
[ INFO 2019-07-08T10:48:37 verbose] Executing hooks in group pre_migrations
...

[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Error:
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/ca_crt.pem'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/ca_crl.pem'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/infra_crl.pem'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/certs/ca.pem'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/crl.pem'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/ca_pub.pem'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/inventory.txt'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/infra_inventory.txt'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/infra_serials'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/serial'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/root_key.pem'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/ca_key.pem'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: If you would really like to replace your CA, please delete the existing files first.
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Note that any certificates that were issued by this CA will become invalid if you
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: replace it!
[ERROR 2019-07-08T10:49:26 verbose]  '/opt/puppetlabs/bin/puppetserver ca setup' returned 1 instead of one of [0]
</pre>

On nightly there is extra line saying "restoring last_scenario.yaml" while downstream 6.6 is OK without this line

<pre>
foreman-1.23.0-0.12.develop.20190707155541git1100d84.el7.noarch
katello-3.13.0-0.3.master.el7.noarch
katello-common-3.13.0-0.3.master.el7.noarch
</pre>

Comment 1 Jonathon Turel 2019-07-25 14:10:47 UTC
Created from redmine issue https://projects.theforeman.org/issues/27255

Comment 2 Jonathon Turel 2019-07-25 14:10:48 UTC
Upstream bug assigned to jturel@redhat.com

Comment 4 Jonathon Turel 2019-07-25 14:20:29 UTC
The change for this problem contained two fixes:

The puppet error which was reported does not affect 6.6, however, satellite(katello)-change-hostname was broken for Capsules and that fix is included.

To test:

- Register a 6.6 capsule to a Satellite
- On the Satellite use 'foreman-proxy-content-certs-generate' to generate the tarball of certs for the new desired hostname of the Capsule
- Transfer the tarball to the capsule
- Change the hostname on the Capsule: satellite-change-hostname newcapsulehostname.example.com --certs-tar <path to tarball> -u admin -p changeme


The command should succeed. In previous snaps it would fail due to giving the installer an invalid parameter: foreman-proxy-content-certs-tar

Comment 5 Bryan Kearney 2019-07-31 14:08:02 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/27255 has been resolved.

Comment 7 Peter Dragun 2019-09-13 13:01:53 UTC
Verfied on Satellite 6.6 snap 19 using command from problem description. Hostname is successfully changed.

Output:
... 
[ WARN 2019-09-13T08:28:53 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: executed successfully
...
**** Hostname change complete! ****

Comment 8 Bryan Kearney 2019-10-22 19:49:44 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3172


Note You need to log in before you can comment on or make changes to this bug.