Description of problem: Version-Release number of selected component (if applicable): Satellite 6.10.6 How reproducible: Always Steps to Reproduce: 1. Prepare Satellite 6.10.6 with external PostgreSQL (with SSL) 2. Setup all required repositories and upgrade foreman-maintain packages 3. # foreman-maintain upgrade run --target-version 6.11 --whitelist='repositories-validate,repositories-setup' ... Running Migration scripts to Satellite 6.11 ================================================================================ Setup repositories: [SKIPPED] -------------------------------------------------------------------------------- Unlock packages: [OK] -------------------------------------------------------------------------------- Update package(s) : [OK] -------------------------------------------------------------------------------- Procedures::Installer::Upgrade: 2022-05-26 11:15:55 [NOTICE] [root] Loading installer configuration. This will take some time. 2022-05-26 11:16:02 [NOTICE] [root] Running installer with log based terminal output at level NOTICE. 2022-05-26 11:16:02 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions. 2022-05-26 11:16:08 [WARN ] [pre] Skipping system checks. 2022-05-26 11:16:08 [WARN ] [pre] Skipping system checks. 2022-05-26 11:16:33 [NOTICE] [configure] Starting system configuration. 2022-05-26 11:16:48 [NOTICE] [configure] 250 configuration steps out of 1849 steps complete. 2022-05-26 11:17:04 [NOTICE] [configure] 500 configuration steps out of 1851 steps complete. 2022-05-26 11:17:11 [ERROR ] [configure] Execution of '/usr/share/candlepin/cpdb --update --dbhost=<satellite> --dbport=5432 --database=candlepin1db?ssl=true --user=candlepin1! --<passwd>=RedHat1!' returned 1: ########## ERROR ############ 2022-05-26 11:17:11 [ERROR ] [configure] Error running command: /usr/share/candlepin/liquibase.sh --driver=org.postgresql.Driver --classpath=/var/lib/tomcat/webapps/candlepin/WEB-INF/lib/postgresql-42.3.3.jar:/var/lib/tomcat/webapps/candlepin/WEB-INF/classes/ --changeLogFile=db/changelog/changelog-update.xml --url="jdbc:postgresql://<satellite>:5432/candlepin1db?ssl=true" --username=$DBUSERNAME --<passwd>=$DB<passwd> --logLevel=severe migrate -Dcommunity=False 2022-05-26 11:17:11 [ERROR ] [configure] Status code: 65280 2022-05-26 11:17:11 [ERROR ] [configure] Command output: Liquibase update Failed: liquibase.exception.DatabaseException: org.postgresql.util.PSQLException: Could not open SSL root certificate file /root/.postgresql/root.crt. 2022-05-26 11:17:11 [ERROR ] [configure] SEVERE 5/26/22, 11:17 AM:liquibase: liquibase.exception.DatabaseException: org.postgresql.util.PSQLException: Could not open SSL root certificate file /root/.postgresql/root.crt. 2022-05-26 11:17:11 [ERROR ] [configure] liquibase.exception.DatabaseException: liquibase.exception.DatabaseException: org.postgresql.util.PSQLException: Could not open SSL root certificate file /root/.postgresql/root.crt. 2022-05-26 11:17:11 [ERROR ] [configure] at liquibase.integration.commandline.CommandLineUtils.createDatabaseObject(CommandLineUtils.java:61) 2022-05-26 11:17:11 [ERROR ] [configure] at liquibase.integration.commandline.Main.doMigration(Main.java:788) 2022-05-26 11:17:11 [ERROR ] [configure] at liquibase.integration.commandline.Main.main(Main.java:133) 2022-05-26 11:17:11 [ERROR ] [configure] Caused by: liquibase.exception.DatabaseException: org.postgresql.util.PSQLException: Could not open SSL root certificate file /root/.postgresql/root.crt. 2022-05-26 11:17:11 [ERROR ] [configure] at liquibase.database.DatabaseFactory.openConnection(DatabaseFactory.java:231) 2022-05-26 11:17:11 [ERROR ] [configure] at liquibase.database.DatabaseFactory.openDatabase(DatabaseFactory.java:141) 2022-05-26 11:17:11 [ERROR ] [configure] at liquibase.integration.commandline.CommandLineUtils.createDatabaseObject(CommandLineUtils.java:52) 2022-05-26 11:17:11 [ERROR ] [configure] ... 2 more 2022-05-26 11:17:11 [ERROR ] [configure] Caused by: org.postgresql.util.PSQLException: Could not open SSL root certificate file /root/.postgresql/root.crt. 2022-05-26 11:17:11 [ERROR ] [configure] at org.postgresql.ssl.LibPQFactory.<init>(LibPQFactory.java:150) 2022-05-26 11:17:11 [ERROR ] [configure] at org.postgresql.core.SocketFactoryFactory.getSslSocketFactory(SocketFactoryFactory.java:61) 2022-05-26 11:17:11 [ERROR ] [configure] at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:34) 2022-05-26 11:17:11 [ERROR ] [configure] at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:571) 2022-05-26 11:17:11 [ERROR ] [configure] at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:168) 2022-05-26 11:17:11 [ERROR ] [configure] at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:235) 2022-05-26 11:17:11 [ERROR ] [configure] at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49) 2022-05-26 11:17:11 [ERROR ] [configure] at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:223) 2022-05-26 11:17:11 [ERROR ] [configure] at org.postgresql.Driver.makeConnection(Driver.java:400) 2022-05-26 11:17:11 [ERROR ] [configure] at org.postgresql.Driver.connect(Driver.java:259) 2022-05-26 11:17:11 [ERROR ] [configure] at liquibase.database.DatabaseFactory.openConnection(DatabaseFactory.java:223) 2022-05-26 11:17:11 [ERROR ] [configure] ... 4 more 2022-05-26 11:17:11 [ERROR ] [configure] Caused by: java.io.FileNotFoundException: /root/.postgresql/root.crt (No such file or directory) 2022-05-26 11:17:11 [ERROR ] [configure] at java.base/java.io.FileInputStream.open0(Native Method) 2022-05-26 11:17:11 [ERROR ] [configure] at java.base/java.io.FileInputStream.open(FileInputStream.java:219) 2022-05-26 11:17:11 [ERROR ] [configure] at java.base/java.io.FileInputStream.<init>(FileInputStream.java:157) 2022-05-26 11:17:11 [ERROR ] [configure] at java.base/java.io.FileInputStream.<init>(FileInputStream.java:112) 2022-05-26 11:17:11 [ERROR ] [configure] at org.postgresql.ssl.LibPQFactory.<init>(LibPQFactory.java:147) 2022-05-26 11:17:11 [ERROR ] [configure] ... 14 more ... Actual results: Upgrade fails Expected results: Successful upgrade to 6.11 Additional info: Seems related to https://bugzilla.redhat.com/show_bug.cgi?id=2062189
Created redmine issue https://projects.theforeman.org/issues/35029 from this bug
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/35029 has been resolved.
Hi, Tested upgrade for Satellite with external DB SSL setup from 6.10.7 to 6.11, and it works perfectly by adding new required flag to the installer step in the 6.11 upgrade scenario. -------------------------------------------------------------------------------- Run installer with Candlepin SSL CA when using external database with SSL: - Running installer with --katello-candlepin-db-ssl-ca /usr/share/foreman/root.crt argument! [OK] -------------------------------------------------------------------------------- As well, I check upgrades for regular Satellite and Satellite with external DB on non-SSL setup, which also return the below message for the installer step, so I was wondering if anyone knew if this flag is supposed to be set for these setups? if yes, so it is still set to UNDEF after an upgrade, or is it just a message from the description of the procedure? -------------------------------------------------------------------------------- Run installer with Candlepin SSL CA when using external database with SSL: | Executing installer [OK] -------------------------------------------------------------------------------- As you can see, this description/message is misleading for regular and non-SSL Satellite setups, so I believe it should only be modified if `extdb_and_ssl?`, so how do you recommend handling this BZ? Thanks, Gaurav
Hello Gaurav, Thanks for testing the change. I feel the current messaging is correct as we also show if installer is getting executed with extra options in both cases. We can change the description of the procedure however I also feel that's the use of the procedure? This should not be the blocker for the GA, if required another bugzilla can be opened to change the description if needed. Regards, Amit Upadhye.
Hello Amit, Thanks for looking into this. >> I feel the current messaging is correct as we also show if an installer is getting executed with extra options in both cases. We can change the description of the procedure however I also feel that's the use of the procedure? Looking at the code below I don't think an installer is executed with extra options in both cases, but shouldn't the extra options be specific to extdb_and_ssl? ``` def run if extdb_and_ssl? run_installer_with_extra_option else run_installer end end ``` and if the installer runs with extra options for both cases then I check it is not being set after a successful upgrade to 6.11 for regular and non-SSL external DB Satellite setups # satellite-installer --full-help | grep katello-candlepin-db-ssl-ca --katello-candlepin-db-ssl-ca The CA certificate to verify the SSL connection to the database with (current: UNDEF) --reset-katello-candlepin-db-ssl-ca Reset candlepin_db_ssl_ca to the default value (UNDEF) >> This should not be the blocker for the GA, if required another bugzilla can be opened to change the description if needed. Yes, I totally agree with you. I've opened a BZ to track this description issue separately BZ 2096849. Hence verifying this BZ for Satellite 6.11.0 Snap 24.0 with version rubygem-foreman_maintain-1.0.12-1.el7sat.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Satellite 6.11 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5498