801549 – After katello-configure thumbslug fails to start with Unable to load the ssl keystore

Bug 801549 - After katello-configure thumbslug fails to start with Unable to load the ssl keystore

Summary: After katello-configure thumbslug fails to start with Unable to load the ssl ...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Subscription Asset Manager
Classification:	Retired
Component:	katello-configure
Sub Component:
Version:	1.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Martin Bacovsky
QA Contact:	SAM QE List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	703617 803492
TreeView+	depends on / blocked

Reported:	2012-03-08 19:52 UTC by Eric Sammons
Modified:	2012-04-27 00:19 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	803492 (view as bug list)
Environment:	katello-configure-0.1.104-1.el6.noarch
Last Closed:	2012-04-27 00:19:56 UTC
Embargoed:

Attachments	(Terms of Use)

Description Eric Sammons 2012-03-08 19:52:03 UTC

Description of problem:
When katello-configure is run a keystore is create in /etc/pki/katello/keystore; however, /etc/thumbslug/thumbslug.conf expects the ssl.keystore to be at /etc/candlepin/certs/keystore.  Because the keystore is not available to thumbslug, starting thumbslug will result in the following being logged to error.log.

Mar 08 14:23:08 [main] INFO  org.candlepin.thumbslug.ssl.SslContextFactory - reading keystore
Mar 08 14:23:08 [main] ERROR org.candlepin.thumbslug.Main - Unable to load the ssl keystore. Check that ssl.keystore and ssl.keystore.password are set correctly.
org.candlepin.thumbslug.ssl.SslKeystoreException: Failed to initialize the server-side SSLContext.
        at org.candlepin.thumbslug.ssl.SslContextFactory.getServerContext(SslContextFactory.java:83)
        at org.candlepin.thumbslug.Main.configureSSL(Main.java:67)
        at org.candlepin.thumbslug.Main.main(Main.java:136)
Caused by: java.io.FileNotFoundException: /etc/candlepin/certs/keystore (No such file or directory)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:137)
        at org.candlepin.thumbslug.ssl.SslContextFactory.getServerContext(SslContextFactory.java:68)
        ... 2 more
Mar 08 14:44:48 [main] INFO  org.candlepin.thumbslug.ssl.SslContextFactory - reading keystore
Mar 08 14:44:48 [main] ERROR org.candlepin.thumbslug.Main - Unable to load the ssl keystore. Check that ssl.keystore and ssl.keystore.password are set correctly.
org.candlepin.thumbslug.ssl.SslKeystoreException: Failed to initialize the server-side SSLContext.
        at org.candlepin.thumbslug.ssl.SslContextFactory.getServerContext(SslContextFactory.java:83)
        at org.candlepin.thumbslug.Main.configureSSL(Main.java:67)
        at org.candlepin.thumbslug.Main.main(Main.java:136)
Caused by: java.io.FileNotFoundException: /etc/candlepin/certs/keystore (No such file or directory)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:137)
        at org.candlepin.thumbslug.ssl.SslContextFactory.getServerContext(SslContextFactory.java:68)


Reproduce:
1. yum install -y katello-headpin-all
2. katello-configure --deployment=sam
3. service thumbslug status
   or 
   ps -ef|grep thumbslug|grep -v grep

Results:
Thumbslug daemon is not running

Comment 1 Martin Bacovsky 2012-03-08 20:55:05 UTC

Commit hash: 6b140a440b6051f854e8bfd7f6a50e0bb99fb60d

- fixed thumbslug.conf to pint to /etc/pki/katello/keystore
- /etc/pki/katello/keystore is owned by root.katello
- user thumbslug was added to katello group

Test install:
# katello-configure --deployment=headpin
WARNING: FQDN is not set!
Starting Katello configuration
The top-level log file is [/var/log/katello/katello-configure-20120308-214310/main.log]
Creating Katello database user
############################################################ ... OK
Creating Katello database
############################################################ ... OK
Creating Candlepin database user
############################################################ ... OK
Creating Candlepin database
############################################################ ... OK
Candlepin setup
############################################################ ... OK
Populating Katello database schema
############################################################ ... OK
Initializing Katello data
############################################################ ... OK
[root@sam-test ~]# service thumbslug status
thumbslug (pid  3222) is running...
[root@sam-test ~]# tail /var/log/thumbslug/error.log
Mar 08 21:46:27 [main] INFO  org.candlepin.thumbslug.ssl.SslContextFactory - reading keystore
Mar 08 21:46:28 [main] WARN  org.candlepin.thumbslug.Main - Running Thumbslug on port 8088
Mar 08 21:46:28 [shutdownHook] WARN  org.candlepin.thumbslug.Main - Shutting down...
Mar 08 21:46:29 [main] INFO  org.candlepin.thumbslug.ssl.SslContextFactory - reading keystore
Mar 08 21:46:30 [main] WARN  org.candlepin.thumbslug.Main - Running Thumbslug on port 8088
[root@sam-test ~]# ls -la /etc/pki/katello/
total 12
drwxr-x---.  2 root katello 4096 Mar  8 21:43 .
drwxr-xr-x. 11 root root    4096 Mar  8 21:43 ..
-rw-r-----.  1 root katello 2866 Mar  8 21:43 keystore
[root@sam-test ~]# cat /etc/group|grep ^katello
katello:x:495:thumbslug,tomcat
[root@sam-test ~]#

Note You need to log in before you can comment on or make changes to this bug.