Bug 813812 - Not deployed /etc/candlepin/certs/candlepin-ca.key at fresh install
Not deployed /etc/candlepin/certs/candlepin-ca.key at fresh install
Status: CLOSED WORKSFORME
Product: Katello
Classification: Community
Component: Installer (Show other bugs)
2.0
Unspecified Linux
unspecified Severity high
: ---
: ---
Assigned To: Martin Bacovsky
Katello QA List
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-18 09:24 EDT by Larry Letelier
Modified: 2012-05-28 08:59 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-05-28 08:59:27 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
katello-debug-output (139.75 KB, application/x-gzip)
2012-04-18 09:24 EDT, Larry Letelier
no flags Details

  None (edit)
Description Larry Letelier 2012-04-18 09:24:41 EDT
Created attachment 578350 [details]
katello-debug-output

Description of problem:


Can't run katello-configure normally: 

Version-Release number of selected component (if applicable):

katello-glue-pulp-0.2.21-1.el6.noarch
katello-cli-common-0.2.18-1.el6.noarch
katello-0.2.21-1.el6.noarch
katello-qpid-broker-key-pair-1.0-1.noarch
katello-common-0.2.21-1.el6.noarch
katello-glue-foreman-0.2.21-1.el6.noarch
katello-configure-0.2.16-1.el6.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-glue-candlepin-0.2.21-1.el6.noarch
katello-certs-tools-1.1.5-1.el6.noarch
katello-all-0.2.21-1.el6.noarch
katello-cli-0.2.18-1.el6.noarch
katello-repos-0.2.1-1.el6.noarch
katello-selinux-0.2.4-1.el6.noarch

[root@cloud tmp]# lsb_release -a
LSB Version:	:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Distributor ID:	RedHatEnterpriseServer
Description:	Red Hat Enterprise Linux Server release 6.2 (Santiago)
Release:	6.2
Codename:	Santiago


How reproducible:

    katello-configure --user-name=admin --user-pass=admin --org-name=Domain_SCL
    Starting Katello configuration
    The top-level log file is [/var/log/katello/katello-configure-20120417-170135/main.log]
    err: /Stage[main]/Certs::Config/Exec[deploy-ssl-qpid-client-certificate]/returns: change from notrun to 0 failed: rpm -qp /root/ssl-build/cloud.demo.preteco.com/$(grep noarch.rpm /root/ssl-build/cloud.demo.preteco.com/latest.txt) | xargs rpm -q; if [ $? -ne 0 ]; then rpm -Uvh --force /root/ssl-build/cloud.demo.preteco.com/$(grep qpid-client.*noarch.rpm /root/ssl-build/cloud.demo.preteco.com/latest.txt); fi returned 1 instead of one of [0] at /usr/share/katello/install/puppet/modules/certs/manifests/config.pp:303
    err: /Stage[main]/Certs::Config/Exec[deploy-candlepin-certificate-to-cp]/returns: change from notrun to 0 failed: openssl x509 -in /usr/share/katello/candlepin-cert.crt -out /etc/candlepin/certs/candlepin-ca.crt; openssl rsa -in /root/ssl-build/candlepin-cert.key -out /etc/candlepin/certs/candlepin-ca.key -passin 'file:/etc/katello/candlepin_ca_password-file' returned 1 instead of one of [0] at /usr/share/katello/install/puppet/modules/certs/manifests/config.pp:175
    }
    +Creating Katello database user
    ############################################################ ... OK
    Creating Katello database
    ############################################################ ... OK
    Creating Candlepin database user
    ############################################################ ... OK
    Creating Candlepin database
    ############################################################ ... OK


Steps to Reproduce:
1.
2.
3.
  
Actual results:

httpd not start normally because he not have candlepin-ca.key

[root@cloud tmp]# /etc/init.d/httpd start
Iniciando httpd: Syntax error on line 11 of /etc/httpd/conf.d/katello.conf:
SSLCertificateKeyFile: file '/etc/candlepin/certs/candlepin-ca.key' does not exist or is empty
                                                           [FAILED]


Expected results:


Additional info:
Comment 1 Lukas Zapletal 2012-04-19 03:07:52 EDT
I have reproduced this today. On a clean box do this:

1) Install katello (but do not run configure-katello yet)
2) grep SSLCertificateFile /etc/httpd/conf.d/katello.conf
3) service httpd restart

So the lost ability to restart httpd is consequence, but also a different problem. We should be able to restart Apache httpd even when katello-configure was not issued yet.

The problem was your katello-configure did not finish, so httpd was not properly configured.
Comment 4 Lukas Zapletal 2012-04-19 03:27:51 EDT
The consequence was solved: https://bugzilla.redhat.com/show_bug.cgi?id=814063

I am not sure why it failed for you. Martin?
Comment 5 Martin Bacovsky 2012-04-19 04:30:08 EDT
According to the logs puppet omitted step called "generate-ssl-qpid-client-certificate" for no apparent reason. According to the communication with reporter this was first run of katello-configure on that machine. I'll check puppet config for that particular version for any clues. So far I was not able to either reprodece or explain this issue.
Comment 6 Martin Bacovsky 2012-05-28 08:59:27 EDT
Was unable to reproduce and examination of logs was not helpful either. Closing.

If the issue persist feel free to reopen this bug.

Note You need to log in before you can comment on or make changes to this bug.