Actions
Bug #17133
closed
Puppet SSL certificate generated after Apache started from 'foreman' module
Difficulty:
Triaged:
Description
Installations with Puppet Server (PC1 repos) are failing to start Service[httpd] as the Puppet certificate (and CA) hasn't yet been generated:
[ INFO 2016-10-28 09:45:44 main] Class[Apache::Service]: Scheduling refresh of Service[httpd] [DEBUG 2016-10-28 09:45:44 main] Executing: '/bin/systemctl is-active httpd' [DEBUG 2016-10-28 09:45:44 main] Executing: '/bin/systemctl is-enabled httpd' [DEBUG 2016-10-28 09:45:44 main] Executing: '/bin/systemctl unmask httpd' [DEBUG 2016-10-28 09:45:44 main] Executing: '/bin/systemctl start httpd' [DEBUG 2016-10-28 09:45:44 main] Runing journalctl command to get logs for systemd start failure: journalctl -n 50 --since '5 minutes ago' -u httpd --no-pager [DEBUG 2016-10-28 09:45:44 main] Executing: 'journalctl -n 50 --since '5 minutes ago' -u httpd --no-pager' [ERROR 2016-10-28 09:45:44 main] Systemd start for httpd failed! [ERROR 2016-10-28 09:45:44 main] journalctl log for httpd: [ERROR 2016-10-28 09:45:44 main] -- Logs begin at Fri 2016-10-28 09:38:39 EDT, end at Fri 2016-10-28 09:45:44 EDT. -- [ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com systemd[1]: Starting The Apache HTTP Server... [ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com httpd[15923]: AH00526: Syntax error on line 30 of /etc/httpd/conf.d/05-foreman-ssl.conf: [ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com httpd[15923]: SSLCertificateFile: file '/etc/puppetlabs/puppet/ssl/certs/foreman.example.com.pem' does not exist or is empty [ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE [ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com kill[15924]: kill: cannot find process "" [ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com systemd[1]: httpd.service: control process exited, code=exited status=1 [ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com systemd[1]: Failed to start The Apache HTTP Server. [ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com systemd[1]: Unit httpd.service entered failed state. [ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com systemd[1]: httpd.service failed. [..] [DEBUG 2016-10-28 09:46:27 main] Exec[puppet_server_config-generate_ca_cert](provider=posix): Executing '/opt/puppetlabs/bin/puppet cert --generate foreman.example.com' [ WARN 2016-10-28 09:46:32 main] /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: executed successfully
Running the installer again fixes the issue.
There are ordering relationships in foreman_proxy/puppet::server::config for the smart proxy, but not Apache (from the foreman module) when using Puppet Server.
When using the rack-based Puppet master, the puppet::server::config module adds ordering for Service[httpd].
It's likely that refactoring in the puppet module has the resource ordering to change.
Updated by Anonymous about 8 years ago
FWIW, I think #17062 is a bit related, as it also touches the relationship of resources in the foreman and puppet modules.
Updated by Dominic Cleal about 8 years ago
- Status changed from New to Assigned
- Assignee set to Dominic Cleal
Updated by The Foreman Bot about 8 years ago
- Status changed from Assigned to Ready For Testing
- Pull request https://github.com/theforeman/puppet-foreman/pull/500 added
Updated by The Foreman Bot about 8 years ago
- Pull request https://github.com/theforeman/puppet-puppet/pull/453 added
Updated by Dominic Cleal about 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset puppet-foreman|960d5e1e620e83610f1fbb207c0f21232be48675.
Actions