Project

General

Profile

Bug #10766

Install fails if host puppet certs have already been generated

Added by Martin Bacovsky almost 4 years ago. Updated almost 3 years ago.

Status:
Ready For Testing
Priority:
Normal
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1122623
Description of problem:

When installing sat6, if puppet has been run at anytime on the host prior (such as in an environment where the normal bootstrap process involves running puppet), the host specific certs are generated:

/var/lib/puppet/ssl/private_keys/$HOSTNAME.pem

but the ca cert is not generated:

/var/lib/puppet/ssl/ca/ca_crt.pem

When the installer runs and attempts to generate the certs, puppet will not generate the ca cert since the host pem files already exist. It also does not seem to error in anyway. The result is that the install fails because httpd won't start:

Could not start Service[httpd]: Execution of '/usr/share/katello-installer/modules/service_wait/bin/service-wait httpd start' returned 1: Starting httpd: [Tue Jul 22 12:49:31 2014] [warn] module passenger_module is already loaded, skipping
/Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]: Failed to call refresh: /usr/sbin/foreman-rake db:seed returned 1 instead of one of [0]

Restarting httpd by hand reveals the error:

$ service httpd start

Starting httpd: [Tue Jul 22 18:06:27 2014] [warn] module passenger_module is already loaded, skipping

Syntax error on line 39 of /etc/httpd/conf.d/25-puppet.conf:

SSLCertificateChainFile: file '/var/lib/puppet/ssl/ca/ca_crt.pem' does not exist or is empty

[FAILED]

How reproducible:
Always

Steps to Reproduce:
1. Install a new system
2. run puppet on it
3. verify that /var/lib/puppet/ssl/private_keys/$HOSTNAME.pem was created
4. Attempt to install satellite 6

Actual results:
Failure

Expected results:
Either the installer needs to error immediately with cleanup instructions, or it should handle this case and install fine


Related issues

Copied to Katello - Bug #15241: Install fails if host puppet certs have already been generatedClosed2016-05-31

History

#1 Updated by The Foreman Bot almost 3 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-installer/pull/149 added

#2 Updated by Martin Bacovsky almost 3 years ago

  • Copied to Bug #15241: Install fails if host puppet certs have already been generated added

Also available in: Atom PDF