Project

General

Profile

Bug #15241

Install fails if host puppet certs have already been generated

Added by Martin Bacovsky almost 3 years ago. Updated 10 months ago.

Status:
Closed
Priority:
Normal
Category:
Installer
Target version:
Difficulty:
medium
Triaged:
Yes
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1122623
Description of problem:

When installing sat6, if puppet has been run at anytime on the host prior (such as in an environment where the normal bootstrap process involves running puppet), the host specific certs are generated:

/var/lib/puppet/ssl/private_keys/$HOSTNAME.pem

but the ca cert is not generated:

/var/lib/puppet/ssl/ca/ca_crt.pem

When the installer runs and attempts to generate the certs, puppet will not generate the ca cert since the host pem files already exist. It also does not seem to error in anyway. The result is that the install fails because httpd won't start:

Could not start Service[httpd]: Execution of '/usr/share/katello-installer/modules/service_wait/bin/service-wait httpd start' returned 1: Starting httpd: [Tue Jul 22 12:49:31 2014] [warn] module passenger_module is already loaded, skipping
/Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]: Failed to call refresh: /usr/sbin/foreman-rake db:seed returned 1 instead of one of [0]

Restarting httpd by hand reveals the error:

$ service httpd start

Starting httpd: [Tue Jul 22 18:06:27 2014] [warn] module passenger_module is already loaded, skipping

Syntax error on line 39 of /etc/httpd/conf.d/25-puppet.conf:

SSLCertificateChainFile: file '/var/lib/puppet/ssl/ca/ca_crt.pem' does not exist or is empty

[FAILED]

How reproducible:
Always

Steps to Reproduce:
1. Install a new system
2. run puppet on it
3. verify that /var/lib/puppet/ssl/private_keys/$HOSTNAME.pem was created
4. Attempt to install satellite 6

Actual results:
Failure

Expected results:
Either the installer needs to error immediately with cleanup instructions, or it should handle this case and install fine


Related issues

Copied from Installer - Bug #10766: Install fails if host puppet certs have already been generatedReady For Testing2015-06-09

Associated revisions

Revision b54acb74 (diff)
Added by Martin Bacovsky almost 3 years ago

Fixes #15241 - fail nicely if puppet certs were already generated

Revision 580b3426
Added by Eric D Helms almost 3 years ago

Merge pull request #352 from mbacovsky/15241_puppet_certs

Fixes #15241 - fail nicely if puppet certs were already generated

History

#1 Updated by Martin Bacovsky almost 3 years ago

  • Status changed from New to Assigned

#2 Updated by Martin Bacovsky almost 3 years ago

  • Copied from Bug #10766: Install fails if host puppet certs have already been generated added

#3 Updated by Martin Bacovsky almost 3 years ago

I have created copy of #10766 for Katello because the hooks are not shared yet among the Katello and Foreman scenarios.

#4 Updated by The Foreman Bot almost 3 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/Katello/katello-installer/pull/352 added

#5 Updated by Justin Sherrill almost 3 years ago

  • Legacy Backlogs Release (now unused) set to 162
  • Difficulty set to medium

#6 Updated by Martin Bacovsky almost 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF