Project

General

Profile

Actions

Bug #15241

closed

Install fails if host puppet certs have already been generated

Added by Martin Bacovsky almost 8 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Category:
Installer
Target version:
Difficulty:
medium
Triaged:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1122623
Description of problem:

When installing sat6, if puppet has been run at anytime on the host prior (such as in an environment where the normal bootstrap process involves running puppet), the host specific certs are generated:

/var/lib/puppet/ssl/private_keys/$HOSTNAME.pem

but the ca cert is not generated:

/var/lib/puppet/ssl/ca/ca_crt.pem

When the installer runs and attempts to generate the certs, puppet will not generate the ca cert since the host pem files already exist. It also does not seem to error in anyway. The result is that the install fails because httpd won't start:

Could not start Service[httpd]: Execution of '/usr/share/katello-installer/modules/service_wait/bin/service-wait httpd start' returned 1: Starting httpd: [Tue Jul 22 12:49:31 2014] [warn] module passenger_module is already loaded, skipping
/Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]: Failed to call refresh: /usr/sbin/foreman-rake db:seed returned 1 instead of one of [0]

Restarting httpd by hand reveals the error:

$ service httpd start

Starting httpd: [Tue Jul 22 18:06:27 2014] [warn] module passenger_module is already loaded, skipping

Syntax error on line 39 of /etc/httpd/conf.d/25-puppet.conf:

SSLCertificateChainFile: file '/var/lib/puppet/ssl/ca/ca_crt.pem' does not exist or is empty

[FAILED]

How reproducible:
Always

Steps to Reproduce:
1. Install a new system
2. run puppet on it
3. verify that /var/lib/puppet/ssl/private_keys/$HOSTNAME.pem was created
4. Attempt to install satellite 6

Actual results:
Failure

Expected results:
Either the installer needs to error immediately with cleanup instructions, or it should handle this case and install fine


Related issues 1 (0 open1 closed)

Copied from Installer - Bug #10766: Install fails if host puppet certs have already been generatedRejectedMartin BacovskyActions
Actions #1

Updated by Martin Bacovsky almost 8 years ago

  • Status changed from New to Assigned
Actions #2

Updated by Martin Bacovsky almost 8 years ago

  • Copied from Bug #10766: Install fails if host puppet certs have already been generated added
Actions #3

Updated by Martin Bacovsky almost 8 years ago

I have created copy of #10766 for Katello because the hooks are not shared yet among the Katello and Foreman scenarios.

Actions #4

Updated by The Foreman Bot almost 8 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/Katello/katello-installer/pull/352 added
Actions #5

Updated by Justin Sherrill almost 8 years ago

  • translation missing: en.field_release set to 162
  • Difficulty set to medium
Actions #6

Updated by Martin Bacovsky over 7 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF