Project

General

Profile

Actions
Copy link

Bug #17133

closed

Puppet SSL certificate generated after Apache started from 'foreman' module

Added by Dominic Cleal over 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Dominic Cleal
Category:
Foreman modules
Target version:
1.14.0
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/puppet-foreman/pull/500, https://github.com/theforeman/puppet-puppet/pull/453
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Installations with Puppet Server (PC1 repos) are failing to start Service[httpd] as the Puppet certificate (and CA) hasn't yet been generated:

[ INFO 2016-10-28 09:45:44 main]  Class[Apache::Service]: Scheduling refresh of Service[httpd]
[DEBUG 2016-10-28 09:45:44 main]  Executing: '/bin/systemctl is-active httpd'
[DEBUG 2016-10-28 09:45:44 main]  Executing: '/bin/systemctl is-enabled httpd'
[DEBUG 2016-10-28 09:45:44 main]  Executing: '/bin/systemctl unmask httpd'
[DEBUG 2016-10-28 09:45:44 main]  Executing: '/bin/systemctl start httpd'
[DEBUG 2016-10-28 09:45:44 main]  Runing journalctl command to get logs for systemd start failure: journalctl -n 50 --since '5 minutes ago' -u httpd --no-pager
[DEBUG 2016-10-28 09:45:44 main]  Executing: 'journalctl -n 50 --since '5 minutes ago' -u httpd --no-pager'
[ERROR 2016-10-28 09:45:44 main]  Systemd start for httpd failed!
[ERROR 2016-10-28 09:45:44 main] journalctl log for httpd:
[ERROR 2016-10-28 09:45:44 main] -- Logs begin at Fri 2016-10-28 09:38:39 EDT, end at Fri 2016-10-28 09:45:44 EDT. --
[ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com systemd[1]: Starting The Apache HTTP Server...
[ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com httpd[15923]: AH00526: Syntax error on line 30 of /etc/httpd/conf.d/05-foreman-ssl.conf:
[ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com httpd[15923]: SSLCertificateFile: file '/etc/puppetlabs/puppet/ssl/certs/foreman.example.com.pem' does not exist or is empty
[ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
[ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com kill[15924]: kill: cannot find process "" 
[ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com systemd[1]: httpd.service: control process exited, code=exited status=1
[ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com systemd[1]: Failed to start The Apache HTTP Server.
[ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com systemd[1]: Unit httpd.service entered failed state.
[ERROR 2016-10-28 09:45:44 main] Oct 28 09:45:44 foreman.example.com systemd[1]: httpd.service failed.
[..]
[DEBUG 2016-10-28 09:46:27 main]  Exec[puppet_server_config-generate_ca_cert](provider=posix): Executing '/opt/puppetlabs/bin/puppet cert --generate foreman.example.com'
[ WARN 2016-10-28 09:46:32 main]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: executed successfully

Running the installer again fixes the issue.

There are ordering relationships in foreman_proxy/puppet::server::config for the smart proxy, but not Apache (from the foreman module) when using Puppet Server.

When using the rack-based Puppet master, the puppet::server::config module adds ordering for Service[httpd].

It's likely that refactoring in the puppet module has the resource ordering to change.

Actions
Copy link

Also available in: Atom PDF