Duplicate declaration: /etc/foreman-proxy/ssl_key.pem
|Status:||Need more information|
|Target version:||Katello 3.4.6|
|Triaged:||Fixed in Releases:|
|Bugzilla link:||Found in Releases:|
when installing a pulp only node there is an error about a duplicate resource statement: (no puppet, no puppetca, no use_sudoers)
[ERROR 2017-03-06 13:28:19 main] Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: File[/etc/foreman-proxy/ssl_key.pem] is already declared in file /usr/share/foreman-installer/modules/foreman_proxy/manifests/config.pp:140; cannot redeclare at /usr/share/katello-installer-base/modules/certs/manifests/foreman_proxy.pp:83 at /usr/share/katello-installer-base/modules/certs/manifests/foreman_proxy.pp:83:5 on node pulpnode.de
I'm not sure where it is correct to declare the file; would it be best to use ensure_resource from stdlib at both occurrences?
#3 Updated by Klaas D over 1 year ago
foreman-installer --scenario foreman-proxy-content \ --foreman-proxy-content-certs-tar /root/pulpnode01.tld-certs.tar\ --certs-update-all\ --certs-regenerate true\ --foreman-proxy-content-pulp-oauth-secret ""\ --foreman-proxy-content-parent-fqdn "pulpmaster.tld"\ --foreman-proxy-register-in-foreman "true"\ --foreman-proxy-foreman-base-url "https://pulpmaster.tld"\ --foreman-proxy-trusted-hosts "pulpmaster.tld"\ --foreman-proxy-trusted-hosts "pulpnode01.tld"\ --foreman-proxy-oauth-consumer-key ""\ --foreman-proxy-oauth-consumer-secret ""\ --foreman-proxy-puppet false\ --foreman-proxy-content-puppet false\ --foreman-proxy-puppetca false\ --foreman-proxy-tftp false\ --foreman-proxy-templates false
For Katello 3.4.3 the Error message changed a little because its now in a different line:
[ERROR 2017-07-24 16:02:55 main] Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: File[/etc/foreman-proxy/ssl_key.pem] is already declared in file /usr/share/foreman-installer/modules/foreman_proxy/manifests/config.pp:145; cannot redeclare at /usr/share/katello-installer-base/modules/certs/manifests/keypair.pp:23 at /usr/share/katello-installer-base/modules/certs/manifests/keypair.pp:23:5 at /usr/share/katello-installer-base/modules/certs/manifests/foreman_proxy.pp:84 on node pulpnode.srv.muenchen.de
#13 Updated by Eric Helms 11 months ago
- Status changed from Assigned to Need more information
I am not sure how to resolve this (or if we even should). Since we are overriding what certs are being deployed, we need in puppet-certs to set file attributes and ensure it exists. Meanwhile, the foreman_proxy also needs to. The only way I can see around this is to change where Katello deploys the foreman proxy certs into /etc/pki/katello and not try to override the default location? Thoughts?
I am also going to move this to 3.5.0 or backlog depending on the outcome as I don't think this is fatal enough for 3.4.
So to explain this problem a little further, selecting not to install a puppetca/puppet proxy causes this if statement: https://github.com/theforeman/puppet-foreman_proxy/blob/beb803df7245c0203a6fc11f25aab47af7870f4b/manifests/config.pp#L116
to run into the else part of the if where the sslkeys are File resources. These resources are already declared in https://github.com/Katello/puppet-certs/blob/master/manifests/foreman_proxy.pp#L84-L91
so question is where should they be declared - does foreman_proxy need a switch to disable the management?
#19 Updated by Ewoud Kohl van Wijngaarden about 1 month ago
So it looks like you should pass in foreman_proxy::manage_puppet_group => false when you disable puppet. With the installer it should be exposed as --foreman-proxy-manage-puppet-group false. Can you verify this solves it for you? If it does we should do this in hiera by default I think.