Project

General

Profile

Bug #18806

Duplicate declaration: /etc/foreman-proxy/ssl_key.pem

Added by Klaas D almost 4 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Category:
Installer
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:

Description

Hi,
when installing a pulp only node there is an error about a duplicate resource statement: (no puppet, no puppetca, no use_sudoers)

[ERROR 2017-03-06 13:28:19 main]  Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: File[/etc/foreman-proxy/ssl_key.pem] is already declared in file /usr/share/foreman-installer/modules/foreman_proxy/manifests/config.pp:140; cannot redeclare at /usr/share/katello-installer-base/modules/certs/manifests/foreman_proxy.pp:83 at /usr/share/katello-installer-base/modules/certs/manifests/foreman_proxy.pp:83:5 on node pulpnode.de

https://github.com/Katello/puppet-certs/blob/master/manifests/foreman_proxy.pp#L87-L92
and
https://github.com/theforeman/puppet-foreman_proxy/blob/master/manifests/config.pp#L128-L149

in master

I'm not sure where it is correct to declare the file; would it be best to use ensure_resource from stdlib at both occurrences?

Greetings
Klaas


Related issues

Has duplicate Katello - Bug #20125: Duplicate declaration with --foreman-proxy-puppet falseDuplicate2017-06-27
Has duplicate Installer - Bug #22443: Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration:Rejected2018-01-29

Associated revisions

Revision edad3438 (diff)
Added by Ewoud Kohl van Wijngaarden over 2 years ago

Fixes #18806 - Never manage the Puppet group

This is a workaround when using the Puppet certificates but not managing
Puppet. In the Katello context we never do that and it can result in a
duplicate file declaration.

History

#1 Updated by Klaas D almost 4 years ago

Forgot to say, katello 3.3 stable and foreman 1.14.2

#2 Updated by Justin Sherrill almost 4 years ago

  • Status changed from New to Need more information
  • Legacy Backlogs Release (now unused) set to 226

Could you provide all the install options you specified?

#3 Updated by Klaas D almost 4 years ago

foreman-installer --scenario foreman-proxy-content \
  --foreman-proxy-content-certs-tar /root/pulpnode01.tld-certs.tar\
  --certs-update-all\
  --certs-regenerate true\
  --foreman-proxy-content-pulp-oauth-secret     ""\
  --foreman-proxy-content-parent-fqdn           "pulpmaster.tld"\
  --foreman-proxy-register-in-foreman           "true"\
  --foreman-proxy-foreman-base-url              "https://pulpmaster.tld"\
  --foreman-proxy-trusted-hosts                 "pulpmaster.tld"\
  --foreman-proxy-trusted-hosts                 "pulpnode01.tld"\
  --foreman-proxy-oauth-consumer-key            ""\
  --foreman-proxy-oauth-consumer-secret         ""\
  --foreman-proxy-puppet false\
  --foreman-proxy-content-puppet false\
  --foreman-proxy-puppetca false\
  --foreman-proxy-tftp false\
  --foreman-proxy-templates false

#4 Updated by Klaas D almost 4 years ago

  • Status changed from Need more information to New

#5 Updated by Justin Sherrill over 3 years ago

  • Legacy Backlogs Release (now unused) changed from 226 to 228

#6 Updated by Justin Sherrill over 3 years ago

  • Assignee set to Eric Helms
  • Legacy Backlogs Release (now unused) changed from 228 to 258

#7 Updated by Eric Helms over 3 years ago

  • Legacy Backlogs Release (now unused) changed from 258 to 267

#8 Updated by Anthony Chevalet over 3 years ago

  • Has duplicate Bug #20125: Duplicate declaration with --foreman-proxy-puppet false added

#9 Updated by Justin Sherrill over 3 years ago

  • Legacy Backlogs Release (now unused) changed from 267 to 281

#10 Updated by Klaas D over 3 years ago

For Katello 3.4.3 the Error message changed a little because its now in a different line:

[ERROR 2017-07-24 16:02:55 main]  Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: File[/etc/foreman-proxy/ssl_key.pem] is already declared in file /usr/share/foreman-installer/modules/foreman_proxy/manifests/config.pp:145; cannot redeclare at /usr/share/katello-installer-base/modules/certs/manifests/keypair.pp:23 at /usr/share/katello-installer-base/modules/certs/manifests/keypair.pp:23:5  at /usr/share/katello-installer-base/modules/certs/manifests/foreman_proxy.pp:84 on node pulpnode.srv.muenchen.de

#11 Updated by Eric Helms over 3 years ago

  • Legacy Backlogs Release (now unused) changed from 281 to 286

#12 Updated by Eric Helms over 3 years ago

  • Status changed from New to Assigned

#13 Updated by Eric Helms over 3 years ago

  • Status changed from Assigned to Need more information

Klaas,

I am not sure how to resolve this (or if we even should). Since we are overriding what certs are being deployed, we need in puppet-certs to set file attributes and ensure it exists. Meanwhile, the foreman_proxy also needs to. The only way I can see around this is to change where Katello deploys the foreman proxy certs into /etc/pki/katello and not try to override the default location? Thoughts?

I am also going to move this to 3.5.0 or backlog depending on the outcome as I don't think this is fatal enough for 3.4.

#14 Updated by Klaas D over 3 years ago

So to explain this problem a little further, selecting not to install a puppetca/puppet proxy causes this if statement: https://github.com/theforeman/puppet-foreman_proxy/blob/beb803df7245c0203a6fc11f25aab47af7870f4b/manifests/config.pp#L116

to run into the else part of the if where the sslkeys are File resources. These resources are already declared in https://github.com/Katello/puppet-certs/blob/master/manifests/foreman_proxy.pp#L84-L91

so question is where should they be declared - does foreman_proxy need a switch to disable the management?

#15 Updated by Eric Helms over 3 years ago

  • Legacy Backlogs Release (now unused) changed from 286 to 295

#16 Updated by Eric Hansen over 2 years ago

I posted under https://projects.theforeman.org/issues/22443

However, my struggles appear to be the same... no workaround... huh.

#17 Updated by Klaas D over 2 years ago

@Eric Hansen: if I recall right you can just comment out one of the resources that's duplicate - but in general this is a design issue because you're not meant to run a proxy without puppet

#18 Updated by Ewoud Kohl van Wijngaarden over 2 years ago

  • Has duplicate Bug #22443: Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: added

#19 Updated by Ewoud Kohl van Wijngaarden over 2 years ago

So it looks like you should pass in foreman_proxy::manage_puppet_group => false when you disable puppet. With the installer it should be exposed as --foreman-proxy-manage-puppet-group false. Can you verify this solves it for you? If it does we should do this in hiera by default I think.

#20 Updated by Matt Williams over 2 years ago

  • Triaged set to No

Ewoud Kohl van Wijngaarden wrote:

So it looks like you should pass in foreman_proxy::manage_puppet_group => false when you disable puppet. With the installer it should be exposed as --foreman-proxy-manage-puppet-group false. Can you verify this solves it for you? If it does we should do this in hiera by default I think.

Running with --foreman-proxy-manage-puppet-group false did indeed work for me and the installer completed successfully.

#21 Updated by John Mitsch over 2 years ago

  • Target version deleted (Katello 3.4.6)

Is there any action required for this issue? We are wondering how to triage it.

#22 Updated by Justin Sherrill over 2 years ago

  • Triaged changed from No to Yes
  • Target version set to Katello 3.8.0
  • Assignee changed from Eric Helms to Ewoud Kohl van Wijngaarden
  • Status changed from Need more information to Assigned

Assigning to Ewoud since he seemed to know what work needs to be done :)

#23 Updated by The Foreman Bot over 2 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/Katello/katello-installer/pull/670 added

#24 Updated by Ewoud Kohl van Wijngaarden over 2 years ago

  • Status changed from Ready For Testing to Closed

#25 Updated by The Foreman Bot over 2 years ago

  • Pull request https://github.com/Katello/katello-installer/pull/675 added

Also available in: Atom PDF