Bug #18806

Duplicate declaration: /etc/foreman-proxy/ssl_key.pem

Added by Klaas D over 1 year ago. Updated 9 days ago.

Status:Need more information
Priority:Normal
Assignee:Eric Helms
Category:Installer
Target version:Katello 3.4.6
Difficulty: Team Backlog:
Triaged: Fixed in Releases:
Bugzilla link: Found in Releases:
Pull request:

Description

Hi,
when installing a pulp only node there is an error about a duplicate resource statement: (no puppet, no puppetca, no use_sudoers)

[ERROR 2017-03-06 13:28:19 main]  Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: File[/etc/foreman-proxy/ssl_key.pem] is already declared in file /usr/share/foreman-installer/modules/foreman_proxy/manifests/config.pp:140; cannot redeclare at /usr/share/katello-installer-base/modules/certs/manifests/foreman_proxy.pp:83 at /usr/share/katello-installer-base/modules/certs/manifests/foreman_proxy.pp:83:5 on node pulpnode.de

https://github.com/Katello/puppet-certs/blob/master/manifests/foreman_proxy.pp#L87-L92
and
https://github.com/theforeman/puppet-foreman_proxy/blob/master/manifests/config.pp#L128-L149

in master

I'm not sure where it is correct to declare the file; would it be best to use ensure_resource from stdlib at both occurrences?

Greetings
Klaas


Related issues

Duplicated by Katello - Bug #20125: Duplicate declaration with --foreman-proxy-puppet false Duplicate 06/27/2017
Duplicated by Installer - Bug #22443: Evaluation Error: Error while evaluating a Resource Stat... Rejected 01/29/2018

History

#1 Updated by Klaas D over 1 year ago

Forgot to say, katello 3.3 stable and foreman 1.14.2

#2 Updated by Justin Sherrill over 1 year ago

  • Status changed from New to Need more information
  • Legacy Backlogs Release (now unused) set to 226

Could you provide all the install options you specified?

#3 Updated by Klaas D over 1 year ago

foreman-installer --scenario foreman-proxy-content \
  --foreman-proxy-content-certs-tar /root/pulpnode01.tld-certs.tar\
  --certs-update-all\
  --certs-regenerate true\
  --foreman-proxy-content-pulp-oauth-secret     ""\
  --foreman-proxy-content-parent-fqdn           "pulpmaster.tld"\
  --foreman-proxy-register-in-foreman           "true"\
  --foreman-proxy-foreman-base-url              "https://pulpmaster.tld"\
  --foreman-proxy-trusted-hosts                 "pulpmaster.tld"\
  --foreman-proxy-trusted-hosts                 "pulpnode01.tld"\
  --foreman-proxy-oauth-consumer-key            ""\
  --foreman-proxy-oauth-consumer-secret         ""\
  --foreman-proxy-puppet false\
  --foreman-proxy-content-puppet false\
  --foreman-proxy-puppetca false\
  --foreman-proxy-tftp false\
  --foreman-proxy-templates false

#4 Updated by Klaas D over 1 year ago

  • Status changed from Need more information to New

#5 Updated by Justin Sherrill about 1 year ago

  • Legacy Backlogs Release (now unused) changed from 226 to 228

#6 Updated by Justin Sherrill about 1 year ago

  • Assignee set to Eric Helms
  • Legacy Backlogs Release (now unused) changed from 228 to 258

#7 Updated by Eric Helms about 1 year ago

  • Legacy Backlogs Release (now unused) changed from 258 to 267

#8 Updated by Anthony Chevalet about 1 year ago

  • Duplicated by Bug #20125: Duplicate declaration with --foreman-proxy-puppet false added

#9 Updated by Justin Sherrill about 1 year ago

  • Legacy Backlogs Release (now unused) changed from 267 to 281

#10 Updated by Klaas D 12 months ago

For Katello 3.4.3 the Error message changed a little because its now in a different line:

[ERROR 2017-07-24 16:02:55 main]  Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: File[/etc/foreman-proxy/ssl_key.pem] is already declared in file /usr/share/foreman-installer/modules/foreman_proxy/manifests/config.pp:145; cannot redeclare at /usr/share/katello-installer-base/modules/certs/manifests/keypair.pp:23 at /usr/share/katello-installer-base/modules/certs/manifests/keypair.pp:23:5  at /usr/share/katello-installer-base/modules/certs/manifests/foreman_proxy.pp:84 on node pulpnode.srv.muenchen.de

#11 Updated by Eric Helms 12 months ago

  • Legacy Backlogs Release (now unused) changed from 281 to 286

#12 Updated by Eric Helms 12 months ago

  • Status changed from New to Assigned

#13 Updated by Eric Helms 11 months ago

  • Status changed from Assigned to Need more information

Klaas,

I am not sure how to resolve this (or if we even should). Since we are overriding what certs are being deployed, we need in puppet-certs to set file attributes and ensure it exists. Meanwhile, the foreman_proxy also needs to. The only way I can see around this is to change where Katello deploys the foreman proxy certs into /etc/pki/katello and not try to override the default location? Thoughts?

I am also going to move this to 3.5.0 or backlog depending on the outcome as I don't think this is fatal enough for 3.4.

#14 Updated by Klaas D 11 months ago

So to explain this problem a little further, selecting not to install a puppetca/puppet proxy causes this if statement: https://github.com/theforeman/puppet-foreman_proxy/blob/beb803df7245c0203a6fc11f25aab47af7870f4b/manifests/config.pp#L116

to run into the else part of the if where the sslkeys are File resources. These resources are already declared in https://github.com/Katello/puppet-certs/blob/master/manifests/foreman_proxy.pp#L84-L91

so question is where should they be declared - does foreman_proxy need a switch to disable the management?

#15 Updated by Eric Helms 11 months ago

  • Legacy Backlogs Release (now unused) changed from 286 to 295

#16 Updated by Eric Hansen about 1 month ago

I posted under https://projects.theforeman.org/issues/22443

However, my struggles appear to be the same... no workaround... huh.

#17 Updated by Klaas D about 1 month ago

@Eric Hansen: if I recall right you can just comment out one of the resources that's duplicate - but in general this is a design issue because you're not meant to run a proxy without puppet

#18 Updated by Ewoud Kohl van Wijngaarden about 1 month ago

  • Duplicated by Bug #22443: Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: added

#19 Updated by Ewoud Kohl van Wijngaarden about 1 month ago

So it looks like you should pass in foreman_proxy::manage_puppet_group => false when you disable puppet. With the installer it should be exposed as --foreman-proxy-manage-puppet-group false. Can you verify this solves it for you? If it does we should do this in hiera by default I think.

Also available in: Atom PDF