Bug #18806
closed
Duplicate declaration: /etc/foreman-proxy/ssl_key.pem
Description
Hi,
when installing a pulp only node there is an error about a duplicate resource statement: (no puppet, no puppetca, no use_sudoers)
[ERROR 2017-03-06 13:28:19 main] Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: File[/etc/foreman-proxy/ssl_key.pem] is already declared in file /usr/share/foreman-installer/modules/foreman_proxy/manifests/config.pp:140; cannot redeclare at /usr/share/katello-installer-base/modules/certs/manifests/foreman_proxy.pp:83 at /usr/share/katello-installer-base/modules/certs/manifests/foreman_proxy.pp:83:5 on node pulpnode.de
https://github.com/Katello/puppet-certs/blob/master/manifests/foreman_proxy.pp#L87-L92
and
https://github.com/theforeman/puppet-foreman_proxy/blob/master/manifests/config.pp#L128-L149
in master
I'm not sure where it is correct to declare the file; would it be best to use ensure_resource from stdlib at both occurrences?
Greetings
Klaas
Updated by Klaas D almost 8 years ago
Forgot to say, katello 3.3 stable and foreman 1.14.2
Updated by Justin Sherrill almost 8 years ago
- Status changed from New to Need more information
- Translation missing: en.field_release set to 226
Could you provide all the install options you specified?
Updated by Klaas D over 7 years ago
foreman-installer --scenario foreman-proxy-content \ --foreman-proxy-content-certs-tar /root/pulpnode01.tld-certs.tar\ --certs-update-all\ --certs-regenerate true\ --foreman-proxy-content-pulp-oauth-secret ""\ --foreman-proxy-content-parent-fqdn "pulpmaster.tld"\ --foreman-proxy-register-in-foreman "true"\ --foreman-proxy-foreman-base-url "https://pulpmaster.tld"\ --foreman-proxy-trusted-hosts "pulpmaster.tld"\ --foreman-proxy-trusted-hosts "pulpnode01.tld"\ --foreman-proxy-oauth-consumer-key ""\ --foreman-proxy-oauth-consumer-secret ""\ --foreman-proxy-puppet false\ --foreman-proxy-content-puppet false\ --foreman-proxy-puppetca false\ --foreman-proxy-tftp false\ --foreman-proxy-templates false
Updated by Klaas D over 7 years ago
- Status changed from Need more information to New
Updated by Justin Sherrill over 7 years ago
- Translation missing: en.field_release changed from 226 to 228
Updated by Justin Sherrill over 7 years ago
- Assignee set to Eric Helms
- Translation missing: en.field_release changed from 228 to 258
Updated by Eric Helms over 7 years ago
- Translation missing: en.field_release changed from 258 to 267
Updated by Anthony Chevalet over 7 years ago
- Has duplicate Bug #20125: Duplicate declaration with --foreman-proxy-puppet false added
Updated by Justin Sherrill over 7 years ago
- Translation missing: en.field_release changed from 267 to 281
Updated by Klaas D over 7 years ago
For Katello 3.4.3 the Error message changed a little because its now in a different line:
[ERROR 2017-07-24 16:02:55 main] Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: File[/etc/foreman-proxy/ssl_key.pem] is already declared in file /usr/share/foreman-installer/modules/foreman_proxy/manifests/config.pp:145; cannot redeclare at /usr/share/katello-installer-base/modules/certs/manifests/keypair.pp:23 at /usr/share/katello-installer-base/modules/certs/manifests/keypair.pp:23:5 at /usr/share/katello-installer-base/modules/certs/manifests/foreman_proxy.pp:84 on node pulpnode.srv.muenchen.de
Updated by Eric Helms over 7 years ago
- Translation missing: en.field_release changed from 281 to 286
Updated by Eric Helms over 7 years ago
- Status changed from Assigned to Need more information
Klaas,
I am not sure how to resolve this (or if we even should). Since we are overriding what certs are being deployed, we need in puppet-certs to set file attributes and ensure it exists. Meanwhile, the foreman_proxy also needs to. The only way I can see around this is to change where Katello deploys the foreman proxy certs into /etc/pki/katello and not try to override the default location? Thoughts?
I am also going to move this to 3.5.0 or backlog depending on the outcome as I don't think this is fatal enough for 3.4.
Updated by Klaas D over 7 years ago
So to explain this problem a little further, selecting not to install a puppetca/puppet proxy causes this if statement: https://github.com/theforeman/puppet-foreman_proxy/blob/beb803df7245c0203a6fc11f25aab47af7870f4b/manifests/config.pp#L116
to run into the else part of the if where the sslkeys are File resources. These resources are already declared in https://github.com/Katello/puppet-certs/blob/master/manifests/foreman_proxy.pp#L84-L91
so question is where should they be declared - does foreman_proxy need a switch to disable the management?
Updated by Eric Helms over 7 years ago
- Translation missing: en.field_release changed from 286 to 295
Updated by Eric Hansen over 6 years ago
I posted under https://projects.theforeman.org/issues/22443
However, my struggles appear to be the same... no workaround... huh.
Updated by Klaas D over 6 years ago
@eric sorenson Hansen: if I recall right you can just comment out one of the resources that's duplicate - but in general this is a design issue because you're not meant to run a proxy without puppet
Updated by Ewoud Kohl van Wijngaarden over 6 years ago
- Has duplicate Bug #22443: Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: added
Updated by Ewoud Kohl van Wijngaarden over 6 years ago
So it looks like you should pass in foreman_proxy::manage_puppet_group => false when you disable puppet. With the installer it should be exposed as --foreman-proxy-manage-puppet-group false. Can you verify this solves it for you? If it does we should do this in hiera by default I think.
Updated by Matt Williams over 6 years ago
- Triaged set to No
Ewoud Kohl van Wijngaarden wrote:
So it looks like you should pass in foreman_proxy::manage_puppet_group => false when you disable puppet. With the installer it should be exposed as --foreman-proxy-manage-puppet-group false. Can you verify this solves it for you? If it does we should do this in hiera by default I think.
Running with --foreman-proxy-manage-puppet-group false did indeed work for me and the installer completed successfully.
Updated by John Mitsch over 6 years ago
- Target version deleted (
Katello 3.4.6)
Is there any action required for this issue? We are wondering how to triage it.
Updated by Justin Sherrill over 6 years ago
- Status changed from Need more information to Assigned
- Assignee changed from Eric Helms to Ewoud Kohl van Wijngaarden
- Target version set to Katello 3.8.0
- Triaged changed from No to Yes
Assigning to Ewoud since he seemed to know what work needs to be done :)
Updated by The Foreman Bot over 6 years ago
- Status changed from Assigned to Ready For Testing
- Pull request https://github.com/Katello/katello-installer/pull/670 added
Updated by Ewoud Kohl van Wijngaarden over 6 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset katello-installer|edad3438dcb2367df2ca4ba1e0f5b1b4fe16b1bf.
Updated by The Foreman Bot over 6 years ago
- Pull request https://github.com/Katello/katello-installer/pull/675 added