Project

General

Profile

Bug #18943

"/etc//" being appended as a prefix to foreman-proxy-ssl-key

Added by Josh Baird over 3 years ago. Updated over 3 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

I am running foreman-installer like so:

FOREMAN_HOSTNAME=fmqa-d1-ap01.corp.domain.com
FOREMAN_URL=https://qa-foreman.corp.domain.com
SMTP_SERVER=fc-mail1.corp.domain.com
SSL_CERT="/etc/puppetlabs/puppet/ssl/certs/${FOREMAN_HOSTNAME}.pem"
SSL_KEY="/etc/puppetlabs/puppet/ssl/private_keys/${FOREMAN_HOSTNAME}.pem"
SSL_CA=/etc/puppetlabs/puppet/ssl/certs/ca.pem
SSL_CHAIN=/etc/puppetlabs/puppet/ssl/certs/ca.pem
SSL_CRL=/etc/puppetlabs/puppet/ssl/crl.pem

foreman-installer \
--no-enable-puppet \
--enable-foreman \
--enable-foreman-cli \
--enable-foreman-compute-vmware \
--enable-foreman-plugin-default-hostgroup \
--enable-foreman-plugin-dhcp-browser \
--enable-foreman-plugin-docker \
--enable-foreman-plugin-hooks \
--enable-foreman-plugin-openscap \
--enable-foreman-plugin-remote-execution \
--enable-foreman-proxy \
--enable-foreman-proxy-plugin-remote-execution-ssh \
--foreman-db-type=mysql \
--foreman-db-username=foreman \
--foreman-db-database=foreman \
--foreman-db-password=sFhkXtEvXyjHiWEEFsvB5Ez4RV9zQx98 \
--foreman-email-delivery-method=smtp \
--foreman-email-smtp-domain=follett.com \
--foreman-email-smtp-authentication=none \
--foreman-email-smtp-port=25 \
--foreman-email-smtp-address=${SMTP_SERVER} \
--foreman-foreman-url=${FOREMAN_URL} \
--foreman-oauth-active=true \
--foreman-oauth-map-users=false \
--foreman-oauth-consumer-key=yDPRFDAvPLENCHEPiabmSRjvs3qrAM4W \
--foreman-oauth-consumer-secret=GCX8rRxwZUtkqVBVMaYPaRmZj2GS3Su5 \
--foreman-organizations-enabled=true \
--foreman-locations-enabled=true \
--foreman-passenger=true \
--foreman-puppet-home=/var/opt/lib/pe-puppet \
--foreman-puppet-ssldir=/etc/puppetlabs/puppet/ssl \
--foreman-server-ssl-ca=${SSL_CA} \
--foreman-server-ssl-cert=${SSL_CERT} \
--foreman-server-ssl-certs-dir=/etc/puppetlabs/puppet/ssl/certs \
--foreman-server-ssl-chain=${SSL_CA} \
--foreman-server-ssl-crl=${SSL_CRL} \
--foreman-server-ssl-key=${SSL_KEY} \
--foreman-unattended=true \
--foreman-proxy-dhcp=true \
--foreman-proxy-dhcp-provider=isc \
--foreman-proxy-dns=false \
--foreman-proxy-ssl-ca=${SSL_CA} \
--foreman-proxy-ssl-cert=${SSL_CERT} \
--foreman-proxy-ssl-key=${SSL_KEY} \
--foreman-proxy-ssldir=/etc/puppetlabs/puppet/ssl/certs \
--foreman-proxy-log-level=DEBUG \
--foreman-proxy-logs=true \
--foreman-proxy-puppet=true \
--foreman-proxy-ssl-ca=${SSL_CA} \
--foreman-proxy-ssl-cert=${SSL_CERT} \
--foreman-proxy-ssl-key=/etc/${SSL_KEY} \
--foreman-proxy-ssldir=/etc/puppetlabs/puppet/ssl/certs \
--foreman-proxy-realm=false \
--foreman-proxy-tftp=true \
--puppet-agent=false \
--puppet-server=false \
--foreman-client-ssl-ca=${SSL_CA} \
--foreman-client-ssl-cert=${SSL_CERT} \
--foreman-client-ssl-key=${SSL_KEY} \
--foreman-websockets-encrypt=true \
--foreman-websockets-ssl-cert=${SSL_CERT} \
--foreman-websockets-ssl-key=${SSL_KEY} \
--foreman-logging-level=debug

This results in the following error:

root@fmqa-d1-ap01:/home/jbaird/scripts/foreman/foreman-installer# ./foreman-installer-wrapper
Parameter foreman-proxy-ssl-key invalid: /etc//etc/puppetlabs/puppet/ssl/private_keys/fmqa-d1-ap01.corp.domain.com.pem is not one of regeError during configuration, exiting

If I look in /etc/foreman-installer/scenarios.d/foreman-answers.yaml, I see the correct value for 'ssl_key' in the 'proxy' section.

History

#1 Updated by Anonymous over 3 years ago

to quote:

SSL_KEY="/etc/puppetlabs/puppet/ssl/private_keys/${FOREMAN_HOSTNAME}.pem"
[...]
--foreman-proxy-ssl-key=/etc/${SSL_KEY} \

I guess that /etc/ shouldn't be there?

#2 Updated by Dominic Cleal over 3 years ago

  • Status changed from New to Feedback

Double-slash in file paths will be permitted in a future stdlib release: https://github.com/puppetlabs/puppetlabs-stdlib/commit/2a7c2bed, but the path (as noted above) is incorrect.

#3 Updated by Josh Baird over 3 years ago

Um - yeah, stupid me. Sorry about the noise.

#4 Updated by Josh Baird over 3 years ago

  • Status changed from Feedback to Closed

#5 Updated by Dominic Cleal over 3 years ago

  • Status changed from Closed to Rejected

Also available in: Atom PDF