Actions
Bug #19734
closed
race condition when creating the candlepin keystore
Description
when running the installer, I sometimes see "Exec[import client certificate into Candlepin keystore]" being executed before "File[/etc/pki/katello/keystore_password-file]" which obviously does not work, as the exec wants to read that file.
Example log:
[DEBUG 2017-06-01 10:17:27 main] Exec[import client certificate into Candlepin keystore](provider=posix): Executing 'openssl pkcs12 -export -name amqp-client -in /etc/pki/katello/certs/java-client.crt -inkey /etc/pki/katello/private/java-client.key -out /tmp/keystore.p12 -passout file:/etc/pki/katello/keystore_password-file && keytool -importkeystore -destkeystore /etc/candlepin/certs/amqp/candlepin.jks -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias amqp-client -storepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -srcstorepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -noprompt && rm /tmp/keystore.p12'
[DEBUG 2017-06-01 10:17:27 main] Executing 'openssl pkcs12 -export -name amqp-client -in /etc/pki/katello/certs/java-client.crt -inkey /etc/pki/katello/private/java-client.key -out /tmp/keystore.p12 -passout file:/etc/pki/katello/keystore_password-file && keytool -importkeystore -destkeystore /etc/candlepin/certs/amqp/candlepin.jks -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias amqp-client -storepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -srcstorepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -noprompt && rm /tmp/keystore.p12'
[ WARN 2017-06-01 10:17:27 main] /Stage[main]/Certs::Candlepin/Exec[import client certificate into Candlepin keystore]/returns: Can't open file /etc/pki/katello/keystore_password-file
[ WARN 2017-06-01 10:17:27 main] /Stage[main]/Certs::Candlepin/Exec[import client certificate into Candlepin keystore]/returns: Error getting passwords
[ERROR 2017-06-01 10:17:27 main] openssl pkcs12 -export -name amqp-client -in /etc/pki/katello/certs/java-client.crt -inkey /etc/pki/katello/private/java-client.key -out /tmp/keystore.p12 -passout file:/etc/pki/katello/keystore_password-file && keytool -importkeystore -destkeystore /etc/candlepin/certs/amqp/candlepin.jks -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias amqp-client -storepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -srcstorepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -noprompt && rm /tmp/keystore.p12 returned 1 instead of one of [0]
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/util/errors.rb:106:in `fail'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/type/exec.rb:160:in `sync'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:204:in `sync'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:128:in `sync_if_needed'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:89:in `block in perform_changes'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:88:in `each'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:88:in `perform_changes'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:20:in `evaluate'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/transaction.rb:204:in `apply'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/transaction.rb:217:in `eval_resource'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/transaction.rb:147:in `call'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/transaction.rb:147:in `block (2 levels) in evaluate'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/util.rb:335:in `block in thinmark'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/benchmark.rb:296:in `realtime'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/util.rb:334:in `thinmark'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/transaction.rb:147:in `block in evaluate'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:118:in `traverse'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/transaction.rb:138:in `evaluate'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/resource/catalog.rb:169:in `block in apply'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/util/log.rb:149:in `with_destination'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/transaction/report.rb:112:in `as_logging_destination'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/resource/catalog.rb:168:in `apply'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/configurer.rb:120:in `block in apply_catalog'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/util.rb:161:in `block in benchmark'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/benchmark.rb:296:in `realtime'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/util.rb:160:in `benchmark'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/configurer.rb:119:in `apply_catalog'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/configurer.rb:227:in `run_internal'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/configurer.rb:134:in `block in run'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/context.rb:64:in `override'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet.rb:246:in `override'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/configurer.rb:133:in `run'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/application/apply.rb:302:in `apply_catalog'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/application/apply.rb:236:in `block in main'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/context.rb:64:in `override'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet.rb:246:in `override'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/application/apply.rb:198:in `main'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/application/apply.rb:159:in `run_command'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/application.rb:381:in `block (2 levels) in run'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/application.rb:507:in `plugin_hook'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/application.rb:381:in `block in run'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/util.rb:496:in `exit_on_fail'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/application.rb:381:in `run'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/util/command_line.rb:146:in `run'
[ERROR 2017-06-01 10:17:27 main] /usr/share/ruby/vendor_ruby/puppet/util/command_line.rb:92:in `execute'
[ERROR 2017-06-01 10:17:27 main] /usr/bin/puppet:8:in `<main>'
[ERROR 2017-06-01 10:17:27 main] /Stage[main]/Certs::Candlepin/Exec[import client certificate into Candlepin keystore]/returns: change from notrun to 0 failed: openssl pkcs12 -export -name amqp-client -in /etc/pki/katello/certs/java-client.crt -inkey /etc/pki/katello/private/java-client.key -out /tmp/keystore.p12 -passout file:/etc/pki/katello/keystore_password-file && keytool -importkeystore -destkeystore /etc/candlepin/certs/amqp/candlepin.jks -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias amqp-client -storepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -srcstorepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -noprompt && rm /tmp/keystore.p12 returned 1 instead of one of [0]
[DEBUG 2017-06-01 10:17:27 main] Exec[import client certificate into Candlepin keystore](provider=posix): Executing check 'keytool -list -keystore /etc/candlepin/certs/amqp/candlepin.jks -storepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -alias amqp-client'
[DEBUG 2017-06-01 10:17:27 main] Executing 'keytool -list -keystore /etc/candlepin/certs/amqp/candlepin.jks -storepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -alias amqp-client'
[DEBUG 2017-06-01 10:17:27 main] /Stage[main]/Certs::Candlepin/Exec[import client certificate into Candlepin keystore]/unless: keytool error: java.lang.Exception: Keystore file does not exist: /etc/candlepin/certs/amqp/candlepin.jks
[DEBUG 2017-06-01 10:17:27 main] Exec[import client certificate into Candlepin keystore](provider=posix): Executing 'openssl pkcs12 -export -name amqp-client -in /etc/pki/katello/certs/java-client.crt -inkey /etc/pki/katello/private/java-client.key -out /tmp/keystore.p12 -passout file:/etc/pki/katello/keystore_password-file && keytool -importkeystore -destkeystore /etc/candlepin/certs/amqp/candlepin.jks -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias amqp-client -storepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -srcstorepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -noprompt && rm /tmp/keystore.p12'
[DEBUG 2017-06-01 10:17:27 main] Executing 'openssl pkcs12 -export -name amqp-client -in /etc/pki/katello/certs/java-client.crt -inkey /etc/pki/katello/private/java-client.key -out /tmp/keystore.p12 -passout file:/etc/pki/katello/keystore_password-file && keytool -importkeystore -destkeystore /etc/candlepin/certs/amqp/candlepin.jks -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias amqp-client -storepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -srcstorepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -noprompt && rm /tmp/keystore.p12'
[ WARN 2017-06-01 10:17:27 main] /Stage[main]/Certs::Candlepin/Exec[import client certificate into Candlepin keystore]/returns: Can't open file /etc/pki/katello/keystore_password-file
[ WARN 2017-06-01 10:17:27 main] /Stage[main]/Certs::Candlepin/Exec[import client certificate into Candlepin keystore]/returns: Error getting passwords
[ERROR 2017-06-01 10:17:27 main] /Stage[main]/Certs::Candlepin/Exec[import client certificate into Candlepin keystore]: Failed to call refresh: openssl pkcs12 -export -name amqp-client -in /etc/pki/katello/certs/java-client.crt -inkey /etc/pki/katello/private/java-client.key -out /tmp/keystore.p12 -passout file:/etc/pki/katello/keystore_password-file && keytool -importkeystore -destkeystore /etc/candlepin/certs/amqp/candlepin.jks -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias amqp-client -storepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -srcstorepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -noprompt && rm /tmp/keystore.p12 returned 1 instead of one of [0]
[ERROR 2017-06-01 10:17:27 main] /Stage[main]/Certs::Candlepin/Exec[import client certificate into Candlepin keystore]: openssl pkcs12 -export -name amqp-client -in /etc/pki/katello/certs/java-client.crt -inkey /etc/pki/katello/private/java-client.key -out /tmp/keystore.p12 -passout file:/etc/pki/katello/keystore_password-file && keytool -importkeystore -destkeystore /etc/candlepin/certs/amqp/candlepin.jks -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias amqp-client -storepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -srcstorepass HrDYjb4wHnhxm97GtPv9dHGkvppQHCjb -noprompt && rm /tmp/keystore.p12 returned 1 instead of one of [0]
[... later ...
[ WARN 2017-06-01 10:17:29 main] /Stage[main]/Certs::Candlepin/File[/etc/pki/katello/keystore_password-file]/ensure: defined content as '{md5}ec492ca83a74aab244d72168e4a8dd1b'
Updated by Evgeni Golov almost 7 years ago
- Pull request https://github.com/Katello/puppet-certs/pull/158 added
Updated by Evgeni Golov almost 7 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
Applied in changeset puppet-certs|cf927332b23d671a45216bad14b21610f93de7b1.
Updated by Eric Helms almost 7 years ago
- translation missing: en.field_release set to 228
Actions