Bad password for candlepin keystore
On the nightly build, while installing The Foreman, I received the error:
Exec[import client certificate into Candlepin keys: 223/454, 49%, 1.6/s, elapsed: 00:02:15, ETA: 00:02:21
?[31m 'openssl pkcs12 -export -name amqp-client -in /etc/pki/katello/certs/java-client.crt -inkey /etc/pki/katello/private/java-client.key -out /tmp/keystore.p12 -passout file:/etc/pki/katello/keystore_password-file && keytool -importkeystore -destkeystore /etc/candlepin/certs/amqp/candlepin.jks -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias amqp-client -storepass NnqrYSBEbDMwhvzmUQGqj5tvUmJ7gqfY -srcstorepass NnqrYSBEbDMwhvzmUQGqj5tvUmJ7gqfY -noprompt && rm /tmp/keystore.p12' returned 1 instead of one of 
By manually running the command:
keytool -importkeystore -destkeystore /etc/candlepin/certs/amqp/candlepin.jks -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias amqp-client -storepass NnqrYSBEbDMwhvzmUQGqj5tvUmJ7gqfY -srcstorepass NnqrYSBEbDMwhvzmUQGqj5tvUmJ7gqfY -noprompt
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect. This does however appear to be the correct password in the cli:
[root@slik01 katello]# cat /etc/pki/katello/keystore_password-file && echo "\n"
#1 Updated by James Shewey over 4 years ago
- Priority changed from Normal to Low
Further investigation indicates /etc/candlepin/certs/amqp/candlepin.jks may have been left over from a previous install. We may need to add a step before the [Exec] to ensure this file is absent. Otherwise keytool trys to append to the existing keystore instead of overwriting it.
#4 Updated by James Shewey over 4 years ago
I'm not entirely sure how I got into that state. I wasn't aware of katello-remove, so instead I kept a list of the RPMs installed before installing foreman/katello and simply rolled back to that list using some bash-fu. I can't say with certainty how I got into that state - maybe yum got interrupted during package uninstall or maybe I had't removed all packages like I had thought. I'm not entirely sure, but in any event I was able to move past it in this manner. You can put in a check for it and remove the file if present or mark this as a wontfix - either is fine. I mostly wanted to get this out there for informational purposes in case anyone else winds up in this particular state.