Bug #21400
closed
Bad password for candlepin keystore
Description
On the nightly build, while installing The Foreman, I received the error:
Exec[import client certificate into Candlepin keys: 223/454, 49%, 1.6/s, elapsed: 00:02:15, ETA: 00:02:21
?[31m 'openssl pkcs12 -export -name amqp-client -in /etc/pki/katello/certs/java-client.crt -inkey /etc/pki/katello/private/java-client.key -out /tmp/keystore.p12 -passout file:/etc/pki/katello/keystore_password-file && keytool -importkeystore -destkeystore /etc/candlepin/certs/amqp/candlepin.jks -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias amqp-client -storepass NnqrYSBEbDMwhvzmUQGqj5tvUmJ7gqfY -srcstorepass NnqrYSBEbDMwhvzmUQGqj5tvUmJ7gqfY -noprompt && rm /tmp/keystore.p12' returned 1 instead of one of [0]By manually running the command:
keytool -importkeystore -destkeystore /etc/candlepin/certs/amqp/candlepin.jks -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias amqp-client -storepass NnqrYSBEbDMwhvzmUQGqj5tvUmJ7gqfY -srcstorepass NnqrYSBEbDMwhvzmUQGqj5tvUmJ7gqfY -noprompt
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect. This does however appear to be the correct password in the cli:
[root@slik01 katello]# cat /etc/pki/katello/keystore_password-file && echo "\n"
NnqrYSBEbDMwhvzmUQGqj5tvUmJ7gqfY\n
[root@slik01 katello]#
Updated by James Shewey over 7 years ago
- Priority changed from Normal to Low
Further investigation indicates /etc/candlepin/certs/amqp/candlepin.jks may have been left over from a previous install. We may need to add a step before the [Exec] to ensure this file is absent. Otherwise keytool trys to append to the existing keystore instead of overwriting it.
Updated by Marek Hulán over 7 years ago
- Project changed from Foreman to Katello
- Category set to Installer
- Translation missing: en.field_release deleted (
296)
Updated by Justin Sherrill over 7 years ago
- Status changed from New to Need more information
Could you expand on what you mean 'a previous install'? Did you remove using katello-remove (should it have cleaned up that keystore?)
How did you re-install after the initial install?
Updated by James Shewey over 7 years ago
I'm not entirely sure how I got into that state. I wasn't aware of katello-remove, so instead I kept a list of the RPMs installed before installing foreman/katello and simply rolled back to that list using some bash-fu. I can't say with certainty how I got into that state - maybe yum got interrupted during package uninstall or maybe I had't removed all packages like I had thought. I'm not entirely sure, but in any event I was able to move past it in this manner. You can put in a check for it and remove the file if present or mark this as a wontfix - either is fine. I mostly wanted to get this out there for informational purposes in case anyone else winds up in this particular state.
Updated by Anonymous over 7 years ago
- Status changed from Need more information to Feedback
- Difficulty deleted (
trivial)
please try again on a clean system (see #21401) and report back.
Updated by Justin Sherrill over 7 years ago
- Status changed from Feedback to Rejected
- Translation missing: en.field_release set to 166
Closing due comment #4. Thanks for the report!