Project

General

Profile

Bug #21400

Bad password for candlepin keystore

Added by James Shewey over 4 years ago. Updated almost 4 years ago.

Status:
Rejected
Priority:
Low
Assignee:
-
Category:
Installer
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

On the nightly build, while installing The Foreman, I received the error:

Exec[import client certificate into Candlepin keys: 223/454, 49%, 1.6/s, elapsed: 00:02:15, ETA: 00:02:21
?[31m 'openssl pkcs12 -export -name amqp-client -in /etc/pki/katello/certs/java-client.crt -inkey /etc/pki/katello/private/java-client.key -out /tmp/keystore.p12 -passout file:/etc/pki/katello/keystore_password-file && keytool -importkeystore -destkeystore /etc/candlepin/certs/amqp/candlepin.jks -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias amqp-client -storepass NnqrYSBEbDMwhvzmUQGqj5tvUmJ7gqfY -srcstorepass NnqrYSBEbDMwhvzmUQGqj5tvUmJ7gqfY -noprompt && rm /tmp/keystore.p12' returned 1 instead of one of [0]

By manually running the command:

keytool -importkeystore -destkeystore /etc/candlepin/certs/amqp/candlepin.jks -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias amqp-client -storepass NnqrYSBEbDMwhvzmUQGqj5tvUmJ7gqfY -srcstorepass NnqrYSBEbDMwhvzmUQGqj5tvUmJ7gqfY -noprompt

keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect. This does however appear to be the correct password in the cli:

[root@slik01 katello]# cat /etc/pki/katello/keystore_password-file && echo "\n"
NnqrYSBEbDMwhvzmUQGqj5tvUmJ7gqfY\n
[root@slik01 katello]#

History

#1 Updated by James Shewey over 4 years ago

  • Priority changed from Normal to Low

Further investigation indicates /etc/candlepin/certs/amqp/candlepin.jks may have been left over from a previous install. We may need to add a step before the [Exec] to ensure this file is absent. Otherwise keytool trys to append to the existing keystore instead of overwriting it.

#2 Updated by Marek Hulán over 4 years ago

  • Legacy Backlogs Release (now unused) deleted (296)
  • Category set to Installer
  • Project changed from Foreman to Katello

#3 Updated by Justin Sherrill over 4 years ago

  • Status changed from New to Need more information

Could you expand on what you mean 'a previous install'? Did you remove using katello-remove (should it have cleaned up that keystore?)

How did you re-install after the initial install?

#4 Updated by James Shewey over 4 years ago

I'm not entirely sure how I got into that state. I wasn't aware of katello-remove, so instead I kept a list of the RPMs installed before installing foreman/katello and simply rolled back to that list using some bash-fu. I can't say with certainty how I got into that state - maybe yum got interrupted during package uninstall or maybe I had't removed all packages like I had thought. I'm not entirely sure, but in any event I was able to move past it in this manner. You can put in a check for it and remove the file if present or mark this as a wontfix - either is fine. I mostly wanted to get this out there for informational purposes in case anyone else winds up in this particular state.

#5 Updated by Anonymous over 4 years ago

  • Difficulty deleted (trivial)
  • Status changed from Need more information to Feedback

please try again on a clean system (see #21401) and report back.

#6 Updated by Justin Sherrill over 4 years ago

  • Legacy Backlogs Release (now unused) set to 166
  • Status changed from Feedback to Rejected

Closing due comment #4. Thanks for the report!

Also available in: Atom PDF