Project

General

Profile

Bug #27059

Installing custom server certificates during new installation fails

Added by Alan Evans 7 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

I am trying to install custom ssl certs using the instructions for "New Katello Installations" at the following link but it is not working as expected.

https://theforeman.org/plugins/katello/3.12/advanced/certificates.html

New install with custom certs --> error

# foreman-installer \
  --scenario katello \
  --certs-server-ca-cert $PWD/ssl/CA.crt \
  --certs-server-cert $PWD/ssl/$HOSTNAME.crt \
  --certs-server-key $PWD/ssl/$HOSTNAME.key \
  --certs-server-cert-req $PWD/ssl/$HOSTNAME.csr \
  --disable-system-checks

 can't find a file that should have been created during an earlier step:
       ./ssl-build/KATELLO-TRUSTED-SSL-CERT

       katello-ssl-tool --help

Generating web server's SSL key pair/set RPM:
    ./ssl-build/katello.example.com/katello.example.com-apache-1.0-1.src.rpm
    ./ssl-build/katello.example.com/katello.example.com-apache-1.0-1.noarch.rpm
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/execution.rb:294:in `execute'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/command.rb:23:in `execute'

...SNIP...

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:139:in `run'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:77:in `execute'
/opt/puppetlabs/puppet/bin/puppet:5:in `<main>'

 can't find a file that should have been created during an earlier step:
       ./ssl-build/KATELLO-TRUSTED-SSL-CERT

       katello-ssl-tool --help

Generating web server's SSL key pair/set RPM:
    ./ssl-build/katello.example.com/katello.example.com-apache-1.0-1.src.rpm
    ./ssl-build/katello.example.com/katello.example.com-apache-1.0-1.noarch.rpm
Preparing installation Done                                              
  Something went wrong! Check the log for ERROR-level output
  The full log is at /var/log/foreman-installer/katello.log

If I subsequently run foreman-installer --certs-update-server* it successfully installs the custom certs.

# foreman-installer \
  --scenario katello \
  --certs-update-server \
  --certs-update-server-ca \
  --disable-system-checks

Marking certificate /root/ssl-build/katello.example.com/katello.example.com-apache for update
Marking certificate /root/ssl-build/katello.example.com/katello.example.com-foreman-proxy for update
Marking certificate /root/ssl-build/katello-server-ca for update
Preparing installation Done                                              
  Success!
  * Katello is running at https://katello.example.com

New install without custom certs then add certs later --> success

If I start from scratch and leave off the custom certs on my new install then add them per the "Existing Katello Installations" I am able to use the custom certs just fine also.

A bit more from the log.

[ INFO 2019-06-14T18:04:10 main]  Class[Certs::Apache]: Starting to evaluate the resource
[ INFO 2019-06-14T18:04:10 main]  Class[Certs::Apache]: Evaluated in 0.00 seconds
[ INFO 2019-06-14T18:04:10 main]  /Stage[main]/Certs::Apache/Cert[katello.example.com-apache]: Starting to evaluate the resource
[DEBUG 2019-06-14T18:04:10 main]  Executing: '/usr/bin/katello-ssl-tool --gen-server --set-hostname katello.example.com --server-cert katello.example.com-apache.crt --server-cert-req katello.example.com-apache.crt.req --server-key katello.example.com-apache.key --server-rpm katello.example.com-apache --rpm-only'
[ERROR 2019-06-14T18:04:11 main]  Execution of '/usr/bin/katello-ssl-tool --gen-server --set-hostname katello.example.com --server-cert katello.example.com-apache.crt --server-cert-req katello.example.com-apache.crt.req --server-key katello.example.com-apache.key --server-rpm katello.example.com-apache --rpm-only' returned 33: ...working...
[ERROR 2019-06-14T18:04:11 main] 
[ERROR 2019-06-14T18:04:11 main]  can't find a file that should have been created during an earlier step:
[ERROR 2019-06-14T18:04:11 main]        ./ssl-build/KATELLO-TRUSTED-SSL-CERT
[ERROR 2019-06-14T18:04:11 main] 
[ERROR 2019-06-14T18:04:11 main]        katello-ssl-tool --help
[ERROR 2019-06-14T18:04:11 main] 
[ERROR 2019-06-14T18:04:11 main] Generating web server's SSL key pair/set RPM:
[ERROR 2019-06-14T18:04:11 main]     ./ssl-build/katello.example.com/katello.example.com-apache-1.0-1.src.rpm
[ERROR 2019-06-14T18:04:11 main]     ./ssl-build/katello.example.com/katello.example.com-apache-1.0-1.noarch.rpm

Also available in: Atom PDF