Project

General

Profile

Bug #27255

katello-change-hostname fails with ERROR '/opt/puppetlabs/bin/puppetserver ca setup' returned 1 instead of one of [0]

Added by Lukas Pramuk almost 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Normal
Category:
Tooling
Target version:

Description

katello-change-hostname fails with ERROR when /opt/puppetlabs/bin/puppetserver ca setup tried to replace existing certs/keys during installer run

# katello-change-hostname qe-foreman-rhel7-tier1.example.com -y -u admin -p changeme

Checking hostname validity

Checking overall health of server

Checking credentials

Updating default Foreman Proxy
Updating installation media paths
updating hostname in /etc/hostname
setting hostname
checking if hostname was changed
stopping services
removing old cert rpms
deleting old certs
backed up /var/www/html/pub to /var/www/html/pub/qe-foreman-rhel7.example.com-20190708104807.backup
updating hostname in /etc/hosts
updating hostname in foreman installer scenarios
backing up last_scenario.yaml
removing last_scenario.yaml
re-running the installer
foreman-installer --scenario katello -v --disable-system-checks --certs-regenerate=true --foreman-proxy-register-in-foreman true
restoring last_scenario.yaml
cleaning up temporary files
[ INFO 2019-07-08T10:48:37 verbose] Executing hooks in group pre_migrations
...

[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Error:
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/ca_crt.pem'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/ca_crl.pem'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/infra_crl.pem'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/certs/ca.pem'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/crl.pem'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/ca_pub.pem'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/inventory.txt'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/infra_inventory.txt'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/infra_serials'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/serial'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/root_key.pem'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Existing file at '/etc/puppetlabs/puppet/ssl/ca/ca_key.pem'
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: If you would really like to replace your CA, please delete the existing files first.
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: Note that any certificates that were issued by this CA will become invalid if you
[ WARN 2019-07-08T10:49:26 verbose]  /Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: replace it!
[ERROR 2019-07-08T10:49:26 verbose]  '/opt/puppetlabs/bin/puppetserver ca setup' returned 1 instead of one of [0]

On nightly there is extra line saying "restoring last_scenario.yaml" while downstream 6.6 is OK without this line

foreman-1.23.0-0.12.develop.20190707155541git1100d84.el7.noarch
katello-3.13.0-0.3.master.el7.noarch
katello-common-3.13.0-0.3.master.el7.noarch

History

#1 Updated by Ewoud Kohl van Wijngaarden almost 3 years ago

  • Category set to Tooling

It looks like katello-change-hostname isn't cleaning up the Puppet CA properly and Puppet 6 has additional checks around this.

#2 Updated by Jonathon Turel almost 3 years ago

  • Triaged changed from No to Yes
  • Target version set to Katello 3.13.0

#3 Updated by Jonathon Turel almost 3 years ago

  • Assignee set to Jonathon Turel

#4 Updated by Jonathon Turel almost 3 years ago

  • Status changed from New to Assigned

#5 Updated by The Foreman Bot almost 3 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-packaging/pull/3938 added

#6 Updated by Jonathon Turel almost 3 years ago

  • Target version changed from Katello 3.13.0 to Katello 3.12.2

#7 Updated by Jonathon Turel almost 3 years ago

  • Bugzilla link set to 1733250

#8 Updated by Chris Roberts almost 3 years ago

  • Difficulty set to easy
  • Status changed from Ready For Testing to Resolved
  • Found in Releases Katello 3.11.1 added
  • Fixed in Releases Katello 3.12.2 added

#9 Updated by The Foreman Bot almost 3 years ago

  • Pull request https://github.com/theforeman/foreman-packaging/pull/3970 added

#10 Updated by The Foreman Bot almost 3 years ago

  • Pull request https://github.com/theforeman/foreman-packaging/pull/3989 added

Also available in: Atom PDF