Project

General

Profile

Bug #8389

foreman-installer does not start foreman-proxy with mixed-case hostnames

Added by Fabien Combernous over 8 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ewoud Kohl van Wijngaarden
Category:
Foreman modules
Target version:
1.11.0
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/puppet-foreman_proxy/pull/148
Fixed in Releases:
Found in Releases:
Foreman - 1.6.1
Red Hat JIRA:

Description

I used rpms from the foreman repo : foreman-installer-1.6.2-1.el6.

My hostname is named uppercase like MYHOSTNAME.mydomain.

The foreman-installer failed with the following message :

Could not start Service[foreman-proxy]: Execution of '/sbin/service foreman-proxy start' returned 1: Starting foreman-proxy : [FAILED]
/Stage[main]/Foreman_proxy::Service/Service[foreman-proxy]/ensure: change from stopped to running failed: Could not start Service[foreman-proxy]: Execution of '/sbin/service foreman-proxy start' returned 1: Starting foreman-proxy : [FAILED]
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[MYHOSTNAME.mydomain]: Failed to call refresh: Could not load data from https://MYHOSTNAME.mydomain
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[MYHOSTNAME.mydomain]: Could not load data from https://MYHOSTNAME.mydomain
Installing Done [100%] [...................................................]
Something went wrong! Check the log for ERROR-level output

It was on a VM. So i did a rollback with snapshot, renamed the host in lowercase. Then re-run the installer. This time it finished without any error message.

Related issues

Related to Installer - Bug #6352: Default install fails when hostname contains uppercase charactersClosed

Associated revisions

Revision 8d35606a (diff)
Added by Ewoud Kohl van Wijngaarden over 7 years ago

Fixes #8389 - Force certificate names to lowercase

Puppet will always create the certificate filenames as lowercase, even
if your hostname has uppercase characters in it.

Revision 54f60e5e (diff)
Added by Dominic Cleal over 7 years ago

refs #8389 - lower case Foreman hostname to match foreman_proxy

Lower case FQDN used in the Foreman URL for apipie-bindings (in Hammer)
to work correctly and also to match foreman_proxy to ensure correct
ordering of foreman_smartproxy resources in init.pp's resource
collector.

Revision 761dc5f0 (diff)
Added by Dominic Cleal over 7 years ago

refs #8389 - lower case FQDN in foreman_url parameter

Ensures that the HTTP requests from ENC/report processors work
correctly and don't receive a 404.

History

#1 Updated by Fabien Combernous over 8 years ago

  • Related to Bug #6352: Default install fails when hostname contains uppercase characters added

#2 Updated by Dominic Cleal over 8 years ago

Do you have any logs from the smart proxy showing why it didn't start? I can't think of a reason off the top of my head why the hostname would prevent the startup, unless perhaps the cert filenames were incorrect in /etc/foreman-proxy/settings.yml.

#3 Updated by Fabien Combernous over 8 years ago

  • File foreman-installer.log added

As attached document, the full log indicated by the foreman-installer.

#4 Updated by Dominic Cleal over 8 years ago

Yeah, that doesn't show the proxy logs. My only suspicion is the SSL certificate names...

[ INFO 2014-11-13 10:41:19 main] +:ssl_certificate: /var/lib/puppet/ssl/certs/MYHOSTNAME.mydomain.pem
[ INFO 2014-11-13 10:41:19 main] +:ssl_private_key: /var/lib/puppet/ssl/private_keys/MYHOSTNAME.mydomain.pem

#5 Updated by Fabien Combernous over 8 years ago

Files are presents but lowercase

#6 Updated by Dominic Cleal over 8 years ago

  • Project changed from Smart Proxy to Installer
  • Category set to Foreman modules

#7 Updated by Tommy McNeely over 8 years ago

Just had this happen here too...

[root@DevForeman foreman-proxy]# tail -50 proxy.log 
# Logfile created on Tue Nov 18 15:29:27 -0700 2014 by logger.rb/1.2.6
E, [2014-11-18T15:29:28.452345 #3779] ERROR -- : Unable to access the SSL keys. Are the values correct in settings.yml and do permissions allow reading?: No such file or directory - /var/lib/puppet/ssl/private_keys/DevForeman.dev.pem
E, [2014-11-18T15:29:28.452426 #3779] ERROR -- : Both http and https are disabled, unable to start.
E, [2014-11-18T15:30:35.812443 #4117] ERROR -- : Unable to access the SSL keys. Are the values correct in settings.yml and do permissions allow reading?: No such file or directory - /var/lib/puppet/ssl/private_keys/DevForeman.dev.pem
E, [2014-11-18T15:30:35.812551 #4117] ERROR -- : Both http and https are disabled, unable to start.
[root@DevForeman foreman-proxy]# ls -l /var/lib/puppet/ssl/
ca/                   certs/                private/              public_keys/
certificate_requests/ crl.pem               private_keys/         
[root@DevForeman foreman-proxy]# ls -l /var/lib/puppet/ssl/private_keys/
total 4
-rw-r-----. 1 puppet puppet 3247 Nov 18 15:29 devforeman.dev.pem

#8 Updated by Matt Altieri over 8 years ago

I was able to get a broken install going [due to uppercase letters in hostname] by first changing the hostname to all lowercase & re-running the installer (which at least generated new puppet certs - I can't say for sure how much else it did succeed at repairing ... but I can say what it didn't).

Orig Error - I suspect the failure to get settings was due to IPtables, as well:

[root@Foreman ~]# foreman-installer
 /Stage[main]/Foreman_proxy::Service/Service[foreman-proxy]/ensure: change from stopped to running failed: Could not start Service[foreman-proxy]: Execution of '/sbin/service foreman-proxy start' returned 1:  at /usr/share/foreman-installer/modules/foreman_proxy/manifests/service.pp:9
 /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[Foreman.McUnimportant]: Failed to call refresh: Could not load data from https://Foreman.McUnimportant
Installing             Done                                               [100%] [...............................................................]
  Something went wrong! Check the log for ERROR-level output
  * Foreman is running at https://Foreman.McUnimportant
      Initial credentials are admin / redacted
  * Foreman Proxy is running at https://Foreman.McUnimportant:8443
  * Puppetmaster is running at port 8140
  The full log is at /var/log/foreman-installer/foreman-installer.log

However, the re-run didn't fix the uppercase hostname in the apache config files

[root@Foreman conf.d]# grep McUnimportant ./*
./05-foreman.conf:  ServerName Foreman.McUnimportant
./05-foreman.conf:PassengerPreStart http://Foreman.McUnimportant
./05-foreman-ssl.conf:  ServerName Foreman.McUnimportant
./05-foreman-ssl.conf:PassengerPreStart https://Foreman.McUnimportant

...edited these, and still no luck.

Because the settings in /usr/share/foreman-proxy/config/settings.yml were still pointed at the uppercase, original certificate name -- which no longer existed.

Edited these three lines to point at the proper cert name:

:ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem
:ssl_certificate: /var/lib/puppet/ssl/certs/foreman.mcunimportant.pem
:ssl_private_key: /var/lib/puppet/ssl/private_keys/foreman.mcunimportant.pem

And Voila:

[root@foreman ca]# service foreman-proxy start
Starting foreman-proxy:                                    [  OK  ]

...hope this is helpful.

#9 Updated by Ewoud Kohl van Wijngaarden over 8 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/puppet-foreman_proxy/pull/148 added
  • Pull request deleted ()

Untested code, but it should work since I copied it from puppet-foreman which already does a similar thing.

#10 Updated by Dominic Cleal over 7 years ago

  • Subject changed from foreman-installer does not start foreman-proxy to foreman-installer does not start foreman-proxy with mixed-case hostnames
  • Status changed from Ready For Testing to Closed
  • Assignee set to Ewoud Kohl van Wijngaarden
  • % Done changed from 0 to 100
  • Legacy Backlogs Release (now unused) set to 104

#11 Updated by Dominic Cleal over 7 years ago

  • Legacy Backlogs Release (now unused) changed from 104 to 71

Non-trivial due to a few module updates.

Also available in: Atom PDF