Candlepin error on fresh install regarding certs

Support
1

Hi,

I am trying to install Katello on one server and foreman-proxy on a separate server using

foreman-installer --scenario katello -i

Slight problem : the installer failed at 93% on this step :

'/usr/bin/wget --no-proxy --timeout=30 --tries=40 --wait=20 --retry-connrefused -qO- http://localhost:8080/candlepin/admin/init > /var/log/candlepin/cpinit.log 2>&1 && touch /var/lib/candlepin/cpinit_done' returned 8 instead of one of [0]

If i dig a little bit more i see that this error message appear because the wget command return 404 :

404 Not Found
Registered socket 3 for persistent reuse.
] done. 
2018-10-29 10:47:46 ERROR 404: Not Found.

Because tomcat doesn’t start it cannot therefore listen on the 8080 port :slight_smile:

SEVERE: Exception sending context initialized event to listener instance of class org.candlepin.guice.CandlepinContextListener
com.google.inject.CreationException: Guice creation errors:

1) Error injecting constructor, java.io.FileNotFoundException: /etc/pki/katello/private/katello-default-ca.key (Permission denied)

Here are the rights setup by foreman-installer :

-r--r----- 1 root qpidd 1675 Oct 29 10:05 HOSTNAME.hosting.eu-qpid-broker.key
-r-------- 1 root root  1675 Oct 29 10:05 java-client.key
-r--r----- 1 root root  1675 Oct 29 10:05 katello-apache.key
-r--r----- 1 root root  1675 Oct 29 10:03 katello-default-ca.key
-r-------- 1 root root    24 Oct 29 10:03 katello-default-ca.pwd
-r-------- 1 root root  1675 Oct 29 10:05 katello-tomcat.key
-r--r----- 1 root root  1679 Oct 29 10:05 pulp-client.key

And when i try to alter the rights the foreman-installer re sets them up like above.

Is it a bug? Or is it impossible to install Katello whitout a local foreman-proxy?

Any help is welcome :confused:

2

Here are my options when installing the Katello server :

Main Config Menu
1. [✗] Configure certs
2. [✓] Configure foreman
3. [✗] Configure foreman_cli
4. [✗] Configure foreman_cli_discovery
5. [✗] Configure foreman_cli_openscap
6. [✗] Configure foreman_cli_remote_execution
7. [✗] Configure foreman_cli_tasks
8. [✗] Configure foreman_cli_templates
9. [✗] Configure foreman_compute_ec2
10. [✗] Configure foreman_compute_gce
11. [✗] Configure foreman_compute_libvirt
12. [✗] Configure foreman_compute_openstack
13. [✗] Configure foreman_compute_ovirt
14. [✗] Configure foreman_compute_rackspace
15. [✗] Configure foreman_compute_vmware
16. [✗] Configure foreman_plugin_ansible
17. [✗] Configure foreman_plugin_bootdisk
18. [✗] Configure foreman_plugin_chef
19. [✗] Configure foreman_plugin_default_hostgroup
20. [✗] Configure foreman_plugin_discovery
21. [✗] Configure foreman_plugin_hooks
22. [✗] Configure foreman_plugin_openscap
23. [✗] Configure foreman_plugin_puppetdb
24. [✗] Configure foreman_plugin_remote_execution
25. [✗] Configure foreman_plugin_setup
26. [✗] Configure foreman_plugin_tasks
27. [✗] Configure foreman_plugin_templates
28. [✗] Configure foreman_proxy
29. [✗] Configure foreman_proxy_content
30. [✗] Configure foreman_proxy_plugin_ansible
31. [✗] Configure foreman_proxy_plugin_chef
32. [✗] Configure foreman_proxy_plugin_dhcp_infoblox
33. [✗] Configure foreman_proxy_plugin_discovery
34. [✗] Configure foreman_proxy_plugin_dns_infoblox
35. [✗] Configure foreman_proxy_plugin_openscap
36. [✗] Configure foreman_proxy_plugin_pulp
37. [✗] Configure foreman_proxy_plugin_remote_execution_ssh
38. [✓] Configure katello
39. [✗] Configure puppet
40. Display current config
41. Save and run
42. Cancel run without Saving
3

FIXED by enabling certs module and changing cert group from root to foreman

4

Your issue appears to be the exact same as mine. (As far as I can tell) Can you explain what you mean by saying “change cert group from root to foreman” I can only assume permissions somewhere but where?

5

Hi, when doing foreman-installer --scenario katello , i’ve just ticked the [1] enable certs option, and configuring it so the cert user is foreman and not root.