Custom Certificate Installation Error

mambo · November 5, 2021, 12:56pm

Hello Community - another day, another problem…

Problem:
I am following the documentation to install a custom certificate on our fresh Foreman/Katello installation. But the installation of the certificate aborts with the following error:

$ foreman-installer --scenario katello \
                      --certs-server-cert "/root/ssl/foreman-01********.crt" \
                      --certs-server-key "/root/ssl/foreman-01.********.key" \
                      --certs-server-ca-cert "/root/ssl/********-BUNDLE.crt" \
                      --certs-update-server --certs-update-server-ca

...

2021-11-05 13:36:59 [ERROR ] [configure] /Stage[main]/Certs::Foreman_proxy/Cert[foreman-01.********-foreman-proxy]/ensure: change from 'absent' to 'present' failed: Execution of '/bin/katello-ssl-tool --gen-server --dir /root/ssl-build --set-hostname foreman-01.******** --server-cert foreman-01.********-foreman-proxy.crt --server-cert-req foreman-01.********-foreman-proxy.crt.req --server-
key foreman-01.********-foreman-proxy.key --server-rpm foreman-01.********-foreman-proxy --rpm-only' returned 1: ...working...                                                                                                                                                                                                                                                                                    
2021-11-05 13:36:59 [ERROR ] [configure] 
2021-11-05 13:36:59 [ERROR ] [configure] unhandled exception occurred:
2021-11-05 13:36:59 [ERROR ] [configure] Traceback (most recent call last):
2021-11-05 13:36:59 [ERROR ] [configure] File "/bin/katello-ssl-tool", line 11, in <module>
2021-11-05 13:36:59 [ERROR ] [configure] load_entry_point('Katello-Certs-Tools==2.8.0', 'console_scripts', 'katello-ssl-tool')()
2021-11-05 13:36:59 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 945, in main
2021-11-05 13:36:59 [ERROR ] [configure] _main()
2021-11-05 13:36:59 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 907, in _main
2021-11-05 13:36:59 [ERROR ] [configure] genServerRpm(DEFS, options.verbose)
2021-11-05 13:36:59 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 756, in genServerRpm
2021-11-05 13:36:59 [ERROR ] [configure] comp = hdrLabelCompare(h, hdr)
2021-11-05 13:36:59 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/rhn_rpm.py", line 181, in hdrLabelCompare
2021-11-05 13:36:59 [ERROR ] [configure] hdr1 = [hdr1['epoch'], hdr1['version'].decode('utf-8'), hdr1['release'].decode('utf-8')]
2021-11-05 13:36:59 [ERROR ] [configure] AttributeError: 'str' object has no attribute 'decode'
2021-11-05 13:37:05 [ERROR ] [configure] Execution of '/bin/katello-ssl-tool --gen-ca --dir /root/ssl-build --ca-cert-dir /etc/pki/katello-certs-tools/certs --ca-cert katello-server-ca.crt --ca-cert-rpm katello-server-ca --rpm-only' returned 1: ...working...
2021-11-05 13:37:05 [ERROR ] [configure] unhandled exception occurred:
2021-11-05 13:37:05 [ERROR ] [configure] Traceback (most recent call last):
2021-11-05 13:37:05 [ERROR ] [configure] File "/bin/katello-ssl-tool", line 11, in <module>
2021-11-05 13:37:05 [ERROR ] [configure] load_entry_point('Katello-Certs-Tools==2.8.0', 'console_scripts', 'katello-ssl-tool')()
2021-11-05 13:37:05 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 945, in main
2021-11-05 13:37:05 [ERROR ] [configure] _main()
2021-11-05 13:37:05 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 887, in _main
2021-11-05 13:37:05 [ERROR ] [configure] genCaRpm(DEFS, options.verbose)
2021-11-05 13:37:05 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 614, in genCaRpm
2021-11-05 13:37:05 [ERROR ] [configure] ver = str(hdr['version'].decode('utf-8'))
2021-11-05 13:37:05 [ERROR ] [configure] AttributeError: 'str' object has no attribute 'decode'
2021-11-05 13:37:05 [ERROR ] [configure] /Stage[main]/Certs::Ca/Ca[katello-server-ca]/ensure: change from 'absent' to 'present' failed: Execution of '/bin/katello-ssl-tool --gen-ca --dir /root/ssl-build --ca-cert-dir /etc/pki/katello-certs-tools/certs --ca-cert katello-server-ca.crt --ca-cert-rpm katello-server-ca --rpm-only' returned 1: ...working...
2021-11-05 13:37:05 [ERROR ] [configure] unhandled exception occurred:
2021-11-05 13:37:05 [ERROR ] [configure] Traceback (most recent call last):
2021-11-05 13:37:05 [ERROR ] [configure] File "/bin/katello-ssl-tool", line 11, in <module>
2021-11-05 13:37:05 [ERROR ] [configure] load_entry_point('Katello-Certs-Tools==2.8.0', 'console_scripts', 'katello-ssl-tool')()
2021-11-05 13:37:05 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 945, in main
2021-11-05 13:37:05 [ERROR ] [configure] _main()
2021-11-05 13:37:05 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 887, in _main
2021-11-05 13:37:05 [ERROR ] [configure] genCaRpm(DEFS, options.verbose)
2021-11-05 13:37:05 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 614, in genCaRpm
2021-11-05 13:37:05 [ERROR ] [configure] ver = str(hdr['version'].decode('utf-8'))
2021-11-05 13:37:05 [ERROR ] [configure] AttributeError: 'str' object has no attribute 'decode'

Expected outcome:

Installation of the custom certificate.

Versioning :

candlepin-4.1.7-1.el8.noarch
candlepin-selinux-4.1.7-1.el8.noarch
foreman-01.********-apache-1.0-1.noarch
foreman-01.********-foreman-client-1.0-1.noarch
foreman-01.********-foreman-proxy-1.0-1.noarch
foreman-01.********-foreman-proxy-client-1.0-1.noarch
foreman-01.********-puppet-client-1.0-1.noarch
foreman-3.0.1-1.el8.noarch
foreman-cli-3.0.1-1.el8.noarch
foreman-debug-3.0.1-1.el8.noarch
foreman-dynflow-sidekiq-3.0.1-1.el8.noarch
foreman-installer-3.0.1-1.el8.noarch
foreman-installer-katello-3.0.1-1.el8.noarch
foreman-postgresql-3.0.1-1.el8.noarch
foreman-proxy-3.0.1-1.el8.noarch
foreman-release-3.0.1-1.el8.noarch
foreman-selinux-3.0.1-1.el8.noarch
foreman-service-3.0.1-1.el8.noarch
katello-4.2.0.1-1.el8.noarch
katello-ca-consumer-foreman-01.********-1.0-1.noarch
katello-certs-tools-2.8.0-1.el8.noarch
katello-client-bootstrap-1.7.7-1.el8.noarch
katello-common-4.2.0.1-1.el8.noarch
katello-debug-4.2.0.1-1.el8.noarch
katello-default-ca-1.0-1.noarch
katello-repos-4.2.0.1-1.el8.noarch
katello-selinux-4.0.2-1.el8.noarch
katello-server-ca-1.0-1.noarch
pulp-client-1.0-1.noarch
pulpcore-selinux-1.2.6-2.el8.x86_64
python3-pulp-ansible-0.9.0-2.el8.noarch
python3-pulp-certguard-1.4.0-3.el8.noarch
python3-pulp-container-2.8.1-0.2.el8.noarch
python3-pulp-deb-2.14.1-2.el8.noarch
python3-pulp-file-1.8.2-2.el8.noarch
python3-pulp-rpm-3.14.6-2.el8.noarch
python3-pulpcore-3.14.8-2.el8.noarch
qpid-proton-c-0.32.0-3.el8.x86_64
rubygem-foreman-tasks-5.1.1-1.fm3_0.el8.noarch
rubygem-foreman_fog_proxmox-0.14.0-1.fm3_0.el8.noarch
rubygem-foreman_maintain-0.8.10-1.el8.noarch
rubygem-foreman_puppet-1.0.4-1.fm3_0.el8.noarch
rubygem-foreman_remote_execution-4.7.0-1.fm3_0.el8.noarch
rubygem-hammer_cli-3.0.0-1.el8.noarch
rubygem-hammer_cli_foreman-3.0.0-1.el8.noarch
rubygem-hammer_cli_foreman_puppet-0.0.3-1.fm3_0.el8.noarch
rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.fm3_0.el8.noarch
rubygem-hammer_cli_foreman_tasks-0.0.16-1.fm3_0.el8.noarch
rubygem-hammer_cli_katello-1.1.1-0.1.pre.master.20210804141838gitece0b63.el8.noarch
rubygem-katello-4.2.0.1-1.el8.noarch
rubygem-pulp_ansible_client-0.8.0-1.el8.noarch
rubygem-pulp_certguard_client-1.4.0-1.el8.noarch
rubygem-pulp_container_client-2.7.0-1.el8.noarch
rubygem-pulp_deb_client-2.13.0-1.el8.noarch
rubygem-pulp_file_client-1.8.1-1.el8.noarch
rubygem-pulp_python_client-3.4.0-1.el8.noarch
rubygem-pulp_rpm_client-3.13.3-1.el8.noarch
rubygem-pulpcore_client-3.14.1-1.el8.noarch
rubygem-qpid_proton-0.32.0-3.el8.x86_64
rubygem-smart_proxy_pulp-3.1.0-1.fm2_6.el8.noarch

Distribution and version:

CentOS Stream release 8
NAME="CentOS Stream"
VERSION="8"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Stream 8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_SUPPORT_PRODUCT_VERSION="CentOS Stream"
CentOS Stream release 8
CentOS Stream release 8

Other relevant data:

The katello-certs-check validates the cert without errors.

Has someone else already encountered this issue? Any help is appreciated
Regards, Michael

tel1dxg · July 6, 2022, 7:10pm

Did you get a answer or fixed your problem? I have the same problem looking for a solution.

cacv12000 · July 25, 2022, 8:59pm

To me it appears to be an issue where katello_ssl_tool.py and rhn_rpm.py were written for python 2 while CentOS 8 only has python 3 installed by default. In python 3 strings are already encoded as utf-8. There’s no need to decode them, and as indicated by the errors, that attribute doesn’t even exist in python 3.
Back up those two files somewhere safe and then do a find for .decode(‘utf-8’) in both files and replace every instance with nothing.

Then run your foreman-installer command again.

K2049 · August 11, 2022, 8:13pm

@cacv12000, you’re a lifesaver! I spent more time than I’d care to admit trying to figure this out on an AlmaLinux install. After deleting each instance of .decode(‘utf-8’) I was able to run foreman-installer without any issue

Thank You!