Hello Community - another day, another problem…
Problem:
I am following the documentation to install a custom certificate on our fresh Foreman/Katello installation. But the installation of the certificate aborts with the following error:
$ foreman-installer --scenario katello \
--certs-server-cert "/root/ssl/foreman-01********.crt" \
--certs-server-key "/root/ssl/foreman-01.********.key" \
--certs-server-ca-cert "/root/ssl/********-BUNDLE.crt" \
--certs-update-server --certs-update-server-ca
...
2021-11-05 13:36:59 [ERROR ] [configure] /Stage[main]/Certs::Foreman_proxy/Cert[foreman-01.********-foreman-proxy]/ensure: change from 'absent' to 'present' failed: Execution of '/bin/katello-ssl-tool --gen-server --dir /root/ssl-build --set-hostname foreman-01.******** --server-cert foreman-01.********-foreman-proxy.crt --server-cert-req foreman-01.********-foreman-proxy.crt.req --server-
key foreman-01.********-foreman-proxy.key --server-rpm foreman-01.********-foreman-proxy --rpm-only' returned 1: ...working...
2021-11-05 13:36:59 [ERROR ] [configure]
2021-11-05 13:36:59 [ERROR ] [configure] unhandled exception occurred:
2021-11-05 13:36:59 [ERROR ] [configure] Traceback (most recent call last):
2021-11-05 13:36:59 [ERROR ] [configure] File "/bin/katello-ssl-tool", line 11, in <module>
2021-11-05 13:36:59 [ERROR ] [configure] load_entry_point('Katello-Certs-Tools==2.8.0', 'console_scripts', 'katello-ssl-tool')()
2021-11-05 13:36:59 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 945, in main
2021-11-05 13:36:59 [ERROR ] [configure] _main()
2021-11-05 13:36:59 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 907, in _main
2021-11-05 13:36:59 [ERROR ] [configure] genServerRpm(DEFS, options.verbose)
2021-11-05 13:36:59 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 756, in genServerRpm
2021-11-05 13:36:59 [ERROR ] [configure] comp = hdrLabelCompare(h, hdr)
2021-11-05 13:36:59 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/rhn_rpm.py", line 181, in hdrLabelCompare
2021-11-05 13:36:59 [ERROR ] [configure] hdr1 = [hdr1['epoch'], hdr1['version'].decode('utf-8'), hdr1['release'].decode('utf-8')]
2021-11-05 13:36:59 [ERROR ] [configure] AttributeError: 'str' object has no attribute 'decode'
2021-11-05 13:37:05 [ERROR ] [configure] Execution of '/bin/katello-ssl-tool --gen-ca --dir /root/ssl-build --ca-cert-dir /etc/pki/katello-certs-tools/certs --ca-cert katello-server-ca.crt --ca-cert-rpm katello-server-ca --rpm-only' returned 1: ...working...
2021-11-05 13:37:05 [ERROR ] [configure] unhandled exception occurred:
2021-11-05 13:37:05 [ERROR ] [configure] Traceback (most recent call last):
2021-11-05 13:37:05 [ERROR ] [configure] File "/bin/katello-ssl-tool", line 11, in <module>
2021-11-05 13:37:05 [ERROR ] [configure] load_entry_point('Katello-Certs-Tools==2.8.0', 'console_scripts', 'katello-ssl-tool')()
2021-11-05 13:37:05 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 945, in main
2021-11-05 13:37:05 [ERROR ] [configure] _main()
2021-11-05 13:37:05 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 887, in _main
2021-11-05 13:37:05 [ERROR ] [configure] genCaRpm(DEFS, options.verbose)
2021-11-05 13:37:05 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 614, in genCaRpm
2021-11-05 13:37:05 [ERROR ] [configure] ver = str(hdr['version'].decode('utf-8'))
2021-11-05 13:37:05 [ERROR ] [configure] AttributeError: 'str' object has no attribute 'decode'
2021-11-05 13:37:05 [ERROR ] [configure] /Stage[main]/Certs::Ca/Ca[katello-server-ca]/ensure: change from 'absent' to 'present' failed: Execution of '/bin/katello-ssl-tool --gen-ca --dir /root/ssl-build --ca-cert-dir /etc/pki/katello-certs-tools/certs --ca-cert katello-server-ca.crt --ca-cert-rpm katello-server-ca --rpm-only' returned 1: ...working...
2021-11-05 13:37:05 [ERROR ] [configure] unhandled exception occurred:
2021-11-05 13:37:05 [ERROR ] [configure] Traceback (most recent call last):
2021-11-05 13:37:05 [ERROR ] [configure] File "/bin/katello-ssl-tool", line 11, in <module>
2021-11-05 13:37:05 [ERROR ] [configure] load_entry_point('Katello-Certs-Tools==2.8.0', 'console_scripts', 'katello-ssl-tool')()
2021-11-05 13:37:05 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 945, in main
2021-11-05 13:37:05 [ERROR ] [configure] _main()
2021-11-05 13:37:05 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 887, in _main
2021-11-05 13:37:05 [ERROR ] [configure] genCaRpm(DEFS, options.verbose)
2021-11-05 13:37:05 [ERROR ] [configure] File "/usr/lib/python3.6/site-packages/katello_certs_tools/katello_ssl_tool.py", line 614, in genCaRpm
2021-11-05 13:37:05 [ERROR ] [configure] ver = str(hdr['version'].decode('utf-8'))
2021-11-05 13:37:05 [ERROR ] [configure] AttributeError: 'str' object has no attribute 'decode'
Expected outcome:
Installation of the custom certificate.
Versioning :
candlepin-4.1.7-1.el8.noarch
candlepin-selinux-4.1.7-1.el8.noarch
foreman-01.********-apache-1.0-1.noarch
foreman-01.********-foreman-client-1.0-1.noarch
foreman-01.********-foreman-proxy-1.0-1.noarch
foreman-01.********-foreman-proxy-client-1.0-1.noarch
foreman-01.********-puppet-client-1.0-1.noarch
foreman-3.0.1-1.el8.noarch
foreman-cli-3.0.1-1.el8.noarch
foreman-debug-3.0.1-1.el8.noarch
foreman-dynflow-sidekiq-3.0.1-1.el8.noarch
foreman-installer-3.0.1-1.el8.noarch
foreman-installer-katello-3.0.1-1.el8.noarch
foreman-postgresql-3.0.1-1.el8.noarch
foreman-proxy-3.0.1-1.el8.noarch
foreman-release-3.0.1-1.el8.noarch
foreman-selinux-3.0.1-1.el8.noarch
foreman-service-3.0.1-1.el8.noarch
katello-4.2.0.1-1.el8.noarch
katello-ca-consumer-foreman-01.********-1.0-1.noarch
katello-certs-tools-2.8.0-1.el8.noarch
katello-client-bootstrap-1.7.7-1.el8.noarch
katello-common-4.2.0.1-1.el8.noarch
katello-debug-4.2.0.1-1.el8.noarch
katello-default-ca-1.0-1.noarch
katello-repos-4.2.0.1-1.el8.noarch
katello-selinux-4.0.2-1.el8.noarch
katello-server-ca-1.0-1.noarch
pulp-client-1.0-1.noarch
pulpcore-selinux-1.2.6-2.el8.x86_64
python3-pulp-ansible-0.9.0-2.el8.noarch
python3-pulp-certguard-1.4.0-3.el8.noarch
python3-pulp-container-2.8.1-0.2.el8.noarch
python3-pulp-deb-2.14.1-2.el8.noarch
python3-pulp-file-1.8.2-2.el8.noarch
python3-pulp-rpm-3.14.6-2.el8.noarch
python3-pulpcore-3.14.8-2.el8.noarch
qpid-proton-c-0.32.0-3.el8.x86_64
rubygem-foreman-tasks-5.1.1-1.fm3_0.el8.noarch
rubygem-foreman_fog_proxmox-0.14.0-1.fm3_0.el8.noarch
rubygem-foreman_maintain-0.8.10-1.el8.noarch
rubygem-foreman_puppet-1.0.4-1.fm3_0.el8.noarch
rubygem-foreman_remote_execution-4.7.0-1.fm3_0.el8.noarch
rubygem-hammer_cli-3.0.0-1.el8.noarch
rubygem-hammer_cli_foreman-3.0.0-1.el8.noarch
rubygem-hammer_cli_foreman_puppet-0.0.3-1.fm3_0.el8.noarch
rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.fm3_0.el8.noarch
rubygem-hammer_cli_foreman_tasks-0.0.16-1.fm3_0.el8.noarch
rubygem-hammer_cli_katello-1.1.1-0.1.pre.master.20210804141838gitece0b63.el8.noarch
rubygem-katello-4.2.0.1-1.el8.noarch
rubygem-pulp_ansible_client-0.8.0-1.el8.noarch
rubygem-pulp_certguard_client-1.4.0-1.el8.noarch
rubygem-pulp_container_client-2.7.0-1.el8.noarch
rubygem-pulp_deb_client-2.13.0-1.el8.noarch
rubygem-pulp_file_client-1.8.1-1.el8.noarch
rubygem-pulp_python_client-3.4.0-1.el8.noarch
rubygem-pulp_rpm_client-3.13.3-1.el8.noarch
rubygem-pulpcore_client-3.14.1-1.el8.noarch
rubygem-qpid_proton-0.32.0-3.el8.x86_64
rubygem-smart_proxy_pulp-3.1.0-1.fm2_6.el8.noarch
Distribution and version:
CentOS Stream release 8
NAME="CentOS Stream"
VERSION="8"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Stream 8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_SUPPORT_PRODUCT_VERSION="CentOS Stream"
CentOS Stream release 8
CentOS Stream release 8
Other relevant data:
The katello-certs-check validates the cert without errors.
Has someone else already encountered this issue? Any help is appreciated
Regards, Michael