Problem: When upgrading from Foreman 3.10 to Foreman 3.11 an error shown when running the foreman-installer:
root@satellite_server:~# foreman-installer
2024-11-04 10:00:10 [NOTICE] [root] Loading installer configuration. This will take some time.
2024-11-04 10:00:14 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2024-11-04 10:00:14 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2024-11-04 10:00:18 [NOTICE] [configure] Starting system configuration.
2024-11-04 10:00:29 [NOTICE] [configure] 250 configuration steps out of 2013 steps complete.
2024-11-04 10:00:30 [NOTICE] [configure] 500 configuration steps out of 2013 steps complete.
2024-11-04 10:00:33 [NOTICE] [configure] 1000 configuration steps out of 2024 steps complete.
2024-11-04 10:00:33 [NOTICE] [configure] 1250 configuration steps out of 2026 steps complete.
2024-11-04 10:00:33 [NOTICE] [configure] 1500 configuration steps out of 2214 steps complete.
2024-11-04 10:00:34 [NOTICE] [configure] 1750 configuration steps out of 2582 steps complete.
2024-11-04 10:00:34 [NOTICE] [configure] 2000 configuration steps out of 2624 steps complete.
2024-11-04 10:00:34 [NOTICE] [configure] 2250 configuration steps out of 2624 steps complete.
2024-11-04 10:01:07 [NOTICE] [configure] 2500 configuration steps out of 2624 steps complete.
2024-11-04 10:01:08 [ERROR ] [configure] Proxy satellite.example.com has failed to load one or more features (Realm), check /var/log/foreman-proxy/proxy.log for configuration errors
2024-11-04 10:01:08 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[satellite.example.com]/features: change from ["Ansible", "DHCP", "Dynflow", "Logs", "Openscap", "Pulpcore", "Puppet", "Puppet CA", "Registration", "Script", "TFTP", "Templates"] to ["Ansible", "DHCP", "Dynflow", "Logs", "Openscap", "Pulpcore", "Puppet", "Puppet CA", "Realm", "Registration", "Script", "TFTP", "Templates"] failed: Proxy satellite.example.com has failed to load one or more features (Realm), check /var/log/foreman-proxy/proxy.log for configuration errors
2024-11-04 10:01:13 [NOTICE] [configure] System configuration has finished.
Error 1: Puppet Foreman_smartproxy resource 'satellite.example.com' failed. Logs:
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[satellite.example.com]/before
before to Cron[puppet]
before to Service[puppet]
before to Service[puppet-run.timer]
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[satellite.example.com]
Adding autorequire relationship with Anchor[foreman::service]
Adding autorequire relationship with Anchor[foreman::providers::oauth]
Starting to evaluate the resource (2596 of 2624)
Evaluated in 0.53 seconds
Foreman_smartproxy[satellite.example.com](provider=rest_v3)
Making get request to https://satellite.example.com/api/v2/smart_proxies?search=name%3D%22satellite.example.com%22
Received response 200 from request to https://satellite.example.com/api/v2/smart_proxies?search=name%3D%22satellite.example.com%22
Making put request to https://satellite.example.com/api/v2/smart_proxies/1/refresh
Received response 200 from request to https://satellite.example.com/api/v2/smart_proxies/1/refresh
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[satellite.example.com]/features
change from ["Ansible", "DHCP", "Dynflow", "Logs", "Openscap", "Pulpcore", "Puppet", "Puppet CA", "Registration", "Script", "TFTP", "Templates"] to ["Ansible", "DHCP", "Dynflow", "Logs", "Openscap", "Pulpcore", "Puppet", "Puppet CA", "Realm", "Registration", "Script", "TFTP", "Templates"] failed: Proxy satellite.example.com has failed to load one or more features (Realm), check /var/log/foreman-proxy/proxy.log for configuration errors
1 error was detected during installation.
Please address the errors and re-run the installer to ensure the system is properly configured.
Failing to do so is likely to result in broken functionality.
The full log is at /var/log/foreman-installer/katello.log
Error in log /var/log/foreman-proxy/proxy.log:
2024-11-04T09:41:18 [E] Disabling all modules in the group ['realm_freeipa', 'realm'] due to a failure in one of them: File at '/etc/foreman-proxy/freeipa.keytab' defined in 'keytab_path' parameter doesn't exist or is unreadable
2024-11-04T09:41:18 [W] Error details for Disabling all modules in the group ['realm_freeipa', 'realm'] due to a failure in one of them: File at '/etc/foreman-proxy/freeipa.keytab' defined in 'keytab_path' parameter doesn't exist or is unreadable: <Proxy::Error::ConfigurationError>: File at '/etc/foreman-proxy/freeipa.keytab' defined in 'keytab_path' parameter doesn't exist or is unreadable
/usr/share/foreman-proxy/lib/proxy/plugin_validators.rb:29:in `validate!'
Expected outcome: Foreman-installer runs without issue
Foreman and Proxy versions: F 3.11.4 K 4.13.1
Foreman and Proxy plugin versions:
Distribution and version: Rocky Linux release 8.10
Other relevant data: Error in log /var/log/foreman-proxy/proxy.log:
2024-11-04T09:41:18 [E] Disabling all modules in the group ['realm_freeipa', 'realm'] due to a failure in one of them: File at '/etc/foreman-proxy/freeipa.keytab' defined in 'keytab_path' parameter doesn't exist or is unreadable
2024-11-04T09:41:18 [W] Error details for Disabling all modules in the group ['realm_freeipa', 'realm'] due to a failure in one of them: File at '/etc/foreman-proxy/freeipa.keytab' defined in 'keytab_path' parameter doesn't exist or is unreadable: <Proxy::Error::ConfigurationError>: File at '/etc/foreman-proxy/freeipa.keytab' defined in 'keytab_path' parameter doesn't exist or is unreadable
/usr/share/foreman-proxy/lib/proxy/plugin_validators.rb:29:in `validate!'
Contents of realm_freeipa.yml
---
# Authentication for Kerberos-based Realms
:keytab_path: /etc/foreman-proxy/freeipa.keytab
:principal: realm-proxy@IPA.EXAMPLE.COM
:ipa_config: /etc/ipa/default.conf
# Remove from DNS when deleting the FreeIPA entry
:remove_dns: true
# verify IPA API HTTPS server certificate
:verify_ca: true
Our workaround to get a successful upgrade is to set verify_ca to false in /etc/foreman-proxy/settings.d/realm_freeipa.yml
Is this a bug or an issue with our system? Any help is appreciated. Thank you!