Foreman 3.0 installation fails on a missing SSH keypair

Support
,
1

Problem:
The Foreman installation fails

Expected outcome:
For Foreman to complete the installation without a failure

Foreman and Proxy versions:
Foreman 3.0

Foreman and Proxy plugin versions:
Katello 4.2

Distribution and version:
AlmaLinux 8.4

Other relevant data:
The installation seems to be failing because of a missing SSH keypair in /var/lib/foreman-proxy/ssh, when manually creating it afterwards and rerunning the command it succeeds. I am however trying to do the installation via ansible playbooks with the theforeman.operations collection. I tried adding the “foreman-proxy-plugin-remote-execution-ssh” options to resolve this issue but this doesn’t seem to make a difference.

Installer command and options:

foreman-installer --scenario katello -v \
  --foreman-initial-admin-password adminpassword \
  --foreman-proxy-content-enable-katello-agent=true \
  --enable-foreman-cli-ansible \
  --enable-foreman-cli-openscap \
  --enable-foreman-plugin-ansible \
  --enable-foreman-plugin-openscap \
  --enable-foreman-proxy-plugin-ansible \
  --enable-foreman-proxy-plugin-openscap \
  --foreman-proxy-plugin-remote-execution-ssh-enabled=true
  --foreman-proxy-plugin-remote-execution-ssh-generate-keys=true \
  --foreman-proxy-plugin-remote-execution-ssh-install-key=true \
  --foreman-db-password dbpassword \
  --detailed-exitcodes

Error in /var/log/foreman/production.log

RF12-9411 [ProxyAPI::ProxyException]: Unable to fetch public key ([RestClient::InternalServerError]: 500 Internal Server Error) for proxy https://host-fqdn:9090/ssh

Error in /var/log/foreman-installer/katello.log:

2021-11-02 12:31:27 [DEBUG ] [configure] Foreman_smartproxy[host-fqdn](provider=rest_v3): Received response 500 from request to https://host-fqdn/api/v2/smart_proxies
2021-11-02 12:31:27 [ERROR ] [configure] Error making POST request to Foreman at https://host-fqdn/api/v2/smart_proxies: Response: 500 Internal Server Error: Check /var/log/foreman/production.log on host-fqdn for detailed information
2021-11-02 12:31:27 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[host-fqdn]/ensure: change from 'absent' to 'present' failed: Error making POST request to Foreman at https://host-fqdn/api/v2/smart_proxies: Response: 500 Internal Server Error: Check /var/log/foreman/production.log on host-fqdn for detailed information
2021-11-02 12:31:27 [DEBUG ] [configure] Foreman_smartproxy[host-fqdn](provider=rest_v3): Making get request to https://host-fqdn/api/v2/smart_proxies?search=name%3D%22host-fqdn%22
2021-11-02 12:31:28 [DEBUG ] [configure] Foreman_smartproxy[host-fqdn](provider=rest_v3): Received response 500 from request to https://host-fqdn/api/v2/smart_proxies?search=name%3D%22host-fqdn%22
2021-11-02 12:31:28 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[host-fqdn]: Failed to call refresh: Error making GET request to Foreman at https://host-fqdn/api/v2/smart_proxies: Response: 500 Internal Server Error: Check /var/log/foreman/production.log on host-fqdn for detailed information
2021-11-02 12:31:28 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[host-fqdn]: Error making GET request to Foreman at https://host-fqdn/api/v2/smart_proxies: Response: 500 Internal Server Error: Check /var/log/foreman/production.log on host-fqdn for detailed information
2

I tried with a clean install of CentOS 8 as well and ran into to same problem again?
I don’t have the problem when running a clean install of Foreman 2.4 but it seems strange to install 2.4 and then upgrade to 3.0 for a new installation.

Any input is appreciated.

3

Looks like an 500 error from the proxy, thus /var/log/foreman-proxy/proxy.log should contain more information…

4

So I know that the problem is that the SSH keypair isn’t created in /var/lib/foreman-proxy/ssh, what I don’t understand is why this isn’t created by the installer since this causes the installation to fail. I expected this to be done by default or by adding the --foreman-proxy-plugin-remote-execution-ssh-generate-keys=true option to the install command but this doesn’t seem to be the case.

1 Like
5

Identical behavior on a fresh Rocky 8.5 / Foreman 3.0. Thanks for bringing this up luc! Any follow-ups?

6

Looks like you missed to enable this during installation:

--enable-foreman-plugin-remote-execution \
--enable-foreman-proxy-plugin-remote-execution-ssh
7

Foreman 3.0 is not supported anymore. Latest version is 3.2. Why do you use an outdated version for a new installation?

And generally, you need to post the full installer command you are trying to say more.

Both would be enabled by default in Foreman 3.1 and 3.2 installers with katello scenario as done in the original post. Yet another reason why it’s so important to post exactly what you do…

8

Correction: enable-foreman-plugin-remote-execution is set by default, enable-foreman-proxy-plugin-remote-execution-ssh seems not in Katello 4.4.

9

My first install attempt with Foreman 3.2/Katello 4.4 I had the same issue with missing SSH keys and had not enabled both the remote execution plugins. After I added those lines, installation completed and SSH keys created.

10

Still same answer:

Guessing, what you have might have done is futile. If you post the full foreman-installer command you have used it has all the information needed…

11

Maybe you misunderstood my posting, just trying to help since I seen the same issue and since I seen the original problem was missing those plugins and felt like the most obvious reason for the issue. But if it help anyone and makes things a little more clear:
Foreman 3.2/Katello 4.4 installation fails and no SSH keys created with:

foreman-installer --scenario katello \
--foreman-initial-organization "xxx" \
--foreman-initial-location "xxxx" \
--foreman-initial-admin-username xxxx \
--foreman-initial-admin-password xxxxxx \
--enable-foreman-plugin-openscap \
--enable-foreman-proxy-plugin-openscap \
--enable-foreman-plugin-ansible \
--enable-foreman-proxy-plugin-ansible

Foreman 3.2/Katello 4.4 installation completes and SSH keys created with:

foreman-installer --scenario katello \
--foreman-initial-organization "xxx" \
--foreman-initial-location "xxxx" \
--foreman-initial-admin-username xxxx \
--foreman-initial-admin-password xxxxxx \
--enable-foreman-plugin-openscap \
--enable-foreman-proxy-plugin-openscap \
--enable-foreman-plugin-ansible \
--enable-foreman-proxy-plugin-ansible \
--enable-foreman-plugin-remote-execution \
--enable-foreman-proxy-plugin-remote-execution-ssh
12

Well, but that’s exactly the thing: in your case, with Katello 4.4 and running scenario katello enable-foreman-plugin-remote-execution is already set by default, but not in scenario foreman. So in your case adding enable-foreman-proxy-plugin-remote-execution-ssh should be enough. The original post was on katello 4.2. Defaults may also change over time between version. So if you simply post the version you are using and the exact initial foreman-installer command it’s a concise description with all information needed to reproduce the problem.

Because I have just tested it and ran:

[root@foreman8 k202081]# foreman-installer --scenario katello \
>    --foreman-initial-organization "ORG" --foreman-initial-location "Default" \
>    --certs-server-ca-cert /etc/pki/tls/certs/bundle.crt \
>    --certs-server-cert /etc/pki/tls/certs/foreman8.crt \
>    --certs-server-key /etc/pki/tls/private/foreman8.key \
>    --foreman-plugin-tasks-automatic-cleanup=true \
>    --foreman-proxy-httpboot true \
>    --foreman-proxy-tftp true

and it works just fine. Remote execution is enabled in the foreman server but not the remote execution in the proxy. So the core issue lies with the openscap or ansible plugins having some dependency here…

So you should open an issue to get this fixed: either the installer should make sure dependencies are met, or it should give you a better error message explaining how to solve the problem or docs must be updated, because the ansible plugin docs mention the plugin requires ssh kind of assume it’s already enabled…

13

Sorry if I caused a stir. I inherited a F2.5.4 / puppet only environment and was glad to find a workshop-article about said setup in it-administrator.de’s February issue and am a bit surprised they would recommend F3.0 while it’s already EOL.

I did fumble a few options, too, and so what I initially called was

foreman-installer --enable-foreman-plugin-ansible --enable-foreman-proxy-plugin-ansible --foreman-proxy-plugin-remote-execution-ssh-enabled=true

while missing

--foreman-proxy-plugin-remote-execution-ssh-generate-keys=true --foreman-proxy-plugin-remote-execution-ssh-install-key=true

in the initial run. Eventually I created the key by hand and the installer finished like a breeze.

Do I find infos somewhere about currently recommended/compatible Foreman/puppet/Katello/Ansible/Pulp releases?

Thanks everyone!

14

that’s the default, so you shouldn’t have to call it out explicitly

1 Like
15

While this option is true by default, what happens in foreman scenario when enable-foreman-cli-remote-execution is false? That was the initial install of illogicdev:

foreman-installer --enable-foreman-plugin-ansible \
  --enable-foreman-proxy-plugin-ansible \
  --foreman-proxy-plugin-remote-execution-ssh-enabled=true

I get the impression that the ansible plugin as a couple of dependencies which can be broken in various ways in different scenarios.

16 
foreman-installer --enable-foreman-plugin-ansible --enable-foreman-proxy-plugin-ansible --enable-foreman-proxy-plugin-remote-execution-ssh

Should give you a working Ansible. (The ssh key generation is hidden behind rex-ssh, even tho you don’t need the feature for Ansible to run)

foreman-installer --enable-foreman-plugin-remote-execution --enable-foreman-proxy-plugin-remote-execution-ssh

Should give you a working Remote Execution (SSH/Script).

17

Hi, I installed foreman 3.3 with katello 4.5 following the instrucitons here
https://docs.theforeman.org/release/3.3/
Initial use of foreman-installer worked, but subsequent calls of it (to enable/disable plugins) would always fail.
The problem was that the ssl certificate for foreman-proxy was not generated automatically.

Since I could not use foreman-installer --enable-foreman-plugin-remote-execution --enable-foreman-proxy-plugin-remote-execution-ssh
I had to manually create the ssl files (or reinstall which would’ve taken a long time)
# sudo -u foreman-proxy ssh-keygen -t rsa -f /var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy

hope this helps :slight_smile:

1 Like
18

Hi all

Similar issue:
Foreman: v3.3
Katello: 4.5
OS: Rocky 8.6

# katello-certs-check -c "/root/<cert_directory>/ServerCertificate.crt" -k "/root/<cert_directory>/<filename>.key" -b "/root/<cert_directory>/<filename>.pem"
Checking server certificate encoding:
[OK]

Checking expiration of certificate:
[OK]

Checking expiration of CA bundle:
[OK]

Checking if server certificate has CA:TRUE flag
[OK]

Checking for private key passphrase:
[OK]

Checking to see if the private key matches the certificate:
[OK]

Checking CA bundle against the certificate file:
[OK]

Checking CA bundle size: 4
[OK]

Checking Subject Alt Name on certificate
[OK]

Checking if any Subject Alt Name on certificate matches the Subject CN
[OK]

Checking Key Usage extension on certificate for Key Encipherment
[OK]

Checking for use of shortname as CN
[OK]

Validation succeeded
  • I install with:
foreman-installer \
--scenario katello \
--foreman-initial-organization "<my_org>" \
--foreman-initial-location "<my_location>" \
--foreman-initial-admin-username admin \
--foreman-initial-admin-password admin \
--certs-server-cert /root//<cert_directory>ServerCertificate.crt \
--certs-server-key /root//<cert_directory>/<filename>.key \
--certs-server-ca-cert /root//<cert_directory>/<filename>.pem \
--enable-foreman-plugin-ansible \
--enable-foreman-proxy-plugin-ansible
  • The installation to, says “finished” but with errors:
Validation succeeded
To install the Katello server with the custom certificates, run:
    foreman-installer --scenario katello \
                      --certs-server-cert "/root/<cert_directory>/ServerCertificate.crt" \
                      --certs-server-key "/root/<cert_directory>/<filename>.key" \
                      --certs-server-ca-cert "/root/<cert_directory>/<filename>.pem"
To update the certificates on a currently running Katello installation, run:
    foreman-installer --scenario katello \
                      --certs-server-cert "/root/<cert_directory>/ServerCertificate.crt" \
                      --certs-server-key "/root/<cert_directory>/<filename>.key" \
                      --certs-server-ca-cert "/root/<cert_directory>/<filename>.pem" \
                      --certs-update-server --certs-update-server-ca
To use them inside a NEW $FOREMAN_PROXY, rerun this command with -t foreman-proxy
2022-07-27 15:42:41 [NOTICE] [configure] Starting system configuration.
2022-07-27 15:44:21 [NOTICE] [configure] 250 configuration steps out of 1411 steps complete.
2022-07-27 15:45:15 [NOTICE] [configure] 500 configuration steps out of 1413 steps complete.
2022-07-27 15:46:11 [NOTICE] [configure] 750 configuration steps out of 1418 steps complete.
2022-07-27 15:46:30 [NOTICE] [configure] 1000 configuration steps out of 1441 steps complete.
2022-07-27 15:50:21 [NOTICE] [configure] 1250 configuration steps out of 1441 steps complete.
2022-07-27 15:52:49 [ERROR ] [configure] Error making POST request to Foreman at https://forekat-master01-stage-bry.platform.is/api/v2/smart_proxies: Response: 500 Internal Server Error: Check /var/log/foreman/production.log on <server_FQDN> for detailed information
2022-07-27 15:52:49 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[f<server_FQDN>]/ensure: change from 'absent' to 'present' failed: Error making POST request to Foreman at https://<server_FQDN>/api/v2/smart_proxies: Response: 500 Internal Server Error: Check /var/log/foreman/production.log on <server_FQDN> for detailed information
2022-07-27 15:52:49 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[<server_FQDN>]: Failed to call refresh: Error making GET request to Foreman at https://f<server_FQDN>/api/v2/smart_proxies: Response: 500 Internal Server Error: Check /var/log/foreman/production.log on <server_FQDN> for detailed information
2022-07-27 15:52:49 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[<server_FQDN>]: Error making GET request to Foreman at https://<server_FQDN>/api/v2/smart_proxies: Response: 500 Internal Server Error: Check /var/log/foreman/production.log on <server_FQDN> for detailed information
2022-07-27 15:52:52 [NOTICE] [configure] System configuration has finished.

  There were errors detected during install.
  Please address the errors and re-run the installer to ensure the system is properly configured.
  Failing to do so is likely to result in broken functionality.

  The full log is at /var/log/foreman-installer/katello.log

  • Checking the log file (/var/log/foreman/production.log):
    2022-07-27T15:52:49 [I|app|26ccb6f8] Backtrace for 'Action failed' error (ActionView::Template::Error): ERF12-9411 [ProxyAPI::ProxyException]: Unable to fetch public key ([RestClient::InternalServerError]: 500 Internal Server Error) for proxy https://f<server_FQDN>:9090/ssh

  • At this point, a foreman-maintain service status shows all daemons running and the web interface is accessible, I can log in, create products etc without issue.

  • I confirm that the certificate in use is indeed my custom cert (against my servers FQDN on ports 443, 9090:


# openssl s_client -connect <my_server_FQDN>:443
CONNECTED(00000003)
depth=2 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2
verify return:1
depth=1 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K
verify return:1
depth=0 C = ZA, L = <correct_information>, O = I<correct_information>, CN = *.<correct_information>
verify return:1
---
Certificate chain
 0 s:C = ZA, L = <correct_information>, O = <correct_information>, CN = *.<correct_information>
   i:C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K
 1 s:C = ZA, L = <correct_information>, O = <correct_information>, CN = *.<correct_information>
   i:C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K
 2 s:C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K
   i:C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2
 3 s:C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2
   i:C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2
---
  • Before:
# ll /var/lib/foreman-proxy/ssh/
total 0

  • I then run the snippet above:
    sudo -u foreman-proxy ssh-keygen -t rsa -f /var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy

  • After:

# ll /var/lib/foreman-proxy/ssh/
total 8
-rw-------. 1 foreman-proxy foreman-proxy 2655 Jul 27 15:57 id_rsa_foreman_proxy
-rw-r--r--. 1 foreman-proxy foreman-proxy  606 Jul 27 15:57 id_rsa_foreman_proxy.pub
  • Then I re-run installation command exactly as above and:
Validation succeeded
To install the Katello server with the custom certificates, run:
    foreman-installer --scenario katello \
                      --certs-server-cert "/root/<cert_directory>/ServerCertificate.crt" \
                      --certs-server-key "/root/<cert_directory><filename>.key" \
                      --certs-server-ca-cert "/root/<cert_directory>/<filename>.pem"
To update the certificates on a currently running Katello installation, run:
    foreman-installer --scenario katello \
                      --certs-server-cert "/root/<cert_directory>/ServerCertificate.crt" \
                      --certs-server-key "/root/<cert_directory>/<filename>.key" \
                      --certs-server-ca-cert "/root/<cert_directory>/<filename>.pem" \
                      --certs-update-server --certs-update-server-ca
To use them inside a NEW $FOREMAN_PROXY, rerun this command with -t foreman-proxy
2022-07-27 15:58:16 [NOTICE] [configure] Starting system configuration.
2022-07-27 15:58:26 [NOTICE] [configure] 250 configuration steps out of 1411 steps complete.
2022-07-27 15:58:28 [NOTICE] [configure] 500 configuration steps out of 1413 steps complete.
2022-07-27 15:58:31 [NOTICE] [configure] 750 configuration steps out of 1418 steps complete.
2022-07-27 15:58:32 [NOTICE] [configure] 1000 configuration steps out of 1422 steps complete.
2022-07-27 15:59:02 [NOTICE] [configure] 1250 configuration steps out of 1422 steps complete.
2022-07-27 15:59:13 [NOTICE] [configure] System configuration has finished.
Executing: foreman-rake upgrade:run
=============================================
Upgrade Step 1/8: katello:correct_repositories. This may take a long while.
=============================================
Upgrade Step 2/8: katello:clean_backend_objects. This may take a long while.
0 orphaned consumer id(s) found in candlepin.
Candlepin orphaned consumers: []
=============================================
Upgrade Step 3/8: katello:upgrades:4.0:remove_ostree_puppet_content. =============================================
Upgrade Step 4/8: katello:upgrades:4.1:sync_noarch_content. =============================================
Upgrade Step 5/8: katello:upgrades:4.1:fix_invalid_pools. I, [2022-07-27T15:59:25.178254 #24151]  INFO -- : Corrected 0 invalid pools
I, [2022-07-27T15:59:25.178294 #24151]  INFO -- : Removed 0 orphaned pools
=============================================
Upgrade Step 6/8: katello:upgrades:4.1:reupdate_content_import_export_perms. =============================================
Upgrade Step 7/8: katello:upgrades:4.2:remove_checksum_values. =============================================
Upgrade Step 8/8: katello:upgrades:4.4:publish_import_cvvs.   Success!
  * Foreman is running at https://<my_server_FQDN>
      Initial credentials are admin / admin
  * To install an additional Foreman proxy on separate machine continue by running:

      foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY" --certs-tar "/root/$FOREMAN_PROXY-certs.tar"
  * Foreman Proxy is running at https://<my_server_FQDN>:9090

  The full log is at /var/log/foreman-installer/katello.log
  • On previous runs, when running without the ssh key-pair creation, I would repeatedly get the same error as above, but the key-pair creation seems to remedy that.

I hope this is relevant information and my thanks to @pkamp!!

19

Hi again!

Out of curiosity, I tested the work-around above, on a freshly installed (restored from VMware snapshot) Rocky 8 machine:

  • With no hint of Foreman/Katello I created the relevant SSH key-pair dir and opened up the permissions/ownership so that the installer could chown it back to the foreman-proxy user/group:
# mkdir -vv -p /var/lib/foreman-proxy/ssh/
mkdir: created directory '/var/lib/foreman-proxy'
mkdir: created directory '/var/lib/foreman-proxy/ssh/'
[root@forekat-master01-stage-bry ~]# ssh-keygen -t rsa -f /var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy.
Your public key has been saved in /var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy.pub.
The key fingerprint is:
SHA256:fLk9oexhrsVl8cs8LVQk9OkNAzieo9qTznGdQrUHQng root@<my_server_FQDN>
The key's randomart image is:
+---[RSA 3072]----+
|         .....o .|
|        ..E  . +.|
|         o.o+ o.o|
|       .  ++ =.+.|
|        S.+.= +..|
|        .= B B o |
|       o..@ = * .|
|      ..+B o . o |
|       .+oo      |
+----[SHA256]-----+

[root@forekat-master01-stage-bry ~]# chmod -R 777 /var/lib/foreman-proxy
  • I then ran the installer commands as above, and behold, it worked first time:
Validation succeeded
To install the Katello server with the custom certificates, run:
    foreman-installer --scenario katello \
                      --certs-server-cert "/root/wildcard.platform.is_2022/ServerCertificate.crt" \
                      --certs-server-key "/root/wildcard.platform.is_2022/platform.key" \
                      --certs-server-ca-cert "/root/wildcard.platform.is_2022/wildcard.platform.is.pem"
To update the certificates on a currently running Katello installation, run:
    foreman-installer --scenario katello \
                      --certs-server-cert "/root/wildcard.platform.is_2022/ServerCertificate.crt" \
                      --certs-server-key "/root/wildcard.platform.is_2022/platform.key" \
                      --certs-server-ca-cert "/root/wildcard.platform.is_2022/wildcard.platform.is.pem" \
                      --certs-update-server --certs-update-server-ca
To use them inside a NEW $FOREMAN_PROXY, rerun this command with -t foreman-proxy
2022-07-27 17:11:41 [NOTICE] [configure] Starting system configuration.
2022-07-27 17:13:42 [NOTICE] [configure] 250 configuration steps out of 1411 steps complete.
2022-07-27 17:14:36 [NOTICE] [configure] 500 configuration steps out of 1413 steps complete.
2022-07-27 17:15:36 [NOTICE] [configure] 750 configuration steps out of 1418 steps complete.
2022-07-27 17:15:56 [NOTICE] [configure] 1000 configuration steps out of 1441 steps complete.
2022-07-27 17:20:14 [NOTICE] [configure] 1250 configuration steps out of 1441 steps complete.
2022-07-27 17:23:00 [NOTICE] [configure] System configuration has finished.
Executing: foreman-rake upgrade:run
=============================================
Upgrade Step 1/8: katello:correct_repositories. This may take a long while.
=============================================
Upgrade Step 2/8: katello:clean_backend_objects. This may take a long while.
0 orphaned consumer id(s) found in candlepin.
Candlepin orphaned consumers: []
=============================================
Upgrade Step 3/8: katello:upgrades:4.0:remove_ostree_puppet_content. =============================================
Upgrade Step 4/8: katello:upgrades:4.1:sync_noarch_content. =============================================
Upgrade Step 5/8: katello:upgrades:4.1:fix_invalid_pools. I, [2022-07-27T17:23:12.366965 #23015]  INFO -- : Corrected 0 invalid pools
I, [2022-07-27T17:23:12.367014 #23015]  INFO -- : Removed 0 orphaned pools
=============================================
Upgrade Step 6/8: katello:upgrades:4.1:reupdate_content_import_export_perms. =============================================
Upgrade Step 7/8: katello:upgrades:4.2:remove_checksum_values. =============================================
Upgrade Step 8/8: katello:upgrades:4.4:publish_import_cvvs.   Success!
  * Foreman is running at https://forekat-master01-stage-bry.platform.is
      Initial credentials are admin / admin
  * To install an additional Foreman proxy on separate machine continue by running:

      foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY" --certs-tar "/root/$FOREMAN_PROXY-certs.tar"
  * Foreman Proxy is running at https://forekat-master01-stage-bry.platform.is:9090

  The full log is at /var/log/foreman-installer/katello.log