Problem:
I am running into an issue where foreman-installer --scenario katello isn’t configuring Puppet certificates:
2022-06-12 17:00:41 [ERROR ] [configure] Proxy hyd-foreman01.ldi.lan has failed to load one or more features (Puppet, Puppet CA), check /var/log/foreman-proxy/proxy.log for configuration errors
2022-06-12 17:00:41 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[hyd-foreman01.ldi.lan]/features: change from ["DHCP", "DNS", "Logs", "Pulpcore", "TFTP"] to ["DHCP", "DNS", "Logs", "Pulpcore", "Puppet", "Puppet CA", "TFTP"] failed: Proxy hyd-foreman01.ldi.lan has failed to load one or more features (Puppet, Puppet CA), check /var/log/foreman-proxy/proxy.log for configuration errors
Expected outcome:
Clean install. It had worked before without any issues on Foreman 3.0 with Katello 4.2 on Rocky 8.4.
Foreman and Proxy versions and Distribution and version:
Foreman 3.2
Katello 4.4
Rocky Linux 8.6 (Green Obsidian)
Other relevant data:
# https://docs.theforeman.org/3.2/Installing_Server/index-katello.html#storage-rhel-8
$ sudo dnf clean all
$ sudo dnf -y localinstall https://yum.theforeman.org/releases/3.2/el8/x86_64/foreman-release.rpm
$ sudo dnf -y localinstall https://yum.theforeman.org/katello/4.4/katello/el8/x86_64/katello-repos-latest.rpm
$ sudo dnf -y install centos-release-ansible-29
$ sudo dnf -y localinstall https://yum.puppet.com/puppet7-release-el-8.noarch.rpm
$ sudo dnf -y module reset ruby
$ sudo dnf -y module enable ruby:2.7
$ sudo dnf config-manager --set-enabled powertools
$ sudo dnf -y module reset postgresql
$ sudo dnf -y module enable postgresql:12
# https://community.theforeman.org/t/katello-4-foreman-2-4-centos-8-4/23871
$ sudo dnf -y module enable pki-core
$ sudo dnf -y update
$ sudo dnf -y install foreman-installer-katello
# https://community.theforeman.org/t/installation-of-3-1-without-puppet-fails/26754
$ sudo groupadd puppet
$ sudo useradd -g puppet puppet
$ sudo foreman-installer \
--scenario katello \
--tuning default \
--foreman-initial-organization Hydra \
--foreman-initial-location "LDI" \
--foreman-initial-admin-username admin \
--foreman-initial-admin-password CHANGEME \
--enable-foreman-proxy \
--puppet-runinterval "3600" \
--foreman-proxy-puppet "true" \
--foreman-proxy-puppetca "true" \
--foreman-proxy-tftp=true \
--foreman-proxy-tftp-servername="172.21.14.100" \
--foreman-proxy-dhcp=true \
--foreman-proxy-dhcp-interface="eth1" \
--foreman-proxy-dhcp-gateway="172.21.14.1" \
--foreman-proxy-dhcp-nameservers="172.21.14.100" \
--foreman-proxy-dhcp-range="172.21.14.200 172.21.14.255" \
--foreman-proxy-dns=true \
--foreman-proxy-dns-interface="eth1" \
--foreman-proxy-dns-zone="ldi.lan" \
--foreman-proxy-dns-server="172.21.14.100" \
--foreman-proxy-dns-reverse="14.21.172.in-addr.arpa" \
--foreman-proxy-dns-forwarders="8.8.8.8" \
--foreman-proxy-dns-forwarders="8.8.4.4" \
--foreman-proxy-foreman-base-url="https://hyd-foreman01.ldi.lan"
2022-06-12 16:59:23 [NOTICE] [root] Loading installer configuration. This will take some time.
2022-06-12 16:59:27 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2022-06-12 16:59:27 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2022-06-12 16:59:32 [NOTICE] [configure] Starting system configuration.
2022-06-12 16:59:46 [NOTICE] [configure] 250 configuration steps out of 1843 steps complete.
2022-06-12 16:59:46 [NOTICE] [configure] 500 configuration steps out of 1843 steps complete.
2022-06-12 16:59:48 [NOTICE] [configure] 750 configuration steps out of 1845 steps complete.
2022-06-12 16:59:52 [NOTICE] [configure] 1000 configuration steps out of 1855 steps complete.
2022-06-12 16:59:53 [NOTICE] [configure] 1250 configuration steps out of 1860 steps complete.
2022-06-12 17:00:28 [NOTICE] [configure] 1500 configuration steps out of 1860 steps complete.
2022-06-12 17:00:39 [NOTICE] [configure] 1750 configuration steps out of 1860 steps complete.
2022-06-12 17:00:41 [ERROR ] [configure] Proxy hyd-foreman01.ldi.lan has failed to load one or more features (Puppet, Puppet CA), check /var/log/foreman-proxy/proxy.log for configuration errors
2022-06-12 17:00:41 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[hyd-foreman01.ldi.lan]/features: change from ["DHCP", "DNS", "Logs", "Pulpcore", "TFTP"] to ["DHCP", "DNS", "Logs", "Pulpcore", "Puppet", "Puppet CA", "TFTP"] failed: Proxy hyd-foreman01.ldi.lan has failed to load one or more features (Puppet, Puppet CA), check /var/log/foreman-proxy/proxy.log for configuration errors
2022-06-12 17:00:45 [NOTICE] [configure] System configuration has finished.
There were errors detected during install.
Please address the errors and re-run the installer to ensure the system is properly configured.
Failing to do so is likely to result in broken functionality.
$ sudo head /var/log/foreman-proxy/proxy.log
2022-06-12T16:34:31 [E] Disabling all modules in the group ['puppetca_http_api', 'puppetca_hostname_whitelisting', 'puppetca'] due to a failure in one of them: File at '/etc/puppetlabs/puppet/ssl/certs/ca.pem' defined in 'puppet_ssl_ca' parameter doesn't exist or is unreadable
2022-06-12T16:34:31 [W] Error details for Disabling all modules in the group ['puppetca_http_api', 'puppetca_hostname_whitelisting', 'puppetca'] due to a failure in one of them: File at '/etc/puppetlabs/puppet/ssl/certs/ca.pem' defined in 'puppet_ssl_ca' parameter doesn't exist or is unreadable: <Proxy::Error::ConfigurationError>: File at '/etc/puppetlabs/puppet/ssl/certs/ca.pem' defined in 'puppet_ssl_ca' parameter doesn't exist or is unreadable
$ sudo ls -al /etc/puppetlabs/puppet/ssl/certs/
total 8
drwxr-xr-x 2 puppet puppet 4096 Jun 12 16:15 .
drwxrwx--x 7 puppet puppet 4096 Jun 12 16:15 ..