Foreman Katello Installation Failing

khulsat · December 15, 2022, 5:45am

Problem:
Foreman Katello Installation Failing

Expected outcome:
Foreman-Katello Installs Without any Errors

Foreman and Proxy versions:

dnf install foreman-installer-katello

Installed:
  binutils-2.30-117.el8.x86_64                                                                  bzip2-1.0.6-26.el8.x86_64                                                                    
  dwz-0.12-10.el8.x86_64                                                                        efi-srpm-macros-3-3.el8.noarch                                                               
  elfutils-0.187-4.el8.x86_64                                                                   foreman-installer-1:3.4.1-1.el8.noarch                                                       
  foreman-installer-katello-1:3.4.1-1.el8.noarch                                                gc-7.6.4-3.el8.x86_64                                                                        
  gdb-headless-8.2-19.el8.x86_64                                                                ghc-srpm-macros-1.4.2-7.el8.noarch                                                           
  go-srpm-macros-2-17.el8.noarch                                                                guile-5:2.0.14-7.el8.x86_64                                                                  
  katello-certs-tools-2.9.0-1.el8.noarch                                                        libatomic_ops-7.6.2-3.el8.x86_64                                                             
  libbabeltrace-1.5.4-4.el8.x86_64                                                              libipt-1.6.1-8.el8.x86_64                                                                    
  libpkgconf-1.4.2-1.el8.x86_64                                                                 libtool-ltdl-2.4.6-25.el8.x86_64                                                             
  ocaml-srpm-macros-5-4.el8.noarch                                                              openblas-srpm-macros-2-2.el8.noarch                                                          
  patch-2.7.6-11.el8.x86_64                                                                     perl-srpm-macros-1-25.el8.noarch                                                             
  pkgconf-1.4.2-1.el8.x86_64                                                                    pkgconf-m4-1.4.2-1.el8.noarch                                                                
  pkgconf-pkg-config-1.4.2-1.el8.x86_64                                                         puppet-agent-7.21.0-1.el8.x86_64                                                             
  python-rpm-macros-3-43.el8.noarch                                                             python-srpm-macros-3-43.el8.noarch                                                           
  python3-rpm-macros-3-43.el8.noarch                                                            qt5-srpm-macros-5.15.3-1.el8.noarch                                                          
  redhat-rpm-config-130-1.el8.noarch                                                            rpm-build-4.14.3-24.el8_7.x86_64                                                             
  ruby-2.7.6-138.module+el8.6.0+1001+b5678180.x86_64                                            ruby-default-gems-2.7.6-138.module+el8.6.0+1001+b5678180.noarch                              
  ruby-libs-2.7.6-138.module+el8.6.0+1001+b5678180.x86_64                                       rubygem-ansi-1.5.0-3.el8.noarch                                                              
  rubygem-bigdecimal-2.0.0-138.module+el8.6.0+1001+b5678180.x86_64                              rubygem-bundler-2.2.24-138.module+el8.6.0+1001+b5678180.noarch                               
  rubygem-clamp-1.1.2-7.el8.noarch                                                              rubygem-hashie-3.6.0-3.el8.noarch                                                            
  rubygem-highline-2.0.3-2.el8.noarch                                                           rubygem-io-console-0.5.6-138.module+el8.6.0+1001+b5678180.x86_64                             
  rubygem-irb-1.2.6-138.module+el8.6.0+1001+b5678180.noarch                                     rubygem-json-2.3.0-138.module+el8.6.0+1001+b5678180.x86_64                                   
  rubygem-kafo-6.5.0-1.el8.noarch                                                               rubygem-kafo_parsers-1.2.1-1.el8.noarch                                                      
  rubygem-kafo_wizards-0.0.2-2.el8.noarch                                                       rubygem-little-plugger-1.1.4-3.el8.noarch                                                    
  rubygem-logging-2.3.1-1.el8.noarch                                                            rubygem-multi_json-1.15.0-1.el8.noarch                                                       
  rubygem-openssl-2.1.3-138.module+el8.6.0+1001+b5678180.x86_64                                 rubygem-powerbar-2.0.1-3.el8.noarch                                                          
  rubygem-psych-3.1.0-138.module+el8.6.0+1001+b5678180.x86_64                                   rubygem-rdoc-6.2.1.1-138.module+el8.6.0+1001+b5678180.noarch                                 
  rubygems-3.1.6-138.module+el8.6.0+1001+b5678180.noarch                                        rust-srpm-macros-5-2.el8.noarch                                                              
  tar-2:1.30-6.el8.x86_64                                                                       unzip-6.0-46.el8.x86_64                                                                      
  zip-3.0-23.el8.x86_64                                                                         zstd-1.4.4-1.el8.x86_64                                                                      

Complete!

Distribution and version:

cat /etc/redhat-release 
Rocky Linux release 8.7 (Green Obsidian)

Other relevant data:

These are the steps taken :

Configure proxy & Update the system to the latest (system does not have direct internet access)
Install & Configure Chrony
Disable Firewall
Validated that FQDN is set and ping works

dnf clean all
dnf install -y https://yum.theforeman.org/releases/3.4/el8/x86_64/foreman-release.rpm
dnf install -y https://yum.theforeman.org/katello/4.6/katello/el8/x86_64/katello-repos-latest.rpm
dnf install -y https://yum.puppet.com/puppet7-release-el-8.noarch.rpm
dnf config-manager --set-enabled powertools
dnf module enable katello:el8 pulpcore:el8
dnf update
dnf install foreman-installer-katello
restorecon -R /var/lib/pulp
restorecon -R /var/lib/pgsql
katello-certs-check -c /etc/foreman-installer/certs-custom/wildc_my_org.pem -k /etc/foreman-installer/certs-custom/my_org.key -b /etc/foreman-installer/certs-custom/bundle_globalsign.pem

No errors observed so far.
When initiated a installer, this is the error I get -

# foreman-installer --scenario katello --foreman-initial-organization "MyORG" \
 --foreman-initial-admin-username "admin" --foreman-initial-admin-password "xxx" \
 --enable-foreman-cli-ansible --enable-foreman-cli-openscap --enable-foreman-plugin-openscap --enable-foreman-plugin-statistics \
 --certs-server-cert "/etc/foreman-installer/certs-custom/wildc_my_org.pem" --certs-server-key "/etc/foreman-installer/certs-custom/my_org.key" \
 --certs-server-ca-cert "/etc/foreman-installer/certs-custom/bundle_globalsign.pem" --noop
2022-12-15 10:44:27 [NOTICE] [root] Loading installer configuration. This will take some time.
2022-12-15 10:44:30 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2022-12-15 10:44:30 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2022-12-15 10:49:13 [NOTICE] [configure] Starting system configuration.
2022-12-15 10:49:24 [NOTICE] [configure] 250 configuration steps out of 1402 steps complete.
2022-12-15 10:49:24 [ERROR ] [configure] /Stage[main]/Certs::Ca/File[/etc/pki/katello/certs/katello-default-ca.crt]: Could not evaluate: Could not retrieve information from environment production source(s) file:///root/ssl-build/katello-default-ca.crt
2022-12-15 10:49:24 [ERROR ] [configure] /Stage[main]/Certs::Ca/File[/etc/pki/katello/certs/katello-server-ca.crt]: Could not evaluate: Could not retrieve information from environment production source(s) file:///root/ssl-build/katello-server-ca.crt
2022-12-15 10:49:26 [NOTICE] [configure] 500 configuration steps out of 1404 steps complete.
2022-12-15 10:49:26 [ERROR ] [configure] /Stage[main]/Certs::Foreman/Certs::Keypair[foreman.my.org-foreman-client]/File[/etc/foreman/client_cert.pem]: Could not evaluate: Could not retrieve information from environment production source(s) file:///root/ssl-build/foreman.my.org/foreman.my.org-foreman-client.crt
2022-12-15 10:49:27 [ERROR ] [configure] /Stage[main]/Certs::Candlepin/Certs::Keypair[katello-default-ca]/File[/etc/candlepin/certs/candlepin-ca.crt]: Could not evaluate: Could not retrieve information from environment production source(s) file:///root/ssl-build/katello-default-ca.crt
2022-12-15 10:49:27 [ERROR ] [configure] /Stage[main]/Certs::Apache/Certs::Keypair[foreman.my.org-apache]/File[/etc/pki/katello/certs/katello-apache.crt]: Could not evaluate: Could not retrieve information from environment production source(s) file:///root/ssl-build/foreman.my.org/foreman.my.org-apache.crt
2022-12-15 10:49:27 [ERROR ] [configure] /Stage[main]/Certs::Foreman_proxy/Certs::Keypair[foreman.my.org-foreman-proxy]/File[/etc/foreman-proxy/ssl_cert.pem]: Could not evaluate: Could not retrieve information from environment production source(s) file:///root/ssl-build/foreman.my.org/foreman.my.org-foreman-proxy.crt
2022-12-15 10:49:27 [ERROR ] [configure] /Stage[main]/Certs::Foreman_proxy/Certs::Keypair[foreman.my.org-foreman-proxy-client]/File[/etc/foreman-proxy/foreman_ssl_cert.pem]: Could not evaluate: Could not retrieve information from environment production source(s) file:///root/ssl-build/foreman.my.org/foreman.my.org-foreman-proxy-client.crt
2022-12-15 10:49:27 [NOTICE] [configure] 750 configuration steps out of 1409 steps complete.
2022-12-15 10:50:28 [ERROR ] [configure] /Stage[main]/Candlepin::Database::Postgresql/Postgresql::Server::Db[candlepin]/Postgresql::Server::Role[candlepin]/Postgresql_psql[CREATE ROLE candlepin ENCRYPTED PASSWORD ****]: Could not evaluate: Error evaluating 'unless' clause, returned pid 6295 exit 1: 'Error: Could not execute posix command: Invalid group: postgres
2022-12-15 10:50:28 [ERROR ] [configure] '
2022-12-15 10:50:28 [NOTICE] [configure] 1000 configuration steps out of 1413 steps complete.
2022-12-15 10:50:28 [ERROR ] [configure] /Stage[main]/Pulpcore::Database/Postgresql::Server::Db[pulpcore]/Postgresql::Server::Role[pulp]/Postgresql_psql[CREATE ROLE pulp ENCRYPTED PASSWORD ****]: Could not evaluate: Error evaluating 'unless' clause, returned pid 6302 exit 1: 'Error: Could not execute posix command: Invalid group: postgres
2022-12-15 10:50:28 [ERROR ] [configure] '
2022-12-15 10:50:28 [NOTICE] [configure] 1250 configuration steps out of 1413 steps complete.
2022-12-15 10:50:29 [ERROR ] [configure] Could not find a suitable provider for foreman_config_entry
2022-12-15 10:50:29 [ERROR ] [configure] Could not find a suitable provider for foreman_host
2022-12-15 10:50:29 [ERROR ] [configure] Could not find a suitable provider for foreman_smartproxy
2022-12-15 10:50:29 [ERROR ] [configure] Could not find a suitable provider for foreman_instance_host
2022-12-15 10:50:29 [ERROR ] [configure] Could not find a suitable provider for foreman_smartproxy_host
2022-12-15 10:50:32 [NOTICE] [configure] System configuration has finished.

  There were errors detected during install.
  Please address the errors and re-run the installer to ensure the system is properly configured.
  Failing to do so is likely to result in broken functionality.

  The full log is at /var/log/foreman-installer/katello.log

Please help. Thank you!
-swapie

gvde · December 15, 2022, 6:00am

As I suggested in the other thread I would recommend to start without those additional plugins and add those later.

Also --noop means noop mode. With that, it won’t install anything. And for an initial installation it’ll break soon, because later steps in the installation process depend on the results from earlier steps. So you cannot expect an installation if you tell installer not to make any changes…

As I also mentioned in the other thread: stick to the docs. You’ll make your life just so much harder if you keep deviating from the docs unless you have full understanding what you are doing…

khulsat · December 15, 2022, 6:43am

I am exactly following the document. Am I missing on anything? Even after using basic switches, it gives me a same error.

# foreman-installer --scenario katello --foreman-initial-organization "MyORG" \
 --foreman-initial-admin-username "admin" --foreman-initial-admin-password "xxx" \
 --certs-server-cert "/etc/foreman-installer/certs-custom/wildc_my_org.pem" --certs-server-key "/etc/foreman-installer/certs-custom/my_org.key" \
 --certs-server-ca-cert "/etc/foreman-installer/certs-custom/bundle_globalsign.pem" --noop

--noop is used on purpose as I want to check first for errors before actual deployment.
Then I tried with simple command, still the same -

# foreman-installer --scenario katello --noop
2022-12-15 12:01:28 [NOTICE] [root] Loading installer configuration. This will take some time.
2022-12-15 12:01:31 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2022-12-15 12:01:31 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2022-12-15 12:01:36 [NOTICE] [configure] Starting system configuration.
2022-12-15 12:01:47 [NOTICE] [configure] 250 configuration steps out of 1382 steps complete.
2022-12-15 12:01:47 [ERROR ] [configure] /Stage[main]/Certs::Ca/File[/etc/pki/katello/certs/katello-default-ca.crt]: Could not evaluate: Could not retrieve information from environment production source(s) file:///root/ssl-build/katello-default-ca.crt
2022-12-15 12:01:47 [ERROR ] [configure] /Stage[main]/Certs::Ca/File[/etc/pki/katello/certs/katello-server-ca.crt]: Could not evaluate: Could not retrieve information from environment production source(s) file:///root/ssl-build/katello-server-ca.crt
2022-12-15 12:01:49 [NOTICE] [configure] 500 configuration steps out of 1384 steps complete.
2022-12-15 12:01:50 [ERROR ] [configure] /Stage[main]/Certs::Foreman/Certs::Keypair[foreman.my.org-foreman-client]/File[/etc/foreman/client_cert.pem]: Could not evaluate: Could not retrieve information from environment production source(s) file:///root/ssl-build/foreman.my.org/foreman.my.org-foreman-client.crt
2022-12-15 12:01:50 [ERROR ] [configure] /Stage[main]/Certs::Candlepin/Certs::Keypair[katello-default-ca]/File[/etc/candlepin/certs/candlepin-ca.crt]: Could not evaluate: Could not retrieve information from environment production source(s) file:///root/ssl-build/katello-default-ca.crt
2022-12-15 12:01:50 [ERROR ] [configure] /Stage[main]/Certs::Apache/Certs::Keypair[foreman.my.org-apache]/File[/etc/pki/katello/certs/katello-apache.crt]: Could not evaluate: Could not retrieve information from environment production source(s) file:///root/ssl-build/foreman.my.org/foreman.my.org-apache.crt
2022-12-15 12:01:50 [ERROR ] [configure] /Stage[main]/Certs::Foreman_proxy/Certs::Keypair[foreman.my.org-foreman-proxy]/File[/etc/foreman-proxy/ssl_cert.pem]: Could not evaluate: Could not retrieve information from environment production source(s) file:///root/ssl-build/foreman.my.org/foreman.my.org-foreman-proxy.crt
2022-12-15 12:01:50 [ERROR ] [configure] /Stage[main]/Certs::Foreman_proxy/Certs::Keypair[foreman.my.org-foreman-proxy-client]/File[/etc/foreman-proxy/foreman_ssl_cert.pem]: Could not evaluate: Could not retrieve information from environment production source(s) file:///root/ssl-build/foreman.my.org/foreman.my.org-foreman-proxy-client.crt
2022-12-15 12:01:50 [NOTICE] [configure] 750 configuration steps out of 1390 steps complete.
2022-12-15 12:02:51 [ERROR ] [configure] /Stage[main]/Candlepin::Database::Postgresql/Postgresql::Server::Db[candlepin]/Postgresql::Server::Role[candlepin]/Postgresql_psql[CREATE ROLE candlepin ENCRYPTED PASSWORD ****]: Could not evaluate: Error evaluating 'unless' clause, returned pid 7541 exit 1: 'Error: Could not execute posix command: Invalid group: postgres
2022-12-15 12:02:51 [ERROR ] [configure] '
2022-12-15 12:02:51 [NOTICE] [configure] 1000 configuration steps out of 1393 steps complete.
2022-12-15 12:02:51 [ERROR ] [configure] /Stage[main]/Pulpcore::Database/Postgresql::Server::Db[pulpcore]/Postgresql::Server::Role[pulp]/Postgresql_psql[CREATE ROLE pulp ENCRYPTED PASSWORD ****]: Could not evaluate: Error evaluating 'unless' clause, returned pid 7548 exit 1: 'Error: Could not execute posix command: Invalid group: postgres
2022-12-15 12:02:51 [ERROR ] [configure] '
2022-12-15 12:02:51 [NOTICE] [configure] 1250 configuration steps out of 1393 steps complete.
2022-12-15 12:02:52 [ERROR ] [configure] Could not find a suitable provider for foreman_config_entry
2022-12-15 12:02:52 [ERROR ] [configure] Could not find a suitable provider for foreman_host
2022-12-15 12:02:52 [ERROR ] [configure] Could not find a suitable provider for foreman_smartproxy
2022-12-15 12:02:52 [ERROR ] [configure] Could not find a suitable provider for foreman_instance_host
2022-12-15 12:02:52 [ERROR ] [configure] Could not find a suitable provider for foreman_smartproxy_host
2022-12-15 12:02:55 [NOTICE] [configure] System configuration has finished.

  There were errors detected during install.
  Please address the errors and re-run the installer to ensure the system is properly configured.
  Failing to do so is likely to result in broken functionality.

  The full log is at /var/log/foreman-installer/katello.log

Could it be possible that it is not able to download packages from internet? It explicitly unsets the http_proxy configured.
Per my understanding, pgsql packages are not being downloaded hence it says Invalid group: postgres?
Earlier (before starting from a scratch) I tried installing puppet-agent-oauth manually which suppressed few errors - Could not find a suitable provider for...
Could you confirm if puppetserver is also required for installer?

gvde · December 15, 2022, 7:16am

You are missing the link to the document you are using. It’s hard to guess. Official docs are Installing Foreman 3.4 Server with Katello 4.6 Plugin on RHEL/CentOS

The docs definitively don’t say to use --noop.

Yes. Of course. Again: there is nothing installed. You tell foreman-installer to make no changes. The installer runs making no changes and at some point during the process you reach a step which depends on changes made by previous steps. That’s why you see those errors.

foreman-installer cannot create the katello ca certificates in /etc/pki/katello/certs/katello-default-ca.crt because of --noop. At some step it needs the katello ca certificate in /etc/pki/katello/certs/katello-default-ca.crt but fails because it’s not there.

Even later it needs to access the database, set up tables, etc. But you told foreman-installer not to make change, not to install postgresql, not to run it…

In almost all instances there is no good use of --noop for you. It’s for the developers if they want to test their new puppet modules for foreman-installer. For you, it’s almost always pointless because most changes have dependencies which then will break if they cannot be made…

No, first and all you have told foreman-installer not do download anything.

Yes, because you told foreman-installer not to.

Again, you start to break things. Don’t manually install things which you are not supposed to do. Follow the docs.

Why do you ask? Follow the docs.

Again: follow the docs. Don’t try to break things by not following. If you follow the docs, foreman-installer will configure everything as needed, install everything as needed, run everything as needed and in the end you have a running system. Don’t make your life harder by not following the docs and then trying to fix/break things because it doesn’t work as it should.

So again: please follow the docs. Docs don’t say to use --noop. As I have pointed out before --noop means foreman-installer won’t install anything. You cannot expect a running system if you tell foreman-installer not to install anything.

khulsat · December 15, 2022, 8:00am

Note that the Foreman installation script is based on Puppet, which means that if you run the installation script more than once, it might overwrite any manual configuration changes. ⁠ To avoid this and determine which future changes apply, use the --noop argument when you run the installation script. This argument ensures that no actual changes are made. Potential changes are written to /var/log/foreman-installer/katello.log.

This is the snip from the doc you asked to refer and the same I have been following.

But as you rightly said, during the fresh install, it makes no sense to use --noop option. I was so dumb that I didn’t realize that.
As read on multiple blogs and this official document, to avoid overwriting of configurations and scared of breaking things, I thought of starting with a dry-run.

Anyways, thank you for being patient and helping me out. Finally installer gave me a Success! message. I shall try configuring repositories now and let you know.

gvde · December 15, 2022, 8:16am

Yes. If you make manual changes to the configuration files of the running system, foreman-installer may overwrite them. But for the initial installation there are no manual changes you could (should) have done and even later, you shouldn’t make manual changes in the configuration files, anyway, unless you really know what you are doing.

If you were, for instance, to change the httpd configuration you may break things you won’t even notice until much later. Those changes would be overwritten during the next foreman-installer run.

But you shouldn’t do this. If you have an issue were you think you need to make manual changes to some configuration files of your foreman installation it’s probably best to ask first here how to achieve what you are trying to do. There are a lot of foreman-installer options allow you to change most aspects of the installation. Thus often, it’s not necessary to make manual changes but instead just configure it correctly with foreman-installer.

And even then, before using exotic foreman-installer options which are not well documented how to use, you may be better off asking here first, too, before potentially breaking something. foreman-installer always remembers all configuration done before, thus it’s sometimes not so easy to undo something…

khulsat · December 15, 2022, 11:57am

Hello!
I am happy that Product & Repositories got created successfully. Now will try to sync the repos.

Meanwhile, need suggestion on enabling additional plugins we mentioned earlier.
Is that ok if I run this command now?

# foreman-installer -v \
--enable-foreman-cli-ansible \
--enable-foreman-cli-openscap \
--enable-foreman-cli-remote-execution \
--enable-foreman-plugin-ansible \
--enable-foreman-plugin-openscap \
--enable-foreman-plugin-remote-execution \
--enable-foreman-plugin-statistics

The document says :

Note that the installer will enforce the state of all managed configuration files, so manual changes will be reverted. Use --noop -v first to check for any unexpected changes.

I was searching if there is any command which will list enabled modules but could not find.
Please advise.

Thank you!

gvde · December 15, 2022, 12:41pm

If you have checked the individual plugin docs, it should be fine. I would recommend to take a snapshot/backup of the server before.

Again: unless you made manual changes to configuration files, there is no point running with noop.

hammer status should tell you what components and plugins you have…