Foreman with Katello Installation error

manuh · January 21, 2023, 6:45pm

Hello gurus,

I’m trying to install foreman with katello, but failing miserable, it’s my first time trying it, fresh install. I’m looking for help to sort out what’s going wrong.
Problem: when i run foreman-installer, I’m getting error: [ERROR ] [configure] /Stage[main]/Candlepin::Artemis/Selboolean[candlepin_can_bind_activemq_port
]: Could not evaluate: Execution of ‘/usr/sbin/getsebool candlepin_can_bind_activemq_port’ returned 255: Error getting active value for candlepin_can_bind_activemq_port

Expected outcome: Running foreman-installer works without an error, install foreman

Foreman and Proxy versions: foreman-proxy-3.5.1-1.el8.noarch

Foreman and Proxy plugin versions: foreman-3.5.1-1.el8.noarch foreman-proxy-3.5.1-1.el8.noarch katello-4.7.0-1.el8.noarch

Distribution and version: foreman 3.5

Other relevant data:
full log:
2023-01-21 20:24:40 [ERROR ] [configure] /Stage[main]/Candlepin::Artemis/Selboolean[candlepin_can_bind_activemq_port]: Could not evaluate: Execution of ‘/usr/sbin/getsebool candlepin_can_bind_activemq_port’ returned 255: Error getting active value for candlepin_can_bind_activemq_port
2023-01-21 20:24:41 [NOTICE] [configure] 750 configuration steps out of 1390 steps complete.
2023-01-21 20:24:42 [NOTICE] [configure] 1000 configuration steps out of 1394 steps complete.
2023-01-21 20:26:16 [NOTICE] [configure] 1250 configuration steps out of 1394 steps complete.
2023-01-21 20:27:49 [ERROR ] [configure] Could not find a suitable provider for keystore
2023-01-21 20:27:49 [ERROR ] [configure] Could not find a suitable provider for truststore
2023-01-21 20:27:49 [ERROR ] [configure] Could not find a suitable provider for truststore_certificate
2023-01-21 20:27:49 [ERROR ] [configure] Could not find a suitable provider for keystore_certificate
2023-01-21 20:27:54 [NOTICE] [configure] System configuration has finished.

There were errors detected during install.
Please address the errors and re-run the installer to ensure the system is properly configured.
Failing to do so is likely to result in broken functionality.

The full log is at /var/log/foreman-installer/katello.log

Dirk · January 23, 2023, 6:57am

From Installation of Red Hat Satellite fails with error returned 255: Error getting active value for candlepin_can_bind_activemq_port - Red Hat Customer Portal it seems to be a problem that the selinux module for candlepin is not loaded trying to toggle the boolean. Can you run:

# semodule -i /usr/share/selinux/targeted/candlepin.pp
# setsebool -P candlepin_can_bind_activemq_port on

If this works the installer should run fine.

manuh · January 23, 2023, 10:18pm

well thank you, indeed worked.
after loading the selinux module I had to also update OpenJDK and the installation run through smoothly

mindo · May 15, 2023, 4:55pm

Hello,

Although i don’t have selinux enabled this started happening to us.
I though it was caused by a openjdk update (from 1.8.0.362 to 1.8.0.372) but downgrading did not work.
I even tried to update to foreman 3.5.2 / katello 4.7.5 and then foreman 3.6.1 / katello 4.8.0 but neither worked.
(I was only able to “complete” the upgrade running foreman-rake db:migrate)

Foreman and Proxy versions

foreman 3.5.1 (initially)
foreman 3.6.1 (currently)

Foreman and Proxy plugin versions

katello 4.7.4 (initially)
katello 4.8.0 (currenlty)
foreman-tasks 7.2.1
foreman_ansible 11.2.0
foreman_openscap 6.0.0
foreman_puppet 5.0.0
foreman_remote_execution 9.1.0

gvde · May 15, 2023, 6:19pm

If you have selinux disabled, then that’s your problem. It must be enabled. If it’s disabled then it will fail because the installer cannot set labels.

See Installing Foreman 3.6 Server with Katello 4.8 Plugin on RHEL/CentOS

SELinux Mode

SELinux must be enabled, either in enforcing or permissive mode. Installation with disabled SELinux is not supported.

mindo · May 16, 2023, 11:16am

Ups, I had Selinux disabled since the time this machine was a CentOS7 but it was upgraded several versions ago using leapp, and I never noticed any issues. There’s always a first time

Anyway, I re-enabled Selinux and I still get the same error.
I tested with both enforcing and permissive and even reinstalled (foreman|katello|pulpcore|candlepin)-selinux packages to ensure the policies were applied.

[PRD root@updates ~ - 11:40:14][0][0]# semanage port -l | grep candlepin
candlepin_activemq_port_t      tcp      61613
katello_candlepin_port_t       tcp      23443

Any ideas what maybe causing this?
Thank you.

gvde · May 16, 2023, 11:26am

Did you relabel the whole filesystem?

What is your exact error? The error above says it is missing a selinux boolean… It prints out the exact command used to test…

mindo · May 16, 2023, 11:35am

Yes, the entire filesystem was relabeled several times…

My output does not include any command to test.

foreman-installer

[PRD root@updates ~ - 12:08:39][0][0]# foreman-installer
2023-05-16 12:08:53 [WARN ] [boot] [“Unsetting environment variable ‘http_proxy’ for the duration of the install.”]
2023-05-16 12:08:53 [WARN ] [boot] [“Unsetting environment variable ‘https_proxy’ for the duration of the install.”]
2023-05-16 12:08:53 [WARN ] [boot] [“Unsetting environment variable ‘HTTP_PROXY’ for the duration of the install.”]
2023-05-16 12:08:53 [WARN ] [boot] [“Unsetting environment variable ‘HTTPS_PROXY’ for the duration of the install.”]
2023-05-16 12:08:56 [NOTICE] [root] Loading installer configuration. This will take some time.
2023-05-16 12:09:01 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2023-05-16 12:09:01 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2023-05-16 12:09:11 [NOTICE] [configure] Starting system configuration.
2023-05-16 12:09:26 [NOTICE] [configure] 250 configuration steps out of 1801 steps complete.
2023-05-16 12:09:30 [NOTICE] [configure] 500 configuration steps out of 1801 steps complete.
2023-05-16 12:09:31 [NOTICE] [configure] 750 configuration steps out of 1806 steps complete.
2023-05-16 12:09:31 [NOTICE] [configure] 1000 configuration steps out of 1813 steps complete.
2023-05-16 12:09:33 [NOTICE] [configure] 1250 configuration steps out of 1820 steps complete.
2023-05-16 12:09:33 [NOTICE] [configure] 1500 configuration steps out of 1820 steps complete.
2023-05-16 12:09:43 [NOTICE] [configure] 1750 configuration steps out of 1820 steps complete.
2023-05-16 12:10:02 [ERROR ] [configure] Could not find a suitable provider for keystore
2023-05-16 12:10:02 [ERROR ] [configure] Could not find a suitable provider for truststore
2023-05-16 12:10:02 [ERROR ] [configure] Could not find a suitable provider for truststore_certificate
2023-05-16 12:10:02 [ERROR ] [configure] Could not find a suitable provider for keystore_certificate
2023-05-16 12:10:05 [NOTICE] [configure] System configuration has finished.

There were errors detected during install.
Please address the errors and re-run the installer to ensure the system is properly configured.
Failing to do so is likely to result in broken functionality.

The full log is at /var/log/foreman-installer/katello.log

katello.log (partial)

(…)
2023-05-16 12:10:02 [DEBUG ] [configure] Class[Puppet::Agent]: Starting to evaluate the resource (1813 of 1820)
2023-05-16 12:10:02 [DEBUG ] [configure] Class[Puppet::Agent]: Resource is being skipped, unscheduling all events
2023-05-16 12:10:02 [DEBUG ] [configure] Class[Puppet::Agent]: Evaluated in 0.00 seconds
2023-05-16 12:10:02 [DEBUG ] [configure] Class[Puppet]: Starting to evaluate the resource (1814 of 1820)
2023-05-16 12:10:02 [DEBUG ] [configure] Class[Puppet]: Resource is being skipped, unscheduling all events
2023-05-16 12:10:02 [DEBUG ] [configure] Class[Puppet]: Evaluated in 0.00 seconds
2023-05-16 12:10:02 [DEBUG ] [configure] Stage[main]: Starting to evaluate the resource (1815 of 1820)
2023-05-16 12:10:02 [DEBUG ] [configure] Stage[main]: Resource is being skipped, unscheduling all events
2023-05-16 12:10:02 [DEBUG ] [configure] Stage[main]: Unscheduling all events on Stage[main]
2023-05-16 12:10:02 [DEBUG ] [configure] Stage[main]: Evaluated in 0.00 seconds
2023-05-16 12:10:02 [ERROR ] [configure] Could not find a suitable provider for keystore
2023-05-16 12:10:02 [ERROR ] [configure] Could not find a suitable provider for truststore
2023-05-16 12:10:02 [ERROR ] [configure] Could not find a suitable provider for truststore_certificate
2023-05-16 12:10:02 [ERROR ] [configure] Could not find a suitable provider for keystore_certificate
2023-05-16 12:10:02 [DEBUG ] [configure] Finishing transaction 140940
2023-05-16 12:10:02 [DEBUG ] [configure] Storing state
2023-05-16 12:10:02 [DEBUG ] [configure] Pruned old state cache entries in 0.00 seconds
2023-05-16 12:10:02 [DEBUG ] [configure] Stored state in 0.05 seconds
2023-05-16 12:10:02 [INFO ] [configure] Applied catalog in 40.94 seconds
2023-05-16 12:10:02 [DEBUG ] [configure] Applying settings catalog for sections main, reporting, metrics
(…)

gvde · May 16, 2023, 11:48am

Because it’s a different problem. You don’t have a selinux error. You have

which is a different issue from the original one. Those missing types should be in /usr/share/foreman-installer/modules/certs/lib/puppet/type/, installed with the foreman-installer rpm. I don’t know why it’s not finding them, but I suppose you should open a new topic for this…

mindo · June 4, 2023, 1:52am

Hello @gvde,

Thank you again for your feedback.
So, with selinux out of the table and I finally had some time to debug this issue and found out that for some reason for error I was getting it was because keytool was not on the PATH.
For some reason the update-alternatives did not created the symbolic link for it.
After forcing it to recreate the symbolic links the problem disappeared.