Katello-ca-consumer installation fails with missing certs

I’m installing a new Foreman server, with Foreman 3.4 and Katello 4.6 on Alma Linux 8.7. On the server, I have run

katello-certs-check -t foreman -c /etc/pki/katello/certs/katello-apache.crt -k /etc/pki/katello/private/katello-apache.key -b /etc/pki/katello/certs/katello-server-ca.crt

followed by

foreman-installer --scenario katello

The foreman-installer command installs the RPM file katello-ca-consumer-<foreman.server.name>-1.0-1.noarch.rpm along with the symlink katello-ca-consumer-latest.noarch.rpm into the Apache directory /var/www/html/pub. So far so good.

But when I try to install that package on a host, it apparently succeeds, but with an error that the cert directory /etc/rhsm/ca doesn’t exist:

# dnf localinstall http://<foreman.server.name>/pub/katello-ca-consumer-latest.noarch.rpm
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:00:20 ago on Tue 15 Nov 2022 01:57:53 PM EST.
katello-ca-consumer-latest.noarch.rpm                                       980 kB/s | 9.8 kB     00:00    
Dependencies resolved.
 Package                                         Architecture   Version          Repository            Size
 katello-ca-consumer-<foreman.server.name>         noarch         1.0-1            @commandline         9.8 k

Transaction Summary
Install  1 Package

Total size: 9.8 k
Installed size: 7.6 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                    1/1 
  Installing       : katello-ca-consumer-<foreman.server.name>-1.0-1.noarch                               1/1 
  Running scriptlet: katello-ca-consumer-<foreman.server.name>-1.0-1.noarch                               1/1 
/usr/bin/katello-rhsm-consumer: line 130: /etc/rhsm/ca/katello-server-ca.pem: No such file or directory
warning: %post(katello-ca-consumer-<foreman.server.name>-1.0-1.noarch) scriptlet failed, exit status 1

Error in POSTIN scriptlet in rpm package katello-ca-consumer-<foreman.server.name>
  Verifying        : katello-ca-consumer-<foreman.server.name>-1.0-1.noarch                               1/1 
Installed products updated.



The result of this is that the katello-ca-consumer package is installed, but the certs cert.pem and key.pem do not get installed in /etc/pki/consumer, and I cannot register the host with the server.

Have I missed a step in the setup? How can I correct this?

Expected outcome:
Installation of katello-ca-consumer package succeeds without errors.

Foreman and Proxy versions:

Foreman and Proxy plugin versions:
Katello 4.6.0

Distribution and version:
Alma Linux 8.7

/usr/bin/katello-rhsm-consumer is a simple shell script. It should create the file. Can you check the script and see what it does?

So, I’ve done a bunch of testing on some other hosts, and I was able to migrate them successfully to the new Foreman server. Whatever is going on with this this particular problem host is likely caused by my repeated uninstalling and installing things as I was testing and getting things into a messed up state. These are all VMs, so as long as I know it’s working on the other VMs, I’m just going to delete this host and recreate it fresh.

Hi, I have a similiar problem.katello-rhsm-consumer: line 244: /etc/rhsm/ca/katello-server-ca.pem: No such file or directory
In my case a simple mkdir /etc/rhsm/ca and another run of katello-rhsm-consumer did help, because this directory was missing. Fresh install of Rocky 9.

This is/was an issue on Rocky’s side - it’s been/being fixed