Hi all,
New to Katello, I'm trying to deploy Katello 2.3 with foreman 1.9 on a
RHEL6.5 platform.
Katello instalation did went well but I'm stuck during deployment of the
capsule:
- First capsule (in the same domain did run without any issue.
- Second capsule (for a different datacenter, with a different domain) do
fail during the capsule-installer command
/Stage[main]/Certs::Qpid/Exec[add-ca-cert-to-nss-db]: Failed to call
refresh: certutil -A -d '/etc/pki/katello/nssdb' -n 'ca' -t 'TCu,Cu,Tuw' -a
-i '/etc/pki/katello/certs/katello-default-ca.crt' returned 255 instead of
one of [0] /Stage[main]/Certs::Qpid/Exec[add-ca-cert-to-nss-db]: certutil
-A -d '/etc/pki/katello/nssdb' -n 'ca' -t 'TCu,Cu,Tuw' -a -i
'/etc/pki/katello/certs/katello-default-ca.crt' returned 255 instead of one
of [0] pulp-manage-db && touch /var/lib/pulp/init.flag returned 70 instead
of one of [0]
If I try to relaunch the capsule-installer, I don't have anymore issues
with command add-ca-cert-to-nss-db, but the step pulp-manage-db do fail
each time. I tried to reinstall the server again but I have exactly the
same issue. The installation process are exactly the same for both capsule.
It success systematically in the first datacenter, but fails in the second
one.
It doesn't seem to be a network issue (the command is purely local), ntp
architecture do synchronize clocks (but timezone are different)
Does anyone have an idea about this issue and how I could solve it ?
I'll try to install the failed capsule in the same DNS domain as the
katello server but it seems a bit far fetched
Regards
Installing the capsule in the same domain as katello di the trick.
Nevertheless, I'll need to install a capsule in different domain. Do you
have any idea on how to proceed ?
Best regards
···
On Thursday, December 3, 2015 at 3:39:02 PM UTC+1, yannig rousseau wrote:
>
> Hi all,
> New to Katello, I'm trying to deploy Katello 2.3 with foreman 1.9 on a
> RHEL6.5 platform.
>
> Katello instalation did went well but I'm stuck during deployment of the
> capsule:
> - First capsule (in the same domain did run without any issue.
> - Second capsule (for a different datacenter, with a different domain) do
> fail during the capsule-installer command
>
>
>
> */Stage[main]/Certs::Qpid/Exec[add-ca-cert-to-nss-db]: Failed to call
> refresh: certutil -A -d '/etc/pki/katello/nssdb' -n 'ca' -t 'TCu,Cu,Tuw' -a
> -i '/etc/pki/katello/certs/katello-default-ca.crt' returned 255 instead of
> one of [0] /Stage[main]/Certs::Qpid/Exec[add-ca-cert-to-nss-db]: certutil
> -A -d '/etc/pki/katello/nssdb' -n 'ca' -t 'TCu,Cu,Tuw' -a -i
> '/etc/pki/katello/certs/katello-default-ca.crt' returned 255 instead of one
> of [0] pulp-manage-db && touch /var/lib/pulp/init.flag returned 70 instead
> of one of [0*]
>
> If I try to relaunch the capsule-installer, I don't have anymore issues
> with command add-ca-cert-to-nss-db, but the step pulp-manage-db do fail
> each time. I tried to reinstall the server again but I have exactly the
> same issue. The installation process are exactly the same for both capsule.
> It success systematically in the first datacenter, but fails in the second
> one.
> It doesn't seem to be a network issue (the command is purely local), ntp
> architecture do synchronize clocks (but timezone are different)
>
> Does anyone have an idea about this issue and how I could solve it ?
>
> I'll try to install the failed capsule in the same DNS domain as the
> katello server but it seems a bit far fetched
>
> Regards
>
>
Hi all,
Is anyone have an idea on how to install a capsule in a different DNS
domain ??
Regards
···
On Thursday, December 3, 2015 at 5:59:57 PM UTC+1, yannig rousseau wrote:
>
> Installing the capsule in the same domain as katello di the trick.
> Nevertheless, I'll need to install a capsule in different domain. Do you
> have any idea on how to proceed ?
>
> Best regards
>
> On Thursday, December 3, 2015 at 3:39:02 PM UTC+1, yannig rousseau wrote:
>>
>> Hi all,
>> New to Katello, I'm trying to deploy Katello 2.3 with foreman 1.9 on a
>> RHEL6.5 platform.
>>
>> Katello instalation did went well but I'm stuck during deployment of the
>> capsule:
>> - First capsule (in the same domain did run without any issue.
>> - Second capsule (for a different datacenter, with a different domain)
>> do fail during the capsule-installer command
>>
>>
>>
>> */Stage[main]/Certs::Qpid/Exec[add-ca-cert-to-nss-db]: Failed to call
>> refresh: certutil -A -d '/etc/pki/katello/nssdb' -n 'ca' -t 'TCu,Cu,Tuw' -a
>> -i '/etc/pki/katello/certs/katello-default-ca.crt' returned 255 instead of
>> one of [0] /Stage[main]/Certs::Qpid/Exec[add-ca-cert-to-nss-db]: certutil
>> -A -d '/etc/pki/katello/nssdb' -n 'ca' -t 'TCu,Cu,Tuw' -a -i
>> '/etc/pki/katello/certs/katello-default-ca.crt' returned 255 instead of one
>> of [0] pulp-manage-db && touch /var/lib/pulp/init.flag returned 70 instead
>> of one of [0*]
>>
>> If I try to relaunch the capsule-installer, I don't have anymore issues
>> with command add-ca-cert-to-nss-db, but the step pulp-manage-db do fail
>> each time. I tried to reinstall the server again but I have exactly the
>> same issue. The installation process are exactly the same for both capsule.
>> It success systematically in the first datacenter, but fails in the second
>> one.
>> It doesn't seem to be a network issue (the command is purely local), ntp
>> architecture do synchronize clocks (but timezone are different)
>>
>> Does anyone have an idea about this issue and how I could solve it ?
>>
>> I'll try to install the failed capsule in the same DNS domain as the
>> katello server but it seems a bit far fetched
>>
>> Regards
>>
>>
> From: "yannig rousseau" <yannig.rousseau@gmail.com>
> To: "Foreman users" <foreman-users@googlegroups.com>
> Sent: Friday, December 11, 2015 12:09:32 PM
> Subject: [foreman-users] Re: [Katello] Capsule installation
>
> Hi all,
>
> Is anyone have an idea on how to install a capsule in a different DNS
> domain ??
Can the host resolve the Katello? Is the capsule hostname resolvable? Other errors in /var/log/katello-installer/*?
The domain of the capsule doesn't matter.
···
----- Original Message -----
Regards
On Thursday, December 3, 2015 at 5:59:57 PM UTC+1, yannig rousseau wrote:
Installing the capsule in the same domain as katello di the trick.
Nevertheless, I’ll need to install a capsule in different domain. Do you
have any idea on how to proceed ?
Best regards
On Thursday, December 3, 2015 at 3:39:02 PM UTC+1, yannig rousseau wrote:
Hi all,
New to Katello, I’m trying to deploy Katello 2.3 with foreman 1.9 on a
RHEL6.5 platform.
Katello instalation did went well but I’m stuck during deployment of the
capsule:
- First capsule (in the same domain did run without any issue.
- Second capsule (for a different datacenter, with a different domain)
do fail during the capsule-installer command
/Stage[main]/Certs::Qpid/Exec[add-ca-cert-to-nss-db]: Failed to call
refresh: certutil -A -d ‘/etc/pki/katello/nssdb’ -n ‘ca’ -t ‘TCu,Cu,Tuw’
-a
-i ‘/etc/pki/katello/certs/katello-default-ca.crt’ returned 255 instead of
one of [0] /Stage[main]/Certs::Qpid/Exec[add-ca-cert-to-nss-db]: certutil
-A -d ‘/etc/pki/katello/nssdb’ -n ‘ca’ -t ‘TCu,Cu,Tuw’ -a -i
’/etc/pki/katello/certs/katello-default-ca.crt’ returned 255 instead of
one
of [0] pulp-manage-db && touch /var/lib/pulp/init.flag returned 70 instead
of one of [0]
If I try to relaunch the capsule-installer, I don’t have anymore issues
with command add-ca-cert-to-nss-db, but the step pulp-manage-db do fail
each time. I tried to reinstall the server again but I have exactly the
same issue. The installation process are exactly the same for both
capsule.
It success systematically in the first datacenter, but fails in the second
one.
It doesn’t seem to be a network issue (the command is purely local), ntp
architecture do synchronize clocks (but timezone are different)
Does anyone have an idea about this issue and how I could solve it ?
I’ll try to install the failed capsule in the same DNS domain as the
katello server but it seems a bit far fetched
Regards
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
> From: "Stephen Benjamin" <stephen@redhat.com>
> To: foreman-users@googlegroups.com
> Sent: Friday, December 11, 2015 12:35:23 PM
> Subject: Re: [foreman-users] Re: [Katello] Capsule installation
>
>
> > From: "yannig rousseau" <yannig.rousseau@gmail.com>
> > To: "Foreman users" <foreman-users@googlegroups.com>
> > Sent: Friday, December 11, 2015 12:09:32 PM
> > Subject: [foreman-users] Re: [Katello] Capsule installation
> >
> > Hi all,
> >
> > Is anyone have an idea on how to install a capsule in a different DNS
> > domain ??
>
> Can the host resolve the Katello? Is the capsule hostname resolvable? Other
> errors in /var/log/katello-installer/*?
>
And /var/log/capsule-installer/*
···
----- Original Message -----
> ----- Original Message -----
The domain of the capsule doesn’t matter.
Regards
On Thursday, December 3, 2015 at 5:59:57 PM UTC+1, yannig rousseau wrote:
Installing the capsule in the same domain as katello di the trick.
Nevertheless, I’ll need to install a capsule in different domain. Do you
have any idea on how to proceed ?
Best regards
On Thursday, December 3, 2015 at 3:39:02 PM UTC+1, yannig rousseau wrote:
Hi all,
New to Katello, I’m trying to deploy Katello 2.3 with foreman 1.9 on a
RHEL6.5 platform.
Katello instalation did went well but I’m stuck during deployment of the
capsule:
- First capsule (in the same domain did run without any issue.
- Second capsule (for a different datacenter, with a different domain)
do fail during the capsule-installer command
/Stage[main]/Certs::Qpid/Exec[add-ca-cert-to-nss-db]: Failed to call
refresh: certutil -A -d ‘/etc/pki/katello/nssdb’ -n ‘ca’ -t ‘TCu,Cu,Tuw’
-a
-i ‘/etc/pki/katello/certs/katello-default-ca.crt’ returned 255 instead
of
one of [0] /Stage[main]/Certs::Qpid/Exec[add-ca-cert-to-nss-db]:
certutil
-A -d ‘/etc/pki/katello/nssdb’ -n ‘ca’ -t ‘TCu,Cu,Tuw’ -a -i
’/etc/pki/katello/certs/katello-default-ca.crt’ returned 255 instead of
one
of [0] pulp-manage-db && touch /var/lib/pulp/init.flag returned 70
instead
of one of [0]
If I try to relaunch the capsule-installer, I don’t have anymore issues
with command add-ca-cert-to-nss-db, but the step pulp-manage-db do fail
each time. I tried to reinstall the server again but I have exactly the
same issue. The installation process are exactly the same for both
capsule.
It success systematically in the first datacenter, but fails in the
second
one.
It doesn’t seem to be a network issue (the command is purely local), ntp
architecture do synchronize clocks (but timezone are different)
Does anyone have an idea about this issue and how I could solve it ?
I’ll try to install the failed capsule in the same DNS domain as the
katello server but it seems a bit far fetched
Regards
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
Hi Stephen,
Thanks a lot for your time.
I checked the whole process again and it did function properly this time
with a capsule in a separated DNS domain…
I still have a few issue, but I managed to make it function this time.
- First launch of capsule-installer: It fails with message:
/stage[main]/foreman-proxy::register/foreman-smartproxy[MyCapsuleName]:
Could not evaluate proxy MyCapsuleFQDN. Cannot be registered. Could not
load data from https://MyKatelloFQDN
I just relaunched capsule-installer and it did function properly…
- For all tasks attempting to synchronize repository between katello and
capsule, I have a failure with the message:
Could not find content hosts with exact name 'MyCapsuleFQDN', verify the
capsule is registered with that name
My content host object bear the shortname of the capsule instead of FQDN,
so I renamed it but that didn't changed anything. A command found on
bugzilla (here <https://bugzilla.redhat.com/show_bug.cgi?id=1228165>) for a
similar issue managed to solve my problem.
I don't find it really normal, I don't know if other people have the same
issue.
Best regards
···
Le vendredi 11 décembre 2015 18:37:54 UTC+1, stephen a écrit :
>
>
>
> ----- Original Message -----
> > From: "Stephen Benjamin" <ste...@redhat.com >
> > To: forema...@googlegroups.com
> > Sent: Friday, December 11, 2015 12:35:23 PM
> > Subject: Re: [foreman-users] Re: [Katello] Capsule installation
> >
> >
> > ----- Original Message -----
> > > From: "yannig rousseau" <yannig....@gmail.com >
> > > To: "Foreman users" <forema...@googlegroups.com >
> > > Sent: Friday, December 11, 2015 12:09:32 PM
> > > Subject: [foreman-users] Re: [Katello] Capsule installation
> > >
> > > Hi all,
> > >
> > > Is anyone have an idea on how to install a capsule in a different DNS
> > > domain ??
> >
> > Can the host resolve the Katello? Is the capsule hostname resolvable?
> Other
> > errors in /var/log/katello-installer/*?
> >
>
> And /var/log/capsule-installer/*
>
> > The domain of the capsule doesn't matter.
> >
> >
> >
> >
> > > Regards
> > >
> > > On Thursday, December 3, 2015 at 5:59:57 PM UTC+1, yannig rousseau > wrote:
> > > >
> > > > Installing the capsule in the same domain as katello di the trick.
> > > > Nevertheless, I'll need to install a capsule in different domain. Do
> you
> > > > have any idea on how to proceed ?
> > > >
> > > > Best regards
> > > >
> > > > On Thursday, December 3, 2015 at 3:39:02 PM UTC+1, yannig rousseau > wrote:
> > > >>
> > > >> Hi all,
> > > >> New to Katello, I'm trying to deploy Katello 2.3 with foreman 1.9
> on a
> > > >> RHEL6.5 platform.
> > > >>
> > > >> Katello instalation did went well but I'm stuck during deployment
> of the
> > > >> capsule:
> > > >> - First capsule (in the same domain did run without any issue.
> > > >> - Second capsule (for a different datacenter, with a different
> domain)
> > > >> do fail during the capsule-installer command
> > > >>
> > > >>
> > > >>
> > > >> */Stage[main]/Certs::Qpid/Exec[add-ca-cert-to-nss-db]: Failed to
> call
> > > >> refresh: certutil -A -d '/etc/pki/katello/nssdb' -n 'ca' -t
> 'TCu,Cu,Tuw'
> > > >> -a
> > > >> -i '/etc/pki/katello/certs/katello-default-ca.crt' returned 255
> instead
> > > >> of
> > > >> one of [0] /Stage[main]/Certs::Qpid/Exec[add-ca-cert-to-nss-db]:
> > > >> certutil
> > > >> -A -d '/etc/pki/katello/nssdb' -n 'ca' -t 'TCu,Cu,Tuw' -a -i
> > > >> '/etc/pki/katello/certs/katello-default-ca.crt' returned 255
> instead of
> > > >> one
> > > >> of [0] pulp-manage-db && touch /var/lib/pulp/init.flag returned 70
> > > >> instead
> > > >> of one of [0*]
> > > >>
> > > >> If I try to relaunch the capsule-installer, I don't have anymore
> issues
> > > >> with command add-ca-cert-to-nss-db, but the step pulp-manage-db do
> fail
> > > >> each time. I tried to reinstall the server again but I have exactly
> the
> > > >> same issue. The installation process are exactly the same for both
> > > >> capsule.
> > > >> It success systematically in the first datacenter, but fails in the
> > > >> second
> > > >> one.
> > > >> It doesn't seem to be a network issue (the command is purely
> local), ntp
> > > >> architecture do synchronize clocks (but timezone are different)
> > > >>
> > > >> Does anyone have an idea about this issue and how I could solve it
> ?
> > > >>
> > > >> I'll try to install the failed capsule in the same DNS domain as
> the
> > > >> katello server but it seems a bit far fetched
> > > >>
> > > >> Regards
> > > >>
> > > >>
> > >
> > > --
> > > You received this message because you are subscribed to the Google
> Groups
> > > "Foreman users" group.
> > > To unsubscribe from this group and stop receiving emails from it, send
> an
> > > email to foreman-user...@googlegroups.com .
> > > To post to this group, send email to forema...@googlegroups.com
> .
> > > Visit this group at http://groups.google.com/group/foreman-users.
> > > For more options, visit https://groups.google.com/d/optout.
> > >
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups
> > "Foreman users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to foreman-user...@googlegroups.com .
> > To post to this group, send email to forema...@googlegroups.com
> .
> > Visit this group at http://groups.google.com/group/foreman-users.
> > For more options, visit https://groups.google.com/d/optout.
> >
>
