Katello nightly pipeline failed:
https://ci.theforeman.org/job/katello-nightly-rpm-pipeline/2105/
foreman-pipeline-katello-rpm-nightly (failed) (remote job)
Katello nightly pipeline failed:
https://ci.theforeman.org/job/katello-nightly-rpm-pipeline/2105/
foreman-pipeline-katello-rpm-nightly (failed) (remote job)
Looks like something is failing in updating the trust store. Because it’s only CentOS Stream 9 I suspect it’s an update in stream that’s actually a regression.
[2024-08-20T10:00:48.986Z] Error 1: Puppet Exec resource 'update_system_certs' failed. Logs:
[2024-08-20T10:00:48.986Z] /Stage[main]/Trusted_ca/Exec[update_system_certs]
[2024-08-20T10:00:48.986Z] Starting to evaluate the resource (682 of 1348)
[2024-08-20T10:00:48.986Z] 'update-ca-trust enable && update-ca-trust' won't be executed because of failed check 'refreshonly'
[2024-08-20T10:00:48.986Z] Failed to call refresh: 'update-ca-trust enable && update-ca-trust' returned 1 instead of one of [0]
[2024-08-20T10:00:48.986Z] 'update-ca-trust enable && update-ca-trust' returned 1 instead of one of [0]
[2024-08-20T10:00:48.986Z] Evaluated in 0.02 seconds
[2024-08-20T10:00:48.986Z] Exec[update_system_certs](provider=posix)
[2024-08-20T10:00:48.986Z] Executing 'update-ca-trust enable && update-ca-trust'
[2024-08-20T10:00:48.986Z] /Stage[main]/Trusted_ca/Exec[update_system_certs]/returns
[2024-08-20T10:00:48.986Z] Error: Unknown command: enable
[2024-08-20T10:00:48.986Z] Usage: /usr/bin/update-ca-trust [extract] [-o DIR|--output=DIR]
[2024-08-20T10:00:48.986Z] Update the system trust store in /etc/pki/ca-trust/extracted.
[2024-08-20T10:00:48.986Z] COMMANDS
[2024-08-20T10:00:48.987Z] (absent/empty command): Same as the extract command described below.
[2024-08-20T10:00:48.987Z] extract: Instruct update-ca-trust to scan the source configuration in
[2024-08-20T10:00:48.987Z] /usr/share/pki/ca-trust-source and /etc/pki/ca-trust/source and produce
[2024-08-20T10:00:48.987Z] updated versions of the consolidated configuration files stored below
[2024-08-20T10:00:48.987Z] the /etc/pki/ca-trust/extracted directory hierarchy.
[2024-08-20T10:00:48.987Z] EXTRACT OPTIONS
[2024-08-20T10:00:48.987Z] -o DIR, --output=DIR: Write the extracted trust store into the given
[2024-08-20T10:00:48.987Z] directory instead of updating /etc/pki/ca-trust/extracted.
I think this will fix it, but hasn’t made it to the mirrors yet:
Still, looks like enable
is deprecated in favor of extract
so we should update the module.
This seems related to https://issues.redhat.com/browse/SAT-26868 which was discovered during RHEL10 Anaconda testing.
Oh, that means it will also be an issue with the next RHEL 9 minor version.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.