I've been trying to build a single machine katello install on CentOS 6.5. I
Katello and Foreman install and work OK. In trying to get a foreman-proxy
node running I'm having all sorts of cert errors.
I followed the process from node-installer-0.0.16-1 Readme<https://github.com/Katello/katello-installer/tree/node-installer-0.0.16-1> and
similar, though dated, info from http://bdpacharlotte.org/cms/node/30.
node-certs-generate Seems to go fine. The package is generated and
installed into "Katello Infrastructure". Side question, is there a reason
to create this Organization separately from what one might create for
normal Katello operations? Why not install this package into my enterprise
org?
If I run a simple node-install --parent-fqdn katello.foo.com --verbose
I get an ERROR with the puppetCA and that seems to screw the pooch for
Foreman with dependencies.
[root@katello ~]# node-install --parent-fqdn katello.foo.com --verbose
[ INFO 2014-04-17 09:52:43 verbose] Running validation checks
[ INFO 2014-04-17 09:52:44 verbose] Loading facts in
/usr/share/node-installer/modules/stdlib/lib/facter/root_home.rb
[ INFO 2014-04-17 09:52:44 verbose] Loading facts in
/usr/share/node-installer/modules/stdlib/lib/facter/puppet_vardir.rb
[ INFO 2014-04-17 09:52:44 verbose] Loading facts in
/usr/share/node-installer/modules/stdlib/lib/facter/pe_version.rb
[ INFO 2014-04-17 09:52:44 verbose] Loading facts in
/usr/share/node-installer/modules/stdlib/lib/facter/facter_dot_d.rb
[ WARN 2014-04-17 09:52:47 verbose] Dynamic lookup of
$server_foreman_ssl_ca at
/usr/share/node-installer/modules/puppet/manifests/server/config.pp:34 is
deprecated. For more information, see
http://docs.puppetlabs.com/guides/scope_and_puppet.html. To see the change
in behavior, use the --debug flag.
[ WARN 2014-04-17 09:52:47 verbose] Dynamic lookup of
$server_foreman_ssl_cert at
/usr/share/node-installer/modules/puppet/manifests/server/config.pp:35 is
deprecated. For more information, see
http://docs.puppetlabs.com/guides/scope_and_puppet.html. To see the change
in behavior, use the --debug flag.
[ WARN 2014-04-17 09:52:47 verbose] Dynamic lookup of
$server_foreman_ssl_key at
/usr/share/node-installer/modules/puppet/manifests/server/config.pp:36 is
deprecated. For more information, see
http://docs.puppetlabs.com/guides/scope_and_puppet.html. To see the change
in behavior, use the --debug flag.
[ INFO 2014-04-17 09:52:50 verbose] Applying configuration version
'1397742764'
[ INFO 2014-04-17 09:52:50 verbose] ''
[ERROR 2014-04-17 09:52:53 verbose]
/Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns:
change from notrun to 0 failed: /usr/sbin/puppetca --generate
katello.foo.com returned 23 instead of one of [0] at
/usr/share/node-installer/modules/puppet/manifests/server/config.pp:67
[ WARN 2014-04-17 09:52:53 verbose]
/Stage[main]/Apache::Service/Service[httpd]: Dependency
Exec[puppet_server_config-generate_ca_cert] has failures: true
[ WARN 2014-04-17 09:52:53 verbose]
/Stage[main]/Apache::Service/Service[httpd]: Skipping because of failed
dependencies
[ WARN 2014-04-17 09:52:53 verbose]
/Stage[main]/Puppet::Server::Service/Service[puppetmaster]: Dependency
Exec[puppet_server_config-generate_ca_cert] has failures: true
[ WARN 2014-04-17 09:52:53 verbose]
/Stage[main]/Puppet::Server::Service/Service[puppetmaster]: Skipping
because of failed dependencies
[ WARN 2014-04-17 09:52:53 verbose]
/Stage[main]/Foreman_proxy::Config/User[foreman-proxy]: Dependency
Exec[puppet_server_config-generate_ca_cert] has failures: true
[ WARN 2014-04-17 09:52:53 verbose]
/Stage[main]/Foreman_proxy::Config/User[foreman-proxy]: Skipping because of
failed dependencies
[ WARN 2014-04-17 09:52:53 verbose] /File[/etc/foreman-proxy/ssl_key.pem]:
Dependency Exec[puppet_server_config-generate_ca_cert] has failures: true
[ WARN 2014-04-17 09:52:53 verbose] /File[/etc/foreman-proxy/ssl_key.pem]:
Skipping because of failed dependencies
[ WARN 2014-04-17 09:52:53 verbose] /File[/etc/sudoers.d]: Dependency
Exec[puppet_server_config-generate_ca_cert] has failures: true
[ WARN 2014-04-17 09:52:53 verbose] /File[/etc/sudoers.d]: Skipping
because of failed dependencies
[ WARN 2014-04-17 09:52:53 verbose] /File[/etc/sudoers.d/foreman-proxy]:
Dependency Exec[puppet_server_config-generate_ca_cert] has failures: true
[ WARN 2014-04-17 09:52:53 verbose] /File[/etc/sudoers.d/foreman-proxy]:
Skipping because of failed dependencies
[ WARN 2014-04-17 09:52:53 verbose] /File[/var/lib/tftpboot//boot]:
Dependency Exec[puppet_server_config-generate_ca_cert] has failures: true
[ WARN 2014-04-17 09:52:53 verbose] /File[/var/lib/tftpboot//boot]:
Skipping because of failed dependencies
[ WARN 2014-04-17 09:52:53 verbose]
/File[/var/lib/tftpboot//pxelinux.cfg]: Dependency
Exec[puppet_server_config-generate_ca_cert] has failures: true
[ WARN 2014-04-17 09:52:53 verbose]
/File[/var/lib/tftpboot//pxelinux.cfg]: Skipping because of failed
dependencies
[ WARN 2014-04-17 09:52:53 verbose] /File[/etc/puppet/autosign.conf]:
Dependency Exec[puppet_server_config-generate_ca_cert] has failures: true
[ WARN 2014-04-17 09:52:53 verbose] /File[/etc/puppet/autosign.conf]:
Skipping because of failed dependencies
[ WARN 2014-04-17 09:52:53 verbose]
/Stage[main]/Apache::Service/Exec[reload-apache]: Dependency
Exec[puppet_server_config-generate_ca_cert] has failures: true
[ WARN 2014-04-17 09:52:53 verbose]
/Stage[main]/Apache::Service/Exec[reload-apache]: Skipping because of
failed dependencies
[ WARN 2014-04-17 09:52:53 verbose]
/File[/etc/foreman-proxy/settings.yml]: Dependency
Exec[puppet_server_config-generate_ca_cert] has failures: true
[ WARN 2014-04-17 09:52:53 verbose]
/File[/etc/foreman-proxy/settings.yml]: Skipping because of failed
dependencies
[ WARN 2014-04-17 09:52:53 verbose]
/Stage[main]/Foreman_proxy::Service/Service[foreman-proxy]: Dependency
Exec[puppet_server_config-generate_ca_cert] has failures: true
[ WARN 2014-04-17 09:52:53 verbose]
/Stage[main]/Foreman_proxy::Service/Service[foreman-proxy]: Skipping
because of failed dependencies
[ WARN 2014-04-17 09:52:53 verbose]
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[katello.foo.com]:
Dependency Exec[puppet_server_config-generate_ca_cert] has failures: true
[ WARN 2014-04-17 09:52:53 verbose]
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[katello.foo.com]:
Skipping because of failed dependencies
[ WARN 2014-04-17 09:52:53 verbose] Finished catalog run in 3.35 seconds
[ INFO 2014-04-17 09:52:54 verbose] Puppet has finished, bye!
Assuming it's failing on cert --generate, if I try to do this manually i
get:
[root@katello foreman]# puppet cert --generate katello.foo.com
The certificate retrieved from the master does not match the agent's
private key.
If I try to service foreman-proxy start I get
Starting foreman-proxy: WARNING: Missing SSL setup, working in clear text
mode !
I'm left in a state where the foreman-proxy is still configured for the
conflicting tomcat port (8443). I can change it to 8444 and get it to
start, but it does not get registered with the forman instance.