Problems adding custom certs into Foreman/Katello

alexldemise · August 13, 2019, 12:00pm

Problem:

I’ve tried to install a scenario of Foreman/Katello with my custom certificates as manual says…

https://theforeman.org/plugins/katello/3.12/advanced/certificates.html

foreman-installer --scenario katello --certs-server-cert certs/wildcard_ieca.junta-andalucia.es.crt --certs-server-cert-req certs/wildcard_ieca.junta-andalucia.es.req --certs-server-key certs/wildcard_ieca.junta-andalucia.es.key --certs-server-ca-cert certs/AC_FNMT_Foreman.crt

The problem is that give me an error and write this in the foreman-installer/katello.log

ESC[0m
ESC[mNotice: Compiled catalog for foreman-ssl.ieca.junta-andalucia.es in environment production in 0.68 secondsESC[0m
ESC[mNotice: Applied catalog in 0.07 secondsESC[0m

[ INFO 2019-08-13T13:57:25 main] ... finished
[ INFO 2019-08-13T13:57:25 main] Executing hooks in group pre_values
[ INFO 2019-08-13T13:57:25 main] All hooks in group pre_values finished
[ INFO 2019-08-13T13:57:25 main] Running installer with args [["--scenario", "katello", "--certs-server-cert", "certs/wildcard_ieca.junta-andalucia.es.crt", "--certs-server-cert-req", "certs/wildcard_ieca.junta-andalucia.es.req", "--certs-server-key", "certs/wildcard_ieca.junta-andalucia.es.key", "--certs-server-ca-cert", "certs/AC_FNMT_Foreman.crt"]]
[ INFO 2019-08-13T13:57:25 main] Executing hooks in group pre_validations
[DEBUG 2019-08-13T13:57:25 main] Hook /usr/share/foreman-installer/katello/hooks/pre_validations/10-check_foreman_proxy_pulp.rb returned nil
[DEBUG 2019-08-13T13:57:25 main] Hook /usr/share/foreman-installer/katello/hooks/pre_validations/12-check_capsule_tar.rb returned nil
[DEBUG 2019-08-13T13:57:25 main] Hook /usr/share/foreman-installer/katello/hooks/pre_validations/30-mongo_storage_engine.rb returned nil
[DEBUG 2019-08-13T13:57:25 main] Hook /usr/share/foreman-installer/katello/hooks/pre_validations/31-upgrade-puppet.rb returned nil
[ INFO 2019-08-13T13:57:25 main] All hooks in group pre_validations finished
[ INFO 2019-08-13T13:57:25 main] Running validation checks
[ERROR 2019-08-13T13:57:25 main] Parameter certs-server-cert invalid: certs/wildcard_ieca.junta-andalucia.es.crt is not one of regexes matching /^(([a-zA-Z]:[\\\/])|([\\\/][\\\/][^\\\/]+[\\\/][^\\\/]+)|([\\\/][\\\/]\?[\\\/][^\\\/]+))/ or regexes matching /^\/([^\/\0]+\/*)*$/
[ERROR 2019-08-13T13:57:25 main] Parameter certs-server-key invalid: certs/wildcard_ieca.junta-andalucia.es.key is not one of regexes matching /^(([a-zA-Z]:[\\\/])|([\\\/][\\\/][^\\\/]+[\\\/][^\\\/]+)|([\\\/][\\\/]\?[\\\/][^\\\/]+))/ or regexes matching /^\/([^\/\0]+\/*)*$/
[ERROR 2019-08-13T13:57:25 main] Parameter certs-server-cert-req invalid: certs/wildcard_ieca.junta-andalucia.es.req is not one of regexes matching /^(([a-zA-Z]:[\\\/])|([\\\/][\\\/][^\\\/]+[\\\/][^\\\/]+)|([\\\/][\\\/]\?[\\\/][^\\\/]+))/ or regexes matching /^\/([^\/\0]+\/*)*$/
[ERROR 2019-08-13T13:57:25 main] Parameter certs-server-ca-cert invalid: certs/AC_FNMT_Foreman.crt is not one of regexes matching /^(([a-zA-Z]:[\\\/])|([\\\/][\\\/][^\\\/]+[\\\/][^\\\/]+)|([\\\/][\\\/]\?[\\\/][^\\\/]+))/ or regexes matching /^\/([^\/\0]+\/*)*$/
[DEBUG 2019-08-13T13:57:25 main] Exit with status code: 21 (signal was invalid_values)
[ERROR 2019-08-13T13:57:25 main] Errors encountered during run:
[ERROR 2019-08-13T13:57:25 main] Parameter certs-server-cert invalid: certs/wildcard_ieca.junta-andalucia.es.crt is not one of regexes matching /^(([a-zA-Z]:[\\\/])|([\\\/][\\\/][^\\\/]+[\\\/][^\\\/]+)|([\\\/][\\\/]\?[\\\/][^\\\/]+))/ or regexes matching /^\/([^\/\0]+\/*)*$/
[ERROR 2019-08-13T13:57:25 main] Parameter certs-server-key invalid: certs/wildcard_ieca.junta-andalucia.es.key is not one of regexes matching /^(([a-zA-Z]:[\\\/])|([\\\/][\\\/][^\\\/]+[\\\/][^\\\/]+)|([\\\/][\\\/]\?[\\\/][^\\\/]+))/ or regexes matching /^\/([^\/\0]+\/*)*$/
[ERROR 2019-08-13T13:57:25 main] Parameter certs-server-cert-req invalid: certs/wildcard_ieca.junta-andalucia.es.req is not one of regexes matching /^(([a-zA-Z]:[\\\/])|([\\\/][\\\/][^\\\/]+[\\\/][^\\\/]+)|([\\\/][\\\/]\?[\\\/][^\\\/]+))/ or regexes matching /^\/([^\/\0]+\/*)*$/
[ERROR 2019-08-13T13:57:25 main] Parameter certs-server-ca-cert invalid: certs/AC_FNMT_Foreman.crt is not one of regexes matching /^(([a-zA-Z]:[\\\/])|([\\\/][\\\/][^\\\/]+[\\\/][^\\\/]+)|([\\\/][\\\/]\?[\\\/][^\\\/]+))/ or regexes matching /^\/([^\/\0]+\/*)*$/
[DEBUG 2019-08-13T13:57:25 main] Cleaning /tmp/kafo_puppet20190813-2065-b6t1p7.conf
[DEBUG 2019-08-13T13:57:25 main] Cleaning /tmp/default_values.yaml
[ INFO 2019-08-13T13:57:25 main] Installer finished in 5.154968775 seconds

I have read that I can encapsule the certs into a tar with ```
capsule-certs-generate, but Foreman doesn’t give me this chance, I think it’s only for Red Hat Satellite


**Expected outcome:**

Install Foreman/Katello with my custom certificates


**Foreman and Proxy versions:**

Foreman 1.22
Katello 3.12

**Foreman and Proxy plugin versions:**

Foreman 1.22
Katello 3.12

**Other relevant data:**
[e.g. logs from Foreman and/or the Proxy, modified templates, commands issued, etc]
(for logs, surround with three back-ticks to get proper formatting, e.g.)

logs

alexldemise · August 13, 2019, 12:01pm

I forgot it… I ran katello-certs-check with my certs and all OK

[root@foreman-ssl ~]# katello-certs-check -c certs/wildcard_ieca.junta-andalucia.es.crt -k certs/wildcard_ieca.junta-andalucia.es.key -b certs/AC_FNMT_Foreman.crt
Checking server certificate encoding:
[OK]

date: fecha inválida «ago 13 12:02:20 2019»
Checking expiration of certificate:
[OK]

Checking expiration of CA bundle:
[OK]

Checking if server certificate has CA:TRUE flag
[OK]

Checking to see if the private key matches the certificate:
[OK]

Checking CA bundle against the certificate file:
[OK]

Checking Subject Alt Name on certificate
[OK]

Checking Key Usage extension on certificate for Key Encipherment
[OK]

Validation succeeded

To use them inside a NEW $FOREMAN_PROXY, run this command:

  foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY" \
                               --certs-tar  "~/$FOREMAN_PROXY-certs.tar" \
                               --server-cert "/root/certs/wildcard_ieca.junta-andalucia.es.crt" \
                               --server-key "/root/certs/wildcard_ieca.junta-andalucia.es.key" \
                               --server-ca-cert "/root/certs/AC_FNMT_Foreman.crt" \

To use them inside an EXISTING $FOREMAN_PROXY, run this command INSTEAD:

  foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY" \
                               --certs-tar  "~/$FOREMAN_PROXY-certs.tar" \
                               --server-cert "/root/certs/wildcard_ieca.junta-andalucia.es.crt" \
                               --server-key "/root/certs/wildcard_ieca.junta-andalucia.es.key" \
                               --server-ca-cert "/root/certs/AC_FNMT_Foreman.crt" \
                               --certs-update-server

[root@foreman-ssl ~]#

jvbunte · August 13, 2019, 12:16pm

Just an observation, but try putting the cert path in quotes.

foreman-installer --scenario katello
–certs-server-cert “certs/wildcard_ieca.junta-andalucia.es.crt”
–certs-server-cert-req “certs/wildcard_ieca.junta-andalucia.es.req”
–certs-server-key “certs/wildcard_ieca.junta-andalucia.es.key”
–certs-server-ca-cert “certs/AC_FNMT_Foreman.crt”

Also, I looked back at the command I use to install foreman, it might not matter at all, but I specified the full path to each cert file. something like
–certs-server-cert “/root/certs/blah.crt”.

alexldemise · August 14, 2019, 6:29am

I’ve just to execute this:

[root@foreman-ssl ~]# foreman-installer --scenario katello --certs-server-cert "/root/certs/wildcard_ieca.junta-andalucia.es.crt" --certs-server-cert-req "/root/certs/wildcard_ieca.junta-andalucia.es.req" --certs-server-key "/root/certs/wildcard_ieca.junta-andalucia.es.key" --certs-server-ca-cert "/root/certs/AC_FNMT_Foreman.crt"

and… start to install instead give me the error, but… a few seconds after, I received this red message:

 can't find a file that should have been created during an earlier step:
       ./ssl-build/KATELLO-TRUSTED-SSL-CERT

       katello-ssl-tool --help

Generating web server's SSL key pair/set RPM:
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/execution.rb:296:in `execute'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/command.rb:23:in `execute'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider.rb:222:in `block in has_command'
/usr/share/foreman-installer/modules/certs/lib/puppet/provider/katello_ssl_tool.rb:39:in `chdir'
/usr/share/foreman-installer/modules/certs/lib/puppet/provider/katello_ssl_tool.rb:17:in `create'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:490:in `set'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:570:in `sync'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:241:in `sync'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:21:in `evaluate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:263:in `apply'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:283:in `eval_resource'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:187:in `call'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:521:in `block in thinmark'
/opt/puppetlabs/puppet/lib/ruby/2.5.0/benchmark.rb:308:in `realtime'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:520:in `thinmark'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:187:in `block in evaluate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:122:in `traverse'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:174:in `evaluate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:521:in `block in thinmark'
/opt/puppetlabs/puppet/lib/ruby/2.5.0/benchmark.rb:308:in `realtime'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:520:in `thinmark'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:239:in `block in apply'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:161:in `with_destination'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:238:in `apply'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:521:in `block in thinmark'
/opt/puppetlabs/puppet/lib/ruby/2.5.0/benchmark.rb:308:in `realtime'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:520:in `thinmark'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:193:in `block in apply_catalog'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:233:in `block in benchmark'
/opt/puppetlabs/puppet/lib/ruby/2.5.0/benchmark.rb:308:in `realtime'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:232:in `benchmark'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:192:in `apply_catalog'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:381:in `run_internal'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:242:in `block in run'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:266:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:219:in `run'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:343:in `apply_catalog'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:266:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:243:in `block in main'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:266:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:207:in `main'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:177:in `run_command'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:382:in `block in run'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:687:in `exit_on_fail'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:382:in `run'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:143:in `run'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:77:in `execute'
/opt/puppetlabs/puppet/bin/puppet:5:in `<main>'

 can't find a file that should have been created during an earlier step:
       ./ssl-build/KATELLO-TRUSTED-SSL-CERT

       katello-ssl-tool --help

Generating web server's SSL key pair/set RPM:

and it continues to install, but at finish, give me this message:

Preparing installation Done                                              
  Something went wrong! Check the log for ERROR-level output
  The full log is at /var/log/foreman-installer/katello.log

and the log says:

[DEBUG 2019-08-14T08:27:55 main] Exit with status code: 6 (signal was 6)
[ERROR 2019-08-14T08:27:55 main] Errors encountered during run:
[ERROR 2019-08-14T08:27:55 main]  Execution of '/usr/bin/katello-ssl-tool --gen-server --set-hostname foreman-ssl.ieca.junta-andalucia.es --server-cert foreman-ssl.ieca.junta-andalucia.es-apache.crt --server-cert-req foreman-ssl.ieca.junta-andalucia.es-apache.crt.req --server-key foreman-ssl.ieca.junta-andalucia.es-apache.key --server-rpm foreman-ssl.ieca.junta-andalucia.es-apache --rpm-only' returned 33: ...working...
[ERROR 2019-08-14T08:27:55 main] 
[ERROR 2019-08-14T08:27:55 main]  can't find a file that should have been created during an earlier step:
[ERROR 2019-08-14T08:27:55 main]        ./ssl-build/KATELLO-TRUSTED-SSL-CERT
[ERROR 2019-08-14T08:27:55 main] 
[ERROR 2019-08-14T08:27:55 main]        katello-ssl-tool --help
[ERROR 2019-08-14T08:27:55 main] 
[ERROR 2019-08-14T08:27:55 main] Generating web server's SSL key pair/set RPM:
[ERROR 2019-08-14T08:27:55 main]     ./ssl-build/foreman-ssl.ieca.junta-andalucia.es/foreman-ssl.ieca.junta-andalucia.es-apache-1.0-1.src.rpm
[ERROR 2019-08-14T08:27:55 main]     ./ssl-build/foreman-ssl.ieca.junta-andalucia.es/foreman-ssl.ieca.junta-andalucia.es-apache-1.0-1.noarch.rpm
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/execution.rb:296:in `execute'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/command.rb:23:in `execute'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider.rb:222:in `block in has_command'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider.rb:444:in `block in create_class_and_instance_method'
[ERROR 2019-08-14T08:27:55 main] /usr/share/foreman-installer/modules/certs/lib/puppet/provider/katello_ssl_tool.rb:40:in `block in katello_ssl_tool'
[ERROR 2019-08-14T08:27:55 main] /usr/share/foreman-installer/modules/certs/lib/puppet/provider/katello_ssl_tool.rb:39:in `chdir'
[ERROR 2019-08-14T08:27:55 main] /usr/share/foreman-installer/modules/certs/lib/puppet/provider/katello_ssl_tool.rb:39:in `katello_ssl_tool'
[ERROR 2019-08-14T08:27:55 main] /usr/share/foreman-installer/modules/certs/lib/puppet/provider/cert/katello_ssl_tool.rb:42:in `generate!'
[ERROR 2019-08-14T08:27:55 main] /usr/share/foreman-installer/modules/certs/lib/puppet/provider/katello_ssl_tool.rb:17:in `create'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property/ensure.rb:16:in `block in defaultvalues'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:490:in `set'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:570:in `sync'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:241:in `sync'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:136:in `sync_if_needed'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:82:in `perform_changes'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:21:in `evaluate'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:263:in `apply'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:283:in `eval_resource'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:187:in `call'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:187:in `block (2 levels) in evaluate'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:521:in `block in thinmark'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/2.5.0/benchmark.rb:308:in `realtime'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:520:in `thinmark'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:187:in `block in evaluate'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:122:in `traverse'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:174:in `evaluate'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:240:in `block (2 levels) in apply'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:521:in `block in thinmark'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/2.5.0/benchmark.rb:308:in `realtime'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:520:in `thinmark'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:239:in `block in apply'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:161:in `with_destination'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/report.rb:146:in `as_logging_destination'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:238:in `apply'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:194:in `block (2 levels) in apply_catalog'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:521:in `block in thinmark'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/2.5.0/benchmark.rb:308:in `realtime'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:520:in `thinmark'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:193:in `block in apply_catalog'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:233:in `block in benchmark'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/2.5.0/benchmark.rb:308:in `realtime'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:232:in `benchmark'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:192:in `apply_catalog'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:381:in `run_internal'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:242:in `block in run'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in `override'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:266:in `override'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:219:in `run'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:343:in `apply_catalog'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:260:in `block (2 levels) in main'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in `override'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:266:in `override'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:243:in `block in main'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in `override'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:266:in `override'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:207:in `main'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:177:in `run_command'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:382:in `block in run'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:687:in `exit_on_fail'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:382:in `run'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:143:in `run'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:77:in `execute'
[ERROR 2019-08-14T08:27:55 main] /opt/puppetlabs/puppet/bin/puppet:5:in `<main>'
[ERROR 2019-08-14T08:27:55 main]  /Stage[main]/Certs::Apache/Cert[foreman-ssl.ieca.junta-andalucia.es-apache]/ensure: change from 'absent' to 'present' failed: Execution of '/usr/bin/katello-ssl-tool --gen-server --set-hostname foreman-ssl.ieca.junta-andalucia.es --server-cert foreman-ssl.ieca.junta-andalucia.es-apache.crt --server-cert-req foreman-ssl.ieca.junta-andalucia.es-apache.crt.req --server-key foreman-ssl.ieca.junta-andalucia.es-apache.key --server-rpm foreman-ssl.ieca.junta-andalucia.es-apache --rpm-only' returned 33: ...working...
[ERROR 2019-08-14T08:27:55 main] 
[ERROR 2019-08-14T08:27:55 main]  can't find a file that should have been created during an earlier step:
[ERROR 2019-08-14T08:27:55 main]        ./ssl-build/KATELLO-TRUSTED-SSL-CERT
[ERROR 2019-08-14T08:27:55 main] 
[ERROR 2019-08-14T08:27:55 main]        katello-ssl-tool --help
[ERROR 2019-08-14T08:27:55 main] 
[ERROR 2019-08-14T08:27:55 main] Generating web server's SSL key pair/set RPM:
[ERROR 2019-08-14T08:27:55 main]     ./ssl-build/foreman-ssl.ieca.junta-andalucia.es/foreman-ssl.ieca.junta-andalucia.es-apache-1.0-1.src.rpm
[ERROR 2019-08-14T08:27:55 main]     ./ssl-build/foreman-ssl.ieca.junta-andalucia.es/foreman-ssl.ieca.junta-andalucia.es-apache-1.0-1.noarch.rpm
[DEBUG 2019-08-14T08:27:55 main] Cleaning /tmp/kafo_puppet20190814-2064-dxsly7.conf
[DEBUG 2019-08-14T08:27:55 main] Cleaning /tmp/kafo_hiera20190814-2064-16syeq6
[DEBUG 2019-08-14T08:27:55 main] Cleaning /tmp/kafo_puppet20190814-2064-euhdw1.conf
[DEBUG 2019-08-14T08:27:55 main] Cleaning /tmp/default_values.yaml
[ INFO 2019-08-14T08:27:55 main] Installer finished in 639.499736904 seconds

cintrix84 · August 20, 2019, 1:56pm

@alexldemise I picked up your redmine issue around this, Were you able to get the info i needed to test this here? I have not seen any issues using wildcard certs, so I want to see how you signed yours etc to try.

jvbunte · August 20, 2019, 1:59pm

Don’t sweat that error during the first foreman installer run. If you run the install command again, it will complete. I ran into this same issue myself, the install process creates the missing files when it can’t find them, so rerunning it (it won’t take nearly as long either) will find them and use them.