Satellite 6 Capsule installation fails when already registered to the puppet master with the error: "Failed to call refresh: /usr/bin/puppet cert --generate capsule.example.com returned 23 instead of one of [0]"
Environment
- Red Hat Satellite
- 6.0
- 6.1
- 6.2
- 6.3
Issue
- When installing a capsule already registered to the Puppet master, it produces the error:
/usr/bin/puppet cert --generate capsulexx.example.com returned 23 instead of one of [0]
/Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]/returns: change from notrun to 0 failed:
/usr/bin/puppet cert --generate capsulexx.example.com returned 23 instead of one of [0]
/Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]:
Failed to call refresh: /usr/bin/puppet cert --generate capsulexx.example.com returned 23 instead of one of [0]
/Stage[main]/Puppet::Server::Config/Exec[puppet_server_config-generate_ca_cert]:
/usr/bin/puppet cert --generate capsulexx.example.com returned 23 instead of one of [0]
Installing
Done [100%] [.................................................................................................]
Something went wrong! Check the log for ERROR-level output
The full log is at /var/log/katello-installer/capsule-installer.log
Resolution
- To workaround this issue execute the steps below:
On the Satellite server
# puppet cert clean capsulexx.example.com
On Capsule 6.0, 6.1, 6.2, 6.3 (Not on Capsule 6.4.)
# find /var/lib/puppet/ssl/ -type f -exec rm -f {} \;
# find /etc/puppet/ -iname "*pem" -type f -exec rm -f {} \;
- Then re-run the capsule-installer :
DO NOT USE this text directly as this is an example, oauth is random for each run.
[root@capsulexx ~]# capsule-installer --parent-fqdn "dhcp12345.example.com" \
--register-in-foreman "true" \
--foreman-oauth-key "2WfTrt2eC6VPsHKraRwapKr3Z2nNSfbj" \
--foreman-oauth-secret "PqQ9W5WwhCgDg4cRfw5V2mmFJ382LJFJ" \
--pulp-oauth-secret "QnRMy4ejFCUAjuLHxZp6sM9bQgPHsfeU" \
--certs-tar "/root/capsulexx.example.com.tar" \
--puppet "true" \
--puppetca "true" \
--pulp "true"
[...SNIP...]
system identity: 54367bd8-61b7-4d90-9d80-653c3d83b8ae
Installing Done
[100%] [.................................................................................................]
Success!
* Capsule is running at https://capsulexx.example.com:9090
The full log is at /var/log/katello-installer/capsule-installer.log
On Capsule 6.4
# To Be Determined
# find /etc/puppetlabs/ -iname "*pem" -type f -exec rm -f {} \;
- Then re-run the capsule-installer :
DO NOT USE this text directly as this is an example, oauth is random for each run.
[root@capsulexx ~]# capsule-installer --parent-fqdn "dhcp12345.example.com" \
--register-in-foreman "true" \
--foreman-oauth-key "2WfTrt2eC6VPsHKraRwapKr3Z2nNSfbj" \
--foreman-oauth-secret "PqQ9W5WwhCgDg4cRfw5V2mmFJ382LJFJ" \
--pulp-oauth-secret "QnRMy4ejFCUAjuLHxZp6sM9bQgPHsfeU" \
--certs-tar "/root/capsulexx.example.com.tar" \
--puppet "true" \
--puppetca "true" \
--pulp "true"
[...SNIP...]
system identity: 54367bd8-61b7-4d90-9d80-653c3d83b8ae
Installing Done
[100%] [.................................................................................................]
Success!
* Capsule is running at https://capsulexx.example.com:9090
The full log is at /var/log/katello-installer/capsule-installer.log
Note you may want to add the folowing to disable puppet and rerun the installer
--foreman-proxy-puppet=false --no-enable-puppet --verbose
Root Cause
- This happens because the directory
/var/lib/puppet/ssl
or puppet version 5+/etc/puppetlabs/
already has the SSL certificate created.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments