The capsule-installer is failing with error Could not set 'present' on ensure: Unprocessable Entity at :/usr/share/katello-installer/modules/foreman_proxy/manifests/register.pp
Environment
- Red Hat Satellite 6.0
- Red Hat Satellite 6.1
Issue
- The capsule installation is failing with below error,
# capsule-installer --parent-fqdn "satellite.example.com" --register-in-foreman "true" --foreman-oauth-key "some-random-key" --foreman-oauth-secret "some-random-key" --pulp-oauth-secret "some-random-key" --certs-tar "/private/cert/path/if/any" --puppet "true" --puppetca "true" --pulp "true"
system identity: 00000000-1111-2222-3333-444444444444
Could not set 'present' on ensure: 422 Unprocessable Entity at 12:/usr/share/katello-installer/modules/foreman_proxy/manifests/register.pp
Could not set 'present' on ensure: 422 Unprocessable Entity at 12:/usr/share/katello-installer/modules/foreman_proxy/manifests/register.pp
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[capsule.example.com]/ensure: change from absent to present failed: Could not set 'present' on ensure: 422 Unprocessable Entity at 12:/usr/share/katello-installer/modules/foreman_proxy/manifests/register.pp
Installing Done [100%] [........................]
Something went wrong! Check the log for ERROR-level output
The full log is at /var/log/katello-installer/capsule-installer.log
Resolution
-
In Satellite installation guide refer section
Required Network Ports
to know which all ports are needed to be opened in firewall or proxy. Reconfigure firewall or proxy to accepts connections from these ports. -
Ensure that Satellite server can resolve Capsule hostname:
[root@satellite6 ~]# ping capsule01.example.com
PING capsule01.example.com (1.2.3.4) 56(84) bytes of data.
64 bytes from capsule01.example.com (1.2.3.4): icmp_seq=1 ttl=64 time=0.351 ms
..
- Ensure Satellite server can authenticate to the capsule proxy, using command (run on Satellite):
curl --cert /etc/foreman/client_cert.pem --key /etc/foreman/client_key.pem --cacert /etc/foreman/proxy_ca.pem https://capsule01.example.com:9090/features
-
If using custom certificates on Satellite, ensure you pass them to
capsule-certs-generate
tool via--server-*
and use--certs-update-server
option - afterkatello-installer
was run with these options -
Ensure you passed proper tarball with certificates from
capsule-certs-generate
to the capsule - that means after running any instance ofkatello-installer
, re-generate capsule certificates viacapsule-certs-generate
tool and then copy the generated tarball to the capsule.
Root Cause
Satellite server checks during capsule registration, if it can access the capsule. If this check (via http
) fails, this error is raised. There are three possible reasons for such failure:
- firewall was set and it was not allowing communication with required ports
- unknown capsule's hostname on satellite
- some SSL certificate mismatch
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments