The capsule-installer is failing with error Could not set 'present' on ensure: Unprocessable Entity at :/usr/share/katello-installer/modules/foreman_proxy/manifests/register.pp

Solution Verified - Updated -

Environment

  • Red Hat Satellite 6.0
  • Red Hat Satellite 6.1

Issue

  • The capsule installation is failing with below error,
# capsule-installer --parent-fqdn "satellite.example.com" --register-in-foreman "true" --foreman-oauth-key "some-random-key" --foreman-oauth-secret "some-random-key" --pulp-oauth-secret "some-random-key" --certs-tar "/private/cert/path/if/any" --puppet "true" --puppetca "true" --pulp "true"
system identity: 00000000-1111-2222-3333-444444444444
 Could not set 'present' on ensure: 422 Unprocessable Entity at 12:/usr/share/katello-installer/modules/foreman_proxy/manifests/register.pp
 Could not set 'present' on ensure: 422 Unprocessable Entity at 12:/usr/share/katello-installer/modules/foreman_proxy/manifests/register.pp
 /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[capsule.example.com]/ensure: change from absent to present failed: Could not set 'present' on ensure: 422 Unprocessable Entity at 12:/usr/share/katello-installer/modules/foreman_proxy/manifests/register.pp
Installing             Done                                               [100%] [........................]
  Something went wrong! Check the log for ERROR-level output
  The full log is at /var/log/katello-installer/capsule-installer.log

Resolution

  • In Satellite installation guide refer section Required Network Ports to know which all ports are needed to be opened in firewall or proxy. Reconfigure firewall or proxy to accepts connections from these ports.

  • Ensure that Satellite server can resolve Capsule hostname:

[root@satellite6 ~]# ping capsule01.example.com
PING capsule01.example.com (1.2.3.4) 56(84) bytes of data.
64 bytes from capsule01.example.com (1.2.3.4): icmp_seq=1 ttl=64 time=0.351 ms
..
  • Ensure Satellite server can authenticate to the capsule proxy, using command (run on Satellite):
curl --cert /etc/foreman/client_cert.pem --key /etc/foreman/client_key.pem --cacert /etc/foreman/proxy_ca.pem https://capsule01.example.com:9090/features

  • If using custom certificates on Satellite, ensure you pass them to capsule-certs-generate tool via --server-* and use --certs-update-server option - after katello-installer was run with these options

  • Ensure you passed proper tarball with certificates from capsule-certs-generate to the capsule - that means after running any instance of katello-installer, re-generate capsule certificates via capsule-certs-generate tool and then copy the generated tarball to the capsule.

Root Cause

Satellite server checks during capsule registration, if it can access the capsule. If this check (via http) fails, this error is raised. There are three possible reasons for such failure:

  • firewall was set and it was not allowing communication with required ports
  • unknown capsule's hostname on satellite
  • some SSL certificate mismatch

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments