Refs #5815 - generate certs for node qpid #14
Conversation
| @@ -25,5 +42,16 @@ | |||
| # Defined in certs::apache module | |||
| key_pair => Cert["${hostname}-apache"], | |||
| } | |||
|
|
|||
| Cert["${::certs::pulp_child::hostname}-qpid-client-cert"] ~> | |||
There was a problem hiding this comment.
The server qpid certs we have to deploy striped, not the case when deploying for the child? I wonder if that means the new version of qpid doesn't require us to strip the cert.
There was a problem hiding this comment.
Seems so: had no issues with this on update system
|
One issue i hit: /File[/etc/pki/katello/nssdb]/ensure: change from absent to directory failed: Could not set 'directory on ensure: Could not find group qpidd at /root/katello-installer/modules/certs/manifests/qpid.pp:59 After it finished the 'qpidd' group existed, so I'm guessing an ordering issue as qpid was not installed prior to running the capsule command. |
|
Also saw: Could not find a suitable provider for foreman_smartproxy Although when running the installer a 2nd time, i did not see this error. |
|
Looks like the installer is still trying to connect to a nodes api (but Katello/katello#4118 looks like it changed everything to capsule): /Stage[main]/Capsule/Katello_node[https://centos.dev/katello]/ensure: change from absent to present failed: Could not set 'present on ensure: Failed to register the node: server log: Rendered /home/vagrant/.rvm/gems/ruby-1.9.3-p448/gems/actionpack-3.2.18/lib/action_dispatch/middleware/templates/rescues/routing_error.erb within rescues/layout (0.8ms) ActionController::RoutingError (No route matches [POST] "/katello/api/nodes"): |
|
Another thing i noticed: /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[katello.devel]/ensure: change from absent to present failed: Could not set 'present on ensure: 422 Unprocessable Entity at /root/katello-installer/modules/foreman_proxy/manifests/register.pp:12 from the server: It seems weird that foreman would need to access /var/lib/puppet/ssl/certs/centos.dev.pem on the Server in order to enable a smart proxy??? I did a |
|
ad the missing nodes api: I've forgot to remove that, but we don't need to register the node separately, as we use the smart-proxy for that: so once there is smart proxy registered, we are able to use that as capsule (the checking on pulp feature being present on the proxy is not there yet, as waiting for theforeman/smart-proxy#153 |
|
I was testing this on a server, where all the packages were already preinstalled. Thanks for checking that on fresh one: I will address the ordering issue. Ad. loading the certs on foreman: by default, foreman upstream leverages the puppet ca for the smart proxy verification. We configure it to use our manifests here https://github.com/Katello/puppet-certs/blob/master/manifests/foreman.pp#L52: Is it possible this would be caused by you running devepment setup or reset database? |
By making sure the packages that deploy users are there
|
@jlsherrill addressed in the latest commits here and in theforeman/puppet-foreman_proxy_content#5 |
|
@iNecas yes, that is possible, as my katello server was running a --development deploy. Let me spin up a new one with a non-devel deploy. |
|
The first time i still saw: This time i did it with a production deployment with your scratch build of master. I got these two errors when doing the capsule install with your changes: These rpms were installed afterwards: |
|
@iNecas AHHHH I was all like: but then i thought about it and had a great idea! and realized i wasn't running capsule-certs-generate from the git checkout of katello-installer with all your changes. So i re-reran it all and then i was like: |
|
LOL Ad: Could not find suitable provider: this should fix it Katello/katello-installer#64 |
|
ACK |
Refs #5815 - generate certs for node qpid
No description provided.