-
Bug
-
Resolution: Done-Errata
-
Major
-
6.15.0
-
0
-
False
-
-
False
-
ON_DEV
-
0
-
Platform
-
-
-
Important
-
No
Description
When upgrading to Satellite 6.15 we are seeing issues related to regenerating and reimporting the candlepin-ca;
~~~
2024-04-24 11:22:55 [ERROR ] [configure] /Stage[main]/Certs::Candlepin/Truststore_certificate[/etc/candlepin/certs/truststore:candlepin-ca]/ensure: change from 'absent' to 'present' failed: Execution of '/bin/keytool -import -v -noprompt -storetype pkcs12 -keystore /etc/candlepin/certs/truststore -alias candlepin-ca -file /etc/candlepin/certs/candlepin-ca.crt -storepass:file /etc/pki/katello/truststore_password-file -J-Dcom.redhat.fips=false' returned 1: keytool error: java.io.IOException: keystore password was incorrect
2024-04-24 11:22:55 [ERROR ] [configure] java.io.IOException: keystore password was incorrect
2024-04-24 11:22:55 [ERROR ] [configure] at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2089)
2024-04-24 11:22:55 [ERROR ] [configure] at java.security.KeyStore.load(KeyStore.java:1445)
2024-04-24 11:22:55 [ERROR ] [configure] at sun.security.tools.keytool.Main.doCommands(Main.java:839)
2024-04-24 11:22:55 [ERROR ] [configure] at sun.security.tools.keytool.Main.run(Main.java:380)
2024-04-24 11:22:55 [ERROR ] [configure] at sun.security.tools.keytool.Main.main(Main.java:373)
2024-04-24 11:22:55 [ERROR ] [configure] Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
~~~
Steps to reproduce:
- Install RHEL 8.9 and enable FIPS
- Install a Satellite 6.14 on top of it.
- Try to upgrade the instance to Satellite 6.15.0
Actual Results:
Errors with candlepin keystore password as mentioned above
Expected Results:
No such errors and the upgrade should happen without any such issues.
- external trackers
- links to
-
RHBA-2024:140284 Important: Satellite 6.16.0 release