-
Bug
-
Resolution: Done-Errata
-
Blocker
-
6.16.0
-
False
-
-
False
-
foreman-installer-3.12.0.2-1
-
0
-
-
-
None
Description of problem:
RHEL 9.5 switched to OpenJDK 17 as the default JDK, breaking our usage of keytool
How reproducible:
100%
Is this issue a regression from an earlier version:
Technically yes, just not in our code.
Steps to Reproduce:
1. Deploy empty RHEL 9.5 machine
2. Try to install Satellite 6.16
Actual behavior:
2024-11-12 06:45:20 [ERROR ] [configure] Failed to generate new keystore with temporary entry: Execution of '/bin/keytool -genkey -storetype pkcs12 -keystore /etc/candlepin/certs/keystore -storepass:file /etc/candlepin/certs/keystore_password-file -alias temporary-entry -dname CN=temporary-entry -J-Dcom.redhat.fips=false' returned 1: keytool error: java.lang.Exception: The -keyalg option must be specified. 2024-11-12 06:45:20 [ERROR ] [configure] Failed to generate new truststore with temporary entry: Execution of '/bin/keytool -genkey -storetype pkcs12 -keystore /etc/candlepin/certs/truststore -storepass:file /etc/candlepin/certs/truststore_password-file -alias temporary-entry -dname CN=temporary-entry -J-Dcom.redhat.fips=false' returned 1: keytool error: java.lang.Exception: The -keyalg option must be specified. 2024-11-12 06:45:28 [NOTICE] [configure] 250 configuration steps out of 1525 steps complete. 2024-11-12 06:45:50 [NOTICE] [configure] 500 configuration steps out of 1527 steps complete. 2024-11-12 06:45:56 [ERROR ] [configure] Failed to add certificate to keystore: Execution of '/bin/keytool -importkeystore -noprompt -srckeystore /tmp/temp_keystore20241112-22277-ttsyoq -srcstorepass:file /etc/candlepin/certs/keystore_password-file -destkeystore /etc/candlepin/certs/keystore -deststorepass:file /etc/candlepin/certs/keystore_password-file -srcalias tomcat -destalias tomcat -J-Dcom.redhat.fips=false' returned 1: Importing keystore /tmp/temp_keystore20241112-22277-ttsyoq to /etc/candlepin/certs/keystore... 2024-11-12 06:45:56 [ERROR ] [configure] keytool error: java.lang.Exception: Keystore file exists, but is empty: /etc/candlepin/certs/keystore
# hammer ping
database:
Status: ok
Server Response: Duration: 0ms
cache:
servers:
1) Status: ok
Server Response: Duration: 0ms
candlepin:
Status: FAIL
Server Response: Message: Failed to open TCP connection to localhost:23443 (Connection refused - connect(2) for "localhost" port 23443)
candlepin_auth:
Status: FAIL
Server Response: Message: A backend service [ Candlepin ] is unreachable
candlepin_events:
Status: FAIL
message: Not running
Server Response: Duration: 0ms
katello_events:
Status: ok
message: 0 Processed, 0 Failed
Server Response: Duration: 0ms
pulp3:
Status: ok
Server Response: Duration: 74ms
pulp3_content:
Status: ok
Server Response: Duration: 69ms
foreman_tasks:
Status: ok
Server Response: Duration: 5ms
Expected behavior:
1. no keytool errors
2. hammer ping works
- depends on
-
SAT-29387 Fixes #38010 - Include keyalg in keytool for OpenJDK 17 by ehelms · Pull Request #470 · theforeman/puppet-certs · GitHub
-
- Closed
-
- links to
-
RHBA-2024:142800
Satellite 6.16.0.1 Async Update
