[satellite6] satellite-installer fails with "file keytool does not exist"

Solution Verified - Updated 13 Jun 2024

Environment

Red Hat Satellite 6.x

Issue

satellite-installer is failing with error "file keytool does not exist"
After upgrade RHEL7 to RHEL8 , satellite-installer failing with the below error :

2023-05-12 10:14:25 [NOTICE] [configure] Starting system configuration.
...
2023-05-12 10:14:44 [NOTICE] [configure] 1750 configuration steps out of 2151 steps complete.
2023-05-12 10:14:50 [NOTICE] [configure] 2000 configuration steps out of 2151 steps complete.
2023-05-12 10:15:17 [ERROR ] [configure] Could not find a suitable provider for keystore
2023-05-12 10:15:17 [ERROR ] [configure] Could not find a suitable provider for truststore
2023-05-12 10:15:17 [ERROR ] [configure] Could not find a suitable provider for truststore_certificate
2023-05-12 10:15:17 [ERROR ] [configure] Could not find a suitable provider for keystore_certificate
2023-05-12 10:15:20 [NOTICE] [configure] System configuration has finished.

Resolution

Follow the steps in the Diagnostic Steps section of this KB solution, and ONLY if Java is not installed, install it:

# yum install java-1.8.0-openjdk --disableplugin foreman-protector

If java is installed but keytool is missing in PATH (which keytool doesn't find it), re-configure java with alternatives:

# alternatives --auto java

Verify if keytool is available now:

# which keytool
/usr/bin/keytool
# keytool --help
Key and Certificate Management Tool

Commands:

 -certreq            Generates a certificate request
 -changealias        Changes an entry's alias
 -delete             Deletes an entry
 -exportcert         Exports certificate
 -genkeypair         Generates a key pair
 -genseckey          Generates a secret key
 -gencert            Generates certificate from a certificate request
 -importcert         Imports a certificate or a certificate chain
 -importpass         Imports a password
 -importkeystore     Imports one or all entries from another keystore
 -keypasswd          Changes the key password of an entry
 -list               Lists entries in a keystore
 -printcert          Prints the content of a certificate
 -printcertreq       Prints the content of a certificate request
 -printcrl           Prints the content of a CRL file
 -storepasswd        Changes the store password of a keystore

Use "keytool -command_name -help" for usage of command_name

For more KB articles/solutions related to Red Hat Satellite 6.x LEAPP Issues, please refer to the Consolidated Troubleshooting Article for Red Hat Satellite 6.x LEAPP Issues

Root Cause

keytool is missing in PATH:

# which keytool
/usr/bin/which: no keytool in (/usr/share/Modules/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin:/root/bin)

Diagnostic Steps

Double check if the "file keytool does not exist" is your issue:

# grep "file keytool" /var/log/foreman-installer/satellite.log | cut -d\] -f3 | sort | uniq
 Puppet::Type::Keystore_certificate::ProviderOpenssl: file keytool does not exist
 Puppet::Type::Keystore::ProviderKeytool: file keytool does not exist
 Puppet::Type::Truststore_certificate::ProviderKeytool: file keytool does not exist
 Puppet::Type::Truststore::ProviderKeytool: file keytool does not exist

Verify if java is installed:

# rpm -qa | grep java

Verify if keytool is available via PATH:

# which keytool

SBR

SysMgmt

Product(s)

Red Hat Satellite

Components

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.