Bug #18083
closedcan't manage or create Org - error candlepin: SSL_connect returned=1 errno=0 state=SSLv3
Description
I have just installed katello 3.2 with below option
foreman-installer \
--scenario katello \
--enable-foreman-plugin-bootdisk \
--enable-foreman-plugin-discovery \
--enable-foreman-plugin-hooks \
--enable-foreman-plugin-openscap \
--enable-foreman-plugin-remote-execution \
--enable-foreman-plugin-templates \
--enable-foreman-proxy-plugin-openscap \
--enable-foreman-proxy-plugin-remote-execution-ssh \
--certs-city 'yy City' \
--certs-org 'SMTRLAB' \
--certs-org-unit xx\
--certs-state xx\
--foreman-admin-email myemail@gmail.com \
--foreman-admin-password xxx\
--foreman-initial-location Lab1 \
--foreman-initial-organization 'smorg1' \
Installing Done [100%] [.......................................................................................................]
Something went wrong! Check the log for ERROR-level output
The full log is at /var/log/foreman-installer/katello.log
------------------------------------
#egrep C 1 Failed /var/log/foreman-installer/katello.log
-------------------------------------------
[ INFO 2017-01-14 15:33:20 main] Facter: loading custom facts from /usr/share/foreman-installer/modules/stdlib/lib/facter/package_provider.rb.
[DEBUG 2017-01-14 15:33:20 main] Failed to load library 'cfpropertylist' for feature 'cfpropertylist'
[DEBUG 2017-01-14 15:33:20 main] Evicting cache entry for environment 'production'
--
[DEBUG 2017-01-14 15:33:20 main] Caching environment 'production' (ttl = 0 sec)
[DEBUG 2017-01-14 15:33:21 main] Failed to load library 'cfpropertylist' for feature 'cfpropertylist'
[DEBUG 2017-01-14 15:33:21 main] Executing: '/bin/rpm --version'
--
[DEBUG 2017-01-14 15:33:27 main] Caching environment 'production' (ttl = 0 sec)
[DEBUG 2017-01-14 15:33:27 main] Failed to load library 'apipie_bindings' for feature 'apipie_bindings'
[DEBUG 2017-01-14 15:33:27 main] Puppet::Type::Foreman_smartproxy::ProviderRest_v2: feature apipie_bindings is missing
--
[ WARN 2017-01-14 15:35:32 main] /Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]/returns: Seeding /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.2.1.1/db/seeds.d/102-organizations.rb
[ERROR 2017-01-14 15:35:32 main] /Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]: Failed to call refresh: /usr/sbin/foreman-rake db:seed returned 1 instead of one of [0]
[ERROR 2017-01-14 15:35:32 main] /Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]: /usr/sbin/foreman-rake db:seed returned 1 instead of one of [0]
--
[DEBUG 2017-01-14 15:43:15 main] Foreman_smartproxy[katello.smtrlab.com](provider=rest_v3): Making get request to https://katello.smtrlab.com/api/v2/smart_proxies?search=name=%22katello.smtrlab.com%22
[ERROR 2017-01-14 15:43:15 main] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[katello.smtrlab.com]: Failed to call refresh: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed in get request to: https://katello.smtrlab.com/api/v2/smart_proxies?search=name=%22katello.smtrlab.com%22
[ERROR 2017-01-14 15:43:15 main] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[katello.smtrlab.com]: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed in get request to: https://katello.smtrlab.com/api/v2/smart_proxies?search=name=%22katello.smtrlab.com%22
--
[ERROR 2017-01-14 15:43:17 main] Errors encountered during run:
[ERROR 2017-01-14 15:43:17 main] /Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]: Failed to call refresh: /usr/sbin/foreman-rake db:seed returned 1 instead of one of [0]
[ERROR 2017-01-14 15:43:17 main] /Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]: /usr/sbin/foreman-rake db:seed returned 1 instead of one of [0]
--
[ERROR 2017-01-14 15:43:17 main] /opt/puppetlabs/puppet/bin/puppet:5:in `<main>'
[ERROR 2017-01-14 15:43:17 main] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[katello.smtrlab.com]: Failed to call refresh: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed in get request to: https://katello.smtrlab.com/api/v2/smart_proxies?search=name=%22katello.smtrlab.com%22
[ERROR 2017-01-14 15:43:17 main] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[katello.smtrlab.com]: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed in get request to: https://katello.smtrlab.com/api/v2/smart_proxies?search=name=%22katello.smtrlab.com%22
--------------------------------------------------------
#foreman-rake db:seed --trace
---------------------------------------------------------
- Invoke db:seed (first_time)
- Execute db:seed
- Invoke db:abort_if_pending_migrations (first_time)
- Invoke environment (first_time)
- Execute environment
- Execute db:abort_if_pending_migrations
Seeding /usr/share/foreman/db/seeds.d/03-auth_sources.rb
Seeding /usr/share/foreman/db/seeds.d/03-permissions.rb
Seeding /usr/share/foreman/db/seeds.d/03-roles.rb
Seeding /usr/share/foreman/db/seeds.d/04-admin.rb
Seeding /usr/share/foreman/db/seeds.d/05-taxonomies.rb
Seeding /usr/share/foreman/db/seeds.d/06-architectures.rb
Seeding /usr/share/foreman/db/seeds.d/07-provisioning_templates.rb
Seeding /usr/share/foreman/db/seeds.d/08-partition_tables.rb
Seeding /usr/share/foreman/db/seeds.d/10-installation_media.rb
Seeding /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.2.1.1/db/seeds.d/101-locations.rb
Seeding /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.2.1.1/db/seeds.d/102-organizations.rb
rake aborted!
There was an issue with the backend service candlepin: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
/opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.2.1.1/app/lib/actions/middleware/backend_services_check.rb:17:in `block in plan'
---------
I can't manage or create Org - error candlepin: SSL_connect returned=1 errno=0 state=SSLv3
When I try to create new organization. I get below error:
Error: There was an issue with the backend service candlepin: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
When I try to manage existing organization I get similar error:
Oops, we're sorry but something went wrong Katello::Resources::Candlepin::CandlepinResource: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (GET /candlepin/owners/smorg1/servicelevels)
Full trace :
RestClient::SSLCertificateNotVerified
Katello::Resources::Candlepin::CandlepinResource: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (GET /candlepin/owners/smorg1/servicelevels)
-----
#grep ERROR /var/log/foreman-proxy/proxy.log
-----
#systemctl status -l foreman-proxy.service
● foreman-proxy.service - Foreman Proxy
Loaded: loaded (/usr/lib/systemd/system/foreman-proxy.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2017-01-14 20:47:12 EST; 17s ago
Process: 71929 ExecStart=/usr/share/foreman-proxy/bin/smart-proxy (code=exited, status=0/SUCCESS)
Main PID: 71948 (code=exited, status=1/FAILURE)
Jan 14 20:47:11 katello.smtrlab.com systemd1: Starting Foreman Proxy...
Jan 14 20:47:12 katello.smtrlab.com systemd1: Started Foreman Proxy.
Jan 14 20:47:12 katello.smtrlab.com systemd1: foreman-proxy.service: main process exited, code=exited, status=1/FAILURE
Jan 14 20:47:12 katello.smtrlab.com systemd1: Unit foreman-proxy.service entered failed state.
Jan 14 20:47:12 katello.smtrlab.com systemd1: foreman-proxy.service failed.
E, [2017-01-14T17:59:06.777566 #41529] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca
E, [2017-01-14T18:01:12.386584 #41529] ERROR -- : bad Request-Line ` '.
E, [2017-01-14T18:58:55.176062 #41529] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca
E, [2017-01-14T18:59:01.734668 #41529] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca
E, [2017-01-14T19:01:54.048547 #55544] ERROR -- : Error during startup, terminating. Address already in use - bind(2)
E, [2017-01-14T19:17:43.539693 #57224] ERROR -- : Error during startup, terminating. Address already in use - bind(2)
---Already taken actions :
cp /root/ssl-build/katello-default-ca.crt /etc/pki/ca-trust/source/anchors/
cp /root/ssl-build/katello-default-ca.crt proxy_ca.pem
update-ca-trust enable
update-ca-trust
foreman-installer --scenario katello --certs-update-server
foreman-installer --scenario katello --certs-update-all
------