Project

General

Profile

Actions

Bug #18083

closed

can't manage or create Org - error candlepin: SSL_connect returned=1 errno=0 state=SSLv3

Added by Yash Menpara about 7 years ago. Updated over 4 years ago.

Status:
Rejected
Priority:
Normal
Category:
Installer
Target version:
-
Difficulty:
Triaged:
Yes
Fixed in Releases:
Found in Releases:

Description

I have just installed katello 3.2 with below option

foreman-installer \
--scenario katello \
--enable-foreman-plugin-bootdisk \
--enable-foreman-plugin-discovery \
--enable-foreman-plugin-hooks \
--enable-foreman-plugin-openscap \
--enable-foreman-plugin-remote-execution \
--enable-foreman-plugin-templates \
--enable-foreman-proxy-plugin-openscap \
--enable-foreman-proxy-plugin-remote-execution-ssh \
--certs-city 'yy City' \
--certs-org 'SMTRLAB' \
--certs-org-unit xx\
--certs-state xx\
--foreman-admin-email \
--foreman-admin-password xxx\
--foreman-initial-location Lab1 \
--foreman-initial-organization 'smorg1' \

Installing Done [100%] [.......................................................................................................]
Something went wrong! Check the log for ERROR-level output
The full log is at /var/log/foreman-installer/katello.log

------------------------------------
#egrep C 1 Failed /var/log/foreman-installer/katello.log
-------------------------------------------

[ INFO 2017-01-14 15:33:20 main] Facter: loading custom facts from /usr/share/foreman-installer/modules/stdlib/lib/facter/package_provider.rb.
[DEBUG 2017-01-14 15:33:20 main] Failed to load library 'cfpropertylist' for feature 'cfpropertylist'
[DEBUG 2017-01-14 15:33:20 main] Evicting cache entry for environment 'production'
--
[DEBUG 2017-01-14 15:33:20 main] Caching environment 'production' (ttl = 0 sec)
[DEBUG 2017-01-14 15:33:21 main] Failed to load library 'cfpropertylist' for feature 'cfpropertylist'
[DEBUG 2017-01-14 15:33:21 main] Executing: '/bin/rpm --version'
--
[DEBUG 2017-01-14 15:33:27 main] Caching environment 'production' (ttl = 0 sec)
[DEBUG 2017-01-14 15:33:27 main] Failed to load library 'apipie_bindings' for feature 'apipie_bindings'
[DEBUG 2017-01-14 15:33:27 main] Puppet::Type::Foreman_smartproxy::ProviderRest_v2: feature apipie_bindings is missing
--
[ WARN 2017-01-14 15:35:32 main] /Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]/returns: Seeding /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.2.1.1/db/seeds.d/102-organizations.rb
[ERROR 2017-01-14 15:35:32 main] /Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]: Failed to call refresh: /usr/sbin/foreman-rake db:seed returned 1 instead of one of [0]
[ERROR 2017-01-14 15:35:32 main] /Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]: /usr/sbin/foreman-rake db:seed returned 1 instead of one of [0]
--
[DEBUG 2017-01-14 15:43:15 main] Foreman_smartproxy[katello.smtrlab.com](provider=rest_v3): Making get request to https://katello.smtrlab.com/api/v2/smart_proxies?search=name=%22katello.smtrlab.com%22
[ERROR 2017-01-14 15:43:15 main] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[katello.smtrlab.com]: Failed to call refresh: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed in get request to: https://katello.smtrlab.com/api/v2/smart_proxies?search=name=%22katello.smtrlab.com%22
[ERROR 2017-01-14 15:43:15 main] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[katello.smtrlab.com]: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed in get request to: https://katello.smtrlab.com/api/v2/smart_proxies?search=name=%22katello.smtrlab.com%22
--
[ERROR 2017-01-14 15:43:17 main] Errors encountered during run:
[ERROR 2017-01-14 15:43:17 main] /Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]: Failed to call refresh: /usr/sbin/foreman-rake db:seed returned 1 instead of one of [0]
[ERROR 2017-01-14 15:43:17 main] /Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]: /usr/sbin/foreman-rake db:seed returned 1 instead of one of [0]
--
[ERROR 2017-01-14 15:43:17 main] /opt/puppetlabs/puppet/bin/puppet:5:in `<main>'
[ERROR 2017-01-14 15:43:17 main] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[katello.smtrlab.com]: Failed to call refresh: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed in get request to: https://katello.smtrlab.com/api/v2/smart_proxies?search=name=%22katello.smtrlab.com%22
[ERROR 2017-01-14 15:43:17 main] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[katello.smtrlab.com]: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed in get request to: https://katello.smtrlab.com/api/v2/smart_proxies?search=name=%22katello.smtrlab.com%22

--------------------------------------------------------
#foreman-rake db:seed --trace
---------------------------------------------------------

  • Invoke db:seed (first_time)
  • Execute db:seed
  • Invoke db:abort_if_pending_migrations (first_time)
  • Invoke environment (first_time)
  • Execute environment
  • Execute db:abort_if_pending_migrations
    Seeding /usr/share/foreman/db/seeds.d/03-auth_sources.rb
    Seeding /usr/share/foreman/db/seeds.d/03-permissions.rb
    Seeding /usr/share/foreman/db/seeds.d/03-roles.rb
    Seeding /usr/share/foreman/db/seeds.d/04-admin.rb
    Seeding /usr/share/foreman/db/seeds.d/05-taxonomies.rb
    Seeding /usr/share/foreman/db/seeds.d/06-architectures.rb
    Seeding /usr/share/foreman/db/seeds.d/07-provisioning_templates.rb
    Seeding /usr/share/foreman/db/seeds.d/08-partition_tables.rb
    Seeding /usr/share/foreman/db/seeds.d/10-installation_media.rb
    Seeding /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.2.1.1/db/seeds.d/101-locations.rb
    Seeding /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.2.1.1/db/seeds.d/102-organizations.rb
    rake aborted!
    There was an issue with the backend service candlepin: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
    /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.2.1.1/app/lib/actions/middleware/backend_services_check.rb:17:in `block in plan'

---------
I can't manage or create Org - error candlepin: SSL_connect returned=1 errno=0 state=SSLv3

When I try to create new organization. I get below error:
Error: There was an issue with the backend service candlepin: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

When I try to manage existing organization I get similar error:

Oops, we're sorry but something went wrong Katello::Resources::Candlepin::CandlepinResource: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (GET /candlepin/owners/smorg1/servicelevels)

Full trace :

RestClient::SSLCertificateNotVerified
Katello::Resources::Candlepin::CandlepinResource: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (GET /candlepin/owners/smorg1/servicelevels)

-----
#grep ERROR /var/log/foreman-proxy/proxy.log
-----

#systemctl status -l foreman-proxy.service

● foreman-proxy.service - Foreman Proxy
Loaded: loaded (/usr/lib/systemd/system/foreman-proxy.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2017-01-14 20:47:12 EST; 17s ago
Process: 71929 ExecStart=/usr/share/foreman-proxy/bin/smart-proxy (code=exited, status=0/SUCCESS)
Main PID: 71948 (code=exited, status=1/FAILURE)

Jan 14 20:47:11 katello.smtrlab.com systemd1: Starting Foreman Proxy...
Jan 14 20:47:12 katello.smtrlab.com systemd1: Started Foreman Proxy.
Jan 14 20:47:12 katello.smtrlab.com systemd1: foreman-proxy.service: main process exited, code=exited, status=1/FAILURE
Jan 14 20:47:12 katello.smtrlab.com systemd1: Unit foreman-proxy.service entered failed state.
Jan 14 20:47:12 katello.smtrlab.com systemd1: foreman-proxy.service failed.

E, [2017-01-14T17:59:06.777566 #41529] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca
E, [2017-01-14T18:01:12.386584 #41529] ERROR -- : bad Request-Line ` '.
E, [2017-01-14T18:58:55.176062 #41529] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca
E, [2017-01-14T18:59:01.734668 #41529] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca
E, [2017-01-14T19:01:54.048547 #55544] ERROR -- : Error during startup, terminating. Address already in use - bind(2)
E, [2017-01-14T19:17:43.539693 #57224] ERROR -- : Error during startup, terminating. Address already in use - bind(2)

---Already taken actions :
cp /root/ssl-build/katello-default-ca.crt /etc/pki/ca-trust/source/anchors/
cp /root/ssl-build/katello-default-ca.crt proxy_ca.pem
update-ca-trust enable
update-ca-trust
foreman-installer --scenario katello --certs-update-server
foreman-installer --scenario katello --certs-update-all

------

Actions #1

Updated by Anonymous about 7 years ago

  • Project changed from Foreman to Katello
  • Category deleted (47)
  • Difficulty deleted (hard)
Actions #2

Updated by Justin Sherrill about 7 years ago

  • Status changed from New to Need more information

Would you be able to upload a foreman-debug?

Actions #4

Updated by Justin Sherrill about 7 years ago

  • Status changed from Need more information to New
Actions #5

Updated by Justin Sherrill about 7 years ago

  • Category set to Installer
  • Assignee set to Justin Sherrill
Actions #6

Updated by Eric Helms about 7 years ago

  • Status changed from New to Needs design
Actions #7

Updated by John Mitsch almost 7 years ago

  • translation missing: en.field_release set to 228
Actions #8

Updated by Eric Helms almost 7 years ago

  • translation missing: en.field_release changed from 228 to 258
Actions #9

Updated by Eric Helms almost 7 years ago

  • translation missing: en.field_release changed from 258 to 267
Actions #10

Updated by Justin Sherrill over 6 years ago

  • translation missing: en.field_release changed from 267 to 281
Actions #11

Updated by Justin Sherrill over 6 years ago

  • translation missing: en.field_release changed from 281 to 286
Actions #12

Updated by Eric Helms over 6 years ago

  • translation missing: en.field_release changed from 286 to 295
Actions #13

Updated by Jonathon Turel over 4 years ago

  • Status changed from Needs design to Rejected
  • Target version deleted (Katello 3.4.6)
  • Triaged set to Yes

Since we are long past Katello 3.4 I am closing this issue. Please open a new issue if you're still experiencing this problem and reference this one in it.

Actions

Also available in: Atom PDF