Project

General

Profile

Actions
Copy link

Bug #18807

closed

Katello 3.3 smart-proxy-fresh install with custom certs broken?

Added by Oliver Weinmann almost 8 years ago. Updated over 6 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Installer
Target version:
Katello 3.5.3
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Hi,

since three days I'm trying to deploy a fresh Katello 3.3 with a smart-proxy using custom certs.

The main Katello server is running fine with the custom certs. Thanks to ehelms for pointing out the workaround to comment out the line in /etc/foreman/plugins/katello.yaml:

:pulp:
    :url: https://katello.a.space.corp/pulp/api/v2/
    :oauth_key: katello
    :oauth_secret: aoZbfkgXidvUGUF5t7woLXZoEPpNEzwf
    #:ca_cert_file: /etc/pki/katello/certs/katello-default-ca.crt

Now the problem is that I can't get the proxy working.

I followed the installation instructions carefully but I just can't get it working. I assume it is because of the custom certs.

This is the error on the proxy:

[ERROR 2017-03-06 16:02:34 main]  Proxy gedadvl02.a.space.corp cannot be registered: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([Errno::ECONNREFUSED]: Connection refused - connect(2) for "gedadvl02.a.space.corp" port 9090) for proxy https://gedadvl02.a.space.corp:9090/features Please check the proxy is configured and running on the host.

I checked and the proxy is running fine:

[root@gedadvl02 ~]# service foreman-proxy status
Redirecting to /bin/systemctl status  foreman-proxy.service
● foreman-proxy.service - Foreman Proxy
   Loaded: loaded (/usr/lib/systemd/system/foreman-proxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2017-03-06 16:02:34 CET; 29min ago
 Main PID: 9064 (ruby)
   CGroup: /system.slice/foreman-proxy.service
           └─9064 ruby /usr/share/foreman-proxy/bin/smart-proxy

The strange thing is running openssl against the proxy from the main katello server works fine:

openssl s_client -connect gedadvl02.a.space.corp:9090

Verify return code: 0 (ok)

But from the proxy I get a validation error:

Verify return code: 19 (self signed certificate in certificate chain)

If I ran the smart-proxy install command again the error is now different:

/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[gedadvl02.a.space.corp]/ensure: change from absent to present failed: Proxy gedadvl02.a.space.corp cannot be registered: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verif...) for proxy https://gedadvl02.a.space.corp:9090/features Please check the proxy is configured and running on the host.
Actions
Copy link

Also available in: Atom PDF