Project

General

Profile

Actions
Copy link

Bug #20324

closed

BMC Smart Proxy SSL configuration/setup?

Added by Jason Lang over 7 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
BMC
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Im attempting to configure the bmc smart proxy plugin. Im to the point where its installed on my smart proxy, and tested working per ipmitool commands on that smart proxy itself.
bmc.yml:
---
  1. BMC management (Bare metal power and bios controls)
    :enabled: https
  2. Available providers:
  3. - freeipmi / ipmitool - requires the appropriate package installed, and the rubyipmi gem
  4. - shell - for local reboot control (requires sudo access to /sbin/shutdown for the proxy user)
    :bmc_default_provider: ipmitool

Within Foreman - it times out with error: Failure: ERF12-2269 [ProxyAPI::ProxyException]: Unable to perform lan BMC operation ([RestClient::RequestTimeout]: Request Timeout) for proxy https://fmnpxprw1.paychex.com:8443/bmc

Smart Proxy logs show:
E, [2017-07-17T16:12:13.040482 ] ERROR -- : could not read client cert from environment
I, [2017-07-17T16:12:13.040829 ] INFO -- : IP - - [17/Jul/2017:16:12:13 -0400] "GET /bmc HTTP/1.1" 403 43 0.0007

I, [2017-07-17T16:12:33.484111 ] INFO -- : IP - - [17/Jul/2017:16:12:33 -0400] "GET /bmc/%BMCIP%/chassis/power/status HTTP/1.1" 200 33 0.1347

E, [2017-07-17T16:13:11.872390 ] ERROR -- : could not read client cert from environment
I, [2017-07-17T16:13:11.872938 ] INFO -- : IP - - [17/Jul/2017:16:13:11 -0400] "GET /bmc/%BMCIP%/chassis/power/status HTTP/1.1" 403 43 0.0010

Similarly - hitting either /bmc or /bmc/%BMCIP%/...... from a browser give me the same error could not read client cert from environment

I thought this might have to do with the smart proxies "trusted hosts" setting, so I edited settings.yml for the smart proxy to try no trusted hosts:
- remove all entries

With this set the URL's above began returning: No client SSL certificate supplied via output and logs.

At this point im stumped. I would imagine that doing this through the browser directly to a smart proxy might return a client cert issue (my browser wouldn't supply one) but that should go away with removing the trusted host option?

Also - when viewing through a host itself, my foreman server should be using its cert (which is trusted and works for all other "stuff") to connect to the smart proxy to do the smart proxy call.

How should this be configured to "work". I've scoured the website, google, and foreman manual - but the only thing i've found is 3 lines on configuring the account for ILO3, as well as the bmc.yml file in the foreman manual which ive copied and used verbatim.

Any help would be greatly appreciated!
This is foreman 1.14.3 specifically

Actions
Copy link

Also available in: Atom PDF