Support #9228: foreman-proxy unable to start - ERROR -- : Unable to access the SSL keys - Foreman

Support #9228

Updated by Dominic Cleal about 10 years ago

<pre>  
 # rpm -qa|grep foreman 
 foreman-1.7.2-1.el6.noarch 
 foreman-installer-1.7.2-1.el6.noarch 
 foreman-postgresql-1.7.2-1.el6.noarch 
 foreman-cli-1.7.2-1.el6.noarch 
 foreman-proxy-1.7.2-1.el6.noarch 
 ruby193-rubygem-foreman_setup-2.1.1-1.el6.noarch 
 foreman-release-scl-1-1.el6.x86_64 
 rubygem-hammer_cli_foreman-0.1.3-1.el6.noarch 
 ruby193-rubygem-foreman_bootdisk-4.0.2-1.el6.noarch 
 foreman-selinux-1.7.2-1.el6.noarch 

 # grep ERROR /var/log/foreman-installer/foreman-installer.log 
 [ INFO 2015-02-05 00:47:22 main] -# WARN, DEBUG, ERROR, FATAL, INFO, UNKNOWN 
 [ INFO 2015-02-05 00:47:22 main] -#:log_level: ERROR 
 [ERROR 2015-02-05 00:47:23 main]    Could not start Service[foreman-proxy]: Execution of '/sbin/service foreman-proxy start' returned 1: Starting foreman-proxy: [FAILED] 
 [ERROR 2015-02-05 00:47:23 main]    /Stage[main]/Foreman_proxy::Service/Service[foreman-proxy]/ensure: change from stopped to running failed: Could not start Service[foreman-proxy]: Execution of '/sbin/service foreman-proxy start' returned 1: Starting foreman-proxy: [FAILED] 
 [ERROR 2015-02-05 00:47:34 main]    /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[core-foremanlive1-1-sfm.ops.sfdc.net]: Failed to call refresh: missing param 'id' in parameters 
 [ERROR 2015-02-05 00:47:34 main]    /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[core-foremanlive1-1-sfm.ops.sfdc.net]: missing param 'id' in parameters 
 [ERROR 2015-02-05 00:47:36 main] Repeating errors encountered during run: 
 [ERROR 2015-02-05 00:47:36 main]    Could not start Service[foreman-proxy]: Execution of '/sbin/service foreman-proxy start' returned 1: Starting foreman-proxy: [FAILED] 
 [ERROR 2015-02-05 00:47:36 main]    /Stage[main]/Foreman_proxy::Service/Service[foreman-proxy]/ensure: change from stopped to running failed: Could not start Service[foreman-proxy]: Execution of '/sbin/service foreman-proxy start' returned 1: Starting foreman-proxy: [FAILED] 
 [ERROR 2015-02-05 00:47:36 main]    /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[core-foremanlive1-1-sfm.ops.sfdc.net]: Failed to call refresh: missing param 'id' in parameters 
 [ERROR 2015-02-05 00:47:36 main]    /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[core-foremanlive1-1-sfm.ops.sfdc.net]: missing param 'id' in parameters 

 # cat /var/log/foreman-proxy/proxy.log 
 E, [2015-02-05T00:47:23.118315 #26123] ERROR -- : Unable to access the SSL keys. Are the values correct in settings.yml and do permissions allow reading?: Permission denied - /var/lib/puppet/ssl/private_keys/core-foremanlive1-1-sfm.ops.sfdc.net.pem 
 E, [2015-02-05T00:47:23.118430 #26123] ERROR -- : Both http and https are disabled, unable to start. 
 E, [2015-02-05T00:48:35.326230 #26450] ERROR -- : Unable to access the SSL keys. Are the values correct in settings.yml and do permissions allow reading?: Permission denied - /var/lib/puppet/ssl/private_keys/core-foremanlive1-1-sfm.ops.sfdc.net.pem 
 E, [2015-02-05T00:48:35.326347 #26450] ERROR -- : Both http and https are disabled, unable to start. 

 ]# ls -ltr /var/lib/puppet/ssl/certs 
 total 8 
 -rw-r--r-- 1 puppet puppet 2045 Feb    5 00:47 ca.pem 
 -rw-r--r-- 1 puppet puppet 2118 Feb    5 00:47 core-foremanlive1-1-sfm.ops.sfdc.net.pem 
 [root@core-foremanlive1-1-sfm yum.repos.d]# ls -ltr /var/lib/puppet/ssl/private_keys/ 
 total 4 
 -rw-r--r-- 1 puppet puppet 3247 Feb    5 00:47 core-foremanlive1-1-sfm.ops.sfdc.net.pem 
 [root@core-foremanlive1-1-sfm yum.repos.d]# ls -ltr /var/lib/puppet/ssl/public_keys/ 
 total 4 
 -rw-r--r-- 1 puppet puppet 775 Feb    5 00:47 core-foremanlive1-1-sfm.ops.sfdc.net.pem 
 [root@core-foremanlive1-1-sfm yum.repos.d]# cat /etc/foreman-proxy/settings.yml  
 --- 
 ### File managed with puppet ### 
 ## Module:             'foreman_proxy' 

 :settings_directory: /etc/foreman-proxy/settings.d 

 # SSL Setup 

 # if enabled, all communication would be verfied via SSL 
 # NOTE that both certificates need to be signed by the same CA in order for this to work 
 # see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information 
 :ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem 
 :ssl_certificate: /var/lib/puppet/ssl/certs/core-foremanlive1-1-sfm.ops.sfdc.net.pem 
 :ssl_private_key: /var/lib/puppet/ssl/private_keys/core-foremanlive1-1-sfm.ops.sfdc.net.pem 

 # the hosts which the proxy accepts connections from 
 # commenting the following lines would mean every verified SSL connection allowed 
 :trusted_hosts: 
   - core-foremanlive1-1-sfm.ops.sfdc.net 

 # by default smart_proxy runs in the foreground. To enable running as a daemon, uncomment 'daemon' setting 
 :daemon: true 
 # Only used when 'daemon' is set to true. 
 # Uncomment and modify if you want to change the default pid file '/var/run/foreman-proxy/foreman-proxy.pid' 
 #:daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid 

 # HTTP ports configuration 
 # http is disabled by default. To enable, uncomment 'http_port' setting 
 # https is enabled if certificate, CA certificate, and private key are present in locations specifed by 
 # ssl_certificate, ssl_ca_file, and ssl_private_key correspondingly 
 # default values for https_port is 8443 
 #:http_port: 8000 
 :https_port: 8443 

 # shared options for virsh DNS/DHCP provider 
 :virsh_network: default 

 # Where our proxy log files are stored 
 # filename or STDOUT 
 :log_file: /var/log/foreman-proxy/proxy.log 
 # valid options are 
 # WARN, DEBUG, Error, Fatal, INFO, UNKNOWN 
 #:log_level: DEBUG 

 </pre>

Back

Project

General

Profile

Support #9228