Access to foreman GUI running on CentOS 7 Minimal VM?

First post. Apologies in advance …

Problem:
New foreman install on CentOS 7 Minimal VM.
Cannot access GUI from host server.

Expected outcome:
Should be able to access GUI via NAT Network with Port Forwarding.

Other relevant data:
Desktop: Ubuntu 18.04 running Oracle VM VirtualBox 6.0.2 r128162 (Qt5.9.5)
Guest VM: CentOS-7-x86_64-Minimal-1810 with VBoxGuestAdditions_6.0.2
NAT Network with Port Forwarding - needed for Internet (repo) access through my desktop host server.

Followed https://www.theforeman.org/manuals/1.20/index.html#2.Quickstart as best I could …
Ran the foreman-installer, and began configuration with:
foreman-rake db:migrate
foreman-rake db:seed

and started foreman …
systemctl start foreman

Because I am running a “headless” CentOS 7 (Minimal) VM, I need to access the foreman/puppet GUI’s from my host server.

I suspect that there are multiple issues here:

  • Listener address (127.0.0.1, or on IPv6 only)
  • SSL Cert issues (CA, IP address vs. FQDN?)
  • HTTP/1.1 301 Moved Permanently

[root@centos7m ~]# netstat -an46 | grep LISTEN
tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN
tcp6 0 0 :::8140 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:5432 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::8443 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN

Before I get any deeper, can someone give me a sanity check and just tell me that I am doing it wrong,
and should start over with a different approach?

There is much more to this story, and I have many questions, obviously.
Happy to provide whatever additional info that might be helpful.

Hi,

do you get any error messages in your browser when you try accessing the UI? If not, what exactly do you see?
Also, please consult the apache logs and /var/log/foreman/production.log for a) an connection attempt from your host and b) if there are any errors showing up while you try to access the UI.

The netstat output looks completely fine to me. Ports 80 and 443 are bound correctly (listen on any address, it’s completely ok that it only shows with IPv6, it works with IPv4 as well in that case).

GUI and API is served by Apache httpd. Note CentOS 7 has a firewall enabled by default (if you haven’t disabled/changed during installation), the only port allowed is SSH.

After disabling the firewall, I was able to get a little further. There were security exceptions for the self-signed certs that I accepted. And now I get:

https://10.0.3.10:8140/
HTTP ERROR 404
Problem accessing /. Reason:
Not Found


https://10.0.3.10:8443/
SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data
Requested url was not found


https://10.0.3.10:3000/
Secure Connection Failed

An error occurred during a connection to 10.0.3.10:3000. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

The foreman service you manually started on port 3000 should not be needed. By default the installer deploys via Apache with Passenger. Port 8140 is the Puppet server and I don’t expect you to directly connect ot it. Port 8443 is the Foreman Proxy and again not something you directly connect to. Port 443 is where you want to be.

Also, to get arround that self-signed certificate error, you can connect to your foreman instance via http://example.com/pub and import katello-server-ca.crt into your brwosers truststore.

Adjusted my port forwarding, and now I am in. Thank You!

I’m having the same issue here, when i try to access to the webgui nothing shows up. If i use the the host name that i set before (“foreman.lan”) it shows me the Apache page. Can you explain me how did you solve the port forwarding issue ?