Problem:
During install of Smart Proxy w/ Content, I get the following error:
Error 1: Puppet Foreman_host resource 'foreman-proxy-gpnixfor02.ipa.medforest.org' failed. Logs:
/Stage[main]/Foreman_proxy::Register/Foreman_host[foreman-proxy-gpnixfor02.ipa.medforest.org]
Adding autorequire relationship with Anchor[foreman::providers::oauth]
Starting to evaluate the resource (1134 of 1149)
Could not evaluate: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: https://gpnixfor01.ipa.medforest.org/api/v2/hosts?search=name%3D%22gpnixfor02.ipa.medforest.org%22
Wrapped exception:
SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
Evaluated in 0.01 seconds
Foreman_host[foreman-proxy-gpnixfor02.ipa.medforest.org](provider=rest_v3)
Making get request to https://gpnixfor01.ipa.medforest.org/api/v2/hosts?search=name%3D%22gpnixfor02.ipa.medforest.org%22
Error 2: Puppet Foreman_smartproxy resource 'gpnixfor02.ipa.medforest.org' failed. Logs:
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[gpnixfor02.ipa.medforest.org]
Adding autorequire relationship with Anchor[foreman::providers::oauth]
Starting to evaluate the resource (1136 of 1149)
Could not evaluate: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
Wrapped exception:
SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
Failed to call refresh: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
Wrapped exception:
SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
Evaluated in 0.01 seconds
Foreman_smartproxy[gpnixfor02.ipa.medforest.org](provider=rest_v3)
Making get request to https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
Making get request to https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
2 errors were detected.
Please address the errors and re-run the installer to ensure the system is properly configured.
Failing to do so is likely to result in broken functionality.
The full log is at /var/log/foreman-installer/foreman-proxy-content.log
Expected outcome:
Successful Smart Proxy installation
Foreman and Proxy versions:
3.11
Foreman and Proxy plugin versions:
Distribution and version:
RHEL 9.4
Other relevant data:
- Did a fresh install of Foreman 3.11 on RHEL 9:
# foreman-installer --scenario katello \
--certs-server-cert "/root/foreman_cert/gpnixfor01.pem" \
--certs-server-key "/root/foreman_cert/gpnixfor01_key.pem" \
--certs-server-ca-cert "/root/foreman_cert/ca_cert_bundle.pem" \
--foreman-initial-organization "<Redacted>" \
--foreman-initial-location "SDC" \
--foreman-initial-admin-username foreman-admin \
--foreman-initial-admin-password "<Redacted>" \
--foreman-proxy-bmc "true" \
--foreman-proxy-bmc-default-provider "freeipmi"
- Command runs successfully. Foreman runs well and certs are working.
-
Registered Smart Proxy host as a Foreman Client.
-
Generated cert package tar for smart proxy:
# foreman-proxy-certs-generate \
--foreman-proxy-fqdn gpnixfor02.ipa.medforest.org \
--certs-tar /root/smart-proxy_cert/gpnixfor02.ipa.medforest.org-certs.tar
-
Copied tar to Smart Proxy host.
-
Ran installer on Proxy:
# foreman-installer \
--scenario foreman-proxy-content \
--certs-tar-file "/root/gpnixfor02.ipa.medforest.org-certs.tar" \
--foreman-proxy-register-in-foreman "true" \
--foreman-proxy-foreman-base-url "https://gpnixfor01.ipa.medforest.org" \
--foreman-proxy-trusted-hosts "gpnixfor01.ipa.medforest.org" \
--foreman-proxy-trusted-hosts "gpnixfor02.ipa.medforest.org" \
--foreman-proxy-oauth-consumer-key "<redacted>" \
--foreman-proxy-oauth-consumer-secret "<redacted>"
2024-08-02 22:53:06 [NOTICE] [root] Loading installer configuration. This will take some time.
2024-08-02 22:53:10 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2024-08-02 22:53:10 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2024-08-02 22:54:15 [NOTICE] [configure] Starting system configuration.
2024-08-02 22:54:58 [NOTICE] [configure] 250 configuration steps out of 1120 steps complete.
2024-08-02 22:55:33 [NOTICE] [configure] 500 configuration steps out of 1122 steps complete.
2024-08-02 22:55:44 [NOTICE] [configure] 750 configuration steps out of 1147 steps complete.
2024-08-02 22:57:08 [NOTICE] [configure] 1000 configuration steps out of 1148 steps complete.
2024-08-02 22:57:29 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_host[foreman-proxy-gpnixfor02.ipa.medforest.org]: Could not evaluate: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: https://gpnixfor01.ipa.medforest.org/api/v2/hosts?search=name%3D%22gpnixfor02.ipa.medforest.org%22
2024-08-02 22:57:29 [ERROR ] [configure] Wrapped exception:
2024-08-02 22:57:29 [ERROR ] [configure] SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
2024-08-02 22:57:29 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[gpnixfor02.ipa.medforest.org]: Could not evaluate: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
2024-08-02 22:57:29 [ERROR ] [configure] Wrapped exception:
2024-08-02 22:57:29 [ERROR ] [configure] SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
2024-08-02 22:57:29 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[gpnixfor02.ipa.medforest.org]: Failed to call refresh: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
2024-08-02 22:57:29 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[gpnixfor02.ipa.medforest.org]: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
2024-08-02 22:57:29 [ERROR ] [configure] Wrapped exception:
2024-08-02 22:57:29 [ERROR ] [configure] SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
2024-08-02 22:57:32 [NOTICE] [configure] System configuration has finished.
Error 1: Puppet Foreman_host resource 'foreman-proxy-gpnixfor02.ipa.medforest.org' failed. Logs:
/Stage[main]/Foreman_proxy::Register/Foreman_host[foreman-proxy-gpnixfor02.ipa.medforest.org]
Adding autorequire relationship with Anchor[foreman::providers::oauth]
Starting to evaluate the resource (1134 of 1149)
Could not evaluate: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: https://gpnixfor01.ipa.medforest.org/api/v2/hosts?search=name%3D%22gpnixfor02.ipa.medforest.org%22
Wrapped exception:
SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
Evaluated in 0.01 seconds
Foreman_host[foreman-proxy-gpnixfor02.ipa.medforest.org](provider=rest_v3)
Making get request to https://gpnixfor01.ipa.medforest.org/api/v2/hosts?search=name%3D%22gpnixfor02.ipa.medforest.org%22
Error 2: Puppet Foreman_smartproxy resource 'gpnixfor02.ipa.medforest.org' failed. Logs:
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[gpnixfor02.ipa.medforest.org]
Adding autorequire relationship with Anchor[foreman::providers::oauth]
Starting to evaluate the resource (1136 of 1149)
Could not evaluate: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
Wrapped exception:
SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
Failed to call refresh: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
Wrapped exception:
SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
Evaluated in 0.01 seconds
Foreman_smartproxy[gpnixfor02.ipa.medforest.org](provider=rest_v3)
Making get request to https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
Making get request to https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
2 errors were detected.
Please address the errors and re-run the installer to ensure the system is properly configured.
Failing to do so is likely to result in broken functionality.
The full log is at /var/log/foreman-installer/foreman-proxy-content.log
Relevant info from /var/log/foreman-installer/foreman-proxy-content.log
:
2024-08-02 22:57:29 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_host[foreman-proxy-gpnixfor02.ipa.medforest.org]: Could not evaluate: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: https://gpnixfor01.ipa.medforest.org/api/v2/hosts?search=name%3D%22gpnixfor02.ipa.medforest.org%22
2024-08-02 22:57:29 [ERROR ] [configure] Wrapped exception:
2024-08-02 22:57:29 [ERROR ] [configure] SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
2024-08-02 22:57:29 [DEBUG ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_host[foreman-proxy-gpnixfor02.ipa.medforest.org]: Evaluated in 0.01 seconds
2024-08-02 22:57:29 [DEBUG ] [configure] /Stage[main]/Foreman_proxy::Register/Datacat_collector[foreman_proxy::enabled_features]: Starting to evaluate the resource (1135 of 1149)
2024-08-02 22:57:29 [DEBUG ] [configure] Datacat_collector[foreman_proxy::enabled_features](provider=datacat_collector): Collected {"features"=>["Templates", "Logs", "Registration", "Pulpcore", "Container_Gateway"]}
2024-08-02 22:57:29 [DEBUG ] [configure] Datacat_collector[foreman_proxy::enabled_features](provider=datacat_collector): Selecting source_key features
2024-08-02 22:57:29 [DEBUG ] [configure] Datacat_collector[foreman_proxy::enabled_features](provider=datacat_collector): Now setting field :features
2024-08-02 22:57:29 [DEBUG ] [configure] /Stage[main]/Foreman_proxy::Register/Datacat_collector[foreman_proxy::enabled_features]: Evaluated in 0.00 seconds
2024-08-02 22:57:29 [DEBUG ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[gpnixfor02.ipa.medforest.org]: Starting to evaluate the resource (1136 of 1149)
2024-08-02 22:57:29 [DEBUG ] [configure] Foreman_smartproxy[gpnixfor02.ipa.medforest.org](provider=rest_v3): Making get request to https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
2024-08-02 22:57:29 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[gpnixfor02.ipa.medforest.org]: Could not evaluate: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
2024-08-02 22:57:29 [ERROR ] [configure] Wrapped exception:
2024-08-02 22:57:29 [ERROR ] [configure] SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
2024-08-02 22:57:29 [DEBUG ] [configure] Foreman_smartproxy[gpnixfor02.ipa.medforest.org](provider=rest_v3): Making get request to https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
2024-08-02 22:57:29 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[gpnixfor02.ipa.medforest.org]: Failed to call refresh: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
2024-08-02 22:57:29 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[gpnixfor02.ipa.medforest.org]: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: https://gpnixfor01.ipa.medforest.org/api/v2/smart_proxies?search=name%3D%22gpnixfor02.ipa.medforest.org%22
2024-08-02 22:57:29 [ERROR ] [configure] Wrapped exception:
2024-08-02 22:57:29 [ERROR ] [configure] SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
I’ve used openssl to check the cert, key, and ca cert package that I provided.
Thank you for your time. Please let me know if I can provide any more info that might be helpful.