Error while clustering Foreman | HA Foreman & puppet

Hello,

I have dedicated puppet ca where I have generated certs in the name of
foreman url which I want to and copied
/etc/puppetlabs/puppet/ssl/certs/ca.pem , foreman.example.com.pem and
*/private_keys/foremandv.example.com.pem and crl.pem. to host1.example.com.
" host1.example.com" using this node to install only foreman. RHEL 7.3 and
foreman 13.1 (latest)

I have changed hostname (host1.example.com) in few fields using interactive
mode while running installer.

Finally ended up with https errors as below.

Proxy foremandv.examplecom cannot be registered: Unable to communicate
with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect
features ([OpenSSL::SSL::SSLError]: hostname "host1.example.com" does not
match the server certificate) for proxy
https://host1.example.com:8443/features Please check the proxy is
configured and running on the host.
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:23:in
create' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property/ensure.rb:16:inblock in defaultvalues'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:487:in set' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:561:insync'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:236:in
sync' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:134:insync_if_needed'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:80:in
perform_changes' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:21:inevaluate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:230:in
apply' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:246:ineval_resource'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:in
call' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:inblock (2 levels) in evaluate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:386:in block in thinmark' /opt/puppetlabs/puppet/lib/ruby/2.1.0/benchmark.rb:294:inrealtime'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:385:in thinmark' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:inblock in evaluate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:118:in
traverse' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:154:inevaluate'
/usr/share/gems/gems/kafo-0.9.8/modules/kafo_configure/lib/puppet/parser/functions/add_progress.rb:31:in
evaluate_with_trigger' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:222:inblock in apply'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:155:in
with_destination' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/report.rb:142:inas_logging_destination'
/usr/share/gems/gems/kafo-0.9.8/modules/kafo_configure/lib/kafo/puppet/report_wrapper.rb:34:in
method_missing' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:221:inapply'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:171:in
block in apply_catalog' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:223:inblock in
benchmark'
/opt/puppetlabs/puppet/lib/ruby/2.1.0/benchmark.rb:294:in realtime' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:222:inbenchmark'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:170:in
apply_catalog' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:343:inrun_internal'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:221:in
block in run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:inoverride'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:241:in override' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:195:inrun'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:350:in
apply_catalog' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:274:inblock in main'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in
override' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:241:inoverride'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:225:in
main' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:170:inrun_command'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:344:in
block in run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:540:inexit_on_fail'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:344:in
run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:132:inrun'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:72:in
execute' /opt/puppetlabs/puppet/bin/puppet:5:in<main>'
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foremandv.examplecom]/ensure:
change from absent to present failed: Proxy foremandv.example.com cannot be
registered: Unable to communicate with the proxy: ERF12-2530
[ProxyAPI::ProxyException]: Unable to detect features
([OpenSSL::SSL::SSLError]: hostname "host1.example.com" does not match the
server certificate) for proxy https://host1.example.com:8443/features
Please check the proxy is configured and running on the host.
Installing Done
[100%]
[…]
Something went wrong! Check the log for ERROR-level output

• Foreman is running at https://foremandv.example.com
  Initial credentials are admin / sZ3Twb79PDQoaL4G
• Foreman Proxy is running at https://foremandv.example.com:8443
  The full log is at /var/log/foreman-installer/foreman.log

Can any one please advice the procedure for clustering 3 foreman servers.

Thank you
Sai Krishna

You already ran the installer, then modified the answer file and replaced
host1.example.com with foremandv.example.com?
If you can give more details it will be much more helpful.

But simple as the error state, the smart proxy is using a certificate with
an CN attribute that does not match the hostname that you call to.

Do you have two smart proxies or only one?

Little late to the party here.

My understanding:
You have 2 Foreman servers you're trying to LB, but when you connect to
them w/ a Smart Proxy, you get this SSL error. You changed something in the
answer-file and re-ran the installer.

Let's start with the easy stuff. Assuming this is RHEL/CentOS on the
Foreman server:
grep -i servername /etc/httpd/conf.d/foreman
grep -i SSL /etc/httpd/conf.d/foreman

You should see foremandv.example.com as the ServerName, and the correct
certs in 05-foreman-ssl.conf. If those two look correct you should able to
connect to Foreman via your web browser & the LB (make sure it shows the
right certs!).

If those two are correct and you're getting the errors you posted on the
Smart Proxy (and it looks like they are Smart Proxy errors), that tells me
the Smart Proxy isn't configured w/ the correct CA cert, so it cannot
validate the certs the Foreman server is presenting.

-Chris

Appreciate your quick reply. Yes I have replaced host1.example.com with
foremandv.example.com in the answer file and ran the installer. I have
generated the certs in the name of foremandv.example.com and copied to this
host1.example.com.

I have one more node where it acts as puppet ca + foreman server.

Please let me know what more details I can provide on this.

Thank you !!

Just now I have seen foreman is running on host1.example.com instead of
foremandv.example.com. The reason I choose generic name so that I can
cluster the foreman servers, but foreman is running based on hostname
specific. Can you please guide me.

Thank you

>
> Hi Chris,
>>
>
grep -i servername /etc/httpd/conf.d/foreman
/etc/httpd/conf.d/05-foreman.conf: ServerName foremandv.example.com
grep: /etc/httpd/conf.d/05-foreman.d: Is a directory
/etc/httpd/conf.d/05-foreman-ssl.conf: ServerName foremandv.example.com
grep: /etc/httpd/conf.d/05-foreman-ssl.d: Is a directory

roothost1 [~] # grep -i SSL /etc/httpd/conf.d/foreman
grep: /etc/httpd/conf.d/05-foreman.d: Is a directory
/etc/httpd/conf.d/05-foreman-ssl.conf: ErrorLog
"/var/log/httpd/foreman-ssl_error_ssl.log"
/etc/httpd/conf.d/05-foreman-ssl.conf: CustomLog
"/var/log/httpd/foreman-ssl_access_ssl.log" combined
/etc/httpd/conf.d/05-foreman-ssl.conf: ## SSL directives
/etc/httpd/conf.d/05-foreman-ssl.conf: SSLEngine on
/etc/httpd/conf.d/05-foreman-ssl.conf: SSLCertificateFile
"/etc/puppetlabs/puppet/ssl/certs/foremandv.example.com.pem"
/etc/httpd/conf.d/05-foreman-ssl.conf: SSLCertificateKeyFile
"/etc/puppetlabs/puppet/ssl/private_keys/foremandv.example.com.pem"
/etc/httpd/conf.d/05-foreman-ssl.conf: SSLCertificateChainFile
"/etc/puppetlabs/puppet/ssl/certs/ca.pem"
/etc/httpd/conf.d/05-foreman-ssl.conf: SSLCACertificateFile
"/etc/puppetlabs/puppet/ssl/certs/ca.pem"
/etc/httpd/conf.d/05-foreman-ssl.conf: SSLCARevocationFile
"/etc/puppetlabs/puppet/ssl/crl.pem"
/etc/httpd/conf.d/05-foreman-ssl.conf: SSLCARevocationCheck "chain"
/etc/httpd/conf.d/05-foreman-ssl.conf: SSLVerifyClient optional
/etc/httpd/conf.d/05-foreman-ssl.conf: SSLVerifyDepth 3
/etc/httpd/conf.d/05-foreman-ssl.conf: SSLOptions +StdEnvVars
+ExportCertData
/etc/httpd/conf.d/05-foreman-ssl.conf: Include
/etc/httpd/conf.d/05-foreman-ssl.d/.conf
/etc/httpd/conf.d/05-foreman-ssl.conf: IncludeOptional
/etc/httpd/conf.d/05-foreman-ssl.d/.conf
grep: /etc/httpd/conf.d/05-foreman-ssl.d: Is a directory

Yes it rhel 7, as you said these two looks correct.

I don't have any foreman severs, am planning to build 2 foreman(WebUI/ENC)
servers (clustered) so that both foreman runs on generic
(https://foremandv.example.com ) so that load will be distributed to both
servers and I have existing highly available puppet setup. I want to
integrate this foreman cluster with existing puppet set up.

Can you please guide me about the smart proxy errors, how to configure wrt
to correct CA cert.

Thank you very much !!

I would start by reading those two posts, they are quite good.

https://theforeman.org/2015/12/journey_to_high_availability.html

(The only thing i dislike about this post is that he uses the same
certificate).

As example, to create an HA Puppet master (with Smart Proxy) you will need
to generate a general certificate (i.e: puppet.example.com).
Let's say the node names are puppet1.example.com and puppet2.example.com,
both of them are running smart-proxy and a puppet master which uses the
puppet.example.com certificate (smart-proxy and puppetmaster), if you are
running a puppet agent on them, the agent can still use puppet1/puppet2
certificate (clientcert), you will need to run a load balancer to balance
both the calls to puppet and the calls to the smart-proxy, then you can add
puppet.example.com as a smart-proxy.
It's a very short summarize, if you read those two blog posts it will make
some sense.

You can have a look at my blog as well -
https://blog.dobrev.eu/blog/categories/theforeman/

You need to recreate the certs and add dns_alt_names for all the hosts that
you want to reuse these certs on.

Martin's blog is going to be far more in depth than something I can add
here. I would suggest going through that. It deals with self-signed certs,
so if you need something different, I can write something up for you that
covers the differences.

The short version of what you need to do:

• make sure ServerName is the same on all foreman servers in a cluster
• make sure websocket ssl certs are the same on all foreman servers in a
  cluster
• make sure they're talking to the same backend (DB)
• make sure you set the same secret token (for auth purposes)
• if you're using a proxy (i.e. ha proxy), you won't need dns_alt_names,
  but you can still use them. If you're using only a LB (i.e. F5 w/o
  proxying), then you want dns_alt_names.

I realize my comments about smart proxy are incomplete. Using an externally
signed cert, we ran in to issues where the smart proxy needed the same
ssl_ca (/etc/puppet/foreman.yaml) and ssl_ca_file
(/etc/foreman-proxy/settings.yaml) file as the "ssl_ca_file" on the Foreman
server (in /etc/foreman/settings.yaml). This only happened with an external
cert, not a self-signed one from the puppet CA.

>
> Yes these are two post which I have read before starting HA set up and
>>>> then decided to have set up like which chris have arranged (
>>>> Foreman :: Journey to High Availability )
>>>>
>>> I was able to load balance with two puppet masters with smart proxy as
you have mentioned with f5. Now am trying to have a separate foreman
cluster as chris did, in that process I have thought of running foreman on
general name as foremandv.example.com and I have generated certs from
puppet ca and transferred to node1.example.com and tried running the
installer but ended up foreman running on https://node1.example.com instead
of foremandv.example.com.

>
> Below are the error logs where it is failing to run foreman on general one
>>>> like foremandv.example.com
>>>>
>>>
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foremandv.example.com]:
Could not evaluate: Exception SSL_connect returned=1 errno=0 state=SSLv2/v3
read server hello A: unknown protocol in get request to:
https://foremandv.example.com/api/v2/smart_proxies?search=name="foremandv.example.com"
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_resource/rest_v3.rb:89:in
rescue in request' /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_resource/rest_v3.rb:71:inrequest'
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:6:in
proxy' /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:13:inid'
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:17:in
exists?' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property/ensure.rb:81:inretrieve'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type.rb:1070:in
retrieve' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type.rb:1098:inretrieve_resource'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:300:in
from_resource' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:20:inevaluate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:230:in
apply' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:246:ineval_resource'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:in
call' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:inblock (2 levels) in evaluate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:386:in block in thinmark' /opt/puppetlabs/puppet/lib/ruby/2.1.0/benchmark.rb:294:inrealtime'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:385:in thinmark' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:inblock in evaluate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:118:in
traverse' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:154:inevaluate'
/usr/share/gems/gems/kafo-0.9.8/modules/kafo_configure/lib/puppet/parser/functions/add_progress.rb:31:in
evaluate_with_trigger' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:222:inblock in apply'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:155:in
with_destination' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/report.rb:142:inas_logging_destination'
/usr/share/gems/gems/kafo-0.9.8/modules/kafo_configure/lib/kafo/puppet/report_wrapper.rb:34:in
method_missing' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:221:inapply'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:171:in
block in apply_catalog' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:223:inblock in
benchmark'
/opt/puppetlabs/puppet/lib/ruby/2.1.0/benchmark.rb:294:in realtime' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:222:inbenchmark'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:170:in
apply_catalog' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:343:inrun_internal'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:221:in
block in run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:inoverride'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:241:in override' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:195:inrun'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:350:in
apply_catalog' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:274:inblock in main'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in
override' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:241:inoverride'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:225:in
main' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:170:inrun_command'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:344:in
block in run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:540:inexit_on_fail'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:344:in
run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:132:inrun'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:72:in
execute' /opt/puppetlabs/puppet/bin/puppet:5:in<main>'
Wrapped exception:
SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown
protocol
/opt/puppetlabs/puppet/lib/ruby/2.1.0/net/http.rb:923:in connect' /opt/puppetlabs/puppet/lib/ruby/2.1.0/net/http.rb:923:inblock in connect'
/opt/puppetlabs/puppet/lib/ruby/2.1.0/timeout.rb:90:in block in timeout' /opt/puppetlabs/puppet/lib/ruby/2.1.0/timeout.rb:100:incall'
/opt/puppetlabs/puppet/lib/ruby/2.1.0/timeout.rb:100:in timeout' /opt/puppetlabs/puppet/lib/ruby/2.1.0/net/http.rb:923:inconnect'
/opt/puppetlabs/puppet/lib/ruby/2.1.0/net/http.rb:863:in do_start' /opt/puppetlabs/puppet/lib/ruby/2.1.0/net/http.rb:852:instart'
/opt/puppetlabs/puppet/lib/ruby/2.1.0/net/http.rb:1375:in request' /opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/oauth-0.5.1/lib/oauth/consumer.rb:161:inrequest'
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_resource/rest_v3.rb:76:in
request' /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:6:inproxy'
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:13:in
id' /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:17:inexists?'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property/ensure.rb:81:in
retrieve' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type.rb:1070:inretrieve'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type.rb:1098:in
retrieve_resource' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:300:infrom_resource'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:20:in
evaluate' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:230:inapply'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:246:in
eval_resource' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:incall'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:in
block (2 levels) in evaluate' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:386:inblock in
thinmark'
/opt/puppetlabs/puppet/lib/ruby/2.1.0/benchmark.rb:294:in realtime' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:385:inthinmark'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:in
block in evaluate' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:118:intraverse'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:154:in
evaluate' /usr/share/gems/gems/kafo-0.9.8/modules/kafo_configure/lib/puppet/parser/functions/add_progress.rb:31:inevaluate_with_trigger'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:222:in
block in apply' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:155:inwith_destination'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/report.rb:142:in
as_logging_destination' /usr/share/gems/gems/kafo-0.9.8/modules/kafo_configure/lib/kafo/puppet/report_wrapper.rb:34:inmethod_missing'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:221:in
apply' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:171:inblock in apply_catalog'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:223:in block in benchmark' /opt/puppetlabs/puppet/lib/ruby/2.1.0/benchmark.rb:294:inrealtime'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:222:in
benchmark' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:170:inapply_catalog'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:343:in
run_internal' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:221:inblock in run'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in
override' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:241:inoverride'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:195:in
run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:350:inapply_catalog'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:274:in
block in main' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:inoverride'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:241:in override' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:225:inmain'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:170:in
run_command' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:344:inblock in run'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:540:in
exit_on_fail' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:344:inrun'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:132:in
run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:72:inexecute'
/opt/puppetlabs/puppet/bin/puppet:5:in <main>' /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foremandv.example.com]: Failed to call refresh: Exception SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol in get request to: https://foremandv.example.com/api/v2/smart_proxies?search=name=%22foremandv.example.com%22 /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foremandv.example.com]: Exception SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello https://foremandv.example.com/api/v2/smart_proxies?search=name=%22foremandv.example.com%22 /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_resource/rest_v3.rb:89:inrescue in request'
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_resource/rest_v3.rb:71:in
request' /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:6:inproxy'
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:13:in
id' /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:17:inexists?'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property/ensure.rb:81:in
retrieve' /usr/share/foreman-installer/modules/foreman/lib/puppet/type/foreman_smartproxy.rb:53:inrefresh'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/event_manager.rb:147:in
process_callback' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/event_manager.rb:34:inblock in process_events'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/event_manager.rb:119:in
block in queued_events' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/event_manager.rb:118:ineach'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/event_manager.rb:118:in
queued_events' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/event_manager.rb:33:inprocess_events'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:247:in
eval_resource' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:incall'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:in
block (2 levels) in evaluate' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:386:inblock in
thinmark'
/opt/puppetlabs/puppet/lib/ruby/2.1.0/benchmark.rb:294:in realtime' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:385:inthinmark'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:in
block in evaluate' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:118:intraverse'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:154:in
evaluate' /usr/share/gems/gems/kafo-0.9.8/modules/kafo_configure/lib/puppet/parser/functions/add_progress.rb:31:inevaluate_with_trigger'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:222:in
block in apply' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:155:inwith_destination'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/report.rb:142:in
as_logging_destination' /usr/share/gems/gems/kafo-0.9.8/modules/kafo_configure/lib/kafo/puppet/report_wrapper.rb:34:inmethod_missing'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:221:in
apply' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:171:inblock in apply_catalog'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:223:in block in benchmark' /opt/puppetlabs/puppet/lib/ruby/2.1.0/benchmark.rb:294:inrealtime'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:222:in
benchmark' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:170:inapply_catalog'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:343:in
run_internal' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:221:inblock in run'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in
override' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:241:inoverride'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:195:in
run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:350:inapply_catalog'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:274:in
block in main' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:inoverride'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:241:in override' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:225:inmain'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:170:in
run_command' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:344:inblock in run'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:540:in
exit_on_fail' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:344:inrun'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:132:in
run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:72:inexecute'
/opt/puppetlabs/puppet/bin/puppet:5:in <main>' Wrapped exception: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol /opt/puppetlabs/puppet/lib/ruby/2.1.0/net/http.rb:923:inconnect'
/opt/puppetlabs/puppet/lib/ruby/2.1.0/net/http.rb:923:in block in connect' /opt/puppetlabs/puppet/lib/ruby/2.1.0/timeout.rb:90:inblock in timeout'
/opt/puppetlabs/puppet/lib/ruby/2.1.0/timeout.rb:100:in call' /opt/puppetlabs/puppet/lib/ruby/2.1.0/timeout.rb:100:intimeout'
/opt/puppetlabs/puppet/lib/ruby/2.1.0/net/http.rb:923:in connect' /opt/puppetlabs/puppet/lib/ruby/2.1.0/net/http.rb:863:indo_start'
/opt/puppetlabs/puppet/lib/ruby/2.1.0/net/http.rb:852:in start' /opt/puppetlabs/puppet/lib/ruby/2.1.0/net/http.rb:1375:inrequest'
/opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/oauth-0.5.1/lib/oauth/consumer.rb:161:in
request' /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_resource/rest_v3.rb:76:inrequest'
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:6:in
proxy' /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:13:inid'
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:17:in
exists?' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property/ensure.rb:81:inretrieve'
/usr/share/foreman-installer/modules/foreman/lib/puppet/type/foreman_smartproxy.rb:53:in
refresh' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/event_manager.rb:147:inprocess_callback'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/event_manager.rb:34:in
block in process_events' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/event_manager.rb:119:inblock in queued_events'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/event_manager.rb:118:in
each' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/event_manager.rb:118:inqueued_events'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/event_manager.rb:33:in
process_events' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:247:ineval_resource'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:in
call' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:inblock (2 levels) in evaluate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:386:in block in thinmark' /opt/puppetlabs/puppet/lib/ruby/2.1.0/benchmark.rb:294:inrealtime'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:385:in thinmark' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:inblock in evaluate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:118:in
traverse' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:154:inevaluate'
/usr/share/gems/gems/kafo-0.9.8/modules/kafo_configure/lib/puppet/parser/functions/add_progress.rb:31:in
evaluate_with_trigger' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:222:inblock in apply'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:155:in
with_destination' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/report.rb:142:inas_logging_destination'
/usr/share/gems/gems/kafo-0.9.8/modules/kafo_configure/lib/kafo/puppet/report_wrapper.rb:34:in
method_missing' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:221:inapply'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:171:in
block in apply_catalog' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:223:inblock in
benchmark'
/opt/puppetlabs/puppet/lib/ruby/2.1.0/benchmark.rb:294:in realtime' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:222:inbenchmark'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:170:in
apply_catalog' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:343:inrun_internal'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:221:in
block in run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:inoverride'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:241:in override' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:195:inrun'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:350:in
`apply_catalog'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:274:in

Hi Martin,

yes dns_alt_names resolved the issue.

Thank you very much !!

Hi Chris,

Yes I have followed all the instructions as you advised… able to cluster
foreman.

Thank you very much !!