I’ve tried just about everything I can think of…
Using foreman 3.1.0-rc2, I’m attempting to set up a standalone freeipa smart proxy and don’t want it to serve any pulp content, I just want it to be a simple freeipa smart proxy… When attempting to run foreman-installer with the below flags, I’m getting the below errors complaining about the foreman server having a self signed certificate. I know I can just get around this by turning SSL off on the smart proxy, but I’d prefer to have the connections encrypted. Can someone help me understand what I’m doing wrong and why I can’t get it to ignore that the server’s CA is self-signed?
Distro:
RockyLinux 8
installer flags:
foreman-installer
–enable-foreman-proxy
–no-enable-foreman-plugin-bootdisk
–no-enable-foreman-plugin-setup
–no-enable-foreman
–no-enable-foreman-cli
–foreman-proxy-realm=true
–foreman-proxy-register-in-foreman “true”
–foreman-proxy-foreman-base-url “https://foreman.example.com”
–foreman-proxy-trusted-hosts “foreman.example.com”
–foreman-proxy-oauth-consumer-key “…”
–foreman-proxy-oauth-consumer-secret “…”
–puppet-server-foreman-url “https://foreman.example.com”
–no-enable-foreman-plugin-puppet
–no-enable-foreman-cli-puppet
–foreman-proxy-ssl-port=7443
–puppet-server-ca=false
–puppet-server=false
installer error … ignore that there are no hyperlinks, it won’t let me add more than 5 links because I’m a new user:
2021-12-07 12:17:55 [NOTICE] [root] Loading installer configuration. This will take some time.
2021-12-07 12:18:04 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2021-12-07 12:18:04 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2021-12-07 12:18:07 [NOTICE] [configure] Starting system configuration.
2021-12-07 12:18:15 [NOTICE] [configure] 250 configuration steps out of 493 steps complete.
2021-12-07 12:18:19 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_host[foremanhost]: Could not evaluate: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: foremanhost/api/v2/hosts?search=name%3D%22foremanhost%22
2021-12-07 12:18:19 [ERROR ] [configure] Wrapped exception:
2021-12-07 12:18:19 [ERROR ] [configure] SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
2021-12-07 12:18:19 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foremanhost]: Could not evaluate: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: foremanhost/api/v2/smart_proxies?search=name%3D%22foremanhost%22
2021-12-07 12:18:19 [ERROR ] [configure] Wrapped exception:
2021-12-07 12:18:19 [ERROR ] [configure] SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
2021-12-07 12:18:19 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foremanhost]: Failed to call refresh: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self
signed certificate in certificate chain) in get request to: foremanhost/api/v2/smart_proxies?search=name%3D%22foremanhost%22
2021-12-07 12:18:19 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foremanhost]: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: foremanhost/api/v2/smart_proxies?search=name%3D%22foremanhost%22
2021-12-07 12:18:19 [ERROR ] [configure] Wrapped exception:
2021-12-07 12:18:19 [ERROR ] [configure] SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
2021-12-07 12:18:20 [NOTICE] [configure] System configuration has finished.There were errors detected during install.
Please address the errors and re-run the installer to ensure the system is properly configured.
Failing to do so is likely to result in broken functionality.The full log is at /var/log/foreman-installer/foreman.log
installed foreman / katello packages:
$ rpm -qa | egrep ‘foreman|katello’
foreman-installer-3.1.0-0.1.rc2.el8.noarch
foreman.example.com-foreman-proxy-client-1.0-1.noarch
foreman-debug-3.1.0-0.1.rc2.el8.noarch
foreman.example.com-foreman-proxy-1.0-1.noarch
foreman-proxy-3.1.0-0.2.rc2.el8.noarch
katello-ca-consumer-foreman.example.com-1.0-1.noarch
Driving me crazy… can anyone lend a helping hand please?