Foreman-installer fails tries to open connection to server on port 443

Problem:

When running the foreman-installer it fails on this step:

/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.example.org]: Could not evaluate: Exception Failed to open TCP connection to foreman.example.org:443 (Connection refused - connect(2) for "foreman.example.org" port 443) in get request to: https://foreman.example.org/api/v2/smart_proxies?search=name%3D%22foreman.example.org%22

I have tried to disable SSL but I get the same message.

foreman-installer --foreman-ssl=false --foreman-proxy-gpgcheck=false --foreman-unattended-url=http://foreman.example.org --foreman-servername=foreman.example.org --foreman-hsts-enabled=false

Am I supposed to do some config to apache before running foreman-install? I tried configuring a VirtualHost for 443 in /etc/apache2/sites-enabled/05-foreman.conf but this was wiped after running the installer.

Expected outcome: foreman-install goes through when running with SSL disabled

Foreman and Proxy versions: Foreman: 2.5.0-develop puppet: 6.22.1

Distribution and version: Ubuntu 20.04 running foreman nightly

It calls the API to register. Disabling SSL should not be done and it should configure Apache properly.

A connection refused can indicate a firewall problem.

A firewall issue is unlikely since everything is hosted on the same host.

iptables can block traffic on the same host just fine. Have you checked that the service is running (systemctl status apache foreman) and what curl -v on the same URL returns?

I got past this error by using my reverse proxy that listens to port 443.
This also has the benefit of me having a valid cert.

But now I’m stuck on this step:

2021-04-30 20:09:55 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.example.org]: Could not evaluate: Error making GET request to Foreman at https://foreman.example.org/api/v2/smart_proxies: Response: 401 Unauthorized: Often this is caused by invalid Oauth credentials

I’ve updated my orignal installer comand to this:

foreman-installer --foreman-proxy-gpgcheck=false --foreman-unattended-url=http://foreman.example.org --foreman-servername=foreman.example.org --foreman-foreman-url=https://foreman.example.org --foreman-cli-foreman-url=https://foreman.example.orgs --foreman-proxy-foreman-base-url=https://foreman.example.org --foreman-hsts-enabled=false --foreman-proxy-oauth-consumer-key=<oauth key> --foreman-proxy-oauth-consumer-secret=<oauth secret>

I got the Oauth key and secret from /etc/foreman/settings.yaml.

Is there anyway to confim I have the right Oauth key/secret? Maybe a cURL one line or something.

It worked after rebooting the host. I don’t know why the Oauth stuff didn’t work but it works now.

In summary, my solution:

  • Make sure you have valid certs and have your base URL that listens to HTTPS.
  • Get the OAuth secret and key from /etc/foreman/settings.yaml before running foreman-installer.

Well, I guess usually it’s better to use the standard ssl foreman configuration and use the configuration options if you want your to use your own certificates. That should be easier and more reliable for updates etc.