Foreman-installer --foreman-server-ssl-port 7443 fails

Support
1

Problem:
Hi,
When I run the command foreman-installer --foreman-server-ssl-port 7443 I get the following error:

foreman-installer log


[NOTICE] [configure] 2000 configuration steps out of 2124 steps complete.
[ERROR ] [configure] /Stage[main]/Foreman::Register/Foreman_host[foreman-my.foreman.domain.es]: Could not evaluate: Exception Failed to open TCP connection to my.foreman.domain.es:443 (Connection refused - connect(2) for “my.foreman.domain.es” port 443) in get request to: https:/my.foreman.domain.es/api/v2/hosts?search=name%3D%22my.foreman.domain.es%22
[ERROR ] [configure] Wrapped exception:
[ERROR ] [configure] Failed to open TCP connection to my.foreman.domain.es:443 (Connection refused - connect(2) for “my.foreman.domain.es” port 443)
[ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_host[foreman-proxy-my.foreman.domain.es]: Could not evaluate: Exception Failed to open TCP connection to my.foreman.domain.es:443 (Connection refused - connect(2) for “my.foreman.domain.es” port 443) in get request to: https:/my.foreman.domain.es/api/v2/hosts?search=name%3D%22my.foreman.domain.es%22
[ERROR ] [configure] Wrapped exception:
[ERROR ] [configure] Failed to open TCP connection to my.foreman.domain.es:443 (Connection refused - connect(2) for “my.foreman.domain.es” port 443)
[ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[my.foreman.domain.es]: Could not evaluate: Exception Failed to open TCP connection to my.foreman.domain.es:443 (Connection refused - connect(2) for “my.foreman.domain.es” port 443) in get request to: https:/my.foreman.domain.es/api/v2/smart_proxies?search=name%3D%22my.foreman.domain.es%22
[ERROR ] [configure] Wrapped exception:
[ERROR ] [configure] Failed to open TCP connection to my.foreman.domain.es:443 (Connection refused - connect(2) for “my.foreman.domain.es” port 443)
[NOTICE] [configure] System configuration has finished.

Error 1: Puppet Foreman_host resource ‘foreman-my.foreman.domain.es’ failed. Logs:
/Stage[main]/Foreman::Register/Foreman_host[foreman-my.foreman.domain.es]
Adding autorequire relationship with Anchor[foreman::service]
Adding autorequire relationship with Anchor[foreman::providers::oauth]
Starting to evaluate the resource (2008 of 2124)
Could not evaluate: Exception Failed to open TCP connection to my.foreman.domain.es:443 (Connection refused - connect(2) for “my.foreman.domain.es” port 443) in get request to: https:/my.foreman.domain.es/api/v2/hosts?search=name%3D%22my.foreman.domain.es%22
Wrapped exception:
Failed to open TCP connection to my.foreman.domain.es:443 (Connection refused - connect(2) for “my.foreman.domain.es” port 443)
Evaluated in 0.01 seconds
Foreman_host[foreman-my.foreman.domain.es](provider=rest_v3)
Making get request to https:/my.foreman.domain.es/api/v2/hosts?search=name%3D%22my.foreman.domain.es%22
Error 2: Puppet Foreman_host resource ‘foreman-proxy-my.foreman.domain.es’ failed. Logs:
/Stage[main]/Foreman_proxy::Register/Foreman_host[foreman-proxy-my.foreman.domain.es]
Adding autorequire relationship with Anchor[foreman::service]
Adding autorequire relationship with Anchor[foreman::providers::oauth]
Starting to evaluate the resource (2094 of 2124)
Could not evaluate: Exception Failed to open TCP connection to my.foreman.domain.es:443 (Connection refused - connect(2) for “my.foreman.domain.es” port 443) in get request to: https:/my.foreman.domain.es/api/v2/hosts?search=name%3D%22my.foreman.domain.es%22
Wrapped exception:
Failed to open TCP connection to my.foreman.domain.es:443 (Connection refused - connect(2) for “my.foreman.domain.es” port 443)
Evaluated in 0.01 seconds
Foreman_host[foreman-proxy-my.foreman.domain.es](provider=rest_v3)
Making get request to https:/my.foreman.domain.es/api/v2/hosts?search=name%3D%22my.foreman.domain.es%22
Error 3: Puppet Foreman_smartproxy resource ‘my.foreman.domain.es’ failed. Logs:
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[my.foreman.domain.es]/before
before to Cron[puppet]
before to Service[puppet]
before to Service[puppet-run.timer]
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[my.foreman.domain.es]
Adding autorequire relationship with Anchor[foreman::service]
Adding autorequire relationship with Anchor[foreman::providers::oauth]
Starting to evaluate the resource (2096 of 2124)
Could not evaluate: Exception Failed to open TCP connection to my.foreman.domain.es:443 (Connection refused - connect(2) for “my.foreman.domain.es” port 443) in get request to: https:/my.foreman.domain.es/api/v2/smart_proxies?search=name%3D%22my.foreman.domain.es%22
Wrapped exception:
Failed to open TCP connection to my.foreman.domain.es:443 (Connection refused - connect(2) for “my.foreman.domain.es” port 443)
Evaluated in 0.01 seconds
Foreman_smartproxy[my.foreman.domain.es](provider=rest_v3)
Making get request to https:/my.foreman.domain.es/api/v2/smart_proxies?search=name%3D%22my.foreman.domain.es%22

3 errors were detected.
Please address the errors and re-run the installer to ensure the system is properly configured.
Failing to do so is likely to result in broken functionality.

I have checked the file /etc/httpd/conf.d/05-foreman-ssl.conf and it has changed the line <VirtualHost *:443> to <VirtualHost *:7443> but I don’t understand why it keeps checking port 443.

Expected outcome:
Running Foreman on a port other than 443

Foreman and Proxy versions:
Foreman 3.9.1

Foreman and Proxy plugin versions:
Katello 4.11
foreman-tasks 9.0.1
foreman_ansible 13.0.3
foreman_discovery 23.0.0
foreman_puppet 6.1.1
foreman_remote_execution 12.0.5

Distribution and version:
Red Hat Enterprise Linux release 8.9 (Ootpa)

Other relevant data:
The 7443 port is open on Foreman server:

firewall-cmd --permanent --add-port=7443/tcp && firewall-cmd --reload


foreman-rake errors:fetch_log request_id=597ec529
Full log

Foreman version: 3.9.1

Plugins:

  • foreman-tasks 9.0.1

  • foreman_ansible 13.0.3

  • foreman_discovery 23.0.0

  • foreman_puppet 6.1.1

  • foreman_remote_execution 12.0.5

  • katello 4.11.0

2024-05-30T10:30:56 [I|app|597ec529] Started GET “/smart_proxies/2-my-foreman-domain-es/pulp_storage” for 10.98.166.12 at 2024-05-30 10:30:56 +0200

2024-05-30T10:30:56 [I|app|597ec529] Processing by SmartProxiesController#pulp_storage as HTML

2024-05-30T10:30:56 [I|app|597ec529] Parameters: {“id”=>“2-my-foreman-domain-es”}

2024-05-30T10:30:56 [W|app|597ec529] my.foreman.domain.es is unreachable. Failed to open TCP connection to my.foreman.domain.es:443 (Connection refused - connect(2) for “my.foreman.domain.es” port 443)

2024-05-30T10:30:56 [I|app|597ec529] Backtrace for ‘my.foreman.domain.es is unreachable. Failed to open TCP connection to my.foreman.domain.es:443 (Connection refused - connect(2) for “my.foreman.domain.es” port 443)’ error (Katello::Errors::CapsuleCannotBeReached): my.foreman.domain.es is unreachable. Failed to open TCP connection to my.foreman.domain.es:443 (Connection refused - connect(2) for “my.foreman.domain.es” port 443)

597ec529 | /usr/share/gems/gems/katello-4.11.0/app/models/katello/concerns/smart_proxy_extensions.rb:511:in `rescue in ping_pulp3’

597ec529 | /usr/share/gems/gems/katello-4.11.0/app/models/katello/concerns/smart_proxy_extensions.rb:508:in `ping_pulp3’

597ec529 | /usr/share/gems/gems/katello-4.11.0/app/models/katello/concerns/smart_proxy_extensions.rb:270:in `pulp_disk_usage’

597ec529 | /usr/share/gems/gems/katello-4.11.0/app/controllers/katello/concerns/smart_proxies_controller_extensions.rb:29:in `pulp_storage’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/abstract_controller/base.rb:228:in `process_action’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_controller/metal/rendering.rb:30:in `process_action’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/abstract_controller/callbacks.rb:42:in `block in process_action’

597ec529 | /usr/share/gems/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb:117:in `block in run_callbacks’

597ec529 | /usr/share/foreman/app/controllers/concerns/foreman/controller/timezone.rb:10:in `set_timezone’

597ec529 | /usr/share/gems/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb:126:in `block in run_callbacks’

597ec529 | /usr/share/foreman/app/models/concerns/foreman/thread_session.rb:32:in `clear_thread’

597ec529 | /usr/share/gems/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb:126:in `block in run_callbacks’

597ec529 | /usr/share/foreman/app/controllers/concerns/foreman/controller/topbar_sweeper.rb:12:in `set_topbar_sweeper_controller’

597ec529 | /usr/share/gems/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb:126:in `block in run_callbacks’

597ec529 | /usr/share/gems/gems/audited-5.4.2/lib/audited/sweeper.rb:16:in `around’

597ec529 | /usr/share/gems/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb:126:in `block in run_callbacks’

597ec529 | /usr/share/gems/gems/audited-5.4.2/lib/audited/sweeper.rb:16:in `around’

597ec529 | /usr/share/gems/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb:126:in `block in run_callbacks’

597ec529 | /usr/share/gems/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb:137:in `run_callbacks’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/abstract_controller/callbacks.rb:41:in `process_action’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_controller/metal/rescue.rb:22:in `process_action’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action’

597ec529 | /usr/share/gems/gems/activesupport-6.1.7.6/lib/active_support/notifications.rb:203:in `block in instrument’

597ec529 | /usr/share/gems/gems/activesupport-6.1.7.6/lib/active_support/notifications/instrumenter.rb:24:in `instrument’

597ec529 | /usr/share/gems/gems/activesupport-6.1.7.6/lib/active_support/notifications.rb:203:in `instrument’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_controller/metal/instrumentation.rb:33:in `process_action’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_controller/metal/params_wrapper.rb:249:in `process_action’

597ec529 | /usr/share/gems/gems/activerecord-6.1.7.6/lib/active_record/railties/controller_runtime.rb:27:in `process_action’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/abstract_controller/base.rb:165:in `process’

597ec529 | /usr/share/gems/gems/actionview-6.1.7.6/lib/action_view/rendering.rb:39:in `process’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_controller/metal.rb:190:in `dispatch’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_controller/metal.rb:254:in `dispatch’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/routing/route_set.rb:50:in `dispatch’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/routing/route_set.rb:33:in `serve’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/journey/router.rb:50:in `block in serve’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/journey/router.rb:32:in `each’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/journey/router.rb:32:in `serve’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/routing/route_set.rb:842:in `call’

597ec529 | /usr/share/gems/gems/katello-4.11.0/lib/katello/middleware/organization_created_enforcer.rb:18:in `call’

597ec529 | /usr/share/gems/gems/katello-4.11.0/lib/katello/middleware/event_daemon.rb:10:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/static.rb:24:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/static.rb:24:in `call’

597ec529 | /usr/share/gems/gems/apipie-dsl-2.6.1/lib/apipie_dsl/static_dispatcher.rb:67:in `call’

597ec529 | /usr/share/gems/gems/apipie-rails-1.2.3/lib/apipie/static_dispatcher.rb:68:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/static.rb:24:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/static.rb:24:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/static.rb:24:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/static.rb:24:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/static.rb:24:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/static.rb:24:in `call’

597ec529 | /usr/share/foreman/lib/foreman/middleware/libvirt_connection_cleaner.rb:9:in `call’

597ec529 | /usr/share/foreman/lib/foreman/middleware/telemetry.rb:10:in `call’

597ec529 | /usr/share/gems/gems/apipie-rails-1.2.3/lib/apipie/middleware/checksum_in_headers.rb:27:in `call’

597ec529 | /usr/share/gems/gems/rack-2.2.8/lib/rack/tempfile_reaper.rb:15:in `call’

597ec529 | /usr/share/gems/gems/rack-2.2.8/lib/rack/etag.rb:27:in `call’

597ec529 | /usr/share/gems/gems/rack-2.2.8/lib/rack/conditional_get.rb:27:in `call’

597ec529 | /usr/share/gems/gems/rack-2.2.8/lib/rack/head.rb:12:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/http/permissions_policy.rb:22:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/http/content_security_policy.rb:19:in `call’

597ec529 | /usr/share/foreman/lib/foreman/middleware/logging_context_session.rb:22:in `call’

597ec529 | /usr/share/gems/gems/rack-2.2.8/lib/rack/session/abstract/id.rb:266:in `context’

597ec529 | /usr/share/gems/gems/rack-2.2.8/lib/rack/session/abstract/id.rb:260:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/cookies.rb:697:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/callbacks.rb:27:in `block in call’

597ec529 | /usr/share/gems/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb:98:in `run_callbacks’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/callbacks.rb:26:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/actionable_exceptions.rb:18:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/debug_exceptions.rb:29:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call’

597ec529 | /usr/share/gems/gems/railties-6.1.7.6/lib/rails/rack/logger.rb:37:in `call_app’

597ec529 | /usr/share/gems/gems/railties-6.1.7.6/lib/rails/rack/logger.rb:28:in `call’

597ec529 | /usr/share/gems/gems/sprockets-rails-3.4.2/lib/sprockets/rails/quiet_assets.rb:13:in `call’

597ec529 | /usr/share/foreman/lib/foreman/middleware/logging_context_request.rb:11:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/remote_ip.rb:81:in `call’

597ec529 | /usr/share/gems/gems/request_store-1.5.1/lib/request_store/middleware.rb:19:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/request_id.rb:26:in `call’

597ec529 | /usr/share/gems/gems/katello-4.11.0/lib/katello/prevent_json_parsing.rb:12:in `call’

597ec529 | /usr/share/gems/gems/rack-2.2.8/lib/rack/method_override.rb:24:in `call’

597ec529 | /usr/share/gems/gems/rack-2.2.8/lib/rack/runtime.rb:22:in `call’

597ec529 | /usr/share/gems/gems/activesupport-6.1.7.6/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/executor.rb:14:in `call’

597ec529 | /usr/share/gems/gems/rack-2.2.8/lib/rack/sendfile.rb:110:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/ssl.rb:77:in `call’

597ec529 | /usr/share/gems/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/host_authorization.rb:142:in `call’

597ec529 | /usr/share/gems/gems/secure_headers-6.5.0/lib/secure_headers/middleware.rb:11:in `call’

597ec529 | /usr/share/gems/gems/railties-6.1.7.6/lib/rails/engine.rb:539:in `call’

597ec529 | /usr/share/gems/gems/railties-6.1.7.6/lib/rails/railtie.rb:207:in `public_send’

597ec529 | /usr/share/gems/gems/railties-6.1.7.6/lib/rails/railtie.rb:207:in `method_missing’

597ec529 | /usr/share/gems/gems/rack-2.2.8/lib/rack/urlmap.rb:74:in `block in call’

597ec529 | /usr/share/gems/gems/rack-2.2.8/lib/rack/urlmap.rb:58:in `each’

597ec529 | /usr/share/gems/gems/rack-2.2.8/lib/rack/urlmap.rb:58:in `call’

597ec529 | /usr/share/gems/gems/puma-6.4.0/lib/puma/configuration.rb:272:in `call’

597ec529 | /usr/share/gems/gems/puma-6.4.0/lib/puma/request.rb:100:in `block in handle_request’

597ec529 | /usr/share/gems/gems/puma-6.4.0/lib/puma/thread_pool.rb:378:in `with_force_shutdown’

597ec529 | /usr/share/gems/gems/puma-6.4.0/lib/puma/request.rb:99:in `handle_request’

597ec529 | /usr/share/gems/gems/puma-6.4.0/lib/puma/server.rb:443:in `process_client’

597ec529 | /usr/share/gems/gems/puma-6.4.0/lib/puma/server.rb:241:in `block in run’

597ec529 | /usr/share/gems/gems/puma-6.4.0/lib/puma/thread_pool.rb:155:in `block in spawn_thread’

597ec529 | /usr/share/gems/gems/logging-2.3.1/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context’

2024-05-30T10:30:56 [I|app|597ec529] Rendered common/500.html.erb (Duration: 2.1ms | Allocations: 1067)

2024-05-30T10:30:56 [I|app|597ec529] Completed 500 Internal Server Error in 301ms (Views: 3.0ms | ActiveRecord: 144.4ms | Allocations: 29105)

2

I guess, changing the port doesn’t change the foreman url set by --foreman-foreman-url or by foreman_url in the answers file.

You also have to remember, that 7443 is no port expected by selinux to be used by httpd, i.e. selinux will block access to that port, as it’s no http_port_t.

On a sidenote: please refrain from using other’s domains if you try to hide your own domain. Use the standard example domains example.com, example.org, example.net. Those are specifically for that purpose. You wouldn’t like it either if others would use your domain to obfuscate their own… Thanks.

3

After executing the command foreman-installer, I can access the application through port 7443, but for example in the smart proxy I get an error because it expects port 443.

in the smart proxes window I can see the following error:

Oops, we’re sorry but something went wrong example.com is unreachable. Failed to open TCP connection to example.com:443 (Connection refused - connect(2) for “example.com” port 443)

If you feel this is an error with Foreman itself, please open a new issue with Foreman ticketing system, Please include in your report the full error log that can be acquired by running: foreman-rake errors:fetch_log request_id=597ec529 and it is highly recommended to also attach the foreman-debug output.

4

By the way, thank you for your reply.

I will take into account what you say about standard example domains.

5

It’s probably best, if you check the full help of the installer for all options. There is another option for the base url of the proxy foreman-proxy-foreman-base-url.

6

Thanks for your help,

I have checked the option you mention and it seems to be fine (https://foreman.example.com).

You mean modify it by https://foreman.example.com:7443?

7

I have managed to get the “foreman-installer” command to work correctly using the following options and values:

foreman-installer --foreman-server-ssl-port 7443 --foreman-foreman-url https://foreman.example.com:7443 --foreman-proxy-foreman-base-url https://foreman.example.com:7443

Previously I had to modify the file “/usr/share/foreman-installer/modules/foreman_proxy/templates/plugin/pulpcore.yml.erb” so that the value of “pulp_url” and “content_app_url” have port 7443.

When it seemed that everything was working correctly with port 7443, when I create a new repository I get an error that it cannot connect to port 443.