Foreman Katello Proxy Installation Error!

Support
, ,
1

Problem: Foreman_proxy::Register/Foreman_smartproxy[uspllsw01.xxxxxxxxx.net]/ensure: change from ‘absent’ to ‘present’ failed: Proxy uspllsw01.xxxxxxxxx.net cannot be registered: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([Net::HTTPFatalError]: 502 “Bad Gateway”) for proxy https://uspllsw01.xxxxxxxxxxxx.net:9090/v2/features Please check the proxy is configured and running on the host.

Expected outcome:

Foreman and Proxy versions: Version 1.22.0

Foreman and Proxy plugin versions: Version 1.22.0

Other relevant data:
[e.g. logs from Foreman and/or the Proxy, modified templates, commands issued, etc]
(for logs, surround with three back-ticks to get proper formatting, e.g.)

[ INFO 2019-07-13T15:15:56 main] All hooks in group post finished
[DEBUG 2019-07-13T15:15:56 main] Exit with status code: 6 (signal was 6)
[ERROR 2019-07-13T15:15:56 main] Errors encountered during run:
[ERROR 2019-07-13T15:15:56 main]  Proxy uspllsw01.astrazeneca.net cannot be registered: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([Net::HTTPFatalError]: 502 "Bad Gateway") for proxy https://uspllsw01.astrazeneca.net:9090/v2/features Please check the proxy is configured and running on the host.
[ERROR 2019-07-13T15:15:56 main] /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:23:in `create'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property/ensure.rb:16:in `block in defaultvalues'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:491:in `set'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:568:in `sync'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:239:in `sync'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:134:in `sync_if_needed'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:80:in `perform_changes'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:21:in `evaluate'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:263:in `apply'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:283:in `eval_resource'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:187:in `call'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:187:in `block (2 levels) in evaluate'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:518:in `block in thinmark'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/2.5.0/benchmark.rb:308:in `realtime'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:517:in `thinmark'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:187:in `block in evaluate'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:121:in `traverse'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:174:in `evaluate'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:239:in `block (2 levels) in apply'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:518:in `block in thinmark'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/2.5.0/benchmark.rb:308:in `realtime'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:517:in `thinmark'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:238:in `block in apply'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:161:in `with_destination'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/report.rb:146:in `as_logging_destination'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:237:in `apply'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:192:in `block (2 levels) in apply_catalog'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:518:in `block in thinmark'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/2.5.0/benchmark.rb:308:in `realtime'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:517:in `thinmark'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:191:in `block in apply_catalog'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:231:in `block in benchmark'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/2.5.0/benchmark.rb:308:in `realtime'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:230:in `benchmark'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:190:in `apply_catalog'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:376:in `run_internal'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:240:in `block in run'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in `override'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:266:in `override'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:217:in `run'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:343:in `apply_catalog'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:260:in `block (2 levels) in main'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in `override'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:266:in `override'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:243:in `block in main'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in `override'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:266:in `override'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:207:in `main'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:177:in `run_command'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:382:in `block in run'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:684:in `exit_on_fail'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:382:in `run'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:139:in `run'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:77:in `execute'
[ERROR 2019-07-13T15:15:56 main] /opt/puppetlabs/puppet/bin/puppet:5:in `<main>'
[ERROR 2019-07-13T15:15:56 main]  /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[uspllsw01.astrazeneca.net]/ensure: change from 'absent' to 'present' failed: Proxy uspllsw01.astrazeneca.net cannot be registered: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([Net::HTTPFatalError]: 502 "Bad Gateway") for proxy https://uspllsw01.astrazeneca.net:9090/v2/features Please check the proxy is configured and running on the host.
[DEBUG 2019-07-13T15:15:56 main] Cleaning /tmp/kafo_puppet20190713-22638-113dz9d.conf
[DEBUG 2019-07-13T15:15:56 main] Cleaning /tmp/kafo_hiera20190713-22638-1lxyrkr
[DEBUG 2019-07-13T15:15:56 main] Cleaning /tmp/kafo_puppet20190713-22638-1fm98v0.conf
[DEBUG 2019-07-13T15:15:56 main] Cleaning /tmp/default_values.yaml
[ INFO 2019-07-13T15:15:56 main] Installer finished in 58.320803603 seconds
2

uspllsw01.astrazeneca.net-certs.tar (60.8 KB)

3

Hey @aswath2saru,

Can you give us some more info? Is this a fresh install or an upgrade? When did you start seeing the error?

For foreman proxy errors, a good place to start is to check systemctl status foreman-proxy and also check for errors in /var/log/foreman-proxy/proxy.log

4

its a Fresh Install.

Please find the Logs:
[root@theforeman ~]# systemctl status foreman-proxy
● foreman-proxy.service - Foreman Proxy
Loaded: loaded (/usr/lib/systemd/system/foreman-proxy.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2019-07-17 06:46:41 EDT; 3min 37s ago
Main PID: 26927 (ruby)
CGroup: /system.slice/foreman-proxy.service
└─26927 ruby /usr/share/foreman-proxy/bin/smart-proxy --no-daemonize

Jul 17 06:46:41 theforeman.medimmune.com systemd[1]: Starting Foreman Proxy…
Jul 17 06:46:41 theforeman.medimmune.com systemd[1]: Started Foreman Proxy.

[root@theforeman ~]# cat /var/log/foreman-proxy/proxy.log
2019-07-17T06:46:41 [I] Successfully initialized ‘pulpnode’
2019-07-17T06:46:41 [I] Successfully initialized ‘foreman_proxy’
2019-07-17T06:46:41 [I] Successfully initialized ‘templates’
2019-07-17T06:46:41 [I] Successfully initialized ‘tftp’
2019-07-17T06:46:41 [I] Successfully initialized ‘puppetca_hostname_whitelisting’
2019-07-17T06:46:41 [I] Successfully initialized ‘puppetca’
2019-07-17T06:46:41 [I] Started puppet class cache initialization
2019-07-17T06:46:41 [I] Successfully initialized ‘puppet_proxy_puppet_api’
2019-07-17T06:46:41 [I] Successfully initialized ‘puppet’
2019-07-17T06:46:41 [I] Successfully initialized ‘logs’
2019-07-17T06:46:41 [I] WEBrick 1.3.1
2019-07-17T06:46:41 [I] ruby 2.0.0 (2015-12-16) [x86_64-linux]
2019-07-17T06:46:41 [I]
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f0:9e:9b:93:3c:21:cb:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=North Carolina, L=Raleigh, O=AstraZeneca, OU=SomeOrgUnit, CN=sesklsw01.astrazeneca.net
Validity
Not Before: Jul 10 10:41:51 2019 GMT
Not After : Jan 18 10:41:51 2038 GMT
Subject: C=US, ST=North Carolina, O=FOREMAN, OU=SMART_PROXY, CN=theforeman.medimmune.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bf:72:5c:39:52:a7:9c:eb:6a:77:29:e0:65:1d:
81:b7:64:53:30:90:4c:e9:e9:95:ae:91:be:29:3b:
3c:8f:08:2e:d6:98:f8:4c:27:a3:99:fd:de:b8:bd:
d3:65:9c:23:da:fc:0d:4b:e2:df:18:63:24:cb:31:
a8:1f:85:c9:3c:4f:e3:40:09:4e:b1:0a:15:64:c9:
46:60:50:c9:88:43:94:97:7e:54:4e:3a:22:b7:c6:
9a:75:05:b9:9d:b1:85:27:d3:db:11:a4:93:e7:05:
2a:ae:2a:f8:a5:1b:cb:55:4c:c0:1e:74:66:b0:34:
96:e9:ff:e3:d2:1f:1f:9a:26:05:4b:c4:87:82:45:
b9:1f:d1:0c:a6:2b:97:ec:bb:fa:ea:45:e2:a6:27:
01:24:8c:a9:66:ea:f1:9e:3d:79:e6:59:12:ac:ac:
eb:45:4e:cb:87:bd:d2:9b:97:9f:4a:b3:47:c5:57:
bd:98:8c:ea:2f:2f:cf:67:7d:93:d8:81:a4:ed:50:
5e:be:9e:61:b7:ab:8c:60:4e:53:a6:50:2f:63:4d:
24:ae:72:cf:67:3a:7e:4d:13:5a:f4:29:62:4a:66:
aa:d3:3c:18:8a:90:fe:f3:5b:d3:cc:cf:76:da:f0:
b8:5d:bc:33:78:41:ae:23:88:44:f2:49:a2:49:9c:
66:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Netscape Cert Type:
SSL Server
Netscape Comment:
Katello SSL Tool Generated Certificate
X509v3 Subject Key Identifier:
B2:D7:DB:B2:7C:BC:C6:06:62:31:9E:36:21:35:AD:C8:A9:34:2C:91
X509v3 Authority Key Identifier:
keyid:99:6D:3D:7D:50:3C:87:37:E5:7D:F9:0C:A6:12:13:A9:71:70:C4:AA
DirName:/C=US/ST=North Carolina/L=Raleigh/O=AstraZeneca/OU=SomeOrgUnit/CN=sesklsw01.astrazeneca.net
serial:F0:9E:9B:93:3C:21:CB:74

        X509v3 Subject Alternative Name:
            DNS:theforeman.medimmune.com, DNS:[]
Signature Algorithm: sha256WithRSAEncryption
     85:9b:08:56:fc:5d:62:bc:74:2a:33:d2:eb:2a:c0:18:c3:21:
     46:e4:ac:ed:32:96:bc:2e:cf:ff:77:c6:af:89:d6:1e:6c:9f:
     38:7b:1c:40:97:e3:64:19:65:8e:e1:d2:f6:3b:64:f2:d8:0e:
     4f:f3:65:1f:b1:3d:1e:9d:d9:1d:cc:6b:8b:ef:db:b9:6e:4b:
     7a:43:a7:0f:b3:5e:b9:c7:60:c6:09:db:d1:92:51:2b:2e:bd:
     cb:47:87:c0:f4:6b:85:9f:aa:61:c9:54:ff:92:5c:5e:a9:9c:
     3e:49:c0:af:2d:c2:64:c9:e9:26:96:e2:67:68:93:f1:72:f2:
     db:86:4f:fa:bd:d6:ab:6d:c0:e3:12:3b:5c:63:5c:07:c4:13:
     27:80:c3:a4:a1:2c:fd:8c:ad:d8:96:ba:8c:23:e2:9a:0b:74:
     65:71:36:ca:dd:40:8c:1c:ff:7f:84:0f:e6:81:58:fb:5d:96:
     21:36:9e:73:73:8e:30:25:c2:a6:89:53:c2:38:91:de:33:93:
     cb:74:0e:2f:21:41:c8:b0:a7:4d:85:2e:83:28:37:ec:4c:b1:
     ff:65:4b:50:9b:13:0a:bc:cd:8b:21:65:df:bb:f5:e4:56:5e:
     c8:b4:ab:1e:7a:68:35:65:a2:9f:9d:93:49:ca:8b:37:43:cf:
     9a:df:d8:a5

2019-07-17T06:46:41 [I] WEBrick::HTTPServer#start: pid=26927 port=9090
2019-07-17T06:46:41 [I] Smart proxy has launched on 2 socket(s), waiting for requests
2019-07-17T06:46:42 [I] Finished puppet class cache initialization
[root@theforeman ~]#

5

Thanks @aswath2saru, I don’t see anything that jumps out to me on that log, but I also don’t see any proxy activity. It seems like there are issues reaching the proxy.

Can you check that port 9090 is available? It’s good to check the firewall or selinux isn’t blocking it.

6

Also, it would be good to do a foreman-maintain service restart, foreman-maintain service status -b and, hammer ping to make sure all services are ok

7

I did turned off the Firewalld and Selinux is disabled :slight_smile:
I did telnet to port 9090, and it is Connecting.

restarted the foreman services, rebooted and tried again.

Same Issue :frowning:

how to trust katello’s ca certificate ? i see some one in the other blog said i trusting the CA Certificate may solve problem. any idea how to do that ?

8

I would suspect a HTTP proxy in between that’s blocking/redirecting the traffic. Using curl -v https://uspllsw01.astrazeneca.net:9090 from the Foreman host usually shows useful information.

9 
 curl -v https://uspllsw01.astrazeneca.net:9090
* About to connect() to uspllsw01.astrazeneca.net port 9090 (#0)
*   Trying xx.xx.xx.xx...
* Connected to uspllsw01.astrazeneca.net (156.70.255.76) port 9090 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=uspllsw01.astrazeneca.net,OU=SMART_PROXY,O=FOREMAN,ST=North Carolina,C=US
*       start date: Jul 11 00:06:01 2019 GMT
*       expire date: Jan 18 00:06:01 2038 GMT
*       common name: uspllsw01.astrazeneca.net
*       issuer: CN=uspllsw01.astrazeneca.net,OU=SomeOrgUnit,O=Katello,L=Raleigh,ST=North Carolina,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: uspllsw01.astrazeneca.net:9090
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Content-Type: application/json
< X-Cascade: pass
< Content-Length: 27
< X-Content-Type-Options: nosniff
< Server: foreman-proxy/1.22.0
< Date: Thu, 18 Jul 2019 01:35:54 GMT
< Connection: Keep-Alive
<
* Connection #0 to host uspllsw01.astrazeneca.net left intact
10

I tried to register the Foreman Proxy server to Foreman Main server using Subscription-manager.
It fails :frowning:

[root@theforeman ~]# subscription-manager register --org=“AstraZeneca” --activationkey=“Katello proxy”
Unable to verify server’s identity: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
[root@theforeman ~]#

11

Looks like something is up with the certs: * NSS: client certificate not found (nickname not specified)

@ekohl any thoughts on next steps to debug?

12

Folks, Not sure how to move further. :frowning:

the original Project scope is to replace Redhat Satellite and Spacewalk.
But now im struck with Proxy server.
Since the primary site is build in Sweden, I need a proxy foreman katello in Philadelphia.

Checked with local network team aswell. that there is no port block or issues. Telnet is listening to the required ports aswell.

Highly appreciate if some expert help me out her. :slight_smile:

13

Red Hat Satellite 6 is based on Foreman + Katello + Pulp + Candlepin. Did you mean to replace Satellite 5?

As for the actual error, did you ever finish the installer run after it failed the first time?

14

Yes, I am trying to replace Satellite 6 with Foreman + Katello + Pulp + Candlepin + Ansible.

The package installation’s are success.
After the package installation, I tried “foreman-installer --scenario foreman-proxy-content”

thats were it is failing. The cert files are copied from Parent server already.
I even registered this server to parent foreman.

15

The installer is idempotent which means you can rerun it safely. Especially the case of the Proxy registration failing is a good example. I wouldn’t know why it would fail with HTTP 502 because there should be no proxy in between so I would start with rerunning the installer.