Foreman-Proxy in Katello 2.4

Denis_Muller · April 20, 2016, 2:02pm

Hello foreman users,

im trying to communicate with foreman-proxy via katello 2.4. I signed the
foreman-proxy wie puppet server and i can see the host under katello gui.
My Configuration:

Name: node1.de
https://node1.de:8443

But im getting an error:

Unable to communicate with the proxy: ERF12-2530
[ProxyAPI::ProxyException]: Unable to detect features
([OpenSSL::SSL::SSLError]: SSL_connect returned=1 errno=0 state=SSLv3 read
server certificate B: certificate verif…) for proxy
https://node1.de:8443/features and Please check the proxy is configured and
running on the host.

On foreman-proxy in settings.yml

:ssl_certificate: /var/lib/puppet/ssl/certs/node1.de.pem
:ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem
:ssl_private_key: /var/lib/puppet/ssl/private_keys/node1.de.pem

And my katello ist in trusted_hosts.

What i do wrong?

i would appreciate any help.

Best regards,
Denis

stbenjam · April 20, 2016, 2:08pm

> From: "'Denis Müller' via Foreman users" <foreman-users@googlegroups.com>
> To: "Foreman users" <foreman-users@googlegroups.com>
> Sent: Wednesday, April 20, 2016 10:02:55 AM
> Subject: [foreman-users] Foreman-Proxy in Katello 2.4
>
> Hello foreman users,
>
> im trying to communicate with foreman-proxy via katello 2.4. I signed the
> foreman-proxy wie puppet server and i can see the host under katello gui.
> My Configuration:
>
> Name: node1.de
> https://node1.de:8443
>
> But im getting an error:
>
> Unable to communicate with the proxy: ERF12-2530
> [ProxyAPI::ProxyException]: Unable to detect features
> ([OpenSSL::SSL::SSLError]: SSL_connect returned=1 errno=0 state=SSLv3 read
> server certificate B: certificate verif…) for proxy
> https://node1.de:8443/features and Please check the proxy is configured and
> running on the host.
>
> On foreman-proxy in settings.yml
>
> :ssl_certificate: /var/lib/puppet/ssl/certs/node1.de.pem
> :ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem
> :ssl_private_key: /var/lib/puppet/ssl/private_keys/node1.de.pem
>
> And my katello ist in trusted_hosts.
>
> What i do wrong?

Katello doesn't use the Puppet certificates for foreman proxy, we have our own CA. We
can install a capsule for you, certs and all, following the instructions here:

http://www.katello.org/docs/2.4/installation/capsule.html

If you'd still prefer to install the proxy by hand you can use our certs-generate-tool
and install the particular RPM's manually and configure the cert locations. There's
some foreman client and proxy certs in there you can use to configure the proxy.

Stephen

···

----- Original Message -----

i would appreciate any help.

Best regards,
Denis

–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Matthias_Thubauville · April 21, 2016, 8:06am

I've opened an issue on this: Refactor #14573: Foreman-Proxy Certificate Files - Katello - Foreman

There is also a step-by-step instruction what files to copy where and how
to add a Foreman-Proxy 'manually'.

Please let us know if it works for you.

···

Am Mittwoch, 20. April 2016 16:02:55 UTC+2 schrieb Denis Müller: > > Hello foreman users, > > im trying to communicate with foreman-proxy via katello 2.4. I signed the > foreman-proxy wie puppet server and i can see the host under katello gui. > My Configuration: > > Name: node1.de > https://node1.de:8443 > > But im getting an error: > > Unable to communicate with the proxy: ERF12-2530 > [ProxyAPI::ProxyException]: Unable to detect features > ([OpenSSL::SSL::SSLError]: SSL_connect returned=1 errno=0 state=SSLv3 read > server certificate B: certificate verif...) for proxy > https://node1.de:8443/features and Please check the proxy is configured > and running on the host. > > On foreman-proxy in settings.yml > > :ssl_certificate: /var/lib/puppet/ssl/certs/node1.de.pem > :ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem > :ssl_private_key: /var/lib/puppet/ssl/private_keys/node1.de.pem > > And my katello ist in trusted_hosts. > > What i do wrong? > > i would appreciate any help. > > Best regards, > Denis >

Denis_Muller · April 23, 2016, 12:44pm

Thanks, worked great for me! But there is one step missed. After you copied
all new files to the foreman-proxy, u need to change the owner from
root(default after copy) to foreman-proxy
and than restart the foreman-proxy. Very nice! Somebody should add this to
official Katello Documentation.

Best regards

···

Am Donnerstag, 21. April 2016 10:06:50 UTC+2 schrieb Matthias Thubauville: > > I've opened an issue on this: http://projects.theforeman.org/issues/14573 > > There is also a step-by-step instruction what files to copy where and how > to add a Foreman-Proxy 'manually'. > > Please let us know if it works for you. > > Am Mittwoch, 20. April 2016 16:02:55 UTC+2 schrieb Denis Müller: >> >> Hello foreman users, >> >> im trying to communicate with foreman-proxy via katello 2.4. I signed the >> foreman-proxy wie puppet server and i can see the host under katello gui. >> My Configuration: >> >> Name: node1.de >> https://node1.de:8443 >> >> But im getting an error: >> >> Unable to communicate with the proxy: ERF12-2530 >> [ProxyAPI::ProxyException]: Unable to detect features >> ([OpenSSL::SSL::SSLError]: SSL_connect returned=1 errno=0 state=SSLv3 read >> server certificate B: certificate verif...) for proxy >> https://node1.de:8443/features and Please check the proxy is configured >> and running on the host. >> >> On foreman-proxy in settings.yml >> >> :ssl_certificate: /var/lib/puppet/ssl/certs/node1.de.pem >> :ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem >> :ssl_private_key: /var/lib/puppet/ssl/private_keys/node1.de.pem >> >> And my katello ist in trusted_hosts. >> >> What i do wrong? >> >> i would appreciate any help. >> >> Best regards, >> Denis >> >

Matthias_Thubauville · May 5, 2016, 1:02pm

Hi Denis,

Thanks for catching that! I updated the instructions on the Redmine issue.

Cheers,
Matthias

···

Am Samstag, 23. April 2016 14:44:45 UTC+2 schrieb Denis Müller: > > Thanks, worked great for me! But there is one step missed. After you > copied all new files to the foreman-proxy, u need to change the owner from > root(default after copy) to foreman-proxy > and than restart the foreman-proxy. Very nice! Somebody should add this > to official Katello Documentation. > > Best regards > > > Am Donnerstag, 21. April 2016 10:06:50 UTC+2 schrieb Matthias Thubauville: >> >> I've opened an issue on this: http://projects.theforeman.org/issues/14573 >> >> >> There is also a step-by-step instruction what files to copy where and how >> to add a Foreman-Proxy 'manually'. >> >> Please let us know if it works for you. >> >> Am Mittwoch, 20. April 2016 16:02:55 UTC+2 schrieb Denis Müller: >>> >>> Hello foreman users, >>> >>> im trying to communicate with foreman-proxy via katello 2.4. I signed >>> the foreman-proxy wie puppet server and i can see the host under katello >>> gui. My Configuration: >>> >>> Name: node1.de >>> https://node1.de:8443 >>> >>> But im getting an error: >>> >>> Unable to communicate with the proxy: ERF12-2530 >>> [ProxyAPI::ProxyException]: Unable to detect features >>> ([OpenSSL::SSL::SSLError]: SSL_connect returned=1 errno=0 state=SSLv3 read >>> server certificate B: certificate verif...) for proxy >>> https://node1.de:8443/features and Please check the proxy is configured >>> and running on the host. >>> >>> On foreman-proxy in settings.yml >>> >>> :ssl_certificate: /var/lib/puppet/ssl/certs/node1.de.pem >>> :ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem >>> :ssl_private_key: /var/lib/puppet/ssl/private_keys/node1.de.pem >>> >>> And my katello ist in trusted_hosts. >>> >>> What i do wrong? >>> >>> i would appreciate any help. >>> >>> Best regards, >>> Denis >>> >>