Problem:
I have installed Foreman (with foreman-proxy and puppet disabled) with an Ansible script. I get a huge error code that tells me that the SSL certificate is not valid, but the rest of the installation succeeds.
I installed the CA root certificate on my server and created a company signed a certificate for my foreman page. I have double checked, and the SSL certificate is valid. The error code says that the foreman-proxy is not accepting the SSL certificate but the Apache webserver is.
This is the current Ansible error code:
fatal: [foreman]: FAILED! => {
"changed": true,
"cmd": [
"foreman-installer",
"--foreman-unattended=true",
"--enable-foreman-proxy",
"--no-enable-puppet",
"--foreman-foreman-url=https://foreman.it.excentis.com",
"--foreman-server-ssl-ca=/usr/local/share/ca-certificates/excgenca001.excentis.com.crt",
"--foreman-server-ssl-chain=/usr/local/share/ca-certificates/excgenca001.excentis.com.crt",
"--foreman-servername=foreman.it.excentis.com",
"--foreman-proxy-http=false",
"--foreman-proxy-ssl=true",
"--foreman-proxy-foreman-base-url=https://foreman.it.excentis.com",
"--foreman-proxy-registered-name=foreman.it.excentis.com",
"--foreman-proxy-registered-proxy-url=https://foreman.it.excentis.com",
"--foreman-proxy-puppet=false",
"--foreman-proxy-template-url=https://foreman.it.excentis.com",
"--foreman-proxy-trusted-hosts=foreman.it.excentis.com",
"--foreman-proxy-ssl-key=/etc/puppetlabs/puppet/ssl/private_keys/excgenfrm001.excentis.com.pem",
"--foreman-proxy-ssl-cert=/etc/puppetlabs/puppet/ssl/certs/excgenfrm001.excentis.com.pem",
"--foreman-proxy-foreman-ssl-ca=/usr/local/share/ca-certificates/excgenca001.excentis.com.crt",
"--foreman-proxy-foreman-ssl-cert=/etc/puppetlabs/puppet/ssl/certs/excgenfrm001.excentis.com.pem",
"--foreman-proxy-foreman-ssl-key=/etc/puppetlabs/puppet/ssl/private_keys/excgenfrm001.excentis.com.pem"
],
"delta": "0:00:24.274379",
"end": "2024-03-13 09:28:53.945072",
"invocation": {
"module_args": {
"_raw_params": "foreman-installer --foreman-unattended=true\n --enable-foreman-proxy\n --no-enable-puppet\n --foreman-foreman-url=https://foreman.it.excentis.com\n --foreman-server-ssl-ca=/usr/local/share/ca-certificates/excgenca001.excentis.com.crt\n --foreman-server-ssl-chain=/usr/local/share/ca-certificates/excgenca001.excentis.com.crt\n --foreman-servername=foreman.it.excentis.com\n --foreman-proxy-http=false\n --foreman-proxy-ssl=true\n --foreman-proxy-foreman-base-url=https://foreman.it.excentis.com\n --foreman-proxy-registered-name=foreman.it.excentis.com\n --foreman-proxy-registered-proxy-url=https://foreman.it.excentis.com\n --foreman-proxy-puppet=false\n --foreman-proxy-template-url=https://foreman.it.excentis.com\n --foreman-proxy-trusted-hosts=foreman.it.excentis.com\n --foreman-proxy-ssl-key=/etc/puppetlabs/puppet/ssl/private_keys/excgenfrm001.excentis.com.pem\n --foreman-proxy-ssl-cert=/etc/puppetlabs/puppet/ssl/certs/excgenfrm001.excentis.com.pem\n --foreman-proxy-foreman-ssl-ca=/usr/local/share/ca-certificates/excgenca001.excentis.com.crt\n --foreman-proxy-foreman-ssl-cert=/etc/puppetlabs/puppet/ssl/certs/excgenfrm001.excentis.com.pem\n --foreman-proxy-foreman-ssl-key=/etc/puppetlabs/puppet/ssl/private_keys/excgenfrm001.excentis.com.pem\n",
"_uses_shell": false,
"argv": null,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true
}
},
"msg": "non-zero return code",
"rc": 4,
"start": "2024-03-13 09:28:29.670693",
"stderr": "",
"stderr_lines": [],
"stdout": "\u001b[34m2024-03-13 09:28:30\u001b[0m [\u001b[32mNOTICE\u001b[0m] [\u001b[36mroot\u001b[0m] Loading installer configuration. This will take some time.\n\u001b[34m2024-03-13 09:28:33\u001b[0m [\u001b[32mNOTICE\u001b[0m] [\u001b[36mroot\u001b[0m] Running installer with log based terminal output at level NOTICE.\n\u001b[34m2024-03-13 09:28:33\u001b[0m [\u001b[32mNOTICE\u001b[0m] [\u001b[36mroot\u001b[0m] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.\n\u001b[34m2024-03-13 09:28:35\u001b[0m [\u001b[32mNOTICE\u001b[0m] [\u001b[36mconfigure\u001b[0m] Starting system configuration.\n\u001b[34m2024-03-13 09:28:40\u001b[0m [\u001b[32mNOTICE\u001b[0m] [\u001b[36mconfigure\u001b[0m] 250 configuration steps out of 858 steps complete.\n\u001b[34m2024-03-13 09:28:40\u001b[0m [\u001b[32mNOTICE\u001b[0m] [\u001b[36mconfigure\u001b[0m] 500 configuration steps out of 862 steps complete.\n\u001b[34m2024-03-13 09:28:40\u001b[0m [\u001b[32mNOTICE\u001b[0m] [\u001b[36mconfigure\u001b[0m] 750 configuration steps out of 989 steps complete.\n\u001b[34m2024-03-13 09:28:52\u001b[0m [\u001b[31mERROR \u001b[0m] [\u001b[36mconfigure\u001b[0m] Error making POST request to Foreman at https://foreman.it.excentis.com/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)) for proxy https://foreman.it.excentis.com/v2/features Please check the proxy is configured and running on the host.\n\u001b[34m2024-03-13 09:28:52\u001b[0m [\u001b[31mERROR \u001b[0m] [\u001b[36mconfigure\u001b[0m] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.it.excentis.com]/ensure: change from 'absent' to 'present' failed: Error making POST request to Foreman at https://foreman.it.excentis.com/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)) for proxy https://foreman.it.excentis.com/v2/features Please check the proxy is configured and running on the host.\n\u001b[34m2024-03-13 09:28:53\u001b[0m [\u001b[32mNOTICE\u001b[0m] [\u001b[36mconfigure\u001b[0m] System configuration has finished.\n\nError 1: Puppet Foreman_smartproxy resource 'foreman.it.excentis.com' failed. Logs:\n /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.it.excentis.com]\n Adding autorequire relationship with Anchor[foreman::service]\n Adding autorequire relationship with Anchor[foreman::providers::oauth]\n Starting to evaluate the resource (977 of 989)\n Evaluated in 0.09 seconds\n Foreman_smartproxy[foreman.it.excentis.com](provider=rest_v3)\n Making get request to https://foreman.it.excentis.com/api/v2/smart_proxies?search=name%3D%22foreman.it.excentis.com%22\n Received response 200 from request to https://foreman.it.excentis.com/api/v2/smart_proxies?search=name%3D%22foreman.it.excentis.com%22\n Making post request to https://foreman.it.excentis.com/api/v2/smart_proxies\n Received response 422 from request to https://foreman.it.excentis.com/api/v2/smart_proxies\n /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.it.excentis.com]/ensure\n change from 'absent' to 'present' failed: Error making POST request to Foreman at https://foreman.it.excentis.com/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)) for proxy https://foreman.it.excentis.com/v2/features Please check the proxy is configured and running on the host.\n\n\u001b[1m\u001b[31m1 error was detected during installation.\u001b[0m\nPlease address the errors and re-run the installer to ensure the system is properly configured.\nFailing to do so is likely to result in broken functionality.\n\nThe full log is at \u001b[1m\u001b[36m/var/log/foreman-installer/foreman.log\u001b[0m",
"stdout_lines": [
"\u001b[34m2024-03-13 09:28:30\u001b[0m [\u001b[32mNOTICE\u001b[0m] [\u001b[36mroot\u001b[0m] Loading installer configuration. This will take some time.",
"\u001b[34m2024-03-13 09:28:33\u001b[0m [\u001b[32mNOTICE\u001b[0m] [\u001b[36mroot\u001b[0m] Running installer with log based terminal output at level NOTICE.",
"\u001b[34m2024-03-13 09:28:33\u001b[0m [\u001b[32mNOTICE\u001b[0m] [\u001b[36mroot\u001b[0m] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.",
"\u001b[34m2024-03-13 09:28:35\u001b[0m [\u001b[32mNOTICE\u001b[0m] [\u001b[36mconfigure\u001b[0m] Starting system configuration.",
"\u001b[34m2024-03-13 09:28:40\u001b[0m [\u001b[32mNOTICE\u001b[0m] [\u001b[36mconfigure\u001b[0m] 250 configuration steps out of 858 steps complete.",
"\u001b[34m2024-03-13 09:28:40\u001b[0m [\u001b[32mNOTICE\u001b[0m] [\u001b[36mconfigure\u001b[0m] 500 configuration steps out of 862 steps complete.",
"\u001b[34m2024-03-13 09:28:40\u001b[0m [\u001b[32mNOTICE\u001b[0m] [\u001b[36mconfigure\u001b[0m] 750 configuration steps out of 989 steps complete.",
"\u001b[34m2024-03-13 09:28:52\u001b[0m [\u001b[31mERROR \u001b[0m] [\u001b[36mconfigure\u001b[0m] Error making POST request to Foreman at https://foreman.it.excentis.com/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)) for proxy https://foreman.it.excentis.com/v2/features Please check the proxy is configured and running on the host.",
"\u001b[34m2024-03-13 09:28:52\u001b[0m [\u001b[31mERROR \u001b[0m] [\u001b[36mconfigure\u001b[0m] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.it.excentis.com]/ensure: change from 'absent' to 'present' failed: Error making POST request to Foreman at https://foreman.it.excentis.com/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)) for proxy https://foreman.it.excentis.com/v2/features Please check the proxy is configured and running on the host.",
"\u001b[34m2024-03-13 09:28:53\u001b[0m [\u001b[32mNOTICE\u001b[0m] [\u001b[36mconfigure\u001b[0m] System configuration has finished.",
"",
"Error 1: Puppet Foreman_smartproxy resource 'foreman.it.excentis.com' failed. Logs:",
" /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.it.excentis.com]",
" Adding autorequire relationship with Anchor[foreman::service]",
" Adding autorequire relationship with Anchor[foreman::providers::oauth]",
" Starting to evaluate the resource (977 of 989)",
" Evaluated in 0.09 seconds",
" Foreman_smartproxy[foreman.it.excentis.com](provider=rest_v3)",
" Making get request to https://foreman.it.excentis.com/api/v2/smart_proxies?search=name%3D%22foreman.it.excentis.com%22",
" Received response 200 from request to https://foreman.it.excentis.com/api/v2/smart_proxies?search=name%3D%22foreman.it.excentis.com%22",
" Making post request to https://foreman.it.excentis.com/api/v2/smart_proxies",
" Received response 422 from request to https://foreman.it.excentis.com/api/v2/smart_proxies",
" /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.it.excentis.com]/ensure",
" change from 'absent' to 'present' failed: Error making POST request to Foreman at https://foreman.it.excentis.com/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)) for proxy https://foreman.it.excentis.com/v2/features Please check the proxy is configured and running on the host.",
"",
"\u001b[1m\u001b[31m1 error was detected during installation.\u001b[0m",
"Please address the errors and re-run the installer to ensure the system is properly configured.",
"Failing to do so is likely to result in broken functionality.",
"",
"The full log is at \u001b[1m\u001b[36m/var/log/foreman-installer/foreman.log\u001b[0m"
]
}
`type or paste code here`
Expected outcome:
No errors in the Ansible script and my page available with HTTPS.
Foreman and Proxy versions:
foreman 9999-3.11.0-bullseye+scratchbuild+20240304112022+debian11 amd64
foreman-cli 9999-3.11.0-bullseye+scratchbuild+20240304112022+debian11 all
foreman-debug 9999-3.11.0-bullseye+scratchbuild+20240304112022+debian11 all
foreman-dynflow-sidekiq 9999-3.11.0-bullseye+scratchbuild+20240304112022+debian11 all
foreman-installer 9999-3.11.0-bullseye+scratchbuild+20240308031202+debian11 all
foreman-postgresql 9999-3.11.0-bullseye+scratchbuild+20240304112022+debian11 all
foreman-proxy 9999-3.11.0-bullseye+scratchbuild+20240226141803+debian11 all
foreman-redis 9999-3.11.0-bullseye+scratchbuild+20240304112022+debian11 all
foreman-service 9999-3.11.0-bullseye+scratchbuild+20240304112022+debian11 all
ruby-foreman-puppet 6.2.0-2 all
ruby-hammer-cli-foreman 3.10.0-1+debian11 all
ruby-hammer-cli-foreman-puppet 0.0.7-1+debian11 all
Foreman and Proxy plugin versions:
Distribution and version:
Debian 11 Bullseye
Ansible [core 2.14.3]
Other relevant data: