Installing foreman-proxy failes

Problem:
I can’t install the smart proxy to the Katello Central Server.

I’ve tried several new servers and all result in some similar error.

2022-07-04 05:59:19 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_host[foreman-proxy-suct2v1226.pontus.kpn.org]: Could not evaluate: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) in get request to: https::/suct2v1226.pontus.kpn.org/api/v2/hosts?search=name%3D%22suct2v1226.pontus.kpn.org%22

2022-07-04 05:59:19 [ERROR ] [configure] Wrapped exception:
2022-07-04 05:59:19 [ERROR ] [configure] SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)

Expected outcome:
Have a succesfull installation and an attached proxy

Foreman and Proxy versions:
Foreman 3.3 and Katello 4.5
But experiencing the same problem with Foreman 3.2 and Katello 4.4
foreman-proxy.noarch 3.3.0-1.el8 @foreman

Other relevant data:
i’m using the command from the install documentation

foreman-installer
–no-enable-foreman
–no-enable-foreman-cli
–enable-puppet
–puppet-server-ca=false
–puppet-server-foreman-url=https://* Secret IP*
–enable-foreman-proxy
–foreman-proxy-puppetca=false
–foreman-proxy-tftp=false
–foreman-proxy-foreman-base-url=https://* Secret IP*
–foreman-proxy-trusted-hosts=* Secret IP*
–foreman-proxy-oauth-consumer-key=SECRET
–foreman-proxy-oauth-consumer-secret=SECRET

I used to install the Smart proxy with an Cert bundel, like the Central server gives me after creating the bundle:

But the central says: ERROR: Scenario (/etc/foreman-installer/scenarios.d/foreman-proxy-content.yaml) was not found, can not continue

foreman-installer
–scenario foreman-proxy-content
–certs-tar-file “/root/suct2v1226.pontus.kpn.org-certs.tar”
–foreman-proxy-register-in-foreman “true”
–foreman-proxy-foreman-base-url “https://suct2v1225.pontus.kpn.org”
–foreman-proxy-trusted-hosts “suct2v1225.pontus.kpn.org”
–foreman-proxy-trusted-hosts “suct2v1226.pontus.kpn.org”
–foreman-proxy-oauth-consumer-key “SECRET”
–foreman-proxy-oauth-consumer-secret “SECRET”

Why do you have two foreman-installer sections? You ran two of them on the same proxy?
I assume you already have a working Foreman server and you just want to add a proxy?
All I did when setting up my proxies was to generate the certs file on the foreman server, copy it over to the proxy and run the same command the Foreman server suggested when the certs file was generated + extra plugins you want to have enabled.

The situation is indeed that i have a working Central server, and want to attach an smart proxy.

The first command i posted is the one that the manual suggests to use:
https://docs.theforeman.org/3.3/Installing_Proxy/index-foreman-el.html#installing-an-external-smart-proxy-upstream_smart-proxy

The second command is the one generated by the Central server itself. But none of them seem to be working.

The documentation is very confusing but I followed parts of the Katello one → Installing an External Smart Proxy Server 3.2
Following it made me (due to lack of a way to install foreman-installer-katello) follow the documentation of the Foreman server at Installing Foreman 3.2 server with Katello 4.4 plugin on Enterprise Linux up to the “foreman-installer” point and then go with the Katello Proxy documentation.
Maybe you are not setting up Katello though? One thing for sure is that I only ran one install and that was with the “foreman-installer --scenario foreman-proxy-content” command.
Maybe some developer can help out that know the full story with the proxy documentation.

Thanks tedevil for your responses.
I was still waiting for the developers to respond to this, since i’m still struggling with the installation. It shouldnt be this difficult to get it running right?

Docs are confusing right now. There are two guides named “Installing an External Smart Proxy Server 3.3”, one for katello (proxy including content) and one for foreman only (proxy with no content).

Foreman: Installing an External Smart Proxy Server 3.3
Katello: Installing an External Smart Proxy Server 3.3

You are mixing them which does not work.

You should first decide what you want: do you need a proxy with content gateway or not? Currently, this defines the scenario you have to use, i.e. you cannot really switch after you have installed it.

The katello foreman-proxy-scenario should work well following the docs,

The foreman scenario, however, has some issues which I am fighting with at the moment. It needs some manual work to get the necessary certificates. See my topic Foreman-installer scenario for foreman-proxy installation