I would be grateful for some assistance. My apologies in advanced if I
have missed the solution to this, but I have looked. I now fear I am going
round in circles. All was well, I think, until I updated my foreman UI
certificate (as follows):
$ katello-certs-check -c katello.cer -k katello.key -r katello.csr -b
RootAll.cer
Validating the certificate subject=
/C=GB/ST=County./L=Town/O=MyCompany/OU=Ops/CN=katello.mydomain
Check private key matches the certificate: [OK]
Check ca bundle verifies the cert file: [OK]
Validation succeeded.
<snip - shows next commands to run>
Install the certificates
$ katello-installer --certs-server-cert "katello.cer"
–certs-server-cert-req "katello.csr" --certs-server-key "katello.key"
–certs-server-ca-cert "RootAll.cer" --certs-update-server
–certs-update-server-ca
Marking certificate /root/ssl-build/katello.mydomain/katello.mydomain-apache
for update
Marking certificate /root/ssl-build/katello.mydomain/katello.mydomain-foreman-proxy
for update
Marking certificate /root/ssl-build/katello-server-ca for update
Preparing installation Done
Success!
- Katello is running at https://katello.mydomain
Initial credentials are admin / KxTYIJIUGMRJABKRw - Capsule is running at https://katello.mydomain:9090
- To install additional capsule on separate machine continue by running:"
capsule-certs-generate --capsule-fqdn "$CAPSULE" --certs-tar
"~/$CAPSULE-certs.tar"
The full log is at /var/log/katello-installer/katello-installer.log
The UI now shows a shiny padlock. But, Administer -> About -> Smart
Proxies reveals:
unable to communicate with the proxy:permission denied
followed by the path to the certificate I specified with Administer ->
Settings -> Provisioning -> ssl_certificate. I pointed this to the
katello.cer file I supplied to the katello-installer. Was that right? It
has the following permissions (after I blindly tried some suggestions I
found):
-rw-r–r--. 1 foreman-proxy root
When I run katello-services status:
qdrouterd (pid 1943) is running…
elasticsearch (pid 2041) is running…
celery init v10.0.
Using configuration: /etc/default/pulp_workers, /etc/default/pulp_celerybeat
pulp_celerybeat (pid 3380) is running.
celery init v10.0.
Using config script: /etc/default/pulp_resource_manager
node resource_manager (pid 3315) is running…
tomcat6 (pid 6213) is running… [ OK ]
foreman-proxy is stopped
mongod (pid 3127) is running…
celery init v10.0.
Using config script: /etc/default/pulp_workers
node reserved_resource_worker-0 (pid 3149) is running…
node reserved_resource_worker-1 (pid 3171) is running…
dynflow_executor is running.
dynflow_executor_monitor is running.
httpd (pid 2207) is running…
Some services failed: qpidd,foreman-proxy
/var/log/messages then tells me:
qpidd[2255]: 2015-07-21 15:29:00 [Security] error Rejected un-encrypted
connection.
qpidd[2255]: 2015-07-21 15:29:00 [Protocol] error Connection
qpid.127.0.0.1:5672-127.0.0.1:55495 closed by error: connection-forced:
Connection must be encrypted.(320)
Installed Packages
candlepin-0.9.45-1.el6.noarch
candlepin-common-1.0.22-1.el6.noarch
candlepin-selinux-0.9.45-1.el6.noarch
candlepin-tomcat6-0.9.45-1.el6.noarch
elasticsearch-0.90.10-7.el6.noarch
katello-2.2.1-0.el6.noarch
katello-certs-tools-2.0.1-1.el6.noarch
katello-common-2.2.1-0.el6.noarch
katello-debug-2.2.1-0.el6.noarch
katello-default-ca-1.0-1.noarch
katello-installer-2.2.2-1.el6.noarch
katello-installer-base-2.2.2-1.el6.noarch
katello-repos-2.2.1-1.el6.noarch
katello-selinux-2.2.1-1.el6.noarch
katello-server-ca-1.0-6.noarch
katello-service-2.2.1-0.el6.noarch
libqpid-dispatch-0.4-4.el6.x86_64
m2crypto-0.21.1.pulp-8.el6.x86_64
mod_wsgi-3.4-2.pulp.el6.x86_64
katello.mydomain-qpid-broker-1.0-1.noarch
katello.mydomain-qpid-client-cert-1.0-1.noarch
katello.mydomain-qpid-router-client-1.0-1.noarch
katello.mydomain-qpid-router-server-1.0-1.noarch
pulp-docker-plugins-0.2.2-1.el6.noarch
pulp-katello-0.4-1.el6.noarch
pulp-nodes-common-2.6.0-1.el6.noarch
pulp-nodes-parent-2.6.0-1.el6.noarch
pulp-puppet-plugins-2.6.0-1.el6.noarch
pulp-puppet-tools-2.6.0-1.el6.noarch
pulp-rpm-plugins-2.6.0-1.el6.noarch
pulp-selinux-2.6.0-1.el6.noarch
pulp-server-2.6.0-1.el6.noarch
python-gofer-qpid-2.5.3-1.el6.noarch
python-isodate-0.5.0-4.pulp.el6.noarch
python-kombu-3.0.24-5.pulp.el6.noarch
python-pulp-bindings-2.6.0-1.el6.noarch
python-pulp-common-2.6.0-1.el6.noarch
python-pulp-docker-common-0.2.2-1.el6.noarch
python-pulp-puppet-common-2.6.0-1.el6.noarch
python-pulp-rpm-common-2.6.0-1.el6.noarch
python-qpid-0.30-7.el6.noarch
python-qpid-qmf-0.30-5.el6.x86_64
python-rhsm-1.8.0-2.pulp.el6.x86_64
qpid-cpp-client-0.30-7.proton.0.9.el6.x86_64
qpid-cpp-client-devel-0.30-7.proton.0.9.el6.x86_64
qpid-cpp-server-0.30-7.proton.0.9.el6.x86_64
qpid-cpp-server-linearstore-0.30-7.proton.0.9.el6.x86_64
qpid-dispatch-router-0.4-4.el6.x86_64
qpid-proton-c-0.9-3.el6.x86_64
qpid-qmf-0.30-5.el6.x86_64
qpid-tools-0.30-4.el6.noarch
ruby193-rubygem-katello-2.2.2-2.el6.noarch
ruby193-rubygem-qpid_messaging-0.30.0-1.el6.x86_64
rubygem-hammer_cli_katello-0.0.14-1.el6.noarch
rubygem-smart_proxy_pulp-1.0.1-1.el6.noarch
Help?! Many thanks.