I'm trying to add a DNS/DHCP capsule/proxy to a Katello 3.1 instance with
custom web certs. I've tried using these instructions but they don't seem
to help.
http://projects.theforeman.org/issues/16620
Definitey seems like a cert issue becasue of the custom Web Cert that we're
running but I can't seem to get the proxy to connect. Any help pointing me
int he right direction is appreciated.
Here's what I do:
···
=======================================================================
1. yum -y localinstall
http://katello3.xxx.xxx.xxx/pub/katello-ca-consumer-latest.noarch.rpm
2. subscription-manager register --org "XXX" --environment
"production/centos7"
- foreman-installer --scenario capsule
–capsule-parent-fqdn
"katello3.xxx.xxx.xxx"
–foreman-proxy-register-in-foreman “true”
–foreman-proxy-foreman-base-url
"https://katello3.xxx.xxx.xxx"
–foreman-proxy-trusted-hosts
"katello3.xxx.xxx.xxx"
–foreman-proxy-oauth-consumer-key
"WNhk9x8zxdxhxRUsagocAkmdTRtAD8Q"
–foreman-proxy-oauth-consumer-secret
"LqiNeGEbhxgxrex8AV6kqxXeiNCsyz7um"
–capsule-pulp-oauth-secret
"5rdFmrpSsxHXxsxdxJXacjyn9NCcAKi"
–capsule-certs-tar
"/root/capsule.dns1.xx.xxx.xxx-certs.tar"
–foreman-proxy-puppetca “false”
–foreman-proxy-puppet “false”
–foreman-proxy-http “false”
–foreman-proxy-templates “false”
–foreman-proxy-plugin-pulp-pulpnode-enabled “false”
–foreman-proxy-dhcp “true”
–foreman-proxy-dhcp-interface “ens3”
–foreman-proxy-dns “true”
–foreman-proxy-dns-interface “ens3”
=======================================================================
Here is the error:
Proxy dns1.yyy.yyy.yyy cannot be registered: Unable to communicate with
the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features
([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0
state=SSLv3 read server certificate B: certificate verif…) for proxy
https://dns1.yyy.yyy.yyy:9090/features Please check the proxy is configured
and running on the host.
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[dns1.yyy.yyy.yyy]/ensure:
change from absent to present failed: Proxy dns1.yyy.yyy.yyy cannot be
registered: Unable to communicate with the proxy: ERF12-2530
[ProxyAPI::ProxyException]: Unable to detect features
([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0
state=SSLv3 read server certificate B: certificate verif…) for proxy
https://dns1.yyy.yyy.yyy:9090/features Please check the proxy is configured
and running on the host.
Installing Done
[100%] […]
Something went wrong! Check the log for ERROR-level output
The full log is at /var/log/foreman-installer/capsule.log
Here is the proxy status:
[root@dns1 named]# systemctl status foreman-proxy
● foreman-proxy.service - Foreman Proxy
Loaded: loaded (/usr/lib/systemd/system/foreman-proxy.service; enabled;
vendor preset: disabled)
Active: active (running) since Wed 2017-02-08 16:33:31 EST; 1 day 18h ago
…
Here is the proxy showing the correct features:
[root@katello3 foreman-proxy]# wget https://dns1.xxx.xxx.xxx:9090/features
…
Saving to: ‘features’
…
[root@katello3 foreman-proxy]# cat features
[“dhcp”,“dns”]
Hi there
Did you have all the port needed open from Katello server to you capsule
and reverse?
Katello to Capsule ports
8443/tcp
443/tcp
9090/tcp
5647/tcp
Capsule to Katello Ports
443/tcp
5646/tcp
Also try without firewall enable on the machines and selinux disable this
normally indicate a firewall issue
···
On Friday, February 10, 2017 at 5:40:45 PHM UTC+1, Edson Manners wrote:
>
> I'm trying to add a DNS/DHCP capsule/proxy to a Katello 3.1 instance with
> custom web certs. I've tried using these instructions but they don't seem
> to help.
>
> http://projects.theforeman.org/issues/16620
>
> Definitey seems like a cert issue becasue of the custom Web Cert that
> we're running but I can't seem to get the proxy to connect. Any help
> pointing me int he right direction is appreciated.
>
> Here's what I do:
> =======================================================================
> 1. yum -y localinstall
> http://katello3.xxx.xxx.xxx/pub/katello-ca-consumer-latest.noarch.rpm
> 2. subscription-manager register --org "XXX" --environment
> "production/centos7"
>
>
> 3. foreman-installer --scenario capsule\
> --capsule-parent-fqdn
> "katello3.xxx.xxx.xxx"\
> --foreman-proxy-register-in-foreman "true"\
> --foreman-proxy-foreman-base-url "
> https://katello3.xxx.xxx.xxx"\
> --foreman-proxy-trusted-hosts
> "katello3.xxx.xxx.xxx"\
> --foreman-proxy-oauth-consumer-key
> "WNhk9x8zxdxhxRUsagocAkmdTRtAD8Q"\
> --foreman-proxy-oauth-consumer-secret
> "LqiNeGEbhxgxrex8AV6kqxXeiNCsyz7um"\
> --capsule-pulp-oauth-secret
> "5rdFmrpSsxHXxsxdxJXacjyn9NCcAKi"\
> --capsule-certs-tar
> "/root/capsule.dns1.xx.xxx.xxx-certs.tar"\
> --foreman-proxy-puppetca "false"\
> --foreman-proxy-puppet "false"\
> --foreman-proxy-http "false"\
> --foreman-proxy-templates "false"\
> --foreman-proxy-plugin-pulp-pulpnode-enabled "false"\
> --foreman-proxy-dhcp "true"\
> --foreman-proxy-dhcp-interface "ens3"\
> --foreman-proxy-dns "true"\
> --foreman-proxy-dns-interface "ens3"
> =======================================================================
>
> Here is the error:
> Proxy dns1.yyy.yyy.yyy cannot be registered: Unable to communicate with
> the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features
> ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0
> state=SSLv3 read server certificate B: certificate verif...) for proxy
> https://dns1.yyy.yyy.yyy:9090/features Please check the proxy is
> configured and running on the host.
> /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[dns1.yyy.yyy.yyy]/ensure:
> change from absent to present failed: Proxy dns1.yyy.yyy.yyy cannot be
> registered: Unable to communicate with the proxy: ERF12-2530
> [ProxyAPI::ProxyException]: Unable to detect features
> ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0
> state=SSLv3 read server certificate B: certificate verif...) for proxy
> https://dns1.yyy.yyy.yyy:9090/features Please check the proxy is
> configured and running on the host.
> Installing Done
> [100%] [...................................................................]
> Something went wrong! Check the log for ERROR-level output
> The full log is at /var/log/foreman-installer/capsule.log
>
>
> Here is the proxy status:
> [root@dns1 named]# systemctl status foreman-proxy
> ● foreman-proxy.service - Foreman Proxy
> Loaded: loaded (/usr/lib/systemd/system/foreman-proxy.service; enabled;
> vendor preset: disabled)
> Active: active (running) since Wed 2017-02-08 16:33:31 EST; 1 day 18h
> ago
> ...
>
> Here is the proxy showing the correct features:
> [root@katello3 foreman-proxy]# wget https://dns1.xxx.xxx.xxx:9090/features
> ...
> Saving to: ‘features’
> ...
> [root@katello3 foreman-proxy]# cat features
> ["dhcp","dns"]
>
Both SELinux and Firewalld were disabled during troubleshooting.
[root@dns1 dynamic]# getenforce
Permissive
[root@dns1 dynamic]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled;
vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
I'm pretty sure it's a cert issue as I can use wget:
'wget https://dns1.xxx.xxx.xxx:9090/features'
["dhcp","dns"]
···
On Saturday, February 11, 2017 at 3:14:43 PM UTC-5, Mario Gamboa wrote:
>
> Hi there
>
> Did you have all the port needed open from Katello server to you capsule
> and reverse?
>
> Katello to Capsule ports
> 8443/tcp
> 443/tcp
> 9090/tcp
> 5647/tcp
>
> Capsule to Katello Ports
> 443/tcp
> 5646/tcp
>
> Also try without firewall enable on the machines and selinux disable this
> normally indicate a firewall issue
>
> On Friday, February 10, 2017 at 5:40:45 PHM UTC+1, Edson Manners wrote:
>>
>> I'm trying to add a DNS/DHCP capsule/proxy to a Katello 3.1 instance with
>> custom web certs. I've tried using these instructions but they don't seem
>> to help.
>>
>> http://projects.theforeman.org/issues/16620
>>
>> Definitey seems like a cert issue becasue of the custom Web Cert that
>> we're running but I can't seem to get the proxy to connect. Any help
>> pointing me int he right direction is appreciated.
>>
>> Here's what I do:
>> =======================================================================
>> 1. yum -y localinstall
>> http://katello3.xxx.xxx.xxx/pub/katello-ca-consumer-latest.noarch.rpm
>> 2. subscription-manager register --org "XXX" --environment
>> "production/centos7"
>>
>>
>> 3. foreman-installer --scenario capsule\
>> --capsule-parent-fqdn
>> "katello3.xxx.xxx.xxx"\
>> --foreman-proxy-register-in-foreman "true"\
>> --foreman-proxy-foreman-base-url "
>> https://katello3.xxx.xxx.xxx"\
>> --foreman-proxy-trusted-hosts
>> "katello3.xxx.xxx.xxx"\
>> --foreman-proxy-oauth-consumer-key
>> "WNhk9x8zxdxhxRUsagocAkmdTRtAD8Q"\
>> --foreman-proxy-oauth-consumer-secret
>> "LqiNeGEbhxgxrex8AV6kqxXeiNCsyz7um"\
>> --capsule-pulp-oauth-secret
>> "5rdFmrpSsxHXxsxdxJXacjyn9NCcAKi"\
>> --capsule-certs-tar
>> "/root/capsule.dns1.xx.xxx.xxx-certs.tar"\
>> --foreman-proxy-puppetca "false"\
>> --foreman-proxy-puppet "false"\
>> --foreman-proxy-http "false"\
>> --foreman-proxy-templates "false"\
>> --foreman-proxy-plugin-pulp-pulpnode-enabled "false"\
>> --foreman-proxy-dhcp "true"\
>> --foreman-proxy-dhcp-interface "ens3"\
>> --foreman-proxy-dns "true"\
>> --foreman-proxy-dns-interface "ens3"
>> =======================================================================
>>
>> Here is the error:
>> Proxy dns1.yyy.yyy.yyy cannot be registered: Unable to communicate with
>> the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features
>> ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0
>> state=SSLv3 read server certificate B: certificate verif...) for proxy
>> https://dns1.yyy.yyy.yyy:9090/features Please check the proxy is
>> configured and running on the host.
>> /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[dns1.yyy.yyy.yyy]/ensure:
>> change from absent to present failed: Proxy dns1.yyy.yyy.yyy cannot be
>> registered: Unable to communicate with the proxy: ERF12-2530
>> [ProxyAPI::ProxyException]: Unable to detect features
>> ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0
>> state=SSLv3 read server certificate B: certificate verif...) for proxy
>> https://dns1.yyy.yyy.yyy:9090/features Please check the proxy is
>> configured and running on the host.
>> Installing Done
>> [100%] [...................................................................]
>> Something went wrong! Check the log for ERROR-level output
>> The full log is at /var/log/foreman-installer/capsule.log
>>
>>
>> Here is the proxy status:
>> [root@dns1 named]# systemctl status foreman-proxy
>> ● foreman-proxy.service - Foreman Proxy
>> Loaded: loaded (/usr/lib/systemd/system/foreman-proxy.service;
>> enabled; vendor preset: disabled)
>> Active: active (running) since Wed 2017-02-08 16:33:31 EST; 1 day 18h
>> ago
>> ...
>>
>> Here is the proxy showing the correct features:
>> [root@katello3 foreman-proxy]# wget
>> https://dns1.xxx.xxx.xxx:9090/features
>> ...
>> Saving to: ‘features’
>> ...
>> [root@katello3 foreman-proxy]# cat features
>> ["dhcp","dns"]
>>
>