Hello, I've run into an issue where after upgrading a working katello 3.2
system to 3.3 I get the following error when attempting to publish a
content view.
There was an issue with the backend service pulp: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify failed
When the system was running katello 3.2 I rand the following to get the
custom signed ssl certs to work.
foreman-installer --scenario katello --certs-server-cert
/etc/pki/tls/certs/il-foreman1_slc_westdc_net.crt --certs-server-cert-req
/etc/pki/tls/private/il-foreman1.slc.westdc.net.csr --certs-server-key
/etc/pki/tls/private/il-foreman1.slc.westdc.net.key --certs-server-ca-cert
/etc/pki/tls/certs/comodo-ca-bundle.crt --certs-server-ca-name comodo-ca
–certs-update-server --certs-update-server-ca
To fix problems with candlepin I did the following found
via Bug #16620: custom certificates do not work out-of-the box on katello 3.1 - Katello - Foreman
Copy /root/ssl-build/katello-default-ca.crt to
/etc/pki/ca-trust/source/anchors/ and rebuild the openssl ca certs with
update-ca-trust. Due to chicken-and-egg issue, this may prevent a clean
install using custom certs. After performing these steps, re-run the
installer. It should complete correctly the second time through.
I've attempted both of theses steps along with the second fix on the above
url for issue 16620 without any success. I see the following details in
the /etc/foreman/plugins/katello.yaml
File managed with puppet
Module: puppet-katello
:katello:
:rest_client_timeout: 3600
:post_sync_url:
https://il-foreman1.domain.net/katello/api/v2/repositories/sync_complete?token=gQ7efFZPwo8oWXg9abmdG3v8gkY29fcs
:candlepin:
:url: https://il-foreman1.domain.net:8443/candlepin
:oauth_key: katello
:oauth_secret: qXZyiEhe8WqoCeTtPJqhpUGCPV65GmeL
:ca_cert_file: /etc/pki/katello/certs/katello-default-ca.crt
:pulp:
:url: https://il-foreman1.domain.net/pulp/api/v2/
:oauth_key: katello
:oauth_secret: qXZyiEhe8WqoCeTtPJqhpUGCPV65GmeL
:ca_cert_file: /etc/pki/katello/certs/katello-default-ca.crt
:qpid:
:url: amqp:ssl:localhost:5671
:subscriptions_queue_address: katello_event_queue
I'm not sure what additional information to provide to help identify the
problem here. Any ideas what to try/do next?
Thanks