Katello smart proxy issue

Problem: i am getting the below error while installing smart proxy for externat puppet master. Also can any one share the required options for external puppet masters for centrally located katello server which is also act as central ca authority for all masters.

[root@frm-server03 abrt]# foreman-installer --scenario foreman-proxy-content --help
/usr/share/gems/gems/kafo-2.1.0/lib/kafo/data_type.rb:31:in register_type': Data type Dhcp::Macaddress is already registered, cannot be re-registered (ArgumentError) from /usr/share/gems/gems/kafo-2.1.0/lib/kafo/data_type_parser.rb:22:in block in register’
from /usr/share/gems/gems/kafo-2.1.0/lib/kafo/data_type_parser.rb:20:in each' from /usr/share/gems/gems/kafo-2.1.0/lib/kafo/data_type_parser.rb:20:in register’
from /usr/share/gems/gems/kafo-2.1.0/lib/kafo/configuration.rb:352:in block (2 levels) in register_data_types' from /usr/share/gems/gems/kafo-2.1.0/lib/kafo/configuration.rb:351:in each’
from /usr/share/gems/gems/kafo-2.1.0/lib/kafo/configuration.rb:351:in block in register_data_types' from /usr/share/gems/gems/kafo-2.1.0/lib/kafo/configuration.rb:350:in each’
from /usr/share/gems/gems/kafo-2.1.0/lib/kafo/configuration.rb:350:in register_data_types' from /usr/share/gems/gems/kafo-2.1.0/lib/kafo/configuration.rb:97:in modules’
from /usr/share/gems/gems/kafo-2.1.0/lib/kafo/configuration.rb:216:in params' from /usr/share/gems/gems/kafo-2.1.0/lib/kafo/configuration.rb:226:in preset_defaults_from_puppet’
from /usr/share/gems/gems/kafo-2.1.0/lib/kafo/scenario_manager.rb:208:in load_and_setup_configuration' from /usr/share/gems/gems/kafo-2.1.0/lib/kafo/kafo_configure.rb:289:in set_parameters’
from /usr/share/gems/gems/kafo-2.1.0/lib/kafo/kafo_configure.rb:100:in initialize' from /usr/share/gems/gems/clamp-1.1.2/lib/clamp/command.rb:132:in new’
from /usr/share/gems/gems/clamp-1.1.2/lib/clamp/command.rb:132:in run' from /usr/share/gems/gems/kafo-2.1.0/lib/kafo/kafo_configure.rb:163:in run’
from /usr/sbin/foreman-installer:8:in `’
[root@frm-server03 abrt]#

Expected outcome: : It should install smart proxy for external puppet master

Foreman and Proxy versions: foreman - 1.18 and Ketello 3.7 on centos 7

Foreman and Proxy plugin versions:

Other relevant data: I want to setup my puppet master as an external server with my katello server. Katello will need to provide certificates for all puppet masters. If anyone can share the smart proxy options for it.
[e.g. logs from Foreman and/or the Proxy, modified templates, commands issued, etc]
(for logs, surround with three back-ticks to get proper formatting, e.g.)


I think there might be a regression where you can’t run --help for a different scenario than is already installed.

What is frm-server03 - is that your existing Katello server? The foreman-proxy-content scenario isn’t something that would be run from your katello server, but rather on the new proxy.

Foreman :: Plugin Manuals has the instructions on installing a external smart proxy for Katello.

Thanks for the response stephen. --help option start working after installing some more rpm’s. However i am stuck with some more issue while adding a puppet master as a smart proxy in my clustered katello instances.

Below is the setup detail i have installed.

  1. Two katello servers “frm-server01” and “frm-server02” installed with below options.

foreman-installer --scenario katello

  1. External postgresql database server “frm-db01” shared with both Katello instances.

    [root@frm-server01 ~]# PGPASSWORD=‘cadence’ psql -h frm-db01.cadence.com -p 5432 -U foreman -d foreman -c “SELECT 1 as ping”


(1 row)

[root@frm-server01 ~]# PGPASSWORD=‘cadence’ psql -h frm-db01.cadence.com -p 5432 -U candlepin -d candlepin -c “SELECT 1 as ping”


(1 row)

[root@frm-server01 ~]#

[root@frm-server02 ~]# PGPASSWORD=‘cadence’ psql -h frm-db01.cadence.com -p 5432 -U foreman -d foreman -c “SELECT 1 as ping”


(1 row)

[root@frm-server02 ~]# PGPASSWORD=‘cadence’ psql -h frm-db01.cadence.com -p 5432 -U candlepin -d candlepin -c “SELECT 1 as ping”


(1 row)

[root@frm-server02 ~]#

  1. frm-server03 is a external puppet master server that we are trying to add in katello as smart proxy. We generate the certificate in one katello instance frm-server01 and copied the tar file in puppet server as below.

[root@frm-server01 ~]# foreman-proxy-certs-generate --foreman-proxy-fqdn “frm-server03.cadence.com” --certs-tar “~/frm-server03.cadence.com-certs.tar”
Resetting puppet server version param…
Installing Done [100%] […]

To finish the installation, follow these steps:

If you do not have the smartproxy registered to the Katello instance, then please do the following:

  1. yum -y localinstall http://frm-server01.cadence.com/pub/katello-ca-consumer-latest.noarch.rpm
  2. subscription-manager register --org “Default_Organization”

Once this is completed run the steps below to start the smartproxy installation:

  1. Ensure that the foreman-installer-katello package is installed on the system.
  2. Copy the following file /root/frm-server03.cadence.com-certs.tar to the system frm-server03.cadence.com at the following location /root/frm-server03.cadence.com-certs.tar
    scp /root/frm-server03.cadence.com-certs.tar root@frm-server03.cadence.com:/root/frm-server03.cadence.com-certs.tar
  3. Run the following commands on the Foreman proxy (possibly with the customized
    parameters, see foreman-installer --scenario foreman-proxy-content --help and
    documentation for more info on setting up additional services):

foreman-installer --scenario foreman-proxy-content
–foreman-proxy-content-parent-fqdn “frm-server01.cadence.com
–foreman-proxy-register-in-foreman “true”
–foreman-proxy-foreman-base-url “https://frm-server01.cadence.com
–foreman-proxy-trusted-hosts “frm-server01.cadence.com
–foreman-proxy-trusted-hosts “frm-server03.cadence.com
–foreman-proxy-oauth-consumer-key “8MXTgCcd2CZwV7mkL8Gqw2itQWDogyxZ”
–foreman-proxy-oauth-consumer-secret “rVpxXkGSTeWCANw8pP9LAb9JZGtNDFpi”
–foreman-proxy-content-certs-tar “/root/frm-server03.cadence.com-certs.tar”
–puppet-server-foreman-url “https://frm-server01.cadence.com
The full log is at /var/log/foreman-installer/foreman-proxy-certs-generate.log
[root@frm-server01 ~]#

[root@frm-server01 ~]# scp /root/frm-server03.cadence.com-certs.tar root@frm-server03.cadence.com:/root/frm-server03.cadence.com-certs.tar
root@frm-server03.cadence.com’s password:
frm-server03.cadence.com-certs.tar 100% 164KB 164.4KB/s 00:00
[root@frm-server01 ~]#

  1. On Puppet Master server “frm-server03” installed the smart proxy as below:

[root@frm-server03 ~]# foreman-installer --scenario foreman-proxy-content\

                --foreman-proxy-content-parent-fqdn           "frm-server01.cadence.com"\
                --foreman-proxy-register-in-foreman           "true"\
                --foreman-proxy-foreman-base-url              "https://frm-server01.cadence.com"\
                --foreman-proxy-trusted-hosts                 "frm-server01.cadence.com"\
                --foreman-proxy-trusted-hosts                 "frm-server03.cadence.com"\
                --foreman-proxy-oauth-consumer-key            "8MXTgCcd2CZwV7mkL8Gqw2itQWDogyxZ"\
                --foreman-proxy-oauth-consumer-secret         "rVpxXkGSTeWCANw8pP9LAb9JZGtNDFpi"\
                --foreman-proxy-content-certs-tar             "/root/frm-server03.cadence.com-certs.tar"\
                --foreman-proxy-puppetca                      "false"\
                --enable-puppet                               "true"

Resetting puppet server version param…
Installing Done [100%] […]
The full log is at /var/log/foreman-installer/foreman-proxy-content.log
Upgrade Step: remove_legacy_mongo…
yum install -y -q rh-mongodb34-syspaths finished successfully!
[root@frm-server03 ~]#

  1. Now when i am trying to create a new smart proxy in katello web portal it througing the below errors.

Could you please help?

I think the smart proxy does exist, but is not available in for the current location and/or organization.

Its a completely new setup and i have not created any location or organisation yet. After installing, i am just trying to add puppet master as smart proxy in a default location only.

can anyone help please

Did you try to click on “Any Organisation” AND “Any location” in the upper menu.
I believe that by default this new smart proxy, is not assigned to any location/organisation, so it will not be shown as the “Default Org” is selected by default.

Thank you so much for the hint. I have now assigned the smart proxies to Default location.

But now the problem is every time when i am refersing the smart proxy page, the status is changing from red to green and then green to red. Attaching the screen shots of every refresh for the reference.

Setup is like below:

  1. frm-server01 and frm-server02 are the 2 katello instances with shared postgresql database and assigned behind the load balancer (https://foreman-poc.cadence.com)

  2. frm-server03 and noi-puppet are the 2 external puppet masters.

  3. For the puppet CA, I have installed both the katello servers with puppet CA to authenticate clients. And i think the certificates are conflicting between them due to which i am getting different status of smart proxies everytime when i am refreshing.

Could you please help how to deal with certificate authority to avoid conflicts? can i create a external puppet CA that authenticate all smart proxies including both katello instances? How?

I am trying to setup highly available centralized katello servers with multiple external puppet masters in distributed geo locations.

Please guide…

When installing a new proxy, is it principled to register against Default_Organization before
foreman-installer --scenario foreman-proxy-content … ?
I’ve created “my_organization” on katello server and registered proxy with it.
Is this wrong?