New Foreman Install Fail: no smart proxy created Foreman 2.5/Katello 4.1

hillonious · July 30, 2021, 4:44pm

Problem:
New foreman install attempt, foreman-installer fails due to smart-proxy not created

Multiple attempts created, starting from a VM snapshot first, same result each time

Expected outcome:
Installer completes without non zero return code

Foreman and Proxy versions:
Foreman 2.5

Foreman and Proxy plugin versions:
Katello 4.1

Distribution and version:
Centos 7
8 vCPUs, 24GB RAM

Other relevant data:
katello.log errors:

2021-07-30 15:43:10 [ERROR ] [configure] Error making POST request to Foreman at https://my-host/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::Exceptions::ReadTimeout]: Timed out reading data from server) for proxy https://my-host:9090/v2/features Please check the proxy is configured and running on the host.

2021-07-30 15:43:10 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[my-host]/ensure: change from 'absent' to 'present' failed: Error making POST request to Foreman at https://my-host/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::Exceptions::ReadTimeout]: Timed out reading data from server) for proxy https://my-host:9090/v2/features Please check the proxy is configured and running on the host

We have 5 foreman instances all created with the same ansible configuration management from the ground up (install and configure all including: ldap, subnets, products, repos, sync plans etc etc)

When we want to bump the version, we build something new to confirm working and then replace each instance. Inevitably a new install requires small tweaks but on this occasion, foreman-installer fails as the smart-proxy isn’t created.

I can’t see anything in the official centos katello install document that mentions that this is the default behaviour (smart-proxy not installed/created), reaching out here for the first time after trying to find out why this might now be missing.

I’ve dumped the foreman-installer full help options to see if any behaviour has been changed, but nothing stood out.

We are currently using the following installer cli command (double braces are substituted with real vars):

    foreman-installer --scenario katello --foreman-initial-admin-password "{{ foreman_admin_user_pass }}"
    --foreman-initial-organization {{ foreman_default_organisation }} --foreman-initial-location {{ ansible_local['site_name'] | upper }}
    --puppet-runmode none --puppet-server false --foreman-proxy-puppet false --foreman-proxy-puppetca false
    --certs-server-cert /etc/pki/tls/certs/{{ inventory_hostname }}.cer --certs-server-key /etc/pki/tls/private/{{ inventory_hostname }}.key
    --certs-server-ca-cert /etc/pki/ca-trust/source/anchors/OUR-ORG-CA-CHAIN.cer
    --foreman-proxy-dns false
    --foreman-proxy-tftp true
    --foreman-proxy-tftp-managed true
    --foreman-proxy-dhcp true --foreman-proxy-dhcp-managed true --foreman-proxy-dhcp-provider isc
    --foreman-proxy-dhcp-config /etc/dhcp/dhcpd.conf --foreman-proxy-dhcp-leases /var/lib/dhcpd/dhcpd.leases
    --foreman-proxy-dhcp-gateway {{ foreman_initial_subnet_gateway }}
    --foreman-proxy-dhcp-nameservers {{ foreman_dns_servers | join(',') }}
    --enable-foreman-plugin-ansible --enable-foreman-proxy-plugin-ansible
    --enable-foreman-plugin-remote-execution --enable-foreman-proxy-plugin-remote-execution-ssh

This has worked flawlessly (thanks) with the odd tweak over the last couple of years between versions, I’ve added --enable-foreman-proxy into the mix but we get the same result.

Any ideas, is there something that we missed?

hillonious · July 30, 2021, 5:50pm

FYI (reverting to a clean VM snapshot each time):

I’ve tested this now against 2.4/4.0 (same result)

I’ve tested against 2.2/3.17 (version we are currently on in prod), smart proxy is present as expected and installer returns rc 0

I’ll probably kick off another deployment for 2.3/3.18 (minor version bump) to confirm if that works as expected (smart proxy created)

I vaguely remember reading something a while back about a default behaviour changing (I hope it wasn’t smart proxy being disabled by default and I missed it), this may have been dhcp or tftp proxy options, however we are passing those proxy options to the installer

I expect it to be user error on our side unless I hear different but wanted to engage with the community. Thanks again for any help

hillonious · July 30, 2021, 9:02pm

2.3/3.18 install tested and smart proxy not created so fails with non zero rc, I suspect we are missing an installer option, or something else?

rainer_d · July 30, 2021, 9:18pm

/tmp noexec? (cannot be).

Special partitioning (I found this can somehow throw the installer off, though your error-message looks different than the one I got)

In any case, I’d wait for 4.1.2 (see other threads).
I certainly do…

hillonious · July 30, 2021, 9:32pm

Thanks @rainder_d but no we have defaults set for tmp (so noexec isn’t enabled):

/dev/mapper/vg_sys-lv_root /                       ext4    defaults        1 1
UUID=XXXXX /boot                   ext4    defaults        1 2
UUID=XXXXX          /boot/efi               vfat    defaults,uid=0,gid=0,umask=0077,shortname=winnt 0 0
/dev/mapper/vg_sys-lv_home /home                   ext4    defaults        1 2
/dev/mapper/vg_sys-lv_opt /opt                    ext4    defaults        1 2
/dev/mapper/vg_sys-lv_tmp /tmp                    ext4    defaults        1 2
/dev/mapper/vg_sys-lv_usr /usr                    ext4    defaults        1 2
/dev/mapper/vg_sys-lv_var /var                    ext4    defaults        1 2
UUID=XXXXX swap                    swap    defaults        0 0
/dev/mapper/vg_app-satellite /apps/satellite xfs defaults 1 2
/dev/mapper/vg_app-lv_pulp /var/lib/pulp xfs defaults 1 2
/dev/mapper/vg_app-lv_mongodb /var/lib/mongodb xfs defaults 1 2
/dev/mapper/vg_app-lv_pulp_cache /var/cache/pulp xfs defaults 1 2
/dev/mapper/vg_app-lv_squid_cache /var/spool/squid xfs defaults 1 2

Odd that anything after 2.2/3.17 our experience results in no smart-proxy created, I see foreman-proxy-content as an available scenario, but assume we shouldn’t have to install that unless we wanted an external proxy.

hillonious · July 30, 2021, 9:41pm

Example of 2.3/3.18 earlier as a test (including some logging before and after the failure):

2021-07-30 18:21:04 [NOTICE] [configure] 2700 out of 2767 done.

2021-07-30 18:23:21 [ERROR ] [configure] Proxy my-host cannot be registered: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::Exceptions::ReadTimeout]: Timed out reading data from server) for proxy https://my-host:9090/v2/features Please check the proxy is configured and running on the host.

2021-07-30 18:23:21 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[my-host]/ensure: change from 'absent' to 'present' failed: Proxy my-host cannot be registered: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::Exceptions::ReadTimeout]: Timed out reading data from server) for proxy https://my-host:9090/v2/features Please check the proxy is configured and running on the host.

2021-07-30 18:23:31 [NOTICE] [configure] System configuration has finished.
2021-07-30 18:23:31 [NOTICE] [post] Executing hooks in group post
2021-07-30 18:23:31 [NOTICE] [post] All hooks in group post finished

rainer_d · July 30, 2021, 10:56pm

Can you do an install with just / /tmp /var/lib/pulp ?
And no lvm except for pulp.

gvde · July 31, 2021, 5:11am

Did you check whether a process is listening on port 9090?

# netstat -lntp | fgrep :9090

Is the foreman-proxy service running?

# systemctl status foreman-proxy.service

hillonious · August 2, 2021, 7:54am

@gvde Sorry for the delay over the weekend, yes 9090 port is up (binding on all interfaces 0.0.0.0) and foreman-proxy service is actively running.

Foreman UI however (https://foreman-host/smart_proxies) reports no smart proxy present and the installer throws non zero return code.

hillonious · August 2, 2021, 7:59am

@rainer_d Yes I could do (build without LVM), that’s our standard build that works with 2.2/3.17 but if we think that is worth trying, happy to do that

gvde · August 2, 2021, 8:46am

It’s much easier to check if you post the actual output of those commands. Please post the output of both commands.

And also run:

$ curl https://foreman-host.example.com:9090/features

and post the output. Run this on the foreman server/smart proxy itself and from a remote server.

hillonious · August 2, 2021, 9:15am

$ curl https://my-host:9090/features
[“ansible”,“dhcp”,“dynflow”,“httpboot”,“logs”,“pulp”,“pulpcore”,“registration”,“ssh”,“tftp”]

Same both on the host and externally

FYI: This is using 2.3/3.18, I can switch back to the other builds to test fairly quickly if required

gvde · August 2, 2021, 9:43am

You need to run all those commands on the server on which you get those errors when running foreman-installer.

hillonious · August 2, 2021, 9:50am

Thanks @gvde, sorry did I miss something? That output is from the foreman server with the issue both on the server and remotely (the output is identical and I’ve substituted the FQDN)

hillonious · August 2, 2021, 9:56am

foreman-service output:

● foreman-proxy.service - Foreman Proxy
   Loaded: loaded (/usr/lib/systemd/system/foreman-proxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2021-07-30 18:21:16 UTC; 2 days ago
 Main PID: 61530 (ruby)
   CGroup: /system.slice/foreman-proxy.service
           └─61530 ruby /usr/share/foreman-proxy/bin/smart-proxy --no-daemonize

Aug 02 09:11:46 my-host smart-proxy[61530]: 10.64.184.13 - - [02/Aug/2021:09:11:46 UT...27
Aug 02 09:11:46 my-host smart-proxy[61530]: - -> /
Aug 02 09:12:20 my-host smart-proxy[61530]: 10.64.184.13 - - [02/Aug/2021:09:12:20 UT...27
Aug 02 09:12:20 my-host smart-proxy[61530]: - -> /
Aug 02 09:12:29 my-host smart-proxy[61530]: 10.64.184.13 - - [02/Aug/2021:09:12:29 UT...92
Aug 02 09:12:29 my-host smart-proxy[61530]: - -> /features
Aug 02 09:14:44 my-host smart-proxy[61530]: 10.64.133.227 - - [02/Aug/2021:09:14:44 U...92
Aug 02 09:14:44 my-host smart-proxy[61530]: - -> /features
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
Hint: Some lines were ellipsized, use -l to show in full

netstat:

$ sudo netstat -lntp | fgrep :9090
tcp        0      0 0.0.0.0:9090            0.0.0.0:*               LISTEN      61530/ruby
tcp6       0      0 :::9090                 :::*                    LISTEN      61530/ruby

gvde · August 2, 2021, 10:06am

Well, in the beginning you write about 2.5/4.1 and it’s a little bit confusing to follow you if you keep switching versions.

So on this server, if you are running “foreman-installer” (with no options) you get the error you have posted in the beginning?

And it’s the only error you get during your foreman-installer run?

You have never installed any other scenario but the katello scenario on that server?

What do you get if you access the v2 features?

# curl  --cert /etc/foreman/client_cert.pem --key /etc/foreman/client_key.pem 'https://foreman.example.com:9090/v2/features'

my-host is your full host name and it only resolves to the IP address of this server and you don’t have anything different in your DNS or /etc/hosts on that server?

hillonious · August 2, 2021, 10:08am

Oh no! So sorry @gvde I thought you were referring to the curl command not the literal foreman-installer command, I’ll deploy 2.5/4.1 again and share the foreman-installer command output as soon as I reach the same state again, hopefully less than 1 hour

hillonious · August 2, 2021, 10:20am

Just to clarify, we want to install 2.5/4.1 but see the same foreman-installer smart proxy issue on 2.3/3.18 and 2.4/4.0 (sorry, was trying to be helpful by trying to confirm if the issue I’m seeing exists on older releases)

2.2/3.17 works without seeing this issue (smart proxy created and foreman-installer return with 0 rc)

All installs attempted with the foreman-installer options in this issues summary:

foreman-installer --scenario katello --foreman-initial-admin-password "{{ foreman_admin_user_pass }}"
    --foreman-initial-organization {{ foreman_default_organisation }} --foreman-initial-location {{ ansible_local['site_name'] | upper }}
    --puppet-runmode none --puppet-server false --foreman-proxy-puppet false --foreman-proxy-puppetca false
    --certs-server-cert /etc/pki/tls/certs/{{ inventory_hostname }}.cer --certs-server-key /etc/pki/tls/private/{{ inventory_hostname }}.key
    --certs-server-ca-cert /etc/pki/ca-trust/source/anchors/OUR-ORG-CA-CHAIN.cer
    --foreman-proxy-dns false
    --foreman-proxy-tftp true
    --foreman-proxy-tftp-managed true
    --foreman-proxy-dhcp true --foreman-proxy-dhcp-managed true --foreman-proxy-dhcp-provider isc
    --foreman-proxy-dhcp-config /etc/dhcp/dhcpd.conf --foreman-proxy-dhcp-leases /var/lib/dhcpd/dhcpd.leases
    --foreman-proxy-dhcp-gateway {{ foreman_initial_subnet_gateway }}
    --foreman-proxy-dhcp-nameservers {{ foreman_dns_servers | join(',') }}
    --enable-foreman-plugin-ansible --enable-foreman-proxy-plugin-ansible
    --enable-foreman-plugin-remote-execution --enable-foreman-proxy-plugin-remote-execution-ssh

I haven’t ran foreman-installer with no options, but if desired can do and report the output

I’m redeploying 2.5/4/1 now and will share output for:

foreman-proxy service
netstat for 9090
curl for my-host:9090/features from foreman and remotely
curl --cert /etc/foreman/client_cert.pem --key /etc/foreman/client_key.pem 'https://foreman.example.com:9090/v2/features'

my-host is a substitution for our host + company fqdn, this host is in DNS and resolvable (the logs show the real FQDN), I can put the real unsubstituted output if desired

hillonious · August 2, 2021, 11:16am

Hopefully I have all the detail required @gvde (sorry for any prior confusion I was adding to the matter).

I’ve reverted our VM snapshot (with the fstab detailed above, LVM still enabled) and attempted a fresh install of 2.5/4.1

foreman-proxy systemd status:

# systemctl status foreman-proxy -l
● foreman-proxy.service - Foreman Proxy
   Loaded: loaded (/usr/lib/systemd/system/foreman-proxy.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/foreman-proxy.service.d
           └─90-limits.conf
   Active: active (running) since Mon 2021-08-02 10:56:07 UTC; 6min ago
 Main PID: 58916 (ruby)
   CGroup: /system.slice/foreman-proxy.service
           └─58916 ruby /usr/share/foreman-proxy/bin/smart-proxy --no-daemonize

Aug 02 10:56:05 xv-sat001.uk2.scp.bskyb.com smart-proxy[58916]: Your Gemfile lists the gem rsec (< 1) more than once.
Aug 02 10:56:05 xv-sat001.uk2.scp.bskyb.com smart-proxy[58916]: You should probably keep only one of them.
Aug 02 10:56:05 xv-sat001.uk2.scp.bskyb.com smart-proxy[58916]: Remove any duplicate entries and specify the gem only once.
Aug 02 10:56:05 xv-sat001.uk2.scp.bskyb.com smart-proxy[58916]: While it's not a problem now, it could cause errors if you change the version of one of them later.
Aug 02 10:56:07 xv-sat001.uk2.scp.bskyb.com systemd[1]: Started Foreman Proxy.
Aug 02 10:56:15 xv-sat001.uk2.scp.bskyb.com smart-proxy[58916]: /opt/theforeman/tfm/root/usr/share/gems/gems/sequel-5.42.0/lib/sequel/adapters/sqlite.rb:114: warning: rb_check_safe_obj will be removed in Ruby 3.0
Aug 02 10:58:15 xv-sat001.uk2.scp.bskyb.com smart-proxy[58916]: 10.64.184.13 - - [02/Aug/2021:10:56:15 UTC] "GET /v2/features HTTP/1.1" 200 0
Aug 02 10:58:15 xv-sat001.uk2.scp.bskyb.com smart-proxy[58916]: - -> /v2/features
Aug 02 10:59:15 xv-sat001.uk2.scp.bskyb.com smart-proxy[58916]: 10.64.184.13 - - [02/Aug/2021:10:57:15 UTC] "GET /v2/features HTTP/1.1" 200 0
Aug 02 10:59:15 xv-sat001.uk2.scp.bskyb.com smart-proxy[58916]: - -> /v2/features

netstat -lntp | fgrep :9090:

# netstat -lntp | fgrep :9090
tcp        0      0 0.0.0.0:9090            0.0.0.0:*               LISTEN      58916/ruby
tcp6       0      0 :::9090                 :::*                    LISTEN      58916/ruby

curl from foreman for :9090/features:

# curl https://xv-sat001.uk2.scp.bskyb.com:9090/features
["ansible","dhcp","dynflow","logs","pulpcore","registration","ssh","tftp"]

curl remote for :9090/features:

$ curl https://xv-sat001.uk2.scp.bskyb.com:9090/features
["ansible","dhcp","dynflow","logs","pulpcore","registration","ssh","tftp"]

curl from foreman :9090/v2/features with key and cert (takes a while to complete, time added to illustrate):

# time curl --cert /etc/foreman/client_cert.pem --key /etc/foreman/client_key.pem 'https://xv-sat001.uk2.scp.bskyb.com:9090/v2/features'

{"dynflow":{"http_enabled":false,"https_enabled":true,"settings":{},"state":"running","capabilities":[]},"pulpcore":{"http_enabled":false,"https_enabled":true,"settings":{"pulp_url":"https://xv-sat001.uk2.scp.bskyb.com","mirror":false,"content_app_url":"https://xv-sat001.uk2.scp.bskyb.com/pulp/content","username":null,"password":null},"state":"running","capabilities":[]},"ssh":{"http_enabled":false,"https_enabled":true,"settings":{},"state":"running","capabilities":[]},"ansible":{"http_enabled":false,"https_enabled":true,"settings":{},"state":"running","capabilities":[]},"facts":{"http_enabled":false,"https_enabled":false,"settings":{},"state":"disabled","capabilities":[]},"dns":{"http_enabled":false,"https_enabled":false,"settings":{"use_provider":null},"state":"disabled","capabilities":[]},"templates":{"http_enabled":false,"https_enabled":false,"settings":{"template_url":null},"state":"disabled","capabilities":[]},"tftp":{"http_enabled":false,"https_enabled":true,"settings":{"tftp_servername":null},"state":"running","capabilities":[]},"dhcp":{"http_enabled":false,"https_enabled":true,"settings":{"use_provider":"dhcp_isc"},"state":"running","capabilities":["dhcp_filename_hostname","dhcp_filename_ipv4"]},"puppetca":{"http_enabled":false,"https_enabled":false,"settings":{"use_provider":null},"state":"disabled","capabilities":[]},"puppet":{"http_enabled":false,"https_enabled":false,"settings":{"use_provider":null},"state":"disabled","capabilities":[]},"bmc":{"http_enabled":false,"https_enabled":false,"settings":{},"state":"disabled","capabilities":["redfish","shell","ssh"]},"realm":{"http_enabled":false,"https_enabled":false,"settings":{"use_provider":null},"state":"disabled","capabilities":[]},"logs":{"http_enabled":false,"https_enabled":true,"settings":{},"state":"running","capabilities":[]},"httpboot":{"http_enabled":false,"https_enabled":false,"settings":{"http_port":null,"https_port":null},"state":"disabled","capabilities":[]},"registration":{"http_enabled":false,"https_enabled":true,"settings":{},"state":"running","capabilities":[]}}
real	2m0.461s
user	0m0.198s
sys	0m0.099s

katello.log ERROR grep:

# grep -B 5 ERROR /var/log/foreman-installer/katello.log
2021-08-02 10:29:08 [INFO  ] [root] ... finished loading default values from puppet modules.
2021-08-02 10:29:08 [INFO  ] [pre_values] Executing hooks in group pre_values
2021-08-02 10:29:08 [INFO  ] [pre_values] All hooks in group pre_values finished
2021-08-02 10:29:08 [DEBUG ] [root] Running installer with args [["--scenario", "katello", "--foreman-initial-admin-password", "SECRET-HERE", "--puppet-runmode", "none", "--puppet-server", "false", "--foreman-proxy-puppet", "false", "--foreman-proxy-puppetca", "false", "--foreman-initial-organization", "Sky", "--foreman-initial-location", "UK2", "--certs-server-cert", "/etc/pki/tls/certs/xv-sat001.uk2.scp.bskyb.com.cer", "--certs-server-key", "/etc/pki/tls/private/xv-sat001.uk2.scp.bskyb.com.key", "--certs-server-ca-cert", "/etc/pki/ca-trust/source/anchors/NEW-BSKYB-CA-CHAIN.cer", "--foreman-proxy-dns", "false", "--foreman-proxy-tftp", "true", "--foreman-proxy-tftp-managed", "true", "--foreman-proxy-dhcp", "true", "--foreman-proxy-dhcp-managed", "true", "--foreman-proxy-dhcp-provider", "isc", "--foreman-proxy-dhcp-config", "/etc/dhcp/dhcpd.conf", "--foreman-proxy-dhcp-leases", "/var/lib/dhcpd/dhcpd.leases", "--foreman-proxy-dhcp-gateway", "10.64.187.254", "--foreman-proxy-dhcp-nameservers", "10.64.133.93,10.64.132.32", "--enable-foreman-plugin-ansible", "--enable-foreman-proxy-plugin-ansible", "--enable-foreman-plugin-remote-execution", "--enable-foreman-proxy-plugin-remote-execution-ssh"]]
2021-08-02 10:29:08 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2021-08-02 10:29:08 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
--
2021-08-02 10:38:56 [INFO  ] [configure] +pinsetter.org.candlepin.pinsetter.tasks.ExpiredPoolsJob.schedule=0 0 0 * * ?
2021-08-02 10:38:56 [INFO  ] [configure] +
2021-08-02 10:38:56 [INFO  ] [configure] +pinsetter.org.candlepin.pinsetter.tasks.CertificateRevocationListTask.schedule=0 0 0 1 1 ?
2021-08-02 10:38:56 [INFO  ] [configure] +
2021-08-02 10:38:56 [INFO  ] [configure] +# Required for https://hibernate.atlassian.net/browse/HHH-12927
2021-08-02 10:38:56 [INFO  ] [configure] +log4j.logger.org.hibernate.internal.SessionImpl=ERROR
--
2021-08-02 10:38:58 [INFO  ] [configure] # Log configuration
2021-08-02 10:38:58 [INFO  ] [configure] # Uncomment and modify if you want to change the location of the log file or use STDOUT or SYSLOG values
2021-08-02 10:38:58 [INFO  ] [configure] -#:log_file: /var/log/foreman-proxy/proxy.log
2021-08-02 10:38:58 [INFO  ] [configure] +:log_file: /var/log/foreman-proxy/proxy.log
2021-08-02 10:38:58 [INFO  ] [configure] # Uncomment and modify if you want to change the log level
2021-08-02 10:38:58 [INFO  ] [configure] # WARN, DEBUG, ERROR, FATAL, INFO, UNKNOWN
--
2021-08-02 10:56:07 [DEBUG ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[xv-sat001.uk2.scp.bskyb.com]: Starting to evaluate the resource (2431 of 2455)
2021-08-02 10:56:07 [DEBUG ] [configure] Foreman_smartproxy[xv-sat001.uk2.scp.bskyb.com](provider=rest_v3): Making get request to https://xv-sat001.uk2.scp.bskyb.com/api/v2/smart_proxies?search=name%3D%22xv-sat001.uk2.scp.bskyb.com%22
2021-08-02 10:56:15 [DEBUG ] [configure] Foreman_smartproxy[xv-sat001.uk2.scp.bskyb.com](provider=rest_v3): Received response 200 from request to https://xv-sat001.uk2.scp.bskyb.com/api/v2/smart_proxies?search=name%3D%22xv-sat001.uk2.scp.bskyb.com%22
2021-08-02 10:56:15 [DEBUG ] [configure] Foreman_smartproxy[xv-sat001.uk2.scp.bskyb.com](provider=rest_v3): Making post request to https://xv-sat001.uk2.scp.bskyb.com/api/v2/smart_proxies
2021-08-02 10:58:15 [DEBUG ] [configure] Foreman_smartproxy[xv-sat001.uk2.scp.bskyb.com](provider=rest_v3): Received response 422 from request to https://xv-sat001.uk2.scp.bskyb.com/api/v2/smart_proxies
2021-08-02 10:58:15 [ERROR ] [configure] Error making POST request to Foreman at https://xv-sat001.uk2.scp.bskyb.com/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::Exceptions::ReadTimeout]: Timed out reading data from server) for proxy https://xv-sat001.uk2.scp.bskyb.com:9090/v2/features Please check the proxy is configured and running on the host.
2021-08-02 10:58:15 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[xv-sat001.uk2.scp.bskyb.com]/ensure: change from 'absent' to 'present' failed: Error making POST request to Foreman at https://xv-sat001.uk2.scp.bskyb.com/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::Exceptions::ReadTimeout]: Timed out reading data from server) for proxy https://xv-sat001.uk2.scp.bskyb.com:9090/v2/features Please check the proxy is configured and running on the host

We’re defining a custom-hiera.yml too that I can share if helpful

hillonious · August 2, 2021, 11:29am

Running just foreman-installer after the attempt detailed above, yields what looks like the same error:

# foreman-installer
2021-08-02 11:23:57 [NOTICE] [root] Loading installer configuration. This will take some time.
2021-08-02 11:24:03 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2021-08-02 11:24:03 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
Executing: katello-certs-check -c "/etc/pki/tls/certs/xv-sat001.uk2.scp.bskyb.com.cer" -k "/etc/pki/tls/private/xv-sat001.uk2.scp.bskyb.com.key" -b "/etc/pki/ca-trust/source/anchors/NEW-BSKYB-CA-CHAIN.cer"
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Checking server certificate encoding: [OK]

Checking expiration of certificate: [OK]

Checking expiration of CA bundle: [OK]

Checking if server certificate has CA:TRUE flag [OK]

Checking for private key passphrase: [OK]

Checking to see if the private key matches the certificate: [OK]

Checking CA bundle against the certificate file: [OK]

Checking CA bundle size: 2
[OK]

Checking Subject Alt Name on certificate [OK]

Checking if any Subject Alt Name on certificate matches the Subject CN
[OK]

Checking Key Usage extension on certificate for Key Encipherment [OK]

Checking for use of shortname as CN
[OK]

Validation succeeded


To install the Katello server with the custom certificates, run:

    foreman-installer --scenario katello \
                      --certs-server-cert "/etc/pki/tls/certs/xv-sat001.uk2.scp.bskyb.com.cer" \
                      --certs-server-key "/etc/pki/tls/private/xv-sat001.uk2.scp.bskyb.com.key" \
                      --certs-server-ca-cert "/etc/pki/ca-trust/source/anchors/NEW-BSKYB-CA-CHAIN.cer"

To update the certificates on a currently running Katello installation, run:

    foreman-installer --scenario katello \
                      --certs-server-cert "/etc/pki/tls/certs/xv-sat001.uk2.scp.bskyb.com.cer" \
                      --certs-server-key "/etc/pki/tls/private/xv-sat001.uk2.scp.bskyb.com.key" \
                      --certs-server-ca-cert "/etc/pki/ca-trust/source/anchors/NEW-BSKYB-CA-CHAIN.cer" \
                      --certs-update-server --certs-update-server-ca

To use them inside a NEW $FOREMAN_PROXY, rerun this command with -t foreman-proxy
2021-08-02 11:24:13 [NOTICE] [configure] Starting system configuration.
2021-08-02 11:24:34 [NOTICE] [configure] 250 configuration steps out of 2427 steps complete.
2021-08-02 11:24:36 [NOTICE] [configure] 500 configuration steps out of 2427 steps complete.
2021-08-02 11:25:33 [NOTICE] [configure] 750 configuration steps out of 2429 steps complete.
2021-08-02 11:25:37 [NOTICE] [configure] 1000 configuration steps out of 2432 steps complete.
2021-08-02 11:25:37 [NOTICE] [configure] 1250 configuration steps out of 2436 steps complete.
2021-08-02 11:25:39 [NOTICE] [configure] 1500 configuration steps out of 2441 steps complete.
2021-08-02 11:25:39 [NOTICE] [configure] 1750 configuration steps out of 2441 steps complete.
2021-08-02 11:25:40 [NOTICE] [configure] 2000 configuration steps out of 2441 steps complete.
2021-08-02 11:26:17 [NOTICE] [configure] 2250 configuration steps out of 2441 steps complete.
2021-08-02 11:28:36 [ERROR ] [configure] Error making POST request to Foreman at https://xv-sat001.uk2.scp.bskyb.com/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::Exceptions::ReadTimeout]: Timed out reading data from server) for proxy https://xv-sat001.uk2.scp.bskyb.com:9090/v2/features Please check the proxy is configured and running on the host.
2021-08-02 11:28:36 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[xv-sat001.uk2.scp.bskyb.com]/ensure: change from 'absent' to 'present' failed: Error making POST request to Foreman at https://xv-sat001.uk2.scp.bskyb.com/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::Exceptions::ReadTimeout]: Timed out reading data from server) for proxy https://xv-sat001.uk2.scp.bskyb.com:9090/v2/features Please check the proxy is configured and running on the host.
2021-08-02 11:28:39 [NOTICE] [configure] System configuration has finished.

  There were errors detected during install.
  Please address the errors and re-run the installer to ensure the system is properly configured.
  Failing to do so is likely to result in broken functionality.

  The full log is at /var/log/foreman-installer/katello.log