New installation of Foreman 1.7 on CentOS 7. Does not appear web page is available, is no response

New installation of Foreman 1.7 on CentOS 7. Does not appear web page is
available, is no response. Ran debug script for foreman, uploaded file
[foreman-debug-fQ6SA]. Installation steps followed via the latest Foreman
Manual:

Installation

  1. Install CentOS Net Install (Minimum Installation)
  2. yum bind-utils net-tools nano (To validate DNS, Network Configuration,
    etc.)
  3. yum update
  4. rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
  5. yum -y install epel-release
    http://yum.theforeman.org/releases/1.7/el7/x86_64/foreman-release.rpm
  6. yum -y install foreman-installer
  7. foreman-installer
    (Successful no errors)

Puppet NTP Module

  1. puppet module install -i /etc/puppet/environments/production/modules
    saz/ntp

Configuration

  1. foreman-rake db:migrate
  2. foreman-rake db:seed
  3. nano /etc/foreman/settings.yaml
    :require_ssl: false (Disable Certificate Requirement For Now)
  4. reboot
  5. netstat -tan
    (Nothing appears to be listening on port 3000)

Test

curl -k -H "Accept: application/json" http://instance:3000/status

curl: (7) Failed connect to instance:3000; Operation now in progress

Given the 10s of logs and other locations to check, looking for assistance
on how to track down root cause for issue, of why appears foreman is not
responding to web page.

The test case per the documentation is to test port 3000, manual says after
foreman installation is done, use URL https://<server fqdn>:3000 to test
connection.

curl -k -H "Accept: application/json" http://<server fqdn>:3000/status
curl: (7) Failed connect to foreman.dachshund-digital.org:3000; Connection
refused

I disabled SELinux and I re-ran the installer, did the test again (this
time using the server FQDN and now I get connection refused, rather than
connection timeout, which makes a bit more sense.

But to your point, I tried http://<server fqdn> and https://<server fqdn>,
and still get a timeout error from browser.

>
> New installation of Foreman 1.7 on CentOS 7. Does not appear web page is
available, is no response. Ran debug script for foreman, uploaded file
[foreman-debug-fQ6SA]. Installation steps followed via the latest Foreman
Manual:
>
> Installation
>
> 1) Install CentOS Net Install (Minimum Installation)
> 2) yum bind-utils net-tools nano (To validate DNS, Network Configuration,
etc.)
> 3) yum update
> 4) rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
> 5) yum -y install epel-release
http://yum.theforeman.org/releases/1.7/el7/x86_64/foreman-release.rpm
> 6) yum -y install foreman-installer
> 7) foreman-installer
> (Successful no errors)
>
> Puppet NTP Module
>
> 1) puppet module install -i /etc/puppet/environments/production/modules
saz/ntp
>
> Configuration
>
> 1) foreman-rake db:migrate
> 2) foreman-rake db:seed
> 3) nano /etc/foreman/settings.yaml
> :require_ssl: false (Disable Certificate Requirement For Now)
> 4) reboot
> 5) netstat -tan
> (Nothing appears to be listening on port 3000)
>
> Test
>
> # curl -k -H "Accept: application/json" http://instance:3000/status
> curl: (7) Failed connect to instance:3000; Operation now in progress
>
> Given the 10s of logs and other locations to check, looking for
assistance on how to track down root cause for issue, of why appears
foreman is not responding to web page.

Why port 3000? It defaults to 443 or port 80.

Ohad
>
>
> –
> You received this message because you are subscribed to the Google Groups
"Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.

··· On Dec 24, 2014 9:28 PM, "Schorschi Decker" wrote: > To post to this group, send email to foreman-users@googlegroups.com. > Visit this group at http://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout.

Yes! After I posted my question, I started working down the list of
possible issues, SELinux, Firewall, etc. and it was the firewall. Given
this is CentOS 7, and being more familiar with the older IPtables setup,
took a bit to get familiar with Firewalld methods, but got it straightened
out. Thanks for the confirmation and assistance greatly appreciated.

The Foreman troubleshooting obviously has an error, the test curl example
references port 3000, this did not seem wrong at first glance but it
obvious is, and you pointed this out as well int this discussion. Direct
cut/paste from the wiki troubleshooting guide…

Is my Foreman instance running?

There is simple status service that returns JSON with "result" message "ok"
when the instance is up and running. It also "pings" database and returns
lag. Example:

$ curl -k -H "Accept: application/json" http://instance:3000/status
{"status":200,"result":"ok","db_duration_ms":"5"}

Reference…
http://projects.theforeman.org/projects/1/wiki/Troubleshooting

Where the following is not correct…

"curl -k -H "Accept: application/json" http://instance:3000/status"

When the correct reference is…

"curl -k -H "Accept: application/json" http://instance/status"

Where 'instance' is the Foreman server (fqdn) in question. Who or whom
updates the wiki, needs to correct this error.

Oh, and I did find one other minor quirk, the default CentOS mirror
configuration in Foreman assumes $major.$minor, but most CentOS mirrors
only list $major given 7.0. So simple add of additional media source in
Foreman where the URL references only $major did the trick.

Now just need to reconfigure foreman to leverage our existing DHCP, DNS,
and (maybe) TFTP servers, although letting Foreman own its own TFTP server
has some benefits. :slight_smile:

Long-term we plan to use Foreman to integrate into VMware AutoDeploy, so we
can also deploy ESXi (stateless and stateful) instances to bare metal.
Only trick seems to be how we get foreman to setup the VMware AutoDeploy
rules, since AutoDeploy is Windows based, and Foreman Linux based, should
be doable but will be a bit of work. Foreman will need to do some type of
prescript tasking for staging the AutoDeploy rule.

> The test case per the documentation is to test port 3000, manual says
> after foreman installation is done, use URL https://<server fqdn>:3000 to
> test connection.
>
> curl -k -H "Accept: application/json" http://<server fqdn>:3000/status
> curl: (7) Failed connect to foreman.dachshund-digital.org:3000;
> Connection refused
>
> I disabled SELinux and I re-ran the installer, did the test again (this
> time using the server FQDN and now I get connection refused, rather than
> connection timeout, which makes a bit more sense.
>
> But to your point, I tried http://<server fqdn> and https://<server
> >, and still get a timeout error from browser.
>

I've looked at your foreman-debug output, and it looks like your firewall
is simply blocking the connection.

Ohad

··· On Wed, Dec 24, 2014 at 9:46 PM, Schorschi Decker wrote:


You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.