New proxy installation error

Support
, ,
1

trying to install a standalone smart proxy got this errors :

Problem:
foreman-installer --no-enable-foreman --no-enable-foreman-cli --no-enable-foreman-cli-puppet --no-enable-puppet --enable-foreman-proxy --foreman-proxy-foreman-base-url=https://10.28.236.1/ --foreman-proxy-oauth-consumer-key=QSF3Zmj3gp6pK483TbMsEfTaGHiewCuN --foreman-proxy-oauth-consumer-secret=Z9spiiWRLSG5D326bNdXWGpMjMt4uHc2 --no-enable-foreman-plugin-puppet --no-enable-foreman-cli-puppet
2023-04-12 10:39:04 [WARN ] [boot] [“Unsetting environment variable ‘http_proxy’ for the duration of the install.”]
2023-04-12 10:39:04 [WARN ] [boot] [“Unsetting environment variable ‘https_proxy’ for the duration of the install.”]
2023-04-12 10:39:04 [NOTICE] [root] Loading installer configuration. This will take some time.
2023-04-12 10:39:07 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2023-04-12 10:39:07 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2023-04-12 10:39:09 [NOTICE] [configure] Starting system configuration.
2023-04-12 10:39:30 [ERROR ] [configure] Could not set groups on user[foreman-proxy]: Execution of ‘/sbin/usermod -G puppet foreman-proxy’ returned 6: usermod: group ‘puppet’ does not exist
2023-04-12 10:39:30 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Config/User[foreman-proxy]/groups: change from to ‘puppet’ failed: Could not set groups on user[foreman-proxy]: Execution of ‘/sbin/usermod -G puppet foreman-proxy’ returned 6: usermod: group ‘puppet’ does not exist
2023-04-12 10:39:30 [NOTICE] [configure] 250 configuration steps out of 270 steps complete.
2023-04-12 10:39:31 [NOTICE] [configure] System configuration has finished.

/var/log/foreman-installer/foreman.log
2023-04-12 10:39:07 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2023-04-12 10:39:30 [ERROR ] [configure] Could not set groups on user[foreman-proxy]: Execution of ‘/sbin/usermod -G puppet foreman-proxy’ returned 6: usermod: group ‘puppet’ does not exist
2023-04-12 10:39:30 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Config/User[foreman-proxy]/groups: change from to ‘puppet’ failed: Could not set groups on user[foreman-proxy]: Execution of ‘/sbin/usermod -G puppet foreman-proxy’ returned 6: usermod: group ‘puppet’ does not exist
2023-04-12 10:39:30 [INFO ] [configure] # WARN, DEBUG, ERROR, FATAL, INFO, UNKNOWN

Expected outcome:

Foreman and Proxy versions:
3.6

Foreman and Proxy plugin versions:

Distribution and version:
RHEL 8.7

2

It looks like the installer still tries to set up some Puppet functionality for your smart-proxy, despite you telling it not to. From the example in the docs, you should have all the necessary parameters, but maybe the docs are outdated. Try adding these parameters to your installer command and see if it works:

--puppet-server=false --foreman-proxy-puppet=false --foreman-proxy-puppetca=false

When I last needed to install a smart-proxy without Puppet, these parameters were necessary to make it work.

3

just made a try, it goes a step further !
[root@otvmi341s ~]# foreman-installer --no-enable-foreman --no-enable-foreman-cli --no-enable-foreman-cli-puppet --no-enable-puppet --enable-foreman-proxy --foreman-proxy-foreman-base-url=https://10.28.236.1/ --foreman-proxy-oauth-consumer-key=QSF3Zmj3gp6pK483TbMsEfTaGHiewCuN --foreman-proxy-oauth-consumer-secret=Z9spiiWRLSG5D326bNdXWGpMjMt4uHc2 --no-enable-foreman-plugin-puppet --no-enable-foreman-cli-puppet --foreman-proxy-puppet true --puppet-server=false --foreman-proxy-puppet=false --foreman-proxy-puppetca=false
2023-04-12 14:09:13 [WARN ] [boot] [“Unsetting environment variable ‘http_proxy’ for the duration of the install.”]
2023-04-12 14:09:13 [WARN ] [boot] [“Unsetting environment variable ‘https_proxy’ for the duration of the install.”]
2023-04-12 14:09:13 [NOTICE] [root] Loading installer configuration. This will take some time.
2023-04-12 14:09:16 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2023-04-12 14:09:16 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2023-04-12 14:09:18 [NOTICE] [configure] Starting system configuration.
2023-04-12 14:09:22 [NOTICE] [configure] 250 configuration steps out of 270 steps complete.
2023-04-12 14:09:23 [ERROR ] [configure] Systemd start for foreman-proxy failed!
2023-04-12 14:09:23 [ERROR ] [configure] journalctl log for foreman-proxy:
2023-04-12 14:09:23 [ERROR ] [configure] – Logs begin at Thu 2023-04-06 11:16:18 CEST, end at Wed 2023-04-12 14:09:23 CEST. –
2023-04-12 14:09:23 [ERROR ] [configure] Apr 12 14:09:22 otvmi341s.priv.atos.fr systemd[1]: Starting Foreman Proxy…
2023-04-12 14:09:23 [ERROR ] [configure] Apr 12 14:09:23 otvmi341s.priv.atos.fr systemd[1]: foreman-proxy.service: Main process exited, code=exited, status=1/FAILURE
2023-04-12 14:09:23 [ERROR ] [configure] Apr 12 14:09:23 otvmi341s.priv.atos.fr systemd[1]: foreman-proxy.service: Failed with result ‘exit-code’.
2023-04-12 14:09:23 [ERROR ] [configure] Apr 12 14:09:23 otvmi341s.priv.atos.fr systemd[1]: Failed to start Foreman Proxy.
2023-04-12 14:09:23 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Service/Service[foreman-proxy]/ensure: change from ‘stopped’ to ‘running’ failed: Systemd start for foreman-proxy failed!
2023-04-12 14:09:23 [ERROR ] [configure] journalctl log for foreman-proxy:
2023-04-12 14:09:23 [ERROR ] [configure] – Logs begin at Thu 2023-04-06 11:16:18 CEST, end at Wed 2023-04-12 14:09:23 CEST. –
2023-04-12 14:09:23 [ERROR ] [configure] Apr 12 14:09:22 otvmi341s.priv.atos.fr systemd[1]: Starting Foreman Proxy…
2023-04-12 14:09:23 [ERROR ] [configure] Apr 12 14:09:23 otvmi341s.priv.atos.fr systemd[1]: foreman-proxy.service: Main process exited, code=exited, status=1/FAILURE
2023-04-12 14:09:23 [ERROR ] [configure] Apr 12 14:09:23 otvmi341s.priv.atos.fr systemd[1]: foreman-proxy.service: Failed with result ‘exit-code’.
2023-04-12 14:09:23 [ERROR ] [configure] Apr 12 14:09:23 otvmi341s.priv.atos.fr systemd[1]: Failed to start Foreman Proxy.
2023-04-12 14:09:23 [NOTICE] [configure] System configuration has finished.
need to look what are those new ones !

4

on step further :slight_smile: /usr/share/foreman-proxy/lib/launcher.rb:103:in https_app' /usr/share/foreman-proxy/lib/launcher.rb:139:in launch’
/usr/share/foreman-proxy/bin/smart-proxy:6:in <main>' 2023-04-12T15:29:23 [E] Error during startup, terminating 2023-04-12T15:29:23 [W] Error details for Error during startup, terminating: <Errno::ENOENT>: No such file or directory @ rb_sysopen - /etc/puppetlabs/puppet/ssl/private_keys/xxxxx.fr.pem /usr/share/foreman-proxy/lib/launcher.rb:113:in read’
/usr/share/foreman-proxy/lib/launcher.rb:113:in load_ssl_private_key' /usr/share/foreman-proxy/lib/launcher.rb:103:in https_app’
/usr/share/foreman-proxy/lib/launcher.rb:139:in launch' /usr/share/foreman-proxy/bin/smart-proxy:6:in

what’s the deal with private key ? need to generate one ?

5

It looks like remnants from your first foreman-installer attempt. They are not removed if you disable the foreman proxy for puppet.

Can you start over on a new server? I guess then it might work.

From your initial attempt it’s not really clear to me what the purpose of the smart proxy should be. Looks like a proxy without any function…

6

for now, there where no function, as I was trying to understand how to setup one ! (the documentation is a bit flowed on that)
well,
as of now got a " Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([SocketError]: Failed to open TCP connection " becasue my proxy will be multihome, and I don’t see how to specify the right name per interface in certs

7

This already depends on what features you’ll need.

Which is not necessarily surprising. I wouldn’t be sure that a proxy without any function will work at all…

I would rather put all names into a single certificate then trying to set up multiple certs…

8
  • how do you put all names in a single cert ?
  • as of feature : tftp, httpboot,