Sure. This is a new installation with a single server running CentOS 7 with Foreman 3.1.2 and Katello 4.3.0. We’re a Chef shop so we have the Chef gem installed as well. I’ve subscribed 47 hosts to the server (all CentOS 7 or Alma Linux 8), and with 44 of those hosts, there’s no problem and subscription-manager commands work. They are all running subscription-manager 1.28.21 and foreman-client 3.1.2. But on three of them, I removed and re-installed katello-host-tools, which seems to have broken the subscription, and I’m having trouble getting it back.
“Access denied” sounds like a possible cert issue to me, but the katello-ca-consumer-server.domain package is installed, and all the certs are in the correct place, and match all the working hosts.
Do you have a content view assigned to this host? If the content view doesn’t contain any repositories, yet, or hasn’t been published and promoted into the lifecycle environment the host is using, then you’ll see no available repositories…
The error is the same whether I use a certificate or the correct credentials. But digging into the syslog file on the server I found that incoming subscription-manager connections to Port 8140 are being refused by the server, even with the local firewall disabled. netstat confirms that no process is listening on Port 8140. The foreman daemon is running. Is there another process that should listen on Port 8140?
Okay, so it looks like there’s a problem with puppet-agent on the server:
# puppet agent --test
Error: Connection to https://server.domain:8140/puppet-ca/v1 failed, trying next route: Request to https://server.domain:8140/puppet-ca/v1 failed after 0.003 seconds: Failed to open TCP connection to server.domain:8140 (Connection refused - connect(2) for "server.domain" port 8140)
Failed to open TCP connection to server.domain:8140 (Connection refused - connect(2) for "server.domain" port 8140)
Error: No more routes to ca
Error: Could not run: No more routes to ca