No enabled repositories?

guertin · March 17, 2022, 8:05pm

Problem:
In a new Foreman installation, all of the hosts show a warning:

No installed packages and/or enabled repositories have been reported by subscription-manager.

Subscription-manager shows:

# subscription-manager repos --list
This system has no repositories available through subscriptions.

But it shows all the subscriptions are current:

# subscription-manager list --consumed
+-------------------------------------------+
   Consumed Subscriptions
+-------------------------------------------+

Subscription Name:   Foreman Client
Provides:            Foreman Client
SKU:                 33258753805
Contract:            
Account:             
Serial:              6513855946222757400
Pool ID:             0c69a50b7f22e99b017f27cda6a101b7
Provides Management: No
Active:              True
Quantity Used:       1
Service Type:        
Roles:               
Service Level:       
Usage:               
Add-ons:             
Status Details:      Subscription is current
Subscription Type:   Standard
Starts:              02/23/2022
Ends:                11/30/2049
Entitlement Type:    Physical

Subscription Name:   EPEL 8
Provides:            EPEL 8
SKU:                 700046372791
Contract:            
Account:             
Serial:              6989722152466007692
Pool ID:             0c69a50b7f22e99b017f268fae3e012b
Provides Management: No
Active:              True
Quantity Used:       1
Service Type:        
Roles:               
Service Level:       
Usage:               
Add-ons:             
Status Details:      Subscription is current
Subscription Type:   Standard
Starts:              02/23/2022
Ends:                11/30/2049
Entitlement Type:    Physical

Subscription Name:   AlmaLinux 8.5
Provides:            AlmaLinux 8.5
SKU:                 171101777747
Contract:            
Account:             
Serial:              1579773884900817406
Pool ID:             0c69a50b7f22e99b017f24aeda7500d7
Provides Management: No
Active:              True
Quantity Used:       1
Service Type:        
Roles:               
Service Level:       
Usage:               
Add-ons:             
Status Details:      Subscription is current
Subscription Type:   Standard
Starts:              02/22/2022
Ends:                11/30/2049
Entitlement Type:    Physical

It would seem that something was missed for the subscriptions to enable the repos. What step have I missed?

Foreman and Proxy versions:
3.1.2

Foreman and Proxy plugin versions:
3.1.2

Distribution and version:
CentOS 7.9

lfu · March 21, 2022, 3:23pm

I didn’t see the Katello version. Is it installed?

guertin · March 21, 2022, 5:59pm

Yes, katello 4.3.0 on the server and katello-host-tools 3.5.7 on the client.

Further testing suggests that there’s a certificate problem somewhere, as I’m getting access denied messages:

# subscription-manager unregister
Unregistering from: myforemanserver.local:443/rhsm
HTTP error code 403: Access denied

This is happening on a few hosts where I attempted to uninstall and reinstall Foreman and Katello. On the remaining hosts that still have the original installation, it’s working fine.

lfu · March 21, 2022, 6:23pm

Typically you have a Foreman/Katello server set up in one host for a small environment. Then you register all the hosts to be managed to the Foreman/Katello server.

Could you explain how your environment is set up? Do you have a few hosts where Foreman and Katello are installed?

guertin · March 22, 2022, 2:24pm

Sure. This is a new installation with a single server running CentOS 7 with Foreman 3.1.2 and Katello 4.3.0. We’re a Chef shop so we have the Chef gem installed as well. I’ve subscribed 47 hosts to the server (all CentOS 7 or Alma Linux 8), and with 44 of those hosts, there’s no problem and subscription-manager commands work. They are all running subscription-manager 1.28.21 and foreman-client 3.1.2. But on three of them, I removed and re-installed katello-host-tools, which seems to have broken the subscription, and I’m having trouble getting it back.

“Access denied” sounds like a possible cert issue to me, but the katello-ca-consumer-server.domain package is installed, and all the certs are in the correct place, and match all the working hosts.

lfu · March 22, 2022, 3:24pm

Re-installing katello-host-tools would not cause the access denied issue with subscription manager.

Have you done anything that changed the configuration for subscription manager? Are you using the correct credentials?

gvde · March 22, 2022, 3:28pm

Do you have a content view assigned to this host? If the content view doesn’t contain any repositories, yet, or hasn’t been published and promoted into the lifecycle environment the host is using, then you’ll see no available repositories…

guertin · March 22, 2022, 3:29pm

The error is the same whether I use a certificate or the correct credentials. But digging into the syslog file on the server I found that incoming subscription-manager connections to Port 8140 are being refused by the server, even with the local firewall disabled. netstat confirms that no process is listening on Port 8140. The foreman daemon is running. Is there another process that should listen on Port 8140?

guertin · March 22, 2022, 3:34pm

Okay, so it looks like there’s a problem with puppet-agent on the server:

# puppet agent --test
Error: Connection to https://server.domain:8140/puppet-ca/v1 failed, trying next route: Request to https://server.domain:8140/puppet-ca/v1 failed after 0.003 seconds: Failed to open TCP connection to server.domain:8140 (Connection refused - connect(2) for "server.domain" port 8140)
Wrapped exception:
Failed to open TCP connection to server.domain:8140 (Connection refused - connect(2) for "server.domain" port 8140)
Error: No more routes to ca
Error: Could not run: No more routes to ca