Hello Everyone,
Problem:
I can’t add the Realm Smart Proxy for the FreeIPA server.
Whenever I tried to add the Smart Proxy via the “foreman-installer”, i got the information:
Proxy ipa01.my.domain cannot be registered: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=error: certificate verify failed) for proxy https://ipa01.my.domain:8443/features Please check the proxy is configured and running on the host.
..
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[ipa01.my.domain]/ensure: change from 'absent' to 'present' failed: Proxy ipa01.my.domain cannot be registered: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=error: certificate verify failed) for proxy https://ipa01.my.domain:8443/features Please check the proxy is configured and running on the host.
The command I use looks as follows:
foreman-installer -v \
--no-enable-foreman \
--no-enable-foreman-cli \
--no-enable-foreman-plugin-bootdisk \
--no-enable-foreman-plugin-setup \
--no-enable-puppet \
--enable-foreman-proxy \
--foreman-proxy-log-level=DEBUG \
--foreman-proxy-foreman-ssl-ca=/etc/ssl/certs/proxy_ca.pem \
--foreman-proxy-ssl=true \
--foreman-proxy-ssl-ca=/var/lib/puppet/ssl/certs/ca.pem \
--foreman-proxy-ssl-cert=/var/lib/puppet/ssl/certs/ipa01.my.domain.pem \
--foreman-proxy-ssl-key=/var/lib/puppet/ssl/private_keys/ipa01.my.domain.pem \
--foreman-proxy-puppet=false \
--foreman-proxy-puppetca=false \
--foreman-proxy-tftp=false \
--foreman-proxy-dhcp=false \
--foreman-proxy-dns=false \
--foreman-proxy-realm=true \
--foreman-proxy-realm-keytab=/etc/foreman-proxy/freeipa.keytab \
--foreman-proxy-realm-listen-on=https \
--foreman-proxy-realm-principal=realm-proxy@MY.DOMAIN \
--foreman-proxy-foreman-base-url=https://foreman.server.com \
--foreman-proxy-trusted-hosts=foreman.server.com \
--foreman-proxy-oauth-consumer-key=Y8R42BMTgu8035HklSms1sJMjon \
--foreman-proxy-oauth-consumer-secret=g4vi84GO2nDkJpsGbAnmVe8sa98W2 \
--foreman-proxy-registered-proxy-url=https://ipa01.my.domain:8443
I am trying to setup the smart proxy on the FreeIPA server, hope this is not a problem.
The keys for the FreeIPA server were generated by Puppet and the connection between puppet server (which is in my case the Foreman Server) and the FreeIPA server works perfect.
What could be the problem here?
Below the content of the proxy.log:
I, [2018-03-06T16:35:55.143192 ] INFO -- : Successfully initialized 'foreman_proxy'
I, [2018-03-06T16:35:55.143299 ] INFO -- : Successfully initialized 'realm_freeipa'
I, [2018-03-06T16:35:55.143365 ] INFO -- : Successfully initialized 'realm'
D, [2018-03-06T16:35:55.143447 ] DEBUG -- : Log buffer API initialized, available capacity: 2000/1000
I, [2018-03-06T16:35:55.143500 ] INFO -- : Successfully initialized 'logs'
I, [2018-03-06T16:35:55.152696 ] INFO -- : WEBrick 1.3.1
I, [2018-03-06T16:35:55.152790 ] INFO -- : ruby 2.0.0 (2015-12-16) [x86_64-linux]
D, [2018-03-06T16:35:55.153883 ] DEBUG -- : TCPServer.new(0.0.0.0, 8443)
W, [2018-03-06T16:35:55.154587 ] WARN -- : TCPServer Error: Address already in use - bind(2)
D, [2018-03-06T16:35:55.154650 ] DEBUG -- : TCPServer.new(::, 8443)
W, [2018-03-06T16:35:55.154745 ] WARN -- : TCPServer Error: Address already in use - bind(2)
E, [2018-03-06T16:35:55.154870 ] ERROR -- : Error during startup, terminating. Address already in use - bind(2)
D, [2018-03-06T16:35:55.154912 ] DEBUG -- : ["/usr/share/ruby/webrick/utils.rb:85:in `initialize'", "/usr/share/ruby/webrick/utils.rb:85:in `new'", "/usr/share/ruby/webrick/utils.rb:85:in `block in create_listeners'", "/usr/share/ruby/webrick/utils.rb:82:in `each'", "/usr/share/ruby/webrick/utils.rb:82:in `create_listeners'", "/usr/share/ruby/webrick/ssl.rb:152:in `listen'", "/usr/share/foreman-proxy/lib/launcher.rb:123:in `block in webrick_server'", "/usr/share/foreman-proxy/lib/launcher.rb:123:in `each'", "/usr/share/foreman-proxy/lib/launcher.rb:123:in `webrick_server'", "/usr/share/foreman-proxy/lib/launcher.rb:142:in `block in launch'"]
netstat -tulpan | grep 8443
tcp6 0 0 :::8443 :::* LISTEN 1738/java
ps -ef | grep 1738
pkiuser 1738 1 0 16:25 ? 00:00:18 /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -DRESTEASY_LIB=/usr/share/java/resteasy-base -Djava.library.path=/usr/lib64/nuxwdog-jni -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.security.manager -Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy org.apache.catalina.startup.Bootstrap start
My Foreman version is 1.15.
Thanks and regards!