I'm unable to get a smart-proxy on Puppet working. To simply test it, I'm
working on importing classes / environments in Puppet and getting:
*Error: *ERF12-2749 [ProxyAPI::ProxyException]: Unable to get environments
from Puppet ([OpenSSL::SSL::SSLError]: SSL_connect SYSCALL returned=5
errno=0 state=SSLv2/v3 read server hello A) for proxy
https://puppet.domain.com:8443/puppet
There's no error messages in proxy.log on the proxy.
Here's a look at settings.yml
:daemon: true
:trusted_hosts:
- foreman-test.domain.com
- foreman-test
- foreman.domain.com
- foreman
:foreman_url: https://foreman-test.domain.com
:forward_verify: false
:https_port: 8443
:http_port: 8000
:ssl_certificate:
/etc/puppetlabs/puppet/ssl/certs/puppet-test.domain.com.pem
:ssl_private_key:
/etc/puppetlabs/puppet/ssl/private_keys/puppet-test.domain.com.pem
:ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem
puppet.yml
···
---
:enabled: https
:puppet_version: 4.9.2
puppet_proxy_puppet_api.yml
:puppet_url: https://puppet-test.domain.com:8140
:api_timeout: 30
:puppet_ssl_cert:
/etc/puppetlabs/puppet/ssl/certs/puppet-test.domain.com.pem
:puppet_ssl_key:
/etc/puppetlabs/puppet/ssl/private_keys/puppet-test.domain.com.pem
:puppet_ssl_ca: /etc/puppetlabs/puppet/ssl/certs/ca.pem
The one thing that has struck me as odd, is that the API request is going
towards https://domain.com:8433/puppet. Shouldn’t it be
calling /puppet/v3/environments for importing environments
and /puppet/v3/environment_classes for classes?
Help, links, docs… anything would be appreciated.
The API call is to https://domain.com:8433/puppet because it's from foreman to the proxy endpoint, not to the puppet API. Looks like foreman can't connect to the proxy, but perhaps you're trying to connect to the wrong host. Is your proxy on your foreman host, or on your puppet host?
···
Sent from my iPhone
On 17 May 2017, at 21:10, ‘Luke Simmons’ via Foreman users foreman-users@googlegroups.com wrote:
I’m unable to get a smart-proxy on Puppet working. To simply test it, I’m working on importing classes / environments in Puppet and getting:
Error: ERF12-2749 [ProxyAPI::ProxyException]: Unable to get environments from Puppet ([OpenSSL::SSL::SSLError]: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A) for proxy https://puppet.domain.com:8443/puppet
There’s no error messages in proxy.log on the proxy.
Here’s a look at settings.yml
:daemon: true
:trusted_hosts:
- foreman-test.domain.com
- foreman-test
- foreman.domain.com
- foreman
:foreman_url: https://foreman-test.domain.com
:forward_verify: false
:https_port: 8443
:http_port: 8000
:ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/puppet-test.domain.com.pem
:ssl_private_key: /etc/puppetlabs/puppet/ssl/private_keys/puppet-test.domain.com.pem
:ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem
puppet.yml
:enabled: https
:puppet_version: 4.9.2
puppet_proxy_puppet_api.yml
:puppet_url: https://puppet-test.domain.com:8140
:api_timeout: 30
:puppet_ssl_cert: /etc/puppetlabs/puppet/ssl/certs/puppet-test.domain.com.pem
:puppet_ssl_key: /etc/puppetlabs/puppet/ssl/private_keys/puppet-test.domain.com.pem
:puppet_ssl_ca: /etc/puppetlabs/puppet/ssl/certs/ca.pem
The one thing that has struck me as odd, is that the API request is going towards https://domain.com:8433/puppet. Shouldn’t it be calling /puppet/v3/environments for importing environments and /puppet/v3/environment_classes for classes?
Help, links, docs… anything would be appreciated.
–
You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
Great catch!!! And thanks for clarifying the APIs. The problem happened to
be with Docker. When accessing another Docker image over sockets, I was
getting a different hostname and that was what was causing the problem.
Thanks!!!
···
On Thursday, May 18, 2017 at 1:58:57 PM UTC+2, Alexander Fisher wrote:
>
> The API call is to https://domain.com:8433/puppet because it's from
> foreman to the proxy endpoint, not to the puppet API. Looks like foreman
> can't connect to the proxy, but perhaps you're trying to connect to the
> wrong host. Is your proxy on your foreman host, or on your puppet host?
>
> Sent from my iPhone
>
> On 17 May 2017, at 21:10, 'Luke Simmons' via Foreman users < > forema...@googlegroups.com > wrote:
>
> I'm unable to get a smart-proxy on Puppet working. To simply test it, I'm
> working on importing classes / environments in Puppet and getting:
>
> *Error: *ERF12-2749 [ProxyAPI::ProxyException]: Unable to get
> environments from Puppet ([OpenSSL::SSL::SSLError]: SSL_connect SYSCALL
> returned=5 errno=0 state=SSLv2/v3 read server hello A) for proxy
> https://puppet.domain.com:8443/puppet
>
> There's no error messages in proxy.log on the proxy.
>
> Here's a look at settings.yml
>
> :daemon: true
> :trusted_hosts:
> - foreman-test.domain.com
> - foreman-test
> - foreman.domain.com
> - foreman
> :foreman_url: https://foreman-test.domain.com
> :forward_verify: false
> :https_port: 8443
> :http_port: 8000
> :ssl_certificate:
> /etc/puppetlabs/puppet/ssl/certs/puppet-test.domain.com.pem
> :ssl_private_key:
> /etc/puppetlabs/puppet/ssl/private_keys/puppet-test.domain.com.pem
> :ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem
>
> puppet.yml
>
> ---
> :enabled: https
> :puppet_version: 4.9.2
>
>
> puppet_proxy_puppet_api.yml
>
> ---
> :puppet_url: https://puppet-test.domain.com:8140
> :api_timeout: 30
> :puppet_ssl_cert:
> /etc/puppetlabs/puppet/ssl/certs/puppet-test.domain.com.pem
> :puppet_ssl_key:
> /etc/puppetlabs/puppet/ssl/private_keys/puppet-test.domain.com.pem
> :puppet_ssl_ca: /etc/puppetlabs/puppet/ssl/certs/ca.pem
>
> The one thing that has struck me as odd, is that the API request is going
> towards https://domain.com:8433/puppet. Shouldn't it be
> calling /puppet/v3/environments for importing environments
> and /puppet/v3/environment_classes for classes?
>
> Help, links, docs... anything would be appreciated.
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to foreman-user...@googlegroups.com .
> To post to this group, send email to forema...@googlegroups.com
> .
> Visit this group at https://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.
>
>
