Problem:
Can’t register ubuntu host (Ubuntu LTS 20.04)
theforeman is fresh installed.
Expected outcome:
Registered host successfully.
Foreman and Proxy versions:
3.4
Foreman and Proxy plugin versions:
foreman-tasks 6.0.2
foreman_remote_execution 7.1.0
katello 4.6.0
Distribution and version:
RHEL8.6
Other relevant data:
foreman was installed using the “foreman-installer --scenario katello”
SSL certs from an Internal PKI was implemented by following this guide:
Foreman :: Replacing Foreman’s web SSL certificate. (theforeman.org)
These certificates was also imported to the Ubuntu host.
CURL Verbose output:
(the curl command was created in the register host page but i removed -sS and replaced with -v to get more information)
root@ubuntu:~# curl -v 'https://theforeman.local.domain.com/register?activation_keys=Test&force=true&ignore_subman_errors=true&location_id=2&organization_id=1&update_packages=true' -H 'Authorization: Bearer blablabla' | bash
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 10.##.##.##:443...
* TCP_NODELAY set
* Connected to theforeman.local.domain.com (10.##.##.##) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
{ [49 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2838 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
} [8 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
############################################CN=theforeman.local.domain.com
* start date: Oct 10 06:21:56 2022 GMT
* expire date: Oct 10 06:21:56 2023 GMT
* subjectAltName: host "theforeman.local.domain.com" matched cert's "theforeman.local.domain.com"
* issuer: C=##; O=###; CN=#####
* SSL certificate verify ok.
} [5 bytes data]
> GET /register?activation_keys=Test&force=true&ignore_subman_errors=true&location_id=2&organization_id=1&update_packages=true HTTP/1.1
> Host: theforeman.local.domain.com
> User-Agent: curl/7.68.0
> Accept: */*
> Authorization: Bearer blablabla
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [297 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [297 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Wed, 12 Oct 2022 11:40:33 GMT
< Server: Apache
< Foreman_version: 3.4.0-develop
< Foreman_api_version: 2
< Foreman_current_organization: 1; ####
< Foreman_current_location: 2; ####
< Content-Type: text/plain; charset=utf-8
< ETag: W/"####"
< Cache-Control: max-age=0, private, must-revalidate
< X-Request-Id: ######-1615-4c22-a3f7-46575a85d613
< X-Runtime: 0.144886
< Strict-Transport-Security: max-age=631139040; includeSubdomains
< X-Frame-Options: sameorigin
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Content-Security-Policy: default-src 'self'; child-src 'self'; connect-src 'self' ws: wss:; img-src 'self' data:; script-src 'unsafe-eval' 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'
< Set-Cookie: _session_id=###########; path=/; secure; HttpOnly; SameSite=Lax
< Via: 1.1 theforeman.local.domain.com
< Transfer-Encoding: chunked
<
{ [7187 bytes data]
100 7648 0 7648 0 0 48405 0 --:--:-- --:--:-- --:--:-- 48713
* Connection #0 to host theforeman.local.domain.com left intact
#
# Running registration
#
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
/var/log/foreman/production.log at the time curl command was run
2022-10-12T12:42:25 [I|app|dcf99e3c] Started GET "/register?activation_keys=Test&lifecycle_environment_id=1&location_id=2&organization_id=1&update_packages=false" for 10.##.##.## at 2022-10-12 12:42:25 +0200
2022-10-12T12:42:25 [I|app|dcf99e3c] Processing by Api::V2::RegistrationController#global as */*
2022-10-12T12:42:25 [I|app|dcf99e3c] Parameters: {"activation_keys"=>"Test", "lifecycle_environment_id"=>"1", "location_id"=>"2", "organization_id"=>"1", "update_packages"=>"false"}
2022-10-12T12:42:25 [I|app|dcf99e3c] Authorized user admin(Admin User)
2022-10-12T12:42:25 [I|app|dcf99e3c] Rendered text template (Duration: 0.0ms | Allocations: 1)
2022-10-12T12:42:25 [I|app|dcf99e3c] Completed 200 OK in 123ms (Views: 1.0ms | ActiveRecord: 14.5ms | Allocations: 120212)