Hello folks,
I seem to be missing something with remote execution.
I send something like: uname -a > ~/uname-remote-test.txt
It works, but the job does not post a success I just see ‘Exit status: 0’ repeated multiple times on the job status in Foreman.
I’m on Almalinux 8.9, with Foreman nightly.
Thank You!
Most likely there’s a failure when proxy calls back to foreman with that job’s results. Check out /var/log/foreman/production.log on foreman and /var/log/foreman-proxy/proxy.log on the proxy for anything suspicious around the time when the job run, there should be a clue in one of those.
I get this in the proxy log:
2024-01-30T12:02:32 0d069da5 [E] OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
I’ve set my Foreman install with these commands (sanitized):
foreman-installer --foreman-server-ssl-cert “/etc/letsencrypt/live/foreman.foobar.org/cert.pem”
–foreman-server-ssl-key “/etc/letsencrypt/live/foreman.foobar.org/privkey.pem”
–foreman-server-ssl-chain “/etc/letsencrypt/live/foreman.foobar.org/fullchain.pem”
–foreman-proxy-ssl-cert “/etc/foreman-proxy/ssl_cert.pem”
–foreman-proxy-ssl-key “/etc/foreman-proxy/ssl_key.pem”
–foreman-proxy-ssl-ca “/etc/foreman-proxy/ssl_ca.pem”
–foreman-proxy-puppet-ssl-cert “/etc/foreman-proxy/ssl_cert.pem”
–foreman-proxy-puppet-ssl-key “/etc/foreman-proxy/ssl_key.pem”
–foreman-proxy-puppet-ssl-ca “/etc/foreman-proxy/ssl_ca.pem”
Any ideas what I’m doing wrong?
Could yun run grep ssl /etc/foreman-proxy/settings.yml and post the output here?. I’m pretty sure there’s are wrong certs being used somewhere, this could confirm it. Gut feeling tells me the --foreman-proxy-ssl-* should point to the other certs, but I don’t recall from the top of my head how the installer options map to the actual config options
I’ve re-installed my Foreman 3.91 instance with the default self-signed certificates. Everything is working properly with the supplied certificates.
Are you aware if there is a recent publication with instructions on how to use LetsEncrypt certificates with Foreman?
I’ll take a snapshot of the machine and try again…
Ok got it working with the hints on this page:
cd /etc/letsencrypt
wget https://letsencrypt.org/certs/isrgrootx1.pem
wget https://letsencrypt.org/certs/lets-encrypt-r3.pem
cp isrgrootx1.pem bundle-ca-cert.pem
cat lets-encrypt-r3.pem >> bundle-ca-cert.pem
katello-certs-check -c “/etc/letsencrypt/live/foreman.foobar.org/fullchain.pem”
-k “/etc/letsencrypt/live/foreman.foobar.org/privkey.pem”
-b “/etc/letsencrypt/bundle-ca-cert.pem”
foreman-installer --scenario katello
–certs-server-cert “/etc/letsencrypt/archive/foreman.foobar.org/fullchain1.pem”
–certs-server-key “/etc/letsencrypt/archive/foreman.foobar.org/privkey1.pem”
–certs-server-ca-cert “/etc/letsencrypt/bundle-ca-cert.pem”
–certs-update-server --certs-update-server-ca
1 Like