Remote command works but does not exit properly

Hello folks,
I seem to be missing something with remote execution.
I send something like: uname -a > ~/uname-remote-test.txt
It works, but the job does not post a success I just see ‘Exit status: 0’ repeated multiple times on the job status in Foreman.
I’m on Almalinux 8.9, with Foreman nightly.
Thank You!

Most likely there’s a failure when proxy calls back to foreman with that job’s results. Check out /var/log/foreman/production.log on foreman and /var/log/foreman-proxy/proxy.log on the proxy for anything suspicious around the time when the job run, there should be a clue in one of those.

I get this in the proxy log:

2024-01-30T12:02:32 0d069da5 [E] OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)

I’ve set my Foreman install with these commands (sanitized):

foreman-installer --foreman-server-ssl-cert “/etc/letsencrypt/live/”
–foreman-server-ssl-key “/etc/letsencrypt/live/”
–foreman-server-ssl-chain “/etc/letsencrypt/live/”
–foreman-proxy-ssl-cert “/etc/foreman-proxy/ssl_cert.pem”
–foreman-proxy-ssl-key “/etc/foreman-proxy/ssl_key.pem”
–foreman-proxy-ssl-ca “/etc/foreman-proxy/ssl_ca.pem”
–foreman-proxy-puppet-ssl-cert “/etc/foreman-proxy/ssl_cert.pem”
–foreman-proxy-puppet-ssl-key “/etc/foreman-proxy/ssl_key.pem”
–foreman-proxy-puppet-ssl-ca “/etc/foreman-proxy/ssl_ca.pem”

Any ideas what I’m doing wrong?

Could yun run grep ssl /etc/foreman-proxy/settings.yml and post the output here?. I’m pretty sure there’s are wrong certs being used somewhere, this could confirm it. Gut feeling tells me the --foreman-proxy-ssl-* should point to the other certs, but I don’t recall from the top of my head how the installer options map to the actual config options

I’ve re-installed my Foreman 3.91 instance with the default self-signed certificates. Everything is working properly with the supplied certificates.
Are you aware if there is a recent publication with instructions on how to use LetsEncrypt certificates with Foreman?
I’ll take a snapshot of the machine and try again…

Ok got it working with the hints on this page:

cd /etc/letsencrypt



cp isrgrootx1.pem bundle-ca-cert.pem

cat lets-encrypt-r3.pem >> bundle-ca-cert.pem

katello-certs-check -c “/etc/letsencrypt/live/”
-k “/etc/letsencrypt/live/”
-b “/etc/letsencrypt/bundle-ca-cert.pem”

foreman-installer --scenario katello
–certs-server-cert “/etc/letsencrypt/archive/”
–certs-server-key “/etc/letsencrypt/archive/”
–certs-server-ca-cert “/etc/letsencrypt/bundle-ca-cert.pem”
–certs-update-server --certs-update-server-ca

1 Like