Replacing Foreman's web SSL certificate.

This is an authorized repost of http://www.zem.org.uk/2015/05/11/foreman-ssl


This is a companion discussion topic for the original entry at https://theforeman.org/2015/11/foreman-ssl.html

Paths have changed or are different when installed with recent version of foreman-installer:

  1. /etc/foreman-proxy/settings.yaml -> /etc/foreman-proxy/settings.yml
  2. /etc/puppet/foreman.yaml-> /etc/puppetlabs/puppet/foreman.yaml

Also, I’m missing a hint about if changes like these are “foreman-installer” - stable if changed manually and installer gets re-executed to enable/change plugins.

At first it seems to have a bug related to “smart-proxy” if you have the “remote execution” plugin enabled. I did all the configuration via “foreman-installer” and installed it correctly.

When executing a remote command, everything happens correctly, but the task is always waiting.

I’m using the latest version of foreman.

Hey @infomatico, did you manage to resolve the issue with regards to the task hanging? I actually have the same issue after I changed my certificates to a custom variant. (I only changed them for the foreman core, not the smart-proxies though)

Hey @UXabre,

Unfortunately not!! From what I have been accompanying the staff of the foreman is in contact with the people of ruby-concurrent, because there are some bug is giving a headache to solve.

In our setup we have 2 foreman server behind the load balancer. I followed this guide and change the certificate on both the foreman instances but after that it breaks and error says as below

“Failure: ERF50-5345 [Foreman::WrappedException]: Unable to connect ([ProxyAPI::ProxyException]: ERF12-7885 [ProxyAPI::ProxyException]: Unable to fetch logs ([OpenSSL::SSL::SSLError]: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A) for proxy https://frmserver02.cadence.com:8443/logs)”

foreman url : http://foreman-ha.cadence.com
Backend server behind load balancer : frmserver01 and frmserver02

that would be great if you can provide the complete installation flag with foreman-installer

We have used as below.

foreman-installer --foreman-foreman-url=http://foreman-ha.cadence.com --enable-foreman-plugin-remote-execution --enable-foreman-proxy-plugin-remote-execution-ssh --foreman-db-type=mysql --foreman-db-manage=false --foreman-db-host=frmserverdb.cadence.com --foreman-db-database=foreman --foreman-db-username=foreman --foreman-db-password=C@dence123 --foreman-organizations-enabled=true --foreman-initial-organization=Cadence --foreman-locations-enabled=true --foreman-initial-location=SanJose --enable-foreman-plugin-ansible --enable-foreman-plugin-discovery --enable-foreman-plugin-docker --enable-foreman-plugin-expire-hosts --enable-foreman-plugin-hooks --foreman-admin-password=cadence --foreman-admin-username=admin