Hi there,
After a Foreman 1.24 install on Ubuntu 16.04 I noticed that the smart-proxy is missing. It should be running on the same host. When I enter the GUI and go into configuration, I noticed that the ssl_ca, ssl_certfificate and ssl_priv_key settings are empty. They are however set in /etc/foreman/settings.yaml and point to /etc/puppetlabs/puppet/ssl and should be readable. I do know that the foreman-installer failed at creating a smart-proxy at the end has been run a couple of times previously. I was thinking about trying to fix the issue and learn something before a full reset with the installer.
But when trying to add a smart-proxy, it still complains about not being able to find the ssl-files. I turned on debugging i settings.yaml, and I think that this value is being respected though. At one point in time I also regenerated the puppet agent certicates in /etc/puppetlabs/puppet/ssl directory, but I think the connection to the smart-proxy is working as I tested it with:
openssl s_client -connect puppet-master.openstack.local:8443 -CAfile /etc/puppetlabs/puppet/ssl/certs/ca.pem -cert /etc/puppetlabs/puppet/ssl/certs/puppet-master.openstack.local.pem -key /etc/puppetlabs/puppet/ssl/private_keys/puppet-master.openstack.local.pem
This command worked without problems, but maybe this is still ssl related? I turned on debugging in settings.yaml, and this settings seems to be respected.
An excerpt from the /var/log/foreman/production.log
2020-04-08T09:41:21 [I|app|fd18f173] Processing by Api::V2::ConfigReportsController#create as JSON
2020-04-08T09:41:21 [I|app|fd18f173] Parameters: {"config_report"=>"[FILTERED]", "apiv"=>"v2"}
2020-04-08T09:41:21 [D|app|fd18f173] Examining client certificate to extract dn and sans
2020-04-08T09:41:21 [D|app|fd18f173] Client sent certificate with subject 'puppet-master.openstack.local' and subject alt names '["puppet", "puppet-master.openstack.local"]'
2020-04-08T09:41:21 [D|app|fd18f173] Verifying request from ["puppet", "puppet-master.openstack.local"] against []
2020-04-08T09:41:21 [W|app|fd18f173] No smart proxy server found on ["puppet", "puppet-master.openstack.local"] and is not in trusted_hosts
2020-04-08T09:41:21 [I|app|fd18f173] Rendering api/v2/errors/access_denied.json.rabl within api/v2/layouts/error_layout
2020-04-08T09:41:21 [I|app|fd18f173] Rendered api/v2/errors/access_denied.json.rabl within api/v2/layouts/error_layout (0.5ms)
2020-04-08T09:41:21 [I|app|fd18f173] Filter chain halted as #<Proc:0x00000008ebad18@/usr/share/foreman/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb:14> rendered or redirected
2020-04-08T09:41:21 [I|app|fd18f173] Completed 403 Forbidden in 33ms (Views: 1.9ms | ActiveRecord: 10.4ms)
2020-04-08T09:43:29 [I|app|270f9e92] Started GET "/notification_recipients" for 127.0.0.1 at 2020-04-08 09:43:29 +0000
2020-04-08T09:43:29 [I|app|270f9e92] Processing by NotificationRecipientsController#index as JSON
2020-04-08T09:43:29 [D|tax|270f9e92] Current location set to Default Location
2020-04-08T09:43:29 [D|tax|270f9e92] Current organization set to Default Organization
2020-04-08T09:43:29 [D|not|270f9e92] Cache Hit: notification, reading cache for notification-4
2020-04-08T09:43:29 [D|app|270f9e92] Body: {"notifications":[]}
2020-04-08T09:43:29 [I|app|270f9e92] Completed 200 OK in 27ms (Views: 0.7ms | ActiveRecord: 2.8ms)
2020-04-08T09:43:29 [I|app|cd805f2d] Started GET "/smart_proxies" for 127.0.0.1 at 2020-04-08 09:43:29 +0000
2020-04-08T09:43:29 [I|app|cd805f2d] Processing by SmartProxiesController#index as HTML
2020-04-08T09:43:29 [D|tax|cd805f2d] Current location set to Default Location
2020-04-08T09:43:29 [D|tax|cd805f2d] Current organization set to Default Organization
2020-04-08T09:43:29 [I|app|cd805f2d] Rendering smart_proxies/welcome.html.erb within layouts/application
2020-04-08T09:43:29 [I|app|cd805f2d] Rendered smart_proxies/welcome.html.erb within layouts/application (2.0ms)
2020-04-08T09:43:29 [I|app|cd805f2d] Rendered layouts/_application_content.html.erb (1.2ms)
2020-04-08T09:43:29 [I|app|cd805f2d] Rendering layouts/base.html.erb
2020-04-08T09:43:29 [I|app|cd805f2d] Rendered layouts/base.html.erb (44.1ms)
2020-04-08T09:43:29 [I|app|cd805f2d] Filter chain halted as :welcome rendered or redirected
2020-04-08T09:43:29 [I|app|cd805f2d] Completed 200 OK in 83ms (Views: 49.2ms | ActiveRecord: 7.4ms)
2020-04-08T09:43:34 [I|app|ebf47d01] Started GET "/smart_proxies/new?class=btn-lg" for 127.0.0.1 at 2020-04-08 09:43:34 +0000
2020-04-08T09:43:34 [I|app|ebf47d01] Processing by SmartProxiesController#new as HTML
2020-04-08T09:43:34 [I|app|ebf47d01] Parameters: {"class"=>"btn-lg"}
2020-04-08T09:43:34 [D|tax|ebf47d01] Current location set to Default Location
2020-04-08T09:43:34 [D|tax|ebf47d01] Current organization set to Default Organization
2020-04-08T09:43:34 [I|app|ebf47d01] Rendering smart_proxies/new.html.erb within layouts/application
2020-04-08T09:43:34 [I|app|ebf47d01] Rendered taxonomies/_loc_org_tabs.html.erb (14.8ms)
2020-04-08T09:43:34 [I|app|ebf47d01] Rendered smart_proxies/_form.html.erb (20.8ms)
2020-04-08T09:43:34 [I|app|ebf47d01] Rendered smart_proxies/new.html.erb within layouts/application (21.3ms)
2020-04-08T09:43:34 [I|app|ebf47d01] Rendered layouts/_application_content.html.erb (2.8ms)
2020-04-08T09:43:34 [I|app|ebf47d01] Rendering layouts/base.html.erb
2020-04-08T09:43:34 [I|app|ebf47d01] Rendered layouts/base.html.erb (36.9ms)
2020-04-08T09:43:34 [I|app|ebf47d01] Completed 200 OK in 111ms (Views: 59.0ms | ActiveRecord: 10.9ms)
2020-04-08T09:43:39 [I|app|24378ce9] Started GET "/notification_recipients" for 127.0.0.1 at 2020-04-08 09:43:39 +0000
2020-04-08T09:43:39 [I|app|24378ce9] Processing by NotificationRecipientsController#index as JSON
2020-04-08T09:43:39 [D|tax|24378ce9] Current location set to Default Location
2020-04-08T09:43:39 [D|tax|24378ce9] Current organization set to Default Organization
2020-04-08T09:43:39 [D|not|24378ce9] Cache Hit: notification, reading cache for notification-4
2020-04-08T09:43:39 [D|app|24378ce9] Body: {"notifications":[]}
2020-04-08T09:43:39 [I|app|24378ce9] Completed 200 OK in 19ms (Views: 0.3ms | ActiveRecord: 2.1ms)
2020-04-08T09:43:47 [I|app|e2f3e11c] Started POST "/smart_proxies" for 127.0.0.1 at 2020-04-08 09:43:47 +0000
2020-04-08T09:43:47 [I|app|e2f3e11c] Processing by SmartProxiesController#create as HTML
2020-04-08T09:43:47 [I|app|e2f3e11c] Parameters: {"utf8"=>"✓", "authenticity_token"=>"insBchrcHaY1qhJfh8QdJG3PM/GMRvoJ2vDtSHYVSVRj++ynU77tmGclTlKv3Z7v0eDsFCYb7y/wYuzgmLaUAA==", "smart_proxy"=>{"name"=>"puppet-master.openstack.local", "url"=>"https://puppet-master.openstack.local:8443", "location_ids"=>["", "2"], "organization_ids"=>["", "1"]}, "commit"=>"Submit"}
2020-04-08T09:43:47 [D|tax|e2f3e11c] Current location set to Default Location
2020-04-08T09:43:47 [D|tax|e2f3e11c] Current organization set to Default Organization
2020-04-08T09:43:47 [W|app|e2f3e11c] Unable to read SSL certification or key for proxy communication, check settings for ssl_certificate, ssl_ca_file and ssl_priv_key and ensure they are readable by the foreman user.
2020-04-08T09:43:47 [D|app|e2f3e11c] Backtrace for 'Unable to read SSL certification or key for proxy communication, check settings for ssl_certificate, ssl_ca_file and ssl_priv_key and ensure they are readable by the foreman user.' error (TypeError): no implicit conversion of nil into String
/usr/share/foreman/lib/proxy_api/resource.rb:131:in `read'
/usr/share/foreman/lib/proxy_api/resource.rb:131:in `ssl_auth_params'
/usr/share/foreman/lib/proxy_api/resource.rb:23:in `initialize'
/usr/share/foreman/lib/proxy_api/v2/features.rb:5:in `initialize'
/usr/share/foreman/app/models/smart_proxy.rb:157:in `new'
/usr/share/foreman/app/models/smart_proxy.rb:157:in `get_features'
/usr/share/foreman/app/models/smart_proxy.rb:127:in `associate_features'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:426:in `block in make_lambda'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:198:in `block (2 levels) in halting'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:606:in `block (2 levels) in default_terminator'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:605:in `catch'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:605:in `block in default_terminator'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:199:in `block in halting'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:513:in `block in invoke_before'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:513:in `each'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:513:in `invoke_before'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:131:in `run_callbacks'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:816:in `_run_save_callbacks'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activerecord-5.2.1/lib/active_record/callbacks.rb:342:in `create_or_update'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activerecord-5.2.1/lib/active_record/persistence.rb:275:in `save'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activerecord-5.2.1/lib/active_record/validations.rb:46:in `save'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activerecord-5.2.1/lib/active_record/transactions.rb:310:in `block (2 levels) in save'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activerecord-5.2.1/lib/active_record/transactions.rb:387:in `block in with_transaction_returning_status'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activerecord-5.2.1/lib/active_record/connection_adapters/abstract/database_statements.rb:254:in `block in transaction'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activerecord-5.2.1/lib/active_record/connection_adapters/abstract/transaction.rb:239:in `block in within_new_transaction'
/usr/lib/ruby/2.3.0/monitor.rb:214:in `mon_synchronize'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activerecord-5.2.1/lib/active_record/connection_adapters/abstract/transaction.rb:236:in `within_new_transaction'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activerecord-5.2.1/lib/active_record/connection_adapters/abstract/database_statements.rb:254:in `transaction'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activerecord-5.2.1/lib/active_record/transactions.rb:212:in `transaction'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activerecord-5.2.1/lib/active_record/transactions.rb:385:in `with_transaction_returning_status'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activerecord-5.2.1/lib/active_record/transactions.rb:310:in `block in save'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activerecord-5.2.1/lib/active_record/transactions.rb:325:in `rollback_active_record_state!'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activerecord-5.2.1/lib/active_record/transactions.rb:309:in `save'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activerecord-5.2.1/lib/active_record/suppressor.rb:44:in `save'
/usr/share/foreman/app/controllers/smart_proxies_controller.rb:21:in `create'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/abstract_controller/base.rb:194:in `process_action'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_controller/metal/rendering.rb:30:in `process_action'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/abstract_controller/callbacks.rb:42:in `block in process_action'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:109:in `block in run_callbacks'
/usr/share/foreman/app/controllers/concerns/foreman/controller/timezone.rb:10:in `set_timezone'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:118:in `block in run_callbacks'
/usr/share/foreman/app/models/concerns/foreman/thread_session.rb:32:in `clear_thread'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:118:in `block in run_callbacks'
/usr/share/foreman/app/controllers/concerns/foreman/controller/topbar_sweeper.rb:12:in `set_topbar_sweeper_controller'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:118:in `block in run_callbacks'
/usr/share/foreman/vendor/ruby/2.3.0/gems/audited-4.9.0/lib/audited/sweeper.rb:14:in `around'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:118:in `block in run_callbacks'
/usr/share/foreman/vendor/ruby/2.3.0/gems/audited-4.9.0/lib/audited/sweeper.rb:14:in `around'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:118:in `block in run_callbacks'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:136:in `run_callbacks'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/abstract_controller/callbacks.rb:41:in `process_action'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_controller/metal/rescue.rb:22:in `process_action'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/notifications.rb:168:in `block in instrument'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/notifications/instrumenter.rb:23:in `instrument'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/notifications.rb:168:in `instrument'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_controller/metal/instrumentation.rb:32:in `process_action'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_controller/metal/params_wrapper.rb:256:in `process_action'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activerecord-5.2.1/lib/active_record/railties/controller_runtime.rb:24:in `process_action'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/abstract_controller/base.rb:134:in `process'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionview-5.2.1/lib/action_view/rendering.rb:32:in `process'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_controller/metal.rb:191:in `dispatch'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_controller/metal.rb:252:in `dispatch'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_dispatch/routing/route_set.rb:52:in `dispatch'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_dispatch/routing/route_set.rb:34:in `serve'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_dispatch/journey/router.rb:52:in `block in serve'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_dispatch/journey/router.rb:35:in `each'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_dispatch/journey/router.rb:35:in `serve'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_dispatch/routing/route_set.rb:840:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/apipie-rails-0.5.17/lib/apipie/static_dispatcher.rb:66:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/apipie-rails-0.5.17/lib/apipie/extractor/recorder.rb:137:in `call'
/usr/share/foreman/lib/foreman/middleware/telemetry.rb:10:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/apipie-rails-0.5.17/lib/apipie/middleware/checksum_in_headers.rb:27:in `call'
/usr/share/foreman/lib/foreman/middleware/catch_json_parse_errors.rb:9:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/rack-2.1.1/lib/rack/tempfile_reaper.rb:17:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/rack-2.1.1/lib/rack/etag.rb:27:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/rack-2.1.1/lib/rack/conditional_get.rb:40:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/rack-2.1.1/lib/rack/head.rb:14:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_dispatch/http/content_security_policy.rb:18:in `call'
/usr/share/foreman/lib/foreman/middleware/logging_context_session.rb:22:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/rack-2.1.1/lib/rack/session/abstract/id.rb:277:in `context'
/usr/share/foreman/vendor/ruby/2.3.0/gems/rack-2.1.1/lib/rack/session/abstract/id.rb:271:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_dispatch/middleware/cookies.rb:670:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/callbacks.rb:98:in `run_callbacks'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_dispatch/middleware/callbacks.rb:26:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/railties-5.2.1/lib/rails/rack/logger.rb:38:in `call_app'
/usr/share/foreman/vendor/ruby/2.3.0/gems/railties-5.2.1/lib/rails/rack/logger.rb:28:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/sprockets-rails-3.2.1/lib/sprockets/rails/quiet_assets.rb:13:in `call'
/usr/share/foreman/lib/foreman/middleware/logging_context_request.rb:11:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_dispatch/middleware/request_id.rb:27:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/rack-2.1.1/lib/rack/method_override.rb:24:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/rack-2.1.1/lib/rack/runtime.rb:24:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/activesupport-5.2.1/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_dispatch/middleware/executor.rb:14:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/actionpack-5.2.1/lib/action_dispatch/middleware/static.rb:127:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/rack-2.1.1/lib/rack/sendfile.rb:113:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/secure_headers-6.2.0/lib/secure_headers/middleware.rb:11:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/railties-5.2.1/lib/rails/engine.rb:524:in `call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/railties-5.2.1/lib/rails/railtie.rb:190:in `public_send'
/usr/share/foreman/vendor/ruby/2.3.0/gems/railties-5.2.1/lib/rails/railtie.rb:190:in `method_missing'
/usr/share/foreman/vendor/ruby/2.3.0/gems/rack-2.1.1/lib/rack/urlmap.rb:77:in `block in call'
/usr/share/foreman/vendor/ruby/2.3.0/gems/rack-2.1.1/lib/rack/urlmap.rb:61:in `each'
/usr/share/foreman/vendor/ruby/2.3.0/gems/rack-2.1.1/lib/rack/urlmap.rb:61:in `call'
/usr/lib/ruby/vendor_ruby/phusion_passenger/rack/thread_handler_extension.rb:97:in `process_request'
/usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler/thread_handler.rb:160:in `accept_and_process_next_request'
/usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler/thread_handler.rb:113:in `main_loop'
/usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler.rb:416:in `block (3 levels) in start_threads'
/usr/lib/ruby/vendor_ruby/phusion_passenger/utils.rb:113:in `block in create_thread_and_abort_on_exception'
/usr/share/foreman/vendor/ruby/2.3.0/gems/logging-2.2.2/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
2020-04-08T09:43:47 [E|app|e2f3e11c] Failed to save: Unable to communicate with the proxy: ERF50-4354 [Foreman::WrappedException]: Unable to read SSL certification or key for proxy communication, check settings for ssl_certificate, ssl_ca_file and ssl_priv_key and ensure they are readable by the foreman user. ([TypeError]: no implicit conversion of nil into String), Please check the proxy is configured and running on the host.
2020-04-08T09:43:47 [I|app|e2f3e11c] Rendering smart_proxies/new.html.erb within layouts/application
2020-04-08T09:43:47 [I|app|e2f3e11c] Rendered taxonomies/_loc_org_tabs.html.erb (14.0ms)
2020-04-08T09:43:47 [I|app|e2f3e11c] Rendered smart_proxies/_form.html.erb (19.3ms)
2020-04-08T09:43:47 [I|app|e2f3e11c] Rendered smart_proxies/new.html.erb within layouts/application (19.7ms)
2020-04-08T09:43:47 [I|app|e2f3e11c] Rendered layouts/_application_content.html.erb (2.3ms)
2020-04-08T09:43:47 [I|app|e2f3e11c] Rendering layouts/base.html.erb
2020-04-08T09:43:47 [I|app|e2f3e11c] Rendered layouts/base.html.erb (43.0ms)
2020-04-08T09:43:47 [I|app|e2f3e11c] Completed 200 OK in 128ms (Views: 63.7ms | ActiveRecord: 11.6ms)
2020-04-08T09:43:49 [I|app|85ca2bf7] Started GET "/notification_recipients" for 127.0.0.1 at 2020-04-08 09:43:49 +0000
2020-04-08T09:43:49 [I|app|85ca2bf7] Processing by NotificationRecipientsController#index as JSON
2020-04-08T09:43:49 [D|tax|85ca2bf7] Current location set to Default Location
2020-04-08T09:43:49 [D|tax|85ca2bf7] Current organization set to Default Organization
2020-04-08T09:43:49 [D|not|85ca2bf7] Cache Hit: notification, reading cache for notification-4
2020-04-08T09:43:49 [D|app|85ca2bf7] Body: {"notifications":[]}
2020-04-08T09:43:49 [I|app|85ca2bf7] Completed 200 OK in 19ms (Views: 0.3ms | ActiveRecord: 2.1ms)
/etc/foreman/settings.yaml
---
### File managed with puppet ###
## Module: 'foreman'
:unattended: true
:require_ssl: true
# The following values are used for providing default settings during db migrate
:oauth_active: true
:oauth_map_users: false
:oauth_consumer_key: zAdN5enK9P79Ts8eeCKfS2aibuUZwiew
:oauth_consumer_secret: wgkqSAsg8v3GWp6vPRuErzcQhbqtfpcD
# Websockets
:websockets_encrypt: true
:websockets_ssl_key: /etc/puppetlabs/puppet/ssl/private_keys/puppet-master.openstack.local.pem
:websockets_ssl_cert: /etc/puppetlabs/puppet/ssl/certs/puppet-master.openstack.local.pem
# SSL-settings
:ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/puppet-master.openstack.local.pem
:ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem
:ssl_priv_key: /etc/puppetlabs/puppet/ssl/private_keys/puppet-master.openstack.local.pem
# HSTS setting
:hsts_enabled: true
# Log settings for the current environment can be adjusted by adding them
# here. For example, if you want to increase the log level.
:logging:
:level: debug
:production:
:type: file
:layout: pattern
# Individual logging types can be toggled on/off here
:loggers:
# Foreman telemetry has three destinations: prometheus, statsd and rails log.
:telemetry:
# prefix for all metrics
:prefix: 'fm_rails'
# prometheus endpoint is at /metrics
# warning: ruby client library currently does not supprt multi-process web servers
:prometheus:
:enabled: false
# works with statsd_exporter too, use the rake task to generate config
:statsd:
:enabled: false
# IP and port (do not use DNS)
:host: '127.0.0.1:8125'
# one of 'statsd', 'statsite' or 'datadog'
:protocol: 'statsd'
# Rails logs end up in logger named 'telemetry' when enabled
:logger:
:enabled: false
# logging level as in Logger::LEVEL
:level: 'DEBUG'
:dynflow:
:pool_size: 5
/etc/foreman-proxy/settings.yml
---
### File managed with puppet ###
## Module: 'foreman_proxy'
:settings_directory: /etc/foreman-proxy/settings.d
# SSL Setup
# if enabled, all communication would be verified via SSL
# NOTE that both certificates need to be signed by the same CA in order for this to work
# see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information
:ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem
:ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/puppet-master.openstack.local.pem
:ssl_private_key: /etc/puppetlabs/puppet/ssl/private_keys/puppet-master.openstack.local.pem
# Use this option only if you need to disable certain cipher suites.
# Note: we use the OpenSSL suite name, such as "RC4-MD5".
# The complete list of cipher suite names can be found at:
# https://www.openssl.org/docs/manmaster/man1/ciphers.html#CIPHER-SUITE-NAMES
#:ssl_disabled_ciphers: [CIPHER-SUITE-1, CIPHER-SUITE-2]
# Use this option only if you need to strictly specify TLS versions to be
# disabled. SSLv3 and TLS v1.0 are always disabled and cannot be configured.
# Specify versions like: '1.1', or '1.2'
#:tls_disabled_versions: []
# the hosts which the proxy accepts connections from
# commenting the following lines would mean every verified SSL connection allowed
:trusted_hosts:
- puppet-master.openstack.local
# Endpoint for reverse communication
:foreman_url: https://puppet-master.openstack.local
# SSL settings for client authentication against Foreman. If undefined, the values
# from general SSL options are used instead. Mainly useful when Foreman uses
# different certificates for its web UI and for smart-proxy requests.
#:foreman_ssl_ca: ssl/certs/ca.pem
#:foreman_ssl_cert: ssl/certs/fqdn.pem
#:foreman_ssl_key: ssl/private_keys/fqdn.pem
# by default smart_proxy runs in the foreground. To enable running as a daemon, uncomment 'daemon' setting
:daemon: true
# Only used when 'daemon' is set to true.
# Uncomment and modify if you want to change the default pid file '/var/run/foreman-proxy/foreman-proxy.pid'
#:daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
# host and ports configuration
# Host or IP to bind ports to (e.g. *, localhost, 0.0.0.0, ::, 192.168.1.20)
:bind_host: '*'
# http is disabled by default. To enable, uncomment 'http_port' setting
# https is enabled if certificate, CA certificate, and private key are present in locations specifed by
# ssl_certificate, ssl_ca_file, and ssl_private_key correspondingly
# default values for https_port is 8443
:https_port: 8443
# :http_port: 8000
# Log configuration
# Uncomment and modify if you want to change the location of the log file or use STDOUT or SYSLOG values
:log_file: /var/log/foreman-proxy/proxy.log
# Uncomment and modify if you want to change the log level
# WARN, DEBUG, ERROR, FATAL, INFO, UNKNOWN
#:log_level: INFO
:log_level: DEBUG
# The maximum size of a log file before it's rolled (in MiB)
#:file_rolling_size: 100
# The maximum age of a log file before it's rolled (in seconds). Also accepts 'daily', 'weekly', or 'monthly'.
#:file_rolling_age: weekly
# Number of log files to keep
#:file_rolling_keep: 6
# Logging pattern for file-based loging
#:file_logging_pattern: '%d %.8X{request} [%.1l] %m'
# Logging pattern for syslog or journal loging
#:system_logging_pattern: '%.8X{request} [%.1l] %m'
# Log buffer size and extra buffer size (for errors). Defaults to 3000 messages in total,
# which is about 500 kB request.
:log_buffer: 2000
:log_buffer_errors: 1000
No go with adding a https smart proxy