Smart Proxy install fails with "No package FQDN-foreman-proxy available."

FQDN-certs.tar generated on the Katello server and moved to the proxy server.

fails with:
No package FQDN-qpid-client-cert available.
same thing for foreman-proxy, foreman-proxy-client qpid-router etc
all rpm s are in the tarball but somehow the foreman-installer doesn’t find them,
I tried to yum install them manually and they show up in a yum search but the installer still fails to find them.

Smart Proxy installation is not possible.

Christian Tremblay

So, while i’ve not completed a proper smart proxy install, I HAVE gotten past this part of the installation, so I suspect the issue is on your side, not Katello/Foreman.

One thing I’ve noticed is that when Foreman goes to build the client certs package it creates a ssl-build directory under wherever you have the --certs-tar location pointed at. Katello does NOT clean up old ssl-build directories that are currently laying around (though it may delete them upon re-build, I don’t know this).

One thing you might try is to remove any ssl-build directory you have in the --certs-tar location to begin with and try again.

Secondly, foreman-proxy-certs-generate has a bug where --certs-tar MUST be a fully qualified directory location (starting from /). If you’re not specifying something like /root/FQDN-certs.tar in your --certs-tar location, try that.

You should also be able to rpm -qa | grep for the various certs that were installed by passing the FQDN name (or short hostname) into RPM.

rpm -qa | grep should return a list of about 8 client certs.

Lastly, the requirement after building the Certs bundle from the master server is to put it in the same location on the client, specifically in your “foreman-installer” command --foreman-proxy-content-certs-tar must be pointed at the bundle you copied over…again, by non-relative path.

If your foreman-proxy-certs-generate command used --certs-tar “/root/” then you need to exist in /root on and foreman-installer’s --foreman-proxy-content-certs-tar should be “/root/”.

Hello Douglas

Steps taken:

  • removed /root/ssl-build directory on proxy
  • removed /root/ssl-build/ directory on Katello
  • removed /root/ from both Katello and proxy
  • Regenerated the tarball on the Katello:
    foreman-proxy-certs-generate --foreman-proxy-fqdn “” --certs-tar “/root/”
  • Copied it to the proxy:
    scp /root/
  • Ran the foreman-installer on the proxy:
    foreman-installer --scenario foreman-proxy-content
    –foreman-proxy-content-parent-fqdn “
    –foreman-proxy-register-in-foreman “true”
    –foreman-proxy-foreman-base-url “
    –foreman-proxy-trusted-hosts “
    –foreman-proxy-trusted-hosts “
    –foreman-proxy-oauth-consumer-key “9T3sRwNNABHbuxRWxc7bKC2Z3JgvmP4G”
    –foreman-proxy-oauth-consumer-secret “mtAuzDJKPYqzkptw9RKr32KHQjnLJqWs”
    –foreman-proxy-content-pulp-oauth-secret “kVEBmRovv8imQu6r5epuTrKQg6FAs96k”
    –foreman-proxy-content-certs-tar “/root/”
    –puppet-server-foreman-url “

The installer created the /root/ssl-build/ directory
on the proxy an populated it with:

The installer created the /root/ssl-build/ directory
on the Katello an populated it with:

On the proxy:

rpm -qa | grep proxy

To summarize, looking at the installation log the only error I could find for all packages is always a yum install error.
No package available
Trying to install the package manually with yum also fails even if the full path is given !?
/usr/bin/yum install /root/ssl-build/
No package /root/ssl-build/ available.
Error: Nothing to do

The problem seems to be with yum.


That kind of error reminds me of what happens when you try to install 32 bit libraries into an Ubuntu system that doesn’t recognize the 32 bit architecture…

We’re going to start getting into stupid question time.

  1. You are running the cert generate from the Katello MASTER right?
  2. You don’t have any exclusions in your /etc/yum.conf or other files that might be causing this particular package not to properly install right?
  3. I have never tried to do an RPM Validate/Verify of a package but I THINK there’s a way to do this? You might consider validating if this is even a proper package. Perhaps an rpm query on the package itself to see if it has anything in it?
  4. The* should be in your Katello master’s /root/ssl-build directory, you might consider validating that as well to see if perhaps it was corrupted in transit/as part of a bad build.
  5. Worst case scenario, you should be able to find the files built into the* RPM and do your own RPM build on that package if you can’t get a valid installation done with either the version sitting on the Smart Proxy or the version sitting on the Master.
  6. Edit: Have you checked the permissions on the package to make sure they’re not some weird setting that isn’t readable or writable or something?

Assuming, however, that the package is valid but YUM isn’t installing it, I’d start looking at the yum logs and/or try running 'rpm -ihv ’ directly to see if you can manually install it. Katello’s installers are usually pretty intelligent at detecting a package’s existence and not throwing up if the package is already installed. Given that this is part of the Tarball that may NOT be the case in this instance, but it’s worth giving it a shot…might get you past the error.

1 Like

Thank you, problem solved, I built another one fro scratch.