Smart-Proxy installation error version 3.31

Support
1

Problem:
On trying to run foreman-installer on our Smart-Proxy receive the errors:

systemd[1]: Starting Foreman Proxy…
smart-proxy[155788]: Errors detected on startup, see log for details. Exiting: cannot load such file – bigdecimal
systemd[1]: foreman-proxy.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: foreman-proxy.service: Failed with result ‘exit-code’.
systemd[1]: Failed to start Foreman Proxy.
/Stage[main]/Foreman_proxy::Service/Service[foreman-proxy]/ensure: change from ‘stopped’ to ‘running’ failed: Systemd start for foreman-proxy failed!

Expected outcome:
Successful install of Smart-Proxy using foreman-installer

Foreman and Proxy versions:
Foreman Version 3.31
Proxy version 3.31

2

The full command which was used is as follows:

foreman-installer
–scenario foreman-proxy-content
–certs-tar-file “/root/smart-proxy-necutil01_cert/smart-proxy_certs.tar”
–foreman-proxy-register-in-foreman “true”
–foreman-proxy-foreman-base-url “https://”
–foreman-proxy-trusted-hosts “”
–foreman-proxy-trusted-hosts “”
–foreman-proxy-oauth-consumer-key “”
–foreman-proxy-oauth-consumer-secret “”

3

Are you running OracleLinux?

Try installing rubygem-bigdecimal manually – we recently fixed that problem (in rubygem-bigdecimal is a requirement of sequel by sbernhard · Pull Request #9157 · theforeman/foreman-packaging · GitHub) but not backported it to 3.3 as that’s an unsupported release by now.

4

Many thanks for that @evgeni

Yes, I’m running Oracle Linux 8.7

I installed rubygem-bigdecimal as suggested, which helped. I then got the error:

Address already in use - bind(2) for [::]:9090

…so I stopped and disabled cockpit service which uses port 9090

I now see error as follows when I retry the foreman-installer:

[ERROR ] [configure] Error making POST request to Foreman at https:///api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::Exceptions::OpenTimeout]: Timed out connecting to server) for proxy https://:9090/v2/features Please check the proxy is configured and running on the host.

[ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[<proxy hostname]/ensure: change from ‘absent’ to ‘present’ failed: Error making POST request to Foreman at https:///api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::Exceptions::OpenTimeout]: Timed out connecting to server) for proxy https://:9090/v2/features Please check the proxy is configured and running on the host.
[NOTICE] [configure] System configuration has finished.

Could you provide any guidance on this one at all?

Many thanks

5

Nope, I am afraid now I am out of my knowledge zone

6

It’s really difficult to understand what you do exactly if you completely remove the hostnames as it is not possible to see when the main server and when proxy is mentioned. It’s also much easier to read when you put logs etc. into preformatted blocks…

I suppose you are running the last foreman-installer run on the proxy and the error is during the POST to the main server. The error says “Timed out connecting to server”.

So it seems to me as if the installer cannot connect to the smart proxy port on the main server, i.e. your new proxy cannot connect to the main server on tcp port 9090. I recommend to check firewall and iptables to verify and test with curl:

$ curl -v https://mainserver.example.com/api/v2/smart_proxies

It should connect. According to the error it currently doesn’t…

7

Apologies, I’ve left in all the hostnames and also added the output from the curl command:

foreman-installer --scenario foreman-proxy-content --certs-tar-file “/root/smart-proxy-necutil01_cert/necutil01.sapol.sa.gov.au-certs.tar” --foreman-proxy-register-in-foreman “true” --foreman-proxy-foreman-base-url “https://cme-aumhd-for01.cme.local” --foreman-proxy-trusted-hosts “cme-aumhd-for01.cme.local” --foreman-proxy-trusted-hosts “necutil01.sapol.sa.gov.au” --foreman-proxy-oauth-consumer-key “HvADmwC5eMd2pFFwX7mwpkszm97PkzSP” --foreman-proxy-oauth-consumer-secret “8pdwfKHqngqTfpd7s4wiFoTpYbrzbCHX”

2023-04-18 13:02:29 [NOTICE] [root] Loading installer configuration. This will take some time.
2023-04-18 13:02:39 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2023-04-18 13:02:39 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2023-04-18 13:02:46 [NOTICE] [configure] Starting system configuration.
2023-04-18 13:03:05 [NOTICE] [configure] 250 configuration steps out of 1080 steps complete.
2023-04-18 13:03:14 [NOTICE] [configure] 500 configuration steps out of 1085 steps complete.
2023-04-18 13:03:16 [NOTICE] [configure] 750 configuration steps out of 1087 steps complete.
2023-04-18 13:03:41 [NOTICE] [configure] 1000 configuration steps out of 1089 steps complete.
2023-04-18 13:04:43 [ERROR ] [configure] Error making POST request to Foreman at https://cme-aumhd-for01.cme.local/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::Exceptions::OpenTimeout]: Timed out connecting to server) for proxy https://necutil01.sapol.sa.gov.au:9090/v2/features Please check the proxy is configured and running on the host.
2023-04-18 13:04:43 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[necutil01.sapol.sa.gov.au]/ensure: change from ‘absent’ to ‘present’ failed: Error making POST request to Foreman at https://cme-aumhd-for01.cme.local/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::Exceptions::OpenTimeout]: Timed out connecting to server) for proxy https://necutil01.sapol.sa.gov.au:9090/v2/features Please check the proxy is configured and running on the host.
2023-04-18 13:04:45 [NOTICE] [configure] System configuration has finished.

curl -v https://192.168.245.252/api/v2/smart_proxies

  • Trying 192.168.245.252…
  • TCP_NODELAY set
  • Connected to 192.168.245.252 (192.168.245.252) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  • TLSv1.2 (IN), TLS handshake, Request CERT (13):
  • TLSv1.2 (IN), TLS handshake, Server finished (14):
  • TLSv1.2 (OUT), TLS handshake, Certificate (11):
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  • TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.2 (OUT), TLS handshake, Finished (20):
  • TLSv1.2 (IN), TLS handshake, Finished (20):
  • SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
  • ALPN, server did not agree to a protocol
  • Server certificate:
  • subject: C=US; ST=North Carolina; O=Katello; OU=SomeOrgUnit; CN=cme-aumhd-for01.cme.local
  • start date: May 6 04:56:25 2020 GMT
  • expire date: Jan 18 04:56:26 2038 GMT
  • subjectAltName does not match 192.168.245.252
  • SSL: no alternative certificate subject name matches target host name ‘192.168.245.252’
  • Closing connection 0
  • TLSv1.2 (OUT), TLS alert, close notify (256):
    curl: (51) SSL: no alternative certificate subject name matches target host name ‘192.168.245.252’
8

Again, please use preformatted blocks when you paste you logs.

Also this doesn’t match:

and

It’s important to test the names foreman is using not testing the ip.

And due to the bad formatting I have picked up the wrong error.

I think the main server cannot connect to the smart proxy