Smart-Proxy Troubleshooting

Support
1

New to Foreman, trying to expand our Puppet capability and this is my
first post to to the Foreman users group.

After using the forman-installer, I am trying to add a "New Proxy" per the
instructions (http://<fqdn>:8443) and I get the following error:

Unable to save
Unable to communicate with the proxy: Connection reset by peer
Please check the proxy is configured and running on the host.

settings.yml is all defaults (shown below) except for the use of a custom
path. All files/paths below exist, iptables is turned off. Foreman-proxy
successfully executes "smart-proxy", and I am listing on port 8443
(netstat -an results: tcp 0 0 0.0.0.0:8443
0.0.0.0:* LISTEN).

Why can't I add the proxy after following the instructions? Any help is
appreciated! Thanks!
Adam

··· --- :ssl_ca_file: /master/puppet/ssl/certs/ca.pem :ssl_certificate: /master/puppet/ssl/certs/.pem :ssl_private_key: /master/puppet/ssl/private_keys/.pem :trusted_hosts: - uxmaster100 :daemon: true :daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid :port: 8443 :tftp: true :tftproot: /master/tftpboot/ :tftp_servername: 10.201.1.10 :dns: false :dns_key: /etc/rndc.key :dns_server: 127.0.0.1 :dhcp: false :dhcp_vendor: isc :puppetca: true :ssldir: /master/puppet/ssl :puppetdir: /etc/puppet :puppet: true :puppet_conf: /etc/puppet/puppet.conf :log_file: /var/log/foreman-proxy/proxy.log
2

Adam,

Make sure that you specify https://. Foreman doesn't automatically
know that port 8443 is for SSL.

Regards,
Justin

··· On Mon, Jul 29, 2013 at 11:48 AM, Adam Carlson wrote: > New to Foreman, trying to expand our Puppet capability and this is my first > post to to the Foreman users group. > > After using the forman-installer, I am trying to add a "New Proxy" per the > instructions (http://:8443) and I get the following error: > > > Unable to save > > Unable to communicate with the proxy: Connection reset by peer > Please check the proxy is configured and running on the host. > > settings.yml is all defaults (shown below) except for the use of a custom > path. All files/paths below exist, iptables is turned off. Foreman-proxy > successfully executes "smart-proxy", and I am listing on port 8443 (netstat > -an results: tcp 0 0 0.0.0.0:8443 0.0.0.0:* > LISTEN). > > Why can't I add the proxy after following the instructions? Any help is > appreciated! Thanks! > Adam > --- > :ssl_ca_file: /master/puppet/ssl/certs/ca.pem > :ssl_certificate: /master/puppet/ssl/certs/.pem > :ssl_private_key: /master/puppet/ssl/private_keys/.pem > :trusted_hosts: > - uxmaster100 > :daemon: true > :daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid > :port: 8443 > :tftp: true > :tftproot: /master/tftpboot/ > :tftp_servername: 10.201.1.10 > :dns: false > :dns_key: /etc/rndc.key > :dns_server: 127.0.0.1 > :dhcp: false > :dhcp_vendor: isc > :puppetca: true > :ssldir: /master/puppet/ssl > :puppetdir: /etc/puppet > :puppet: true > :puppet_conf: /etc/puppet/puppet.conf > :log_file: /var/log/foreman-proxy/proxy.log > > > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to foreman-users+unsubscribe@googlegroups.com. > To post to this group, send email to foreman-users@googlegroups.com. > Visit this group at http://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/groups/opt_out. > >
3

Try using an HTTPS URL instead of HTTP, because you have the ssl_*
options defined in the config file.

··· -- Dominic Cleal Red Hat Engineering

On 29/07/13 17:48, Adam Carlson wrote:

New to Foreman, trying to expand our Puppet capability and this is my
first post to to the Foreman users group.

After using the forman-installer, I am trying to add a “New Proxy” per
the instructions (http://:8443) and I get the following error:

    Unable to save

Unable to communicate with the proxy: Connection reset by peer

Please check the proxy is configured and running on the host.

settings.yml is all defaults (shown below) except for the use of a
custom path. All files/paths below exist, iptables is turned
off. Foreman-proxy successfully executes “smart-proxy”, and I am
listing on port 8443 (netstat -an results: tcp 0 0
0.0.0.0:8443 0.0.0.0:* LISTEN).

Why can’t I add the proxy after following the instructions? Any help is
appreciated! Thanks!
Adam

:ssl_ca_file: /master/puppet/ssl/certs/ca.pem
:ssl_certificate: /master/puppet/ssl/certs/.pem
:ssl_private_key: /master/puppet/ssl/private_keys/.pem
:trusted_hosts:

  • uxmaster100
    :daemon: true
    :daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
    :port: 8443
    :tftp: true
    :tftproot: /master/tftpboot/
    :tftp_servername: 10.201.1.10
    :dns: false
    :dns_key: /etc/rndc.key
    :dns_server: 127.0.0.1
    :dhcp: false
    :dhcp_vendor: isc
    :puppetca: true
    :ssldir: /master/puppet/ssl
    :puppetdir: /etc/puppet
    :puppet: true
    :puppet_conf: /etc/puppet/puppet.conf
    :log_file: /var/log/foreman-proxy/proxy.log


You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.

4

That did it! I also had my trusted_hosts configured wrong, and needed to
correct the location of the ssl certs referred to in the foreman-vhost,
but your input led me to seeing those issues. Thanks for the help!

··· On Monday, July 29, 2013 12:58:25 PM UTC-4, Dominic Cleal wrote:

Try using an HTTPS URL instead of HTTP, because you have the ssl_*
options defined in the config file.


Dominic Cleal
Red Hat Engineering

On 29/07/13 17:48, Adam Carlson wrote:

New to Foreman, trying to expand our Puppet capability and this is my
first post to to the Foreman users group.

After using the forman-installer, I am trying to add a “New Proxy” per
the instructions (http://:8443) and I get the following error:

    Unable to save

Unable to communicate with the proxy: Connection reset by peer

Please check the proxy is configured and running on the host.

settings.yml is all defaults (shown below) except for the use of a
custom path. All files/paths below exist, iptables is turned
off. Foreman-proxy successfully executes “smart-proxy”, and I am
listing on port 8443 (netstat -an results: tcp 0 0
0.0.0.0:8443 0.0.0.0:* LISTEN).

Why can’t I add the proxy after following the instructions? Any help is
appreciated! Thanks!
Adam

:ssl_ca_file: /master/puppet/ssl/certs/ca.pem
:ssl_certificate: /master/puppet/ssl/certs/.pem
:ssl_private_key: /master/puppet/ssl/private_keys/.pem
:trusted_hosts:

  • uxmaster100
    :daemon: true
    :daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
    :port: 8443
    :tftp: true
    :tftproot: /master/tftpboot/
    :tftp_servername: 10.201.1.10
    :dns: false
    :dns_key: /etc/rndc.key
    :dns_server: 127.0.0.1
    :dhcp: false
    :dhcp_vendor: isc
    :puppetca: true
    :ssldir: /master/puppet/ssl
    :puppetdir: /etc/puppet
    :puppet: true
    :puppet_conf: /etc/puppet/puppet.conf
    :log_file: /var/log/foreman-proxy/proxy.log


You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-user...@googlegroups.com <javascript:>.
To post to this group, send email to forema...@googlegroups.com<javascript:>.

Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.