Problem:
Performing a GET from /unattended/provision results in
[E] Failed to proxy /provision for {“splat”=>, “captures”=>[“provision”], “kind”=>“provision”}: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca
This was first noticed when trying to build a previously discovered machine. Discovery seems to work fine, the discovery image boots up and correctly sends back the facts.
In case it matters, the setup in question is on a machine with 2 interfaces, with hostnames hostname-mgmt.domain.tld (primary) and hostname.domain.tld. The second one is added as ServerAlias in the Vhost stanza in the httpd configuration, and is present in the cert as alternative name.
Expected outcome:
The GET should return something that isn’t a SSL error, and the provisioning should work rather than error out during boot.
Foreman and Proxy versions:
1.23
Distribution and version:
CentOS 7
Other relevant data:
2019-11-04T05:33:59 946ab231 [I] Started GET /unattended/provision
2019-11-04T05:34:04 946ab231 [E] Failed to proxy /provision for {“splat”=>, “captures”=>[“provision”], “kind”=>“provision”}: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca
2019-11-04T05:34:04 946ab231 [W] Failed to proxy /provision for {“splat”=>, “captures”=>[“provision”], “kind”=>“provision”}: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca
/usr/share/ruby/net/http.rb:921:in connect' /usr/share/ruby/net/http.rb:921:in
block in connect’
/usr/share/ruby/timeout.rb:52:in timeout' /usr/share/ruby/net/http.rb:921:in
connect’
/usr/share/ruby/net/http.rb:862:in do_start' /usr/share/ruby/net/http.rb:851:in
start’
/usr/share/ruby/net/http.rb:1373:in request' /usr/share/gems/gems/rest-client-1.6.7/lib/restclient/net_http_ext.rb:51:in
request’
/usr/share/foreman-proxy/lib/proxy/request.rb:49:in send_request' /usr/share/foreman-proxy/modules/templates/proxy_request.rb:50:in
call_template’
/usr/share/foreman-proxy/modules/templates/proxy_request.rb:12:in get' /usr/share/foreman-proxy/modules/templates/template_proxy_request.rb:6:in
get’
/usr/share/foreman-proxy/modules/templates/templates_unattended_api.rb:25:in block (2 levels) in <class:TemplatesUnattendedApi>' /usr/share/foreman-proxy/lib/proxy/helpers.rb:14:in
log_halt’
/usr/share/foreman-proxy/modules/templates/templates_unattended_api.rb:24:in block in <class:TemplatesUnattendedApi>' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1610:in
call’
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1610:in block in compile!' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:975:in
’
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:975:in block (3 levels) in route!' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:994:in
route_eval’
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:975:in block (2 levels) in route!' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1015:in
block in process_route’
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1013:in catch' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1013:in
process_route’
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:973:in block in route!' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:972:in
each’
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:972:in route!' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1085:in
block in dispatch!’
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:in block in invoke' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:in
catch’
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:in invoke' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1082:in
dispatch!’
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:907:in block in call!' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:in
block in invoke’
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:in catch' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:in
invoke’
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:907:in call!' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:895:in
call’
/usr/share/foreman-proxy/lib/proxy/log.rb:96:in call' /usr/share/foreman-proxy/lib/proxy/request_id_middleware.rb:11:in
call’
/usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/xss_header.rb:18:in call' /usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/path_traversal.rb:16:in
call’
/usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/json_csrf.rb:18:in call' /usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:in
call’
/usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:in call' /usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/frame_options.rb:31:in
call’
/usr/share/gems/gems/rack-1.6.4/lib/rack/nulllogger.rb:9:in call' /usr/share/gems/gems/rack-1.6.4/lib/rack/head.rb:13:in
call’
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/show_exceptions.rb:25:in call' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:182:in
call’
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:2013:in call' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1487:in
block in call’
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1787:in synchronize' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1487:in
call’
/usr/share/gems/gems/rack-1.6.4/lib/rack/urlmap.rb:66:in block in call' /usr/share/gems/gems/rack-1.6.4/lib/rack/urlmap.rb:50:in
each’
/usr/share/gems/gems/rack-1.6.4/lib/rack/urlmap.rb:50:in call' /usr/share/gems/gems/rack-1.6.4/lib/rack/builder.rb:153:in
call’
/usr/share/gems/gems/rack-1.6.4/lib/rack/handler/webrick.rb:88:in service' /usr/share/ruby/webrick/httpserver.rb:138:in
service’
/usr/share/ruby/webrick/httpserver.rb:94:in run' /usr/share/ruby/webrick/server.rb:295:in
block in start_thread’
/usr/share/gems/gems/logging-2.2.2/lib/logging/diagnostic_context.rb:474:in call' /usr/share/gems/gems/logging-2.2.2/lib/logging/diagnostic_context.rb:474:in
block in create_with_logging_context’
2019-11-04T05:34:04 946ab231 [I] Finished GET /unattended/provision with 500 (5031.47 ms)