Greetings,
just finished upgrade to Foreman 1.9 / Katello 2.3 from Foreman 1.8.2 /
Katelo 2.2.1 and faced strange problem:
tlsv1 alert unknown ca thrown on any interactions with :443.
Here are some examples:
/etc/puppet/node.rb hostname
Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=SSLv3
read server session ticket A: tlsv1 alert unknown ca
subscription-manager refresh
Unable to verify server's identity: tlsv1 alert unknown ca
pulp-admin tasks list
Warning: path should have mode 0700 because it may contain sensitive
information: /root/.pulp/
···
+----------------------------------------------------------------------+ Tasks +----------------------------------------------------------------------+An error occurred attempting to contact the server. More information can be
found in the client log file ~/.pulp/admin.log.
tail -n 23 ~/.pulp/admin.log
2015-09-10 18:18:16,232 - ERROR - Client-side exception occurred
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/pulp/client/extensions/core.py”,
line 478, in run
exit_code = Cli.run(self, args)
File “/usr/lib/python2.7/site-packages/okaara/cli.py”, line 974, in run
exit_code = command_or_section.execute(self.prompt, remaining_args)
File
"/usr/lib/python2.7/site-packages/pulp/client/extensions/extensions.py",
line 224, in execute
return self.method(*arg_list, **clean_kwargs)
File “/usr/lib/python2.7/site-packages/pulp/client/admin/tasks.py”, line
73, in list
task_objects = self.retrieve_tasks(**kwargs)
File “/usr/lib/python2.7/site-packages/pulp/client/admin/tasks.py”, line
251, in retrieve_tasks
tasks = self.context.server.tasks_search.search(fields=self.FIELDS)
File “/usr/lib/python2.7/site-packages/pulp/bindings/tasks.py”, line 138,
in search
tasks = super(TaskSearchAPI, self).search(**kwargs)
File “/usr/lib/python2.7/site-packages/pulp/bindings/search.py”, line
106, in search
response = self.server.POST(self.PATH, {‘criteria’:kwargs})
File “/usr/lib/python2.7/site-packages/pulp/bindings/server.py”, line 98,
in POST
return self._request(‘POST’, path, body=body,
ensure_encoding=ensure_encoding)
File “/usr/lib/python2.7/site-packages/pulp/bindings/server.py”, line
142, in _request
response_code, response_body = self.server_wrapper.request(method, url,
body)
File “/usr/lib/python2.7/site-packages/pulp/bindings/server.py”, line
332, in request
raise exceptions.ConnectionException(None, str(err), None)
ConnectionException: (None, ‘tlsv1 alert unknown ca’, None)
openssl s_client showing no errors at all:
openssl s_client -connect sccm.corp.tander.ru:443 -CAfile
/etc/rhsm/ca/katello-server-ca.pem
[…]
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
[…]
Verify return code: 0 (ok)
I’ll appreciate any ideas on how to get it fixed.
Thanks!
–
Kind regards,
Vladimir.