Problem:
My remote execution jobs fail, although they run successfully - exactly like this guy explains Support #15070: Task not completing, although job runs - Foreman Remote Execution - Foreman.
I learned from the debug logs that, for me, it was failing when the proxy was trying to report the status back to Foreman. The error was
[2018-04-24 16:34:29.495 #6175] ERROR -- SSL_connect returned=1 errno=0 state=error: certificate verify failed (RestClient::SSLCertificateNotVerified)
After digging for quite a while, I stumbled on http://projects.theforeman.org/issues/15530, and learned that my proxy client was using the wrong cert because the Foreman server is uses different certs (signed by our in-house CA) for it’s WebUI. This here helped me realize that:
SSL settings for client authentication against Foreman. If undefined, the values from general SSL options are used instead. Mainly useful when Foreman uses different certificates for its web UI and for smart-proxy requests. :foreman_ssl_ca: /etc/foreman-proxy/foreman_ssl_ca.pem :foreman_ssl_cert: /etc/foreman-proxy/foreman_ssl_cert.pem :foreman_ssl_key: /etc/foreman-proxy/foreman_ssl_key.pem
Great so I thought I figured it out, I just need to set :foreman_ssl_cert:
, :foreman_ssl_key:
to what Foreman uses for it’s Web UI - Nope, it still doesn’t work. Now Foreman can’t talk to the proxy.
My web certificates are configured as per this article: Foreman :: Replacing Foreman's web SSL certificate. and ~everything else in my set up is largely DEFAULTS (foreman-installer) for Foreman 1.17 (everything on the same box; Foreman, Foreman Proxy, Puppet Master).
Expected outcome:
Remote execution jobs should complete.
Foreman and Proxy versions:
1.17
Foreman and Proxy plugin versions:
1.17
Other relevant data:
[e.g. logs from Foreman and/or the Proxy, modified templates, commands issued, etc]