Validation failed: Content type is not enabled

Support
,
#1

Problem:
While creating a Product, discovering and adding repositories, getting following error -
Validation failed: Content type is not enabled. must be one of the following:

Expected outcome:
Product repositories get added.

Foreman and Proxy versions:

foreman-3.4.0-1.el8.noarch
foreman-cli-3.4.0-1.el8.noarch
foreman-debug-3.4.0-1.el8.noarch
foreman-dynflow-sidekiq-3.4.0-1.el8.noarch
foreman-installer-3.4.0-1.el8.noarch
foreman-installer-katello-3.4.0-1.el8.noarch
foreman-postgresql-3.4.0-1.el8.noarch
foreman-release-3.4.0-1.el8.noarch
foreman-selinux-3.4.0-1.el8.noarch
foreman-service-3.4.0-1.el8.noarch
katello-4.6.0-1.el8.noarch
katello-certs-tools-2.9.0-1.el8.noarch
katello-common-4.6.0-1.el8.noarch
katello-debug-4.6.0-1.el8.noarch
katello-repos-4.6.0-1.el8.noarch
katello-selinux-4.0.2-2.el8.noarch
rubygem-foreman_maintain-1.1.3-1.el8.noarch
rubygem-foreman_openscap-5.2.2-2.fm3_3.el8.noarch
rubygem-foreman_remote_execution-8.0.0-2.fm3_4.el8.noarch
rubygem-foreman_statistics-2.0.1-3.fm3_3.el8.noarch
rubygem-foreman-tasks-7.0.0-1.fm3_4.el8.noarch
rubygem-hammer_cli_foreman-3.4.0-1.el8.noarch
rubygem-hammer_cli_foreman_ansible-0.4.0-1.fm3_4.el8.noarch
rubygem-hammer_cli_foreman_openscap-0.1.13-1.fm3_0.el8.noarch
rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.fm3_0.el8.noarch
rubygem-hammer_cli_foreman_tasks-0.0.17-1.fm3_2.el8.noarch
rubygem-hammer_cli_katello-1.7.0-0.1.pre.master.20220802114853git2f16bef.el8.noarch
rubygem-katello-4.6.0-1.el8.noarch

Foreman and Proxy plugin versions:
Installation was done without foreman proxy.

Distribution and version:
EL8

Other relevant data:

Following are the errors in production.log

2022-12-12T14:18:45 [I|app|4f9c33cd]   Parameters: {"organization_id"=>"1", "with_active_subscription"=>"true", "search"=>"(((name !~ source rpm) and (name !~ debug rpm) and (content_type = yum) and (label !~ beta) and (label !~ htb) and (name !~ beta) and (product_name !~ beta)))", "api_version"=>"v2"}
2022-12-12T14:36:03 [I|aud|23a8fd5e] Katello::ContentCredential (2) create event on content_type gpg_key
2022-12-12T14:44:37 [E|bac|72af96ba] Validation failed: Content type is not enabled. must be one of the following:  (ActiveRecord::RecordInvalid)

I am new to the foreman and its community hence request you to help me in this!
Thanks,

-swapie

#2

Where did you pick up that list? Does that really contain no pulp rpms?

I don’t understand what you mean by that. You cannot install the server with a proxy.

That’s no distribution nor exact version.

There should be a backtrace following the error. Please post the full error (i.e. until the next “normal” log line starts).

#3

[quote=“gvde, post:2, topic:31572”]
Where did you pick up that list? Does that really contain no pulp rpms?
From the Foreman server. Here are the pulp packages available on the system -

[root@foreman ~]# rpm -qa |grep pulp
rubygem-pulp_deb_client-2.18.1-1.el8.noarch
rubygem-pulp_python_client-3.6.1-1.el8.noarch
rubygem-pulp_certguard_client-1.5.5-1.el8.noarch
pulpcore-selinux-1.3.2-1.el8.x86_64
rubygem-pulp_ansible_client-0.13.4-1.el8.noarch
rubygem-pulp_file_client-1.10.5-1.el8.noarch
rubygem-pulpcore_client-3.18.5-2.el8.noarch
rubygem-pulp_rpm_client-3.17.12-1.el8.noarch
rubygem-pulp_container_client-2.10.7-1.el8.noarch
python39-pulpcore-3.18.10-1.el8.noarch
rubygem-pulp_ostree_client-2.0.0-0.1.a1.el8.noarch
[root@foreman ~]#

I don’t understand what you mean by that. You cannot install the server with a proxy.
I used following command -
[root@foreman ~]# foreman-installer --scenario katello --foreman-initial-organization "XXX" --foreman-initial-admin-username "admin" --foreman-initial-admin-password "XXX" --enable-foreman-cli-ansible --enable-foreman-cli-openscap --enable-foreman-plugin-openscap --enable-foreman-plugin-statistics **--no-enable-foreman-proxy --no-enable-foreman-proxy-content** --certs-server-cert "/root/foreman-cert/my-org.crt" --certs-server-key "/root/foreman-cert/my-org.key" --certs-server-ca-cert "/root/foreman-cert/bundle-my-org.crt"

That’s no distribution nor exact version.
Apologies. I meant Enterprise Linux 8 i.e. Rocky Linux release 8.6 (Green Obsidian)

There should be a backtrace following the error. Please post the full error (i.e. until the next “normal” log line starts).
[/quote]
Here is the full error -

2022-12-12T13:53:20 [I|app|c8495de9] Started POST "/katello/api/v2/repositories?organization_id=1" for 172.10.1.10 at 2022-12-12 13:53:20 +0530
2022-12-12T13:53:20 [I|app|c8495de9] Processing by Katello::Api::V2::RepositoriesController#create as HTML
2022-12-12T13:53:20 [I|app|c8495de9]   Parameters: {"name"=>"CentOS 7 Updates x86_64", "label"=>"centos7_updates_x86_64", "content_type"=>"yum", "product_id"=>2, "unprotected"=>true, "verify_ssl_on_sync"=>true, "url"=>"http://mirror.centos.org/centos/7/updates/x86_64/", "organization_id"=>"1", "api_version"=>"v2", "repository"=>{"name"=>"CentOS 7 Updates x86_64", "label"=>"centos7_updates_x86_64", "url"=>"http://mirror.centos.org/centos/7/updates/x86_64/", "unprotected"=>true, "content_type"=>"yum", "product_id"=>2, "verify_ssl_on_sync"=>true}}
2022-12-12T13:53:20 [I|bac|c8495de9] Task {label: , execution_plan_id: 493c9e0b-38b5-48f1-bed4-c628079d9b08} state changed: pending 
2022-12-12T13:53:20 [I|bac|c8495de9] Task {label: Actions::Katello::Repository::CreateRoot, id: db574656-e7bb-4570-b11a-298c0267c68d, execution_plan_id: 493c9e0b-38b5-48f1-bed4-c628079d9b08} state changed: planning 
2022-12-12T13:53:20 [E|bac|c8495de9] Validation failed: Content type is not enabled. must be one of the following:  (ActiveRecord::RecordInvalid)
 c8495de9 | /usr/share/gems/gems/activerecord-6.1.6.1/lib/active_record/validations.rb:80:in `raise_validation_error'
 c8495de9 | /usr/share/gems/gems/activerecord-6.1.6.1/lib/active_record/validations.rb:53:in `save!'
 c8495de9 | /usr/share/gems/gems/activerecord-6.1.6.1/lib/active_record/transactions.rb:302:in `block in save!'
 c8495de9 | /usr/share/gems/gems/activerecord-6.1.6.1/lib/active_record/transactions.rb:354:in `block in with_transaction_returning_status'
 c8495de9 | /usr/share/gems/gems/activerecord-6.1.6.1/lib/active_record/connection_adapters/abstract/database_statements.rb:318:in `transaction'
 c8495de9 | /usr/share/gems/gems/activerecord-6.1.6.1/lib/active_record/transactions.rb:350:in `with_transaction_returning_status'
 c8495de9 | /usr/share/gems/gems/activerecord-6.1.6.1/lib/active_record/transactions.rb:302:in `save!'
 c8495de9 | /usr/share/gems/gems/activerecord-6.1.6.1/lib/active_record/suppressor.rb:48:in `save!'
 c8495de9 | /usr/share/gems/gems/katello-4.6.0/app/lib/actions/katello/repository/create_root.rb:6:in `plan'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/action.rb:525:in `block (3 levels) in execute_plan'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:27:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:19:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:36:in `plan'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:23:in `call'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:27:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:19:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:36:in `plan'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:23:in `call'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:27:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:19:in `pass'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/app/lib/actions/middleware/load_setting_values.rb:15:in `plan'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:23:in `call'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:27:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:19:in `pass'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/app/lib/actions/middleware/keep_current_request_id.rb:10:in `block in plan'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/app/lib/actions/middleware/keep_current_request_id.rb:34:in `with_current_request_id'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/app/lib/actions/middleware/keep_current_request_id.rb:9:in `plan'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:23:in `call'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:27:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:19:in `pass'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/app/lib/actions/middleware/keep_current_timezone.rb:10:in `block in plan'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/app/lib/actions/middleware/keep_current_timezone.rb:31:in `with_current_timezone'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/app/lib/actions/middleware/keep_current_timezone.rb:9:in `plan'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:23:in `call'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:27:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:19:in `pass'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/app/lib/actions/middleware/keep_current_taxonomies.rb:10:in `block in plan'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/app/lib/actions/middleware/keep_current_taxonomies.rb:30:in `with_current_taxonomies'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/app/lib/actions/middleware/keep_current_taxonomies.rb:9:in `plan'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:23:in `call'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:27:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:19:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:36:in `plan'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:23:in `call'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:27:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:19:in `pass'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/app/lib/actions/middleware/keep_current_user.rb:10:in `block in plan'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/app/lib/actions/middleware/keep_current_user.rb:41:in `with_current_user'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/app/lib/actions/middleware/keep_current_user.rb:9:in `plan'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:23:in `call'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/world.rb:31:in `execute'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/action.rb:524:in `block (2 levels) in execute_plan'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/execution_plan.rb:387:in `switch_flow'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/action.rb:428:in `concurrence'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/action.rb:523:in `block in execute_plan'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/action.rb:483:in `block in with_error_handling'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/action.rb:483:in `catch'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/action.rb:483:in `with_error_handling'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/action.rb:522:in `execute_plan'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/action.rb:296:in `execute'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/execution_plan/steps/plan_step.rb:55:in `block in execute'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/execution_plan/steps/abstract.rb:167:in `with_meta_calculation'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/execution_plan/steps/plan_step.rb:54:in `execute'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/execution_plan.rb:289:in `block (2 levels) in plan'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/execution_plan.rb:387:in `switch_flow'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/execution_plan.rb:377:in `with_planning_scope'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/execution_plan.rb:288:in `block in plan'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:27:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:19:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:44:in `plan_phase'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:23:in `call'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:27:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:19:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:44:in `plan_phase'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:23:in `call'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:27:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:19:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:44:in `plan_phase'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:23:in `call'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:27:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:19:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:44:in `plan_phase'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:23:in `call'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:27:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:19:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:44:in `plan_phase'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:23:in `call'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:27:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:19:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:44:in `plan_phase'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:23:in `call'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:27:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:19:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/common/transaction.rb:17:in `block in rollback_on_error'
 c8495de9 | /usr/share/gems/gems/activerecord-6.1.6.1/lib/active_record/connection_adapters/abstract/database_statements.rb:320:in `block in transaction'
 c8495de9 | /usr/share/gems/gems/activerecord-6.1.6.1/lib/active_record/connection_adapters/abstract/transaction.rb:319:in `block in within_new_transaction'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/concurrency/load_interlock_aware_monitor.rb:26:in `block (2 levels) in synchronize'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/concurrency/load_interlock_aware_monitor.rb:25:in `handle_interrupt'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/concurrency/load_interlock_aware_monitor.rb:25:in `block in synchronize'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/concurrency/load_interlock_aware_monitor.rb:21:in `handle_interrupt'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/concurrency/load_interlock_aware_monitor.rb:21:in `synchronize'
 c8495de9 | /usr/share/gems/gems/activerecord-6.1.6.1/lib/active_record/connection_adapters/abstract/transaction.rb:317:in `within_new_transaction'
 c8495de9 | /usr/share/gems/gems/activerecord-6.1.6.1/lib/active_record/connection_adapters/abstract/database_statements.rb:320:in `transaction'
 c8495de9 | /usr/share/gems/gems/activerecord-6.1.6.1/lib/active_record/transactions.rb:209:in `transaction'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/transaction_adapters/active_record.rb:6:in `transaction'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/common/transaction.rb:16:in `rollback_on_error'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/common/transaction.rb:6:in `plan_phase'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:23:in `call'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:27:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:19:in `pass'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware.rb:44:in `plan_phase'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/stack.rb:23:in `call'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/middleware/world.rb:31:in `execute'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/execution_plan.rb:287:in `plan'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/world.rb:219:in `block (2 levels) in plan_with_options'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/coordinator.rb:326:in `acquire'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/world.rb:217:in `block in plan_with_options'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/world.rb:216:in `tap'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/world.rb:216:in `plan_with_options'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/world.rb:212:in `plan'
 c8495de9 | /usr/share/gems/gems/dynflow-1.6.7/lib/dynflow/world.rb:180:in `trigger'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/lib/foreman_tasks.rb:20:in `trigger'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/lib/foreman_tasks.rb:26:in `block in trigger_task'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/lib/foreman_tasks.rb:46:in `block in rails_safe_trigger_task'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/dependencies/interlock.rb:48:in `block in permit_concurrent_loads'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/concurrency/share_lock.rb:187:in `yield_shares'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/dependencies/interlock.rb:47:in `permit_concurrent_loads'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/lib/foreman_tasks.rb:45:in `rails_safe_trigger_task'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/lib/foreman_tasks.rb:24:in `trigger_task'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/lib/foreman_tasks.rb:55:in `sync_task'
 c8495de9 | /usr/share/gems/gems/foreman-tasks-7.0.0/lib/foreman_tasks/triggers.rb:22:in `sync_task'
 c8495de9 | /usr/share/gems/gems/katello-4.6.0/app/controllers/katello/api/v2/repositories_controller.rb:259:in `create'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/abstract_controller/base.rb:228:in `process_action'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_controller/metal/rendering.rb:30:in `process_action'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/abstract_controller/callbacks.rb:42:in `block in process_action'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/callbacks.rb:117:in `block in run_callbacks'
 c8495de9 | /usr/share/foreman/app/controllers/concerns/foreman/controller/timezone.rb:10:in `set_timezone'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/callbacks.rb:126:in `block in run_callbacks'
 c8495de9 | /usr/share/foreman/app/models/concerns/foreman/thread_session.rb:32:in `clear_thread'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/callbacks.rb:126:in `block in run_callbacks'
 c8495de9 | /usr/share/foreman/app/controllers/concerns/foreman/controller/topbar_sweeper.rb:12:in `set_topbar_sweeper_controller'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/callbacks.rb:126:in `block in run_callbacks'
 c8495de9 | /usr/share/gems/gems/audited-4.10.0/lib/audited/sweeper.rb:14:in `around'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/callbacks.rb:126:in `block in run_callbacks'
 c8495de9 | /usr/share/gems/gems/audited-4.10.0/lib/audited/sweeper.rb:14:in `around'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/callbacks.rb:126:in `block in run_callbacks'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/callbacks.rb:137:in `run_callbacks'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/abstract_controller/callbacks.rb:41:in `process_action'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_controller/metal/rescue.rb:22:in `process_action'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/notifications.rb:203:in `block in instrument'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/notifications/instrumenter.rb:24:in `instrument'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/notifications.rb:203:in `instrument'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_controller/metal/instrumentation.rb:33:in `process_action'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_controller/metal/params_wrapper.rb:249:in `process_action'
 c8495de9 | /usr/share/gems/gems/activerecord-6.1.6.1/lib/active_record/railties/controller_runtime.rb:27:in `process_action'
 c8495de9 | /usr/share/gems/gems/katello-4.6.0/app/controllers/katello/concerns/api/api_controller.rb:50:in `process_action'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/abstract_controller/base.rb:165:in `process'
 c8495de9 | /usr/share/gems/gems/actionview-6.1.6.1/lib/action_view/rendering.rb:39:in `process'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_controller/metal.rb:190:in `dispatch'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_controller/metal.rb:254:in `dispatch'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/routing/route_set.rb:50:in `dispatch'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/routing/route_set.rb:33:in `serve'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/routing/mapper.rb:19:in `block in <class:Constraints>'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/routing/mapper.rb:49:in `serve'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/journey/router.rb:50:in `block in serve'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/journey/router.rb:32:in `each'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/journey/router.rb:32:in `serve'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/routing/route_set.rb:842:in `call'
 c8495de9 | /usr/share/gems/gems/railties-6.1.6.1/lib/rails/engine.rb:539:in `call'
 c8495de9 | /usr/share/gems/gems/railties-6.1.6.1/lib/rails/railtie.rb:207:in `public_send'
 c8495de9 | /usr/share/gems/gems/railties-6.1.6.1/lib/rails/railtie.rb:207:in `method_missing'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/routing/mapper.rb:20:in `block in <class:Constraints>'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/routing/mapper.rb:49:in `serve'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/journey/router.rb:50:in `block in serve'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/journey/router.rb:32:in `each'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/journey/router.rb:32:in `serve'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/routing/route_set.rb:842:in `call'
 c8495de9 | /usr/share/gems/gems/katello-4.6.0/lib/katello/middleware/organization_created_enforcer.rb:18:in `call'
 c8495de9 | /usr/share/gems/gems/katello-4.6.0/lib/katello/middleware/event_daemon.rb:10:in `call'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/middleware/static.rb:24:in `call'
 c8495de9 | /usr/share/gems/gems/apipie-dsl-2.5.0/lib/apipie_dsl/static_dispatcher.rb:67:in `call'
 c8495de9 | /usr/share/gems/gems/apipie-rails-0.5.20/lib/apipie/static_dispatcher.rb:66:in `call'
 c8495de9 | /usr/share/gems/gems/apipie-rails-0.5.20/lib/apipie/extractor/recorder.rb:137:in `call'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/middleware/static.rb:24:in `call'
 c8495de9 | /usr/share/foreman/lib/foreman/middleware/libvirt_connection_cleaner.rb:9:in `call'
 c8495de9 | /usr/share/foreman/lib/foreman/middleware/telemetry.rb:10:in `call'
 c8495de9 | /usr/share/gems/gems/apipie-rails-0.5.20/lib/apipie/middleware/checksum_in_headers.rb:27:in `call'
 c8495de9 | /usr/share/gems/gems/rack-2.2.4/lib/rack/tempfile_reaper.rb:15:in `call'
 c8495de9 | /usr/share/gems/gems/rack-2.2.4/lib/rack/etag.rb:27:in `call'
 c8495de9 | /usr/share/gems/gems/rack-2.2.4/lib/rack/conditional_get.rb:40:in `call'
 c8495de9 | /usr/share/gems/gems/rack-2.2.4/lib/rack/head.rb:12:in `call'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/http/permissions_policy.rb:22:in `call'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/http/content_security_policy.rb:19:in `call'
 c8495de9 | /usr/share/foreman/lib/foreman/middleware/logging_context_session.rb:22:in `call'
 c8495de9 | /usr/share/gems/gems/rack-2.2.4/lib/rack/session/abstract/id.rb:266:in `context'
 c8495de9 | /usr/share/gems/gems/rack-2.2.4/lib/rack/session/abstract/id.rb:260:in `call'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/middleware/cookies.rb:689:in `call'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/callbacks.rb:98:in `run_callbacks'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/middleware/callbacks.rb:26:in `call'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/middleware/actionable_exceptions.rb:18:in `call'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/middleware/debug_exceptions.rb:29:in `call'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
 c8495de9 | /usr/share/gems/gems/railties-6.1.6.1/lib/rails/rack/logger.rb:37:in `call_app'
 c8495de9 | /usr/share/gems/gems/railties-6.1.6.1/lib/rails/rack/logger.rb:28:in `call'
 c8495de9 | /usr/share/gems/gems/sprockets-rails-3.4.2/lib/sprockets/rails/quiet_assets.rb:13:in `call'
 c8495de9 | /usr/share/foreman/lib/foreman/middleware/logging_context_request.rb:11:in `call'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/middleware/request_id.rb:26:in `call'
 c8495de9 | /usr/share/gems/gems/katello-4.6.0/lib/katello/prevent_json_parsing.rb:12:in `call'
 c8495de9 | /usr/share/gems/gems/rack-2.2.4/lib/rack/method_override.rb:24:in `call'
 c8495de9 | /usr/share/gems/gems/rack-2.2.4/lib/rack/runtime.rb:22:in `call'
 c8495de9 | /usr/share/gems/gems/activesupport-6.1.6.1/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/middleware/executor.rb:14:in `call'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/middleware/static.rb:24:in `call'
 c8495de9 | /usr/share/gems/gems/rack-2.2.4/lib/rack/sendfile.rb:110:in `call'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/middleware/ssl.rb:77:in `call'
 c8495de9 | /usr/share/gems/gems/actionpack-6.1.6.1/lib/action_dispatch/middleware/host_authorization.rb:142:in `call'
 c8495de9 | /usr/share/gems/gems/secure_headers-6.3.4/lib/secure_headers/middleware.rb:11:in `call'
 c8495de9 | /usr/share/gems/gems/railties-6.1.6.1/lib/rails/engine.rb:539:in `call'
 c8495de9 | /usr/share/gems/gems/railties-6.1.6.1/lib/rails/railtie.rb:207:in `public_send'
 c8495de9 | /usr/share/gems/gems/railties-6.1.6.1/lib/rails/railtie.rb:207:in `method_missing'
 c8495de9 | /usr/share/gems/gems/rack-2.2.4/lib/rack/urlmap.rb:74:in `block in call'
 c8495de9 | /usr/share/gems/gems/rack-2.2.4/lib/rack/urlmap.rb:58:in `each'
 c8495de9 | /usr/share/gems/gems/rack-2.2.4/lib/rack/urlmap.rb:58:in `call'
 c8495de9 | /usr/share/gems/gems/puma-5.6.4/lib/puma/configuration.rb:252:in `call'
 c8495de9 | /usr/share/gems/gems/puma-5.6.4/lib/puma/request.rb:77:in `block in handle_request'
 c8495de9 | /usr/share/gems/gems/puma-5.6.4/lib/puma/thread_pool.rb:340:in `with_force_shutdown'
 c8495de9 | /usr/share/gems/gems/puma-5.6.4/lib/puma/request.rb:76:in `handle_request'
 c8495de9 | /usr/share/gems/gems/puma-5.6.4/lib/puma/server.rb:441:in `process_client'
 c8495de9 | /usr/share/gems/gems/puma-5.6.4/lib/puma/thread_pool.rb:147:in `block in spawn_thread'
 c8495de9 | [ concurrent-ruby ]
2022-12-12T13:53:20 [I|bac|c8495de9] Task {label: Actions::Katello::Repository::CreateRoot, id: db574656-e7bb-4570-b11a-298c0267c68d, execution_plan_id: 493c9eb-38b5-48f1-bed4-c628079d9b08} state changed: stopped  result: error
2022-12-12T13:53:20 [E|app|c8495de9] <Class> ActiveRecord::RecordInvalid
2022-12-12T13:53:20 [E|app|c8495de9] content_type: ["is not enabled. must be one of the following: "]
2022-12-12T13:53:20 [I|app|c8495de9] Completed 422 Unprocessable Entity in 242ms (Views: 20.4ms | ActiveRecord: 23.6ms | Allocations: 53403)

Thank you!
-swapie

#4

That doesn’t make any sense. Why would you do that?

How should any client access the content if don’t configure a proxy. I have no idea if the foreman server can do any useful with the content without the proxy. The proxy is the gateway to various functions/plugins. Pulp is just one of those functions. I think nothing will work without the proxy. Probably, there reason why you get the error in the beginning is because there are actually no content types available because the foreman server cannot access pulp due to the missing proxy.

#5

Thank you for highlighting that out!
What I understood from the diagram shown here is, smart proxy is only responsible for the FTP, Puppet CA, DNS & DHCP. I do not wish to use any of it. And also thought of reserving system resources by not installing components which are not being used.
While searching, I found under help section of foreman-installer command that there are switches ( --no-enable-foreman-proxy --no-enable-foreman-proxy-content) available to skip the proxy as well.

Does that mean I have no other option but to use these two option while installing Foreman?

Regards,
swapie

#6

No. First, you are looking at the foreman (without Katello) docs and second that only shows common proxy services. There are many more and content for Katello via pulp is just another proxy service.

That’s mostly the default anyway.

Well, it’s usually better to follow the docs Installing Foreman 3.4 Server with Katello 4.6 Plugin on RHEL/CentOS If it was a viable option to disable the proxy it would be mentioned…

You should follow the docs. Katello without proxy doesn’t make sense. Pulp used by Katello is a proxy service. No proxy, no content, no Katello…

#7

Thank you so much for your help & assistance!
I am being lame, but will re-running this command work on existing installation or do I have to start from a scratch?

[root@foreman ~]# foreman-installer --scenario katello --foreman-initial-organization "XXX" --foreman-initial-admin-username "admin" --foreman-initial-admin-password "XXX" --enable-foreman-cli-ansible --enable-foreman-cli-openscap --enable-foreman-plugin-openscap --enable-foreman-plugin-statistics --certs-server-cert "/root/foreman-cert/my-org.crt" --certs-server-key "/root/foreman-cert/my-org.key" --certs-server-ca-cert "/root/foreman-cert/bundle-my-org.crt"

i.e. removing these two options - --no-enable-foreman-proxy --no-enable-foreman-proxy-content

#8

foreman-installer saves the options used in the scenario answers file (i.e. /etc/foreman-installer/scenarios.d/katello-answers.yaml in your case).

Thus, you only need to make the necessary changes, which would be to enable those two options:

# foreman-installer --enable-foreman-proxy --enable-foreman-proxy-content
1 Like
#9

Thank you for your help! :slightly_smiling_face:

Here is what I did -

[root@foreman ~]# foreman-installer --enable-foreman-proxy --enable-foreman-proxy-content
2022-12-14 09:17:00 [NOTICE] [root] Loading installer configuration. This will take some time.
2022-12-14 09:17:05 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2022-12-14 09:17:05 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2022-12-14 09:17:16 [NOTICE] [configure] Starting system configuration.
2022-12-14 09:17:39 [NOTICE] [configure] 250 configuration steps out of 1408 steps complete.
2022-12-14 09:18:05 [NOTICE] [configure] 500 configuration steps out of 1410 steps complete.
2022-12-14 09:19:36 [NOTICE] [configure] 750 configuration steps out of 1415 steps complete.
2022-12-14 09:19:40 [NOTICE] [configure] 1000 configuration steps out of 1419 steps complete.
2022-12-14 09:21:20 [NOTICE] [configure] 1250 configuration steps out of 1419 steps complete.
2022-12-14 09:24:35 [ERROR ] [configure] Systemd start for foreman-proxy failed!
2022-12-14 09:24:35 [ERROR ] [configure] journalctl log for foreman-proxy:
2022-12-14 09:24:35 [ERROR ] [configure] -- Logs begin at Mon 2022-12-12 13:59:48 IST, end at Wed 2022-12-14 09:24:35 IST. --
2022-12-14 09:24:35 [ERROR ] [configure] Dec 14 09:24:33 foreman.ex.org systemd[1]: Starting Foreman Proxy...
2022-12-14 09:24:35 [ERROR ] [configure] Dec 14 09:24:35 foreman.ex.org systemd[1]: foreman-proxy.service: Main process exited, code=exited, status=1/FAILURE
2022-12-14 09:24:35 [ERROR ] [configure] Dec 14 09:24:35 foreman.ex.org systemd[1]: foreman-proxy.service: Failed with result 'exit-code'.
2022-12-14 09:24:35 [ERROR ] [configure] Dec 14 09:24:35 foreman.ex.org systemd[1]: Failed to start Foreman Proxy.
2022-12-14 09:24:35 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Service/Service[foreman-proxy]/ensure: change from 'stopped' to 'running' failed: Systemd start for foreman-proxy failed!
2022-12-14 09:24:35 [ERROR ] [configure] journalctl log for foreman-proxy:
2022-12-14 09:24:35 [ERROR ] [configure] -- Logs begin at Mon 2022-12-12 13:59:48 IST, end at Wed 2022-12-14 09:24:35 IST. --
2022-12-14 09:24:35 [ERROR ] [configure] Dec 14 09:24:33 foreman.ex.org systemd[1]: Starting Foreman Proxy...
2022-12-14 09:24:35 [ERROR ] [configure] Dec 14 09:24:35 foreman.ex.org systemd[1]: foreman-proxy.service: Main process exited, code=exited, status=1/FAILURE
2022-12-14 09:24:35 [ERROR ] [configure] Dec 14 09:24:35 foreman.ex.org systemd[1]: foreman-proxy.service: Failed with result 'exit-code'.
2022-12-14 09:24:35 [ERROR ] [configure] Dec 14 09:24:35 foreman.ex.org systemd[1]: Failed to start Foreman Proxy.
2022-12-14 09:24:39 [NOTICE] [configure] System configuration has finished.

  There were errors detected during install.
  Please address the errors and re-run the installer to ensure the system is properly configured.
  Failing to do so is likely to result in broken functionality.

When checked logs, found similar messages -

smart-proxy[288706]: Errors detected on startup, see log for details. Exiting: No such file or directory @ rb_sysopen - /etc/puppetlabs/puppet/ssl/private_keys/foreman.ex.org.pem

I placed private key and certificate under mentioned directory & restarted foreman-proxy service which then worked for me.

Later to check health, following commands were issued -

[root@foreman]# foreman-maintain health check
Running ForemanMaintain::Scenario::FilteredScenario
================================================================================
Check number of fact names in database:                               [OK]
--------------------------------------------------------------------------------
Check whether all services are running:                               [OK]
--------------------------------------------------------------------------------
Check whether all services are running using the ping call:           [FAIL]
Some components are failing: pulp, pulp_auth
--------------------------------------------------------------------------------
Continue with step [Restart applicable services]?, [y(yes), n(no)] y
Restart applicable services:                                                    

Stopping the following service(s):
redis, postgresql, pulpcore-api, pulpcore-content, pulpcore-worker@1.service, pulpcore-worker@2.service, pulpcore-worker@3.service, pulpcore-worker@4.service, tomcat, dynflow-sidekiq@orchestrator, foreman, httpd, dynflow-sidekiq@worker-1, dynflow-sidekiq@worker-hosts-queue-1, foreman-proxy
/ stopping httpd                                                                
Warning: Stopping foreman.service, but it can still be activated by:
  foreman.socket
\ stopping pulpcore-content                                                     
Warning: Stopping pulpcore-api.service, but it can still be activated by:
  pulpcore-api.socket

Warning: Stopping pulpcore-content.service, but it can still be activated by:
  pulpcore-content.socket
- All services stopped                                                          

Starting the following service(s):
redis, postgresql, pulpcore-api, pulpcore-content, pulpcore-worker@1.service, pulpcore-worker@2.service, pulpcore-worker@3.service, pulpcore-worker@4.service, tomcat, dynflow-sidekiq@orchestrator, foreman, httpd, dynflow-sidekiq@worker-1, dynflow-sidekiq@worker-hosts-queue-1, foreman-proxy
/ All services started                                                          
\ Try 1/5: checking status of hammer ping                                       
Some components are failing: pulp, pulp_auth
\ Try 2/5: checking status of hammer ping                                       
Some components are failing: pulp, pulp_auth
| Try 3/5: checking status of hammer ping                                       
Some components are failing: pulp, pulp_auth
- Try 4/5: checking status of hammer ping                                       
Some components are failing: pulp, pulp_auth
\ Try 5/5: checking status of hammer ping                             [FAIL]    
Server response check failed!
--------------------------------------------------------------------------------
Rerunning the check after fix procedure
Check whether all services are running using the ping call:           [FAIL]
Some components are failing: pulp, pulp_auth
--------------------------------------------------------------------------------
Continue with step [Restart applicable services]?, [y(yes), n(no)] n
Check for paused tasks:                                               [OK]      
--------------------------------------------------------------------------------
Check to verify no empty CA cert requests exist:                      [SKIPPED]
/etc/puppetlabs/puppet/ssl/ca/requests directory not found
--------------------------------------------------------------------------------
Scenario [ForemanMaintain::Scenario::FilteredScenario] failed.

The following steps ended up in failing state:

  [server-ping]

Resolve the failed steps and rerun the command.
In case the failures are false positives, use
--whitelist="server-ping"


[root@foreman]# hammer ping
Warning: An error occured while loading module hammer_cli_foreman_ansible.
database:         
    Status:          ok
    Server Response: Duration: 0ms
candlepin:        
    Status:          ok
    Server Response: Duration: 36ms
candlepin_auth:   
    Status:          ok
    Server Response: Duration: 30ms
candlepin_events: 
    Status:          ok
    message:         0 Processed, 0 Failed
    Server Response: Duration: 0ms
katello_events:   
    Status:          ok
    message:         0 Processed, 0 Failed
    Server Response: Duration: 0ms
foreman_tasks:    
    Status:          ok
    Server Response: Duration: 3ms

2 more service(s) failed, but not shown:
pulp, pulp_auth

Could you please guide if anything is to be checked/altered?

Regards,
swapie

#10

Is the foreman-installer command you have posted in post 3

The only command you have tried since the initial installation? You did you run something else in betwee, too? It looks to me as if you have enabled the puppet plugin at some point.

Can you check the current answers file /etc/foreman-installer/scenarios.d/katello-answers.yaml. Check for a value set to the path in the error /etc/puppetlabs/puppet/ssl/private_keys/foreman.ex.org.pem. Also check where you can find puppet/ssl in other values.

#11

Greetings!

Yes… That was the only command I had run. But past couple of hours, I have been trying to modify SSL path to the custom certificate and looks like I am completely lost.
The latest installer gave me this error -

[root@fman]# foreman-installer --enable-foreman-proxy --enable-foreman-proxy-content
2022-12-14 12:11:38 [NOTICE] [root] Loading installer configuration. This will take some time.
2022-12-14 12:11:43 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2022-12-14 12:11:43 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2022-12-14 12:11:56 [NOTICE] [configure] Starting system configuration.
2022-12-14 12:12:11 [NOTICE] [configure] 250 configuration steps out of 1408 steps complete.
2022-12-14 12:12:16 [NOTICE] [configure] 500 configuration steps out of 1410 steps complete.
2022-12-14 12:12:20 [NOTICE] [configure] 750 configuration steps out of 1415 steps complete.
2022-12-14 12:12:22 [NOTICE] [configure] 1000 configuration steps out of 1419 steps complete.
2022-12-14 12:14:07 [NOTICE] [configure] 1250 configuration steps out of 1419 steps complete.
2022-12-14 12:15:41 [ERROR ] [configure] Error making POST request to Foreman at https://foreman.ex.org/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::Forbidden]: 403 Forbidden) for proxy https://foreman.ex.org:8443/v2/features Please check the proxy is configured and running on the host.
2022-12-14 12:15:41 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.ex.org]/ensure: change from 'absent' to 'present' failed: Error making POST request to Foreman at https://foreman.ex.org/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::Forbidden]: 403 Forbidden) for proxy https://foreman.ex.org:8443/v2/features Please check the proxy is configured and running on the host.
2022-12-14 12:15:44 [NOTICE] [configure] System configuration has finished.

  There were errors detected during install.
  Please address the errors and re-run the installer to ensure the system is properly configured.
  Failing to do so is likely to result in broken functionality.

  The full log is at /var/log/foreman-installer/katello.log

Currently foreman-proxy is running and proxy logs has -

2022-12-14T11:19:00  [I] WEBrick::HTTPServer#start: pid=298173 port=8443
2022-12-14T11:19:00  [I] Smart proxy has launched on 1 socket(s), waiting for requests
2022-12-14T11:19:01  [E] <OpenSSL::SSL::SSLError> SSL_accept returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
	/usr/share/ruby/webrick/server.rb:299:in `accept'
	/usr/share/ruby/webrick/server.rb:299:in `block (2 levels) in start_thread'
	/usr/share/ruby/webrick/utils.rb:263:in `timeout'
	/usr/share/ruby/webrick/server.rb:297:in `block in start_thread'
	/usr/share/gems/gems/logging-2.3.1/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
2022-12-14T11:19:01  [E] <OpenSSL::SSL::SSLError> SSL_accept returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
	/usr/share/ruby/webrick/server.rb:299:in `accept'
	/usr/share/ruby/webrick/server.rb:299:in `block (2 levels) in start_thread'
	/usr/share/ruby/webrick/utils.rb:263:in `timeout'
	/usr/share/ruby/webrick/server.rb:297:in `block in start_thread'
	/usr/share/gems/gems/logging-2.3.1/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
2022-12-14T11:45:48  [E] <OpenSSL::SSL::SSLError> SSL_accept returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
	/usr/share/ruby/webrick/server.rb:299:in `accept'
	/usr/share/ruby/webrick/server.rb:299:in `block (2 levels) in start_thread'
	/usr/share/ruby/webrick/utils.rb:263:in `timeout'
	/usr/share/ruby/webrick/server.rb:297:in `block in start_thread'
	/usr/share/gems/gems/logging-2.3.1/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
2022-12-14T11:45:48  [E] <OpenSSL::SSL::SSLError> SSL_accept returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
	/usr/share/ruby/webrick/server.rb:299:in `accept'
	/usr/share/ruby/webrick/server.rb:299:in `block (2 levels) in start_thread'
	/usr/share/ruby/webrick/utils.rb:263:in `timeout'
	/usr/share/ruby/webrick/server.rb:297:in `block in start_thread'
	/usr/share/gems/gems/logging-2.3.1/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
2022-12-14T12:15:41 6eb16e20 [I] Started GET /v2/features 
2022-12-14T12:15:41 6eb16e20 [E] Untrusted client *.ex.org attempted to access /features. Check :trusted_hosts: in settings.yml
2022-12-14T12:15:41 6eb16e20 [W] Error details for Untrusted client *.ex.org attempted to access /features. Check :trusted_hosts: in settings.yml: <Exception>: Untrusted client *.ex.org attempted to access /features. Check :trusted_hosts: in settings.yml
2022-12-14T12:15:41 6eb16e20 [W] Untrusted client *.ex.org attempted to access /features. Check :trusted_hosts: in settings.yml: <Exception>: Untrusted client *.ex.org attempted to access /features. Check :trusted_hosts: in settings.yml
2022-12-14T12:15:41 6eb16e20 [I] Finished GET /v2/features with 403 (7.34 ms)
2022-12-14T12:18:31 82213dec [I] Started GET /v2/features 
2022-12-14T12:18:31 82213dec [E] could not read client cert from environment
2022-12-14T12:18:31 82213dec [W] Error details for could not read client cert from environment: <Exception>: could not read client cert from environment
2022-12-14T12:18:31 82213dec [W] could not read client cert from environment: <Exception>: could not read client cert from environment
2022-12-14T12:18:31 82213dec [I] Finished GET /v2/features with 403 (1.64 ms)
2022-12-14T12:18:39 d93c4955 [I] Started GET / 
2022-12-14T12:18:39 d93c4955 [I] Finished GET / with 404 (0.85 ms)
2022-12-14T12:26:05 35cb6984 [I] Started GET /features 
2022-12-14T12:26:05 35cb6984 [I] Finished GET /features with 200 (0.83 ms)
2022-12-14T12:27:16  [I] going to shutdown ...
2022-12-14T12:27:16  [I] WEBrick::HTTPServer#start done.
2022-12-14T12:29:03  [I] Successfully initialized 'pulpcore'
2022-12-14T12:29:03  [I] Successfully initialized 'foreman_proxy'
2022-12-14T12:29:03  [I] Successfully initialized 'puppetca_http_api'
2022-12-14T12:29:03  [I] Successfully initialized 'puppetca_hostname_whitelisting'
2022-12-14T12:29:03  [I] Successfully initialized 'puppetca'
2022-12-14T12:29:03  [I] Successfully initialized 'puppet_proxy_puppet_api'
2022-12-14T12:29:03  [I] Successfully initialized 'puppet'
2022-12-14T12:29:03  [I] Successfully initialized 'logs'
2022-12-14T12:29:03  [I] WEBrick 1.6.1
2022-12-14T12:29:03  [I] ruby 2.7.6 (2022-04-12) [x86_64-linux]
2022-12-14T12:29:03  [I] 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:

Netstat command shows 8443 is listening -

[root@foreman]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      304587/redis-server 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      952/sshd            
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      304604/postmaster   
tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      305119/ruby         
tcp6       0      0 127.0.0.1:61613         :::*                    LISTEN      304642/java         
tcp6       0      0 :::80                   :::*                    LISTEN      304670/httpd        
tcp6       0      0 127.0.0.1:23443         :::*                    LISTEN      304642/java         
tcp6       0      0 :::22                   :::*                    LISTEN      952/sshd            
tcp6       0      0 ::1:5432                :::*                    LISTEN      304604/postmaster   
tcp6       0      0 :::8443                 :::*                    LISTEN      305119/ruby         
tcp6       0      0 :::443                  :::*                    LISTEN      304670/httpd        
tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN      304642/java
#12

That’s odd. The error suggests otherwise. But it’s impossible to tell if you don’t look into the answers file…

Without posting what you did exactly, it’s impossible to tell. You never posted the commands you have used to change the path…

#13

I modified answer file as follows. Added ### CHANGED ### wherever I have altered the path.

[root@foreman ~]# cat /etc/foreman-installer/scenarios.d/katello-answers.yaml
# Format:
# <classname>: false - don't include this class
# <classname>: true - include and use the defaults
# <classname>:
#   <param>: <value> - include and override the default(s)
#
# See params.pp in each class for what options are available

---
certs:
  node_fqdn: foreman.ex.org
  cname: []
  generate: true
  regenerate: false
  deploy: true
  ca_common_name: foreman.ex.org
  country: US
  state: North Carolina
  city: Raleigh
  org: Katello
  org_unit: SomeOrgUnit
  expiration: '7300'
  ca_expiration: '36500'
  server_cert: "/root/foreman-cert/wildcard_ex_org.crt" ### CHANGED ###
  server_key: "/root/foreman-cert/ex_org.key" ### CHANGED ###
  server_cert_req: 
  server_ca_cert: "/root/foreman-cert/bundle_globalsign.crt" ### CHANGED ###
  pki_dir: "/etc/pki/katello"
  ssl_build_dir: "/root/ssl-build"
  user: root
  group: foreman
  default_ca_name: katello-default-ca
  server_ca_name: katello-server-ca
  tar_file: 
foreman:
  foreman_url: https://foreman.ex.org
  unattended: true
  unattended_url: 
  apache: true
  servername: foreman.ex.org
  serveraliases:
  - foreman
  ssl: true
  version: present
  plugin_version: present
  db_manage: true
  db_host: 
  db_port: 
  db_database: foreman
  db_username: foreman
  db_password: xxxxx
  db_sslmode: 
  db_root_cert: 
  db_pool: 5
  db_manage_rake: true
  server_port: 80
  server_ssl_port: 443
  server_ssl_ca: "/etc/pki/katello/certs/katello-default-ca.crt"
  server_ssl_chain: "/etc/pki/katello/certs/katello-server-ca.crt"
  server_ssl_cert: "/etc/pki/katello/certs/katello-apache.crt"
  server_ssl_key: "/etc/pki/katello/private/katello-apache.key"
  server_ssl_crl: ''
  server_ssl_protocol: 
  server_ssl_verify_client: optional
  client_ssl_ca: "/etc/foreman/bundle_globalsign_ex_org.crt" ### CHANGED ###
  client_ssl_cert: "/etc/foreman/wildcard_ex_org.crt" ### CHANGED ###
  client_ssl_key: "/etc/foreman/ex_org.key" ### CHANGED ###
  oauth_active: true
  oauth_map_users: false
  oauth_consumer_key: y8VaUAuXTsxd5E2jGHvrhsCkbEaPioUY
  oauth_consumer_secret: rwgzSQHJx3CSEe2wHsN7Hrpgj4RowGWo
  oauth_effective_user: admin
  initial_admin_username: admin
  initial_admin_password: xxxxx
  initial_admin_first_name: 
  initial_admin_last_name: 
  initial_admin_email: 
  initial_admin_locale: 
  initial_admin_timezone: 
  initial_organization: My Organization
  initial_location: Default Location
  ipa_authentication: false
  http_keytab: 
  pam_service: foreman
  ipa_manage_sssd: true
  websockets_encrypt: true
  websockets_ssl_key: 
  websockets_ssl_cert: 
  logging_level: info
  logging_type: file
  logging_layout: multiline_request_pattern
  loggers: {}
  email_delivery_method: 
  email_sendmail_location: 
  email_sendmail_arguments: 
  email_smtp_address: 
  email_smtp_port: 25
  email_smtp_domain: 
  email_smtp_authentication: none
  email_smtp_user_name: 
  email_smtp_password: 
  email_reply_address: 
  email_subject_prefix: 
  telemetry_prefix: fm_rails
  telemetry_prometheus_enabled: false
  telemetry_statsd_enabled: false
  telemetry_statsd_host: 127.0.0.1:8125
  telemetry_statsd_protocol: statsd
  telemetry_logger_enabled: false
  telemetry_logger_level: DEBUG
  dynflow_manage_services: true
  dynflow_orchestrator_ensure: present
  dynflow_worker_instances: 1
  dynflow_worker_concurrency: 5
  dynflow_redis_url: 
  hsts_enabled: true
  cors_domains: []
  trusted_proxies: []
  foreman_service_puma_threads_min: 
  foreman_service_puma_threads_max: 5
  foreman_service_puma_workers: 
  rails_cache_store:
    type: file
  keycloak: false
  keycloak_app_name: foreman-openidc
  keycloak_realm: ssl-realm
  register_in_foreman: true
foreman::cli:
  foreman_url: 
  version: installed
  manage_root_config: true
  username: 
  password: 
  use_sessions: false
  refresh_cache: false
  request_timeout: 120
  ssl_ca_file: 
foreman::cli::ansible: {}
foreman::cli::azure: false
foreman::cli::discovery: false
foreman::cli::katello: {}
foreman::cli::kubevirt: false
foreman::cli::openscap: {}
foreman::cli::puppet: false
foreman::cli::remote_execution: {}
foreman::cli::tasks: false
foreman::cli::templates: false
foreman::cli::virt_who_configure: false
foreman::cli::webhooks: false
foreman::compute::ec2: false
foreman::compute::gce: false
foreman::compute::libvirt: false
foreman::compute::openstack: false
foreman::compute::ovirt: false
foreman::compute::vmware: false
foreman::plugin::acd: false
foreman::plugin::ansible: false
foreman::plugin::azure: false
foreman::plugin::bootdisk: false
foreman::plugin::chef: false
foreman::plugin::column_view: false
foreman::plugin::default_hostgroup: false
foreman::plugin::dhcp_browser: false
foreman::plugin::discovery: false
foreman::plugin::dlm: false
foreman::plugin::expire_hosts: false
foreman::plugin::git_templates: false
foreman::plugin::hooks: false
foreman::plugin::kubevirt: false
foreman::plugin::leapp: false
foreman::plugin::memcache: false
foreman::plugin::monitoring: false
foreman::plugin::netbox: false
foreman::plugin::openscap: {}
foreman::plugin::puppet: false
foreman::plugin::puppetdb: false
foreman::plugin::remote_execution: {}
foreman::plugin::remote_execution::cockpit: false
foreman::plugin::rescue: false
foreman::plugin::rh_cloud: false
foreman::plugin::salt: false
foreman::plugin::scc_manager: false
foreman::plugin::setup: false
foreman::plugin::snapshot_management: false
foreman::plugin::statistics: {}
foreman::plugin::tasks:
  automatic_cleanup: false
  cron_line: 45 19 * * *
  backup: false
foreman::plugin::templates: false
foreman::plugin::vault: false
foreman::plugin::virt_who_configure: false
foreman::plugin::webhooks: false
foreman::plugin::wreckingball: false
foreman_proxy:
  version: present
  ensure_packages_version: installed
  bind_host:
  - "*"
  http_port: 8000
  ssl_port: 8443
  groups: []
  log: "/var/log/foreman-proxy/proxy.log"
  log_level: INFO
  log_buffer: 2000
  log_buffer_errors: 1000
  http: false
  ssl: true
  ssl_ca: "/etc/puppetlabs/puppet/foreman-cert/bundle_globalsign.crt" ### CHANGED ###
  ssl_cert: "/etc/puppetlabs/puppet/foreman-cert/wildcard_ex_org.crt" ### CHANGED ###
  ssl_key: "/etc/puppetlabs/puppet/foreman-cert/ex_org.key" ### CHANGED ###
  foreman_ssl_ca: 
  foreman_ssl_cert: 
  foreman_ssl_key: 
  trusted_hosts:
  - foreman.ex.org
  ssl_disabled_ciphers: []
  tls_disabled_versions: []
  puppetca: true
  puppetca_listen_on: https
  ssldir: "/etc/puppetlabs/puppet/ssl"
  puppetdir: "/etc/puppetlabs/puppet"
  puppet_group: puppet
  puppetca_provider: puppetca_hostname_whitelisting
  autosignfile: "/etc/puppetlabs/puppet/autosign.conf"
  puppetca_sign_all: false
  puppetca_tokens_file: "/var/lib/foreman-proxy/tokens.yml"
  puppetca_token_ttl: 360
  puppetca_certificate: 
  manage_puppet_group: true
  puppet: true
  puppet_listen_on: https
  puppet_url: https://foreman.ex.org:8140
  puppet_ssl_ca: "/etc/puppetlabs/puppet/foreman-cert/bundle_globalsign.crt" ### CHANGED ###
  puppet_ssl_cert: "/etc/puppetlabs/puppet/foreman-cert/wildcard_ex_org.crt" ### CHANGED ###
  puppet_ssl_key: "/etc/puppetlabs/puppet/foreman-cert/ex_org.key" ### CHANGED ###
  puppet_api_timeout: 30
  templates: false
  templates_listen_on: both
  template_url: http://foreman.ex.org:8000
  registration: false
  registration_listen_on: https
  logs: true
  logs_listen_on: https
  httpboot: false
  httpboot_listen_on: both
  tftp: false
  tftp_listen_on: https
  tftp_managed: true
  tftp_manage_wget: true
  tftp_root: "/var/lib/tftpboot"
  tftp_dirs: 
  tftp_servername: 
  tftp_replace_grub2_cfg: false
  dhcp: false
  dhcp_listen_on: https
  dhcp_managed: true
  dhcp_provider: isc
  dhcp_subnets: []
  dhcp_ping_free_ip: true
  dhcp_option_domain:
  - ex.org
  dhcp_search_domains: 
  dhcp_interface: ens3
  dhcp_additional_interfaces: []
  dhcp_gateway: 
  dhcp_range: 
  dhcp_pxeserver: 
  dhcp_pxefilename: pxelinux.0
  dhcp_ipxefilename: 
  dhcp_ipxe_bootstrap: false
  dhcp_network: 
  dhcp_netmask: 
  dhcp_nameservers: default
  dhcp_server: 127.0.0.1
  dhcp_config: "/etc/dhcp/dhcpd.conf"
  dhcp_leases: "/var/lib/dhcpd/dhcpd.leases"
  dhcp_key_name: 
  dhcp_key_secret: 
  dhcp_omapi_port: 7911
  dhcp_peer_address: 
  dhcp_node_type: standalone
  dhcp_failover_address: <local IP>
  dhcp_failover_port: 519
  dhcp_max_response_delay: 30
  dhcp_max_unacked_updates: 10
  dhcp_mclt: 300
  dhcp_load_split: 255
  dhcp_load_balance: 3
  dhcp_manage_acls: true
  dns: false
  dns_listen_on: https
  dns_managed: true
  dns_provider: nsupdate
  dns_interface: ens3
  dns_zone: ex.org
  dns_reverse: 
  dns_server: 127.0.0.1
  dns_ttl: 86400
  dns_tsig_keytab: "/etc/foreman-proxy/dns.keytab"
  dns_tsig_principal: foremanproxy/foreman.ex.org@EX.ORG
  dns_forwarders: []
  libvirt_network: default
  libvirt_connection: qemu:///system
  bmc: false
  bmc_listen_on: https
  bmc_default_provider: ipmitool
  bmc_redfish_verify_ssl: true
  bmc_ssh_user: root
  bmc_ssh_key: "/usr/share/foreman/.ssh/id_rsa"
  bmc_ssh_powerstatus: 'true'
  bmc_ssh_powercycle: shutdown -r +1
  bmc_ssh_poweroff: shutdown +1
  bmc_ssh_poweron: 'false'
  realm: false
  realm_listen_on: https
  realm_provider: freeipa
  realm_keytab: "/etc/foreman-proxy/freeipa.keytab"
  realm_principal: realm-proxy@EX.ORG
  freeipa_config: "/etc/ipa/default.conf"
  freeipa_remove_dns: true
  keyfile: "/etc/rndc.key"
  register_in_foreman: true
  foreman_base_url: https://foreman.ex.org
  registered_name: foreman.ex.org
  registered_proxy_url: 
  oauth_effective_user: admin
  oauth_consumer_key: xxxxx
  oauth_consumer_secret: xxxxx
foreman_proxy_content:
  pulpcore_mirror: false
  puppet: false
  reverse_proxy: false
  reverse_proxy_port: 8443
  qpid_router_hub_addr: 
  qpid_router_hub_port: 5646
  qpid_router_agent_addr: 
  qpid_router_agent_port: 5647
  qpid_router_broker_addr: localhost
  qpid_router_broker_port: 5671
  qpid_router_logging_level: info+
  qpid_router_logging: syslog
  qpid_router_logging_path: "/var/log/qdrouterd"
  qpid_router_ssl_ciphers: ALL:!aNULL:+HIGH:-SSLv3:!IDEA-CBC-SHA
  qpid_router_ssl_protocols: 
  enable_yum: true
  enable_file: true
  enable_docker: true
  enable_deb: true
  enable_ansible: true
  enable_python: true
  enable_ostree: false
  enable_katello_agent: false
  pulpcore_manage_postgresql: true
  pulpcore_postgresql_host: localhost
  pulpcore_postgresql_port: 5432
  pulpcore_allowed_content_checksums:
  - sha1
  - sha224
  - sha256
  - sha384
  - sha512
  pulpcore_postgresql_user: pulp
  pulpcore_postgresql_password: u7Kp8PVGw5TfysDidzrV5XyB5dZzwu8J
  pulpcore_postgresql_db_name: pulpcore
  pulpcore_postgresql_ssl: false
  pulpcore_postgresql_ssl_require: true
  pulpcore_postgresql_ssl_cert: "/etc/pki/katello/certs/pulpcore-database.crt"
  pulpcore_postgresql_ssl_key: "/etc/pki/katello/private/pulpcore-database.key"
  pulpcore_postgresql_ssl_root_ca: "/etc/pki/tls/certs/ca-bundle.crt"
  pulpcore_worker_count: 4
  pulpcore_django_secret_key: 
  pulpcore_content_service_worker_timeout: 90
  pulpcore_api_service_worker_timeout: 90
  pulpcore_cache_enabled: true
  pulpcore_cache_expires_ttl: 
  pulpcore_additional_import_paths: []
  pulpcore_additional_export_paths: []
foreman_proxy::plugin::acd: false
foreman_proxy::plugin::ansible: false
foreman_proxy::plugin::chef: false
foreman_proxy::plugin::dhcp::infoblox: false
foreman_proxy::plugin::dhcp::remote_isc: false
foreman_proxy::plugin::discovery: false
foreman_proxy::plugin::dns::infoblox: false
foreman_proxy::plugin::monitoring: false
foreman_proxy::plugin::openscap: false
foreman_proxy::plugin::remote_execution::script: false
foreman_proxy::plugin::salt: false
foreman_proxy::plugin::shellhooks: false
katello:
  candlepin_oauth_key: 
  candlepin_oauth_secret: 
  rest_client_timeout: 3600
  qpid_wcache_page_size: 4
  qpid_interface: lo
  qpid_hostname: localhost
  candlepin_db_host: localhost
  candlepin_db_port: 
  candlepin_db_name: candlepin
  candlepin_db_user: candlepin
  candlepin_db_password: 
  candlepin_db_ssl: false
  candlepin_db_ssl_verify: true
  candlepin_db_ssl_ca: 
  candlepin_manage_db: true
  hosts_queue_workers: 1
puppet: false
#14

You really shouldn’t modify the answers file but only use foreman-installer. And you cannot simply replace the client certs with something else. You’ll just keep breaking more and more. You not sticking with the docs.

Maybe some of the devs can help to fix this and get this working. But otherwise, I would suggest you start all over on a new server and this time just stick to the docs. The docs work (most of the time :wink:). Don’t deviate from the docs unless you have asked before. Don’t change internals unless told to.

#15

Apologies!!! :cry:

Actually I was looking out for a installation without puppet; as it does almost everything without knowing what’s going on in the background.
You may not believe but was referring to the document in the beginning but somehow I could not find options/ways to modify the settings.
The document talks about using custom certs for GUI console but since last two days, I came to know that there are server_cert: server_ssl_cert: client_ssl_cert: ssl_cert: puppet_ssl_cert which can also be customized.

Question : Should I be really bothered about all these certs or only server_ssl_cert is important?

As you suggest, better I start from a scratch. Hopefully this time it will work as expected.
Thank you very much for your help!

#16

For any setting in the answers file, there is an option to foreman-installer. Check the help for foreman-installer.

Again: don’t change anything unless you are told to or you really know what you are doing. There are a lot of settings available but general advice: don’t touch them.

In regard to the certificates: there are many certificates in play and most of them are internally only, signed by the foreman server itself, to secure the communication between the foreman server, proxies and clients. I would highly recommend not to touch that and just let foreman do its job.

Usually, you’ll only want to change the foreman frontend certificate so that people can connect to the web gui without certificate warnings. That’s why that part is so well documented. And that’s why there is katello-certs-check to make sure that it’s correct.

It’s a very bad idea to deviate from the docs and to change settings you don’t know…

#17

I will open a new thread for installation from a scratch.
Thank you for your assistance! :slight_smile:

#18

On a sidenote I would also suggest to start with the simple katello installation like in the docs and not enable additional plugins right from the start. Quality and maintenance of plugins various and sometimes they are behind in development. Thus, they add additional complexity and potential pitfalls for your installation.

I would recommend to start with the normal katello installation. Later, if it works you can add plugins one by one. Make backups/snapshot before each new addition so that you can go back if you need to…