Yum Repolist error for Katello Proxy

Support
,
1

Problem: I have 1 Katello Primary server and 1 Katello Proxy server.
I had successfully installed both Primary and Katello Proxy Server.
After the Installation i configured RHEL/CentOS Repositories repo in Primary server, and the Repos are successfully synced.
I can able to register clients to Primary katello server and get the “yum Updates”.
But, If i register the client with Katello Proxy server, registration is successful. But, yum repolist are not working.

The URL seems not re-directing to the proxy server. What did i do wrong ? Any help please ?

Expected outcome: both Primary and Proxy Katello server registration needs to be successful and yum update should work.

Foreman and Proxy versions: Katello 3.12 proxy 3.12

Foreman and Proxy plugin versions:

Other relevant data:
[e.g. logs from Foreman and/or the Proxy, modified templates, commands issued, etc]
(for logs, surround with three back-ticks to get proper formatting, e.g.)

cat /var/log/foreman-proxy/proxy.log
2019-08-16T04:34:49  [I] Successfully initialized 'pulpnode'
2019-08-16T04:34:49  [I] Successfully initialized 'dynflow'
2019-08-16T04:34:49  [I] Successfully initialized 'ansible'
2019-08-16T04:34:49  [I] Successfully initialized 'discovery'
2019-08-16T04:34:49  [I] Successfully initialized 'openscap'
2019-08-16T04:34:49  [I] Successfully initialized 'ssh'
2019-08-16T04:34:49  [I] Successfully initialized 'foreman_proxy'
2019-08-16T04:34:49  [I] Successfully initialized 'templates'
2019-08-16T04:34:49  [I] Successfully initialized 'tftp'
2019-08-16T04:34:49  [I] Successfully initialized 'puppetca_http_api'
2019-08-16T04:34:49  [I] Successfully initialized 'puppetca_hostname_whitelisting'
2019-08-16T04:34:49  [I] Successfully initialized 'puppetca'
2019-08-16T04:34:49  [I] Started puppet class cache initialization
2019-08-16T04:34:49  [I] Successfully initialized 'puppet_proxy_puppet_api'
2019-08-16T04:34:49  [I] Successfully initialized 'puppet'
2019-08-16T04:34:49  [I] Successfully initialized 'logs'
2019-08-16T04:34:49  [I] Successfully initialized 'httpboot'
2019-08-16T04:34:49  [I] WEBrick 1.3.1
2019-08-16T04:34:49  [I] ruby 2.0.0 (2015-12-16) [x86_64-linux]
2019-08-16T04:34:49  [I]
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            f6:50:40:38:c8:fc:7f:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=North Carolina, L=Raleigh, O=Katello, OU=SomeOrgUnit, CN=sesklsw01.astrazeneca.net
        Validity
            Not Before: Aug  8 17:17:06 2019 GMT
            Not After : Jan 17 17:17:06 2038 GMT
        Subject: C=US, ST=North Carolina, O=FOREMAN, OU=SMART_PROXY, CN=uspllsw01.astrazeneca.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c8:00:24:c1:f9:86:51:55:fb:9d:5d:82:5e:10:
                    d2:e5:cf:48:81:db:3b:4c:d9:1d:2a:38:7a:15:9b:
                    26:53:aa:b7:cc:b8:ad:5e:92:7d:25:3f:9e:c9:4d:
                    7d:f5:e8:31:54:ac:4c:02:e4:a3:c0:5b:4e:c9:50:
                    cc:5b:e9:61:5c:e6:c3:bb:1f:49:85:7e:cf:02:c4:
                    47:99:1f:d3:9f:f8:06:6c:48:4a:3b:fb:c8:12:47:
                    8e:60:1f:8d:5e:fb:49:92:89:dc:ce:4f:13:84:e7:
                    59:2b:44:3a:a9:c7:0d:21:80:08:0b:24:d0:fb:3c:
                    dd:33:5c:71:5f:bd:1c:43:62:9d:18:54:fb:c1:65:
                    a2:19:e1:f2:eb:6a:45:92:aa:73:6d:7a:70:ff:35:
                    b2:01:8e:45:85:51:78:4e:b0:63:13:08:ac:5e:c9:
                    40:35:23:96:95:80:bb:d8:ee:3c:69:7a:d8:df:34:
                    d5:1b:30:d4:8d:aa:e1:8b:12:1d:2f:59:1e:13:27:
                    89:15:82:d4:e5:23:d8:9e:00:56:a6:ef:06:a6:af:
                    6b:72:30:e2:2e:45:d3:83:25:bb:b7:01:e1:e2:0a:
                    a6:ca:7c:dd:86:8c:22:55:e5:d7:06:5e:4e:83:de:
                    c1:4a:b7:c5:80:9f:a3:e4:cd:a8:3a:47:e3:c9:21:
                    cb:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            Netscape Cert Type:
                SSL Server
            Netscape Comment:
                Katello SSL Tool Generated Certificate
            X509v3 Subject Key Identifier:
                02:3C:DB:D8:D1:71:7D:69:99:12:7A:D4:0F:04:FF:C9:7B:75:1B:1D
            X509v3 Authority Key Identifier:
                keyid:FB:88:7D:6F:D7:B0:13:44:A3:15:8C:A1:F4:89:EC:33:8A:4B:3D:F7
                DirName:/C=US/ST=North Carolina/L=Raleigh/O=Katello/OU=SomeOrgUnit/CN=sesklsw01.astrazeneca.net
                serial:F6:50:40:38:C8:FC:7F:79

            X509v3 Subject Alternative Name:
                DNS:uspllsw01.astrazeneca.net, DNS:[]
    Signature Algorithm: sha256WithRSAEncryption
         24:e8:19:05:8b:4e:1f:57:3c:5d:9b:36:91:9b:13:41:eb:34:
         e2:a2:9e:79:f7:a9:a7:8b:e9:7f:e9:8b:58:f2:70:0a:5d:07:
         26:c4:63:3e:61:83:52:a2:bb:45:c5:29:8f:3c:28:37:6f:b4:
         2c:5b:57:ed:4e:27:4e:6e:2d:04:b0:93:27:72:94:f9:10:84:
         62:36:d4:9b:c3:49:90:3b:1c:d0:4c:dd:f1:93:ca:05:3c:60:
         33:27:cb:ce:4d:14:9a:24:a8:db:ed:03:85:89:51:86:1b:e4:
         37:6d:94:a5:27:17:fb:6f:85:3c:30:d4:1f:b0:ad:98:35:af:
         71:7b:73:24:d8:22:ef:39:34:4f:9e:b8:92:cc:5d:fe:cd:0e:
         61:dc:41:fc:a6:eb:9f:21:cd:f9:d7:4a:92:c3:1c:4e:d9:f4:
         0e:fc:fb:db:6c:51:9a:4e:8c:92:da:a3:bd:a4:52:8d:53:50:
         56:03:ed:b3:2f:d1:d3:45:ec:01:27:6a:b5:1f:bf:68:71:d7:
         5c:16:c1:d8:9b:f6:fc:66:46:ce:5e:e0:9b:1c:7a:16:5b:ec:
         ab:71:20:46:fc:12:7e:25:29:66:f1:83:c5:db:a9:44:b0:60:
         7a:dd:42:c9:04:f8:7f:1d:86:37:61:68:f1:69:e2:08:51:b1:
         a4:98:7b:4d

2019-08-16T04:34:49  [I] WEBrick::HTTPServer#start: pid=17981 port=9090
2019-08-16T04:34:49  [I] Smart proxy has launched on 2 socket(s), waiting for requests
2019-08-16T04:34:50  [I] Finished puppet class cache initialization
2019-08-16T04:34:51 b31b4e2b [I] Started GET /features
2019-08-16T04:34:51 b31b4e2b [I] Finished GET /features with 200 (4.88 ms)
2019-08-16T04:34:52 b31b4e2b [I] Started GET /pubkey
2019-08-16T04:34:52 b31b4e2b [I] Finished GET /pubkey with 200 (0.44 ms)
2019-08-16T04:34:52 b31b4e2b [I] Started GET /features
2019-08-16T04:34:52 b31b4e2b [I] Finished GET /features with 200 (1.12 ms)
2019-08-16T04:34:54 e1fd6fdc [I] Started GET /features
2019-08-16T04:34:54 e1fd6fdc [I] Finished GET /features with 200 (0.98 ms)
2019-08-16T04:34:54 e1fd6fdc [I] Started GET /status/puppet
2019-08-16T04:34:54 e1fd6fdc [I] Finished GET /status/puppet with 200 (0.58 ms)
2019-08-16T04:34:55 e1fd6fdc [I] Started GET /features
2019-08-16T04:34:55 e1fd6fdc [I] Finished GET /features with 200 (1.0 ms)
2019-08-16T04:34:56 e1fd6fdc [I] Started GET /pubkey
2019-08-16T04:34:56 e1fd6fdc [I] Finished GET /pubkey with 200 (0.38 ms)
2019-08-16T04:34:56 e1fd6fdc [I] Started GET /features
2019-08-16T04:34:56 e1fd6fdc [I] Finished GET /features with 200 (1.32 ms)
2019-08-16T04:34:57 e1fd6fdc [I] Started GET /features
2019-08-16T04:34:57 e1fd6fdc [I] Finished GET /features with 200 (1.03 ms)
2019-08-16T04:35:46  [E] OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: sslv3 alert certificate unknown
        /usr/share/ruby/openssl/ssl.rb:280:in `accept'
2019-08-16T04:35:46  [E] OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: sslv3 alert certificate unknown
        /usr/share/ruby/openssl/ssl.rb:280:in `accept'
2019-08-16T04:35:47  [E] OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: sslv3 alert certificate unknown
        /usr/share/ruby/openssl/ssl.rb:280:in `accept'
2019-08-16T04:35:51  [E] OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: sslv3 alert certificate unknown
        /usr/share/ruby/openssl/ssl.rb:280:in `accept'
2019-08-16T04:35:52  [E] OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: sslv3 alert certificate unknown
        /usr/share/ruby/openssl/ssl.rb:280:in `accept'
2019-08-16T04:35:53  [E] OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: sslv3 alert certificate unknown
        /usr/share/ruby/openssl/ssl.rb:280:in `accept'
2019-08-16T04:35:54  [E] OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client certificate A
        /usr/share/ruby/openssl/ssl.rb:280:in `accept'
2019-08-16T04:36:03  [E] OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client certificate A
        /usr/share/ruby/openssl/ssl.rb:280:in `accept'
2019-08-16T04:36:04  [E] OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=error: certificate verify failed
        /usr/share/ruby/openssl/ssl.rb:280:in `accept'
2019-08-16T04:36:04  [E] OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=error: certificate verify failed
        /usr/share/ruby/openssl/ssl.rb:280:in `accept'
2019-08-16T16:11:51 c7531b0c [I] Started GET /status/disk_usage
2019-08-16T16:11:51 c7531b0c [W] File at /var/lib/pulp/content defined in pulp_content_dir parameter doesn't exist or is unreadable
2019-08-16T16:11:51 c7531b0c [I] Finished GET /status/disk_usage with 200 (6.89 ms)
2019-08-17T04:12:00 d90f6d94 [I] Started GET /status/disk_usage
2019-08-17T04:12:00 d90f6d94 [W] File at /var/lib/pulp/content defined in pulp_content_dir parameter doesn't exist or is unreadable
2019-08-17T04:12:00 d90f6d94 [I] Finished GET /status/disk_usage with 200 (6.62 ms)
2

Commands i used to Install Katello and Katello Proxy.

Foreman + Katello - Primary Server :

foreman-installer --scenario katello --foreman-initial-admin-password=xxxxxxxxx
–foreman-initial-organization xxxxxxxxxxxxxxxxx
–foreman-initial-location Sweden
–katello-proxy-url http://xxxxxxxxxxxxxxxxxxx
–katello-proxy-port 9480
–enable-foreman-cli-ansible
–enable-foreman-plugin-snapshot-management
–enable-foreman-plugin-templates
–enable-foreman-plugin-ansible
–enable-foreman-plugin-discovery
–enable-foreman-plugin-hooks
–enable-foreman-plugin-bootdisk
–enable-foreman-plugin-default-hostgroup
–enable-foreman-plugin-setup
–enable-foreman-plugin-openscap
–enable-foreman-plugin-remote-execution
–enable-foreman-plugin-monitoring
–enable-foreman-plugin-memcache
–enable-foreman-plugin-tasks
–enable-foreman-plugin-templates
–enable-foreman-plugin-kubevirt
–enable-foreman-plugin-salt
–enable-foreman-plugin-snapshot-management
–enable-foreman-cli
–enable-foreman-cli-tasks
–enable-foreman-cli-remote-execution
–enable-foreman-cli-virt-who-configure
–enable-foreman-cli-openscap
–enable-foreman-cli-discovery
–enable-foreman-plugin-virt-who-configure
–enable-foreman-plugin-templates
–enable-foreman-compute-openstack
–enable-foreman-compute-vmware
–enable-foreman-compute-ovirt
–enable-foreman-cli-kubevirt
–enable-foreman-compute-ec2
–enable-foreman-compute-gce
–enable-foreman-compute-libvirt

Proxy Katello Commands:

foreman-installer --scenario foreman-proxy-content
–certs-tar-file “/root/xxxxxxxxxx-certs.tar”
–foreman-proxy-content-parent-fqdn “xxxxxxxxxxxxxxxxxxxx”
–foreman-proxy-register-in-foreman “true”
–foreman-proxy-foreman-base-url “https://xxxxxxxxxxxxxxxx
–foreman-proxy-trusted-hosts “xxxxxxxxxxxxxx”
–foreman-proxy-trusted-hosts “xxxxxxxxxxxxxxx”
–foreman-proxy-oauth-consumer-key “xxxxxxxxxxxxx”
–foreman-proxy-oauth-consumer-secret “xxxxxxxxxxxxxxxx”
–puppet-server-foreman-url “https://xxxxxxxxx
–enable-foreman-proxy-plugin-remote-execution-ssh
–enable-foreman-proxy-plugin-pulp
–enable-foreman-proxy-plugin-openscap
–enable-foreman-proxy-plugin-discovery
–enable-foreman-proxy-plugin-ansible

3

Am i doing something wrong ? Im unable to get the repolist or content management via proxy server.

Ports are verified and the needed ports are open for both primary and proxy server.

4

Hi @aswath2saru

I am starting to look into this, and will report back.

5

Thanks much. if needed any log please let me know.

6

@aswath2saru

Did you create a content view with your repos or just sync them? Also if you goto Infra - Smart Proxies - and click edit on the proxy you installed, what is the lifecycle env it has selected for syncing?

7

I just synced the repo and created keys in the library content view only. i haven’t created content view.
I’m using library view only.

I see only the Primary Server detail. but not the Proxy server name.
Primary Katello server = sesklsw01
Proxy katello server = uspllsw01

8

image
image1582×571 44.7 KB

9

@aswath2saru

Can I have you click edit on the uspllsw01 smart proxy settings page and show me the lifecycle environment page?

Also is it possible to do a remote session to debug further to see if everything is configured correctly? I tried setting up a smart proxy here with a client and was able to register and pull down packages.

10

sure, we can do a remote session. let me know how to have a remote session. ?

11

I dont see the proxy server in the smart proxy page, I see only the Primary server in the page.
sure, we can do a remote session. let me know how to have a remote session. ?

12

@aswath2saru

I am working in EST timezone. I am free tomorrow at 10:30 AM to 1 PM EST or 3 PM to 5 PM EST.

Let me know what time slot works for you and I will PM you a link that you can join at that time. I do not think it will take long once I see what is going on.

13

10:30 AM to 1 PM EST works for me.
I’ll be available by that time. please share the remote session link :slight_smile:

1 Like
14

Thank you so much :slight_smile:
I’m able to use the proxy server and get the yum repolist.

1 Like
15

Happy we got it working for you :slight_smile:

16

File at /var/lib/pulp/content defined in pulp_content_dir parameter doesn’t exist or is unreadable

I got this warning in foreman 2.2 rc3 with katello 3.17 , please advice ?