I'm trying to add a DNS/DHCP capsule/proxy to a Katello 3.1 instance with custom web certs. I've tried using these instructions but they don't seem to help.
http://projects.theforeman.org/issues/16620 Definitey seems like a cert issue becasue of the custom Web Cert that we're running but I can't seem to get the proxy to connect. Any help pointing me int he right direction is appreciated. Here's what I do: ======================================================================= 1. yum -y localinstall http://katello3.xxx.xxx.xxx/pub/katello-ca-consumer-latest.noarch.rpm 2. subscription-manager register --org "XXX" --environment "production/centos7" 3. foreman-installer --scenario capsule\ --capsule-parent-fqdn "katello3.xxx.xxx.xxx"\ --foreman-proxy-register-in-foreman "true"\ --foreman-proxy-foreman-base-url "https://katello3.xxx.xxx.xxx"\ --foreman-proxy-trusted-hosts "katello3.xxx.xxx.xxx"\ --foreman-proxy-oauth-consumer-key "WNhk9x8zxdxhxRUsagocAkmdTRtAD8Q"\ --foreman-proxy-oauth-consumer-secret "LqiNeGEbhxgxrex8AV6kqxXeiNCsyz7um"\ --capsule-pulp-oauth-secret "5rdFmrpSsxHXxsxdxJXacjyn9NCcAKi"\ --capsule-certs-tar "/root/capsule.dns1.xx.xxx.xxx-certs.tar"\ --foreman-proxy-puppetca "false"\ --foreman-proxy-puppet "false"\ --foreman-proxy-http "false"\ --foreman-proxy-templates "false"\ --foreman-proxy-plugin-pulp-pulpnode-enabled "false"\ --foreman-proxy-dhcp "true"\ --foreman-proxy-dhcp-interface "ens3"\ --foreman-proxy-dns "true"\ --foreman-proxy-dns-interface "ens3" ======================================================================= Here is the error: Proxy dns1.yyy.yyy.yyy cannot be registered: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verif...) for proxy https://dns1.yyy.yyy.yyy:9090/features Please check the proxy is configured and running on the host. /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[dns1.yyy.yyy.yyy]/ensure: change from absent to present failed: Proxy dns1.yyy.yyy.yyy cannot be registered: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verif...) for proxy https://dns1.yyy.yyy.yyy:9090/features Please check the proxy is configured and running on the host. Installing Done [100%] [...................................................................] Something went wrong! Check the log for ERROR-level output The full log is at /var/log/foreman-installer/capsule.log Here is the proxy status: [root@dns1 named]# systemctl status foreman-proxy ● foreman-proxy.service - Foreman Proxy Loaded: loaded (/usr/lib/systemd/system/foreman-proxy.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2017-02-08 16:33:31 EST; 1 day 18h ago ... Here is the proxy showing the correct features: [root@katello3 foreman-proxy]# wget https://dns1.xxx.xxx.xxx:9090/features ... Saving to: ‘features’ ... [root@katello3 foreman-proxy]# cat features ["dhcp","dns"] -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
