Hi there Did you have all the port needed open from Katello server to you capsule and reverse?
Katello to Capsule ports 8443/tcp 443/tcp 9090/tcp 5647/tcp Capsule to Katello Ports 443/tcp 5646/tcp Also try without firewall enable on the machines and selinux disable this normally indicate a firewall issue On Friday, February 10, 2017 at 5:40:45 PHM UTC+1, Edson Manners wrote: > > I'm trying to add a DNS/DHCP capsule/proxy to a Katello 3.1 instance with > custom web certs. I've tried using these instructions but they don't seem > to help. > > http://projects.theforeman.org/issues/16620 > > Definitey seems like a cert issue becasue of the custom Web Cert that > we're running but I can't seem to get the proxy to connect. Any help > pointing me int he right direction is appreciated. > > Here's what I do: > ======================================================================= > 1. yum -y localinstall > http://katello3.xxx.xxx.xxx/pub/katello-ca-consumer-latest.noarch.rpm > 2. subscription-manager register --org "XXX" --environment > "production/centos7" > > > 3. foreman-installer --scenario capsule\ > --capsule-parent-fqdn > "katello3.xxx.xxx.xxx"\ > --foreman-proxy-register-in-foreman "true"\ > --foreman-proxy-foreman-base-url " > https://katello3.xxx.xxx.xxx"\ > --foreman-proxy-trusted-hosts > "katello3.xxx.xxx.xxx"\ > --foreman-proxy-oauth-consumer-key > "WNhk9x8zxdxhxRUsagocAkmdTRtAD8Q"\ > --foreman-proxy-oauth-consumer-secret > "LqiNeGEbhxgxrex8AV6kqxXeiNCsyz7um"\ > --capsule-pulp-oauth-secret > "5rdFmrpSsxHXxsxdxJXacjyn9NCcAKi"\ > --capsule-certs-tar > "/root/capsule.dns1.xx.xxx.xxx-certs.tar"\ > --foreman-proxy-puppetca "false"\ > --foreman-proxy-puppet "false"\ > --foreman-proxy-http "false"\ > --foreman-proxy-templates "false"\ > --foreman-proxy-plugin-pulp-pulpnode-enabled "false"\ > --foreman-proxy-dhcp "true"\ > --foreman-proxy-dhcp-interface "ens3"\ > --foreman-proxy-dns "true"\ > --foreman-proxy-dns-interface "ens3" > ======================================================================= > > Here is the error: > Proxy dns1.yyy.yyy.yyy cannot be registered: Unable to communicate with > the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features > ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 > state=SSLv3 read server certificate B: certificate verif...) for proxy > https://dns1.yyy.yyy.yyy:9090/features Please check the proxy is > configured and running on the host. > > /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[dns1.yyy.yyy.yyy]/ensure: > > change from absent to present failed: Proxy dns1.yyy.yyy.yyy cannot be > registered: Unable to communicate with the proxy: ERF12-2530 > [ProxyAPI::ProxyException]: Unable to detect features > ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 > state=SSLv3 read server certificate B: certificate verif...) for proxy > https://dns1.yyy.yyy.yyy:9090/features Please check the proxy is > configured and running on the host. > Installing Done > [100%] [...................................................................] > Something went wrong! Check the log for ERROR-level output > The full log is at /var/log/foreman-installer/capsule.log > > > Here is the proxy status: > [root@dns1 named]# systemctl status foreman-proxy > ● foreman-proxy.service - Foreman Proxy > Loaded: loaded (/usr/lib/systemd/system/foreman-proxy.service; enabled; > vendor preset: disabled) > Active: active (running) since Wed 2017-02-08 16:33:31 EST; 1 day 18h > ago > ... > > Here is the proxy showing the correct features: > [root@katello3 foreman-proxy]# wget https://dns1.xxx.xxx.xxx:9090/features > ... > Saving to: ‘features’ > ... > [root@katello3 foreman-proxy]# cat features > ["dhcp","dns"] > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
