After a seemingly successful - if traumatic - upgrading of puppet from 3.x to 4.x as per https://www.theforeman.org/plugins/katello/3.2/upgrade/puppe t.html I find that neither Candlepin nor pulp are starting.
> > CentOS 7.3, Katello 3.2, Foreman 1.13 > > [root@vmpr-res-utils etc]# hammer ping > candlepin: > Status: FAIL > Server Response: > candlepin_auth: > Status: FAIL > Server Response: > pulp: > Status: FAIL > Server Response: > foreman_tasks: > Status: ok > Server Response: Duration: 12ms > > Well, actually, systemctl has pulp-* as working (status = active (running) > except the normal active(exited) for pulp_workers.service ) > > The Katello Administration/About page show me > > Backend System Status Component Status Message > > candlepin FAIL Connection refused - connect(2) for " > vmpr-res-utils.unix.petermac.org.au" port 8443 > > candlepin_auth FAIL A backend service [ Candlepin ] is unreachable > > foreman_tasks OK > > pulp FAIL 404 Resource Not Found pulp_auth FAIL Skipped pulp_auth check > after failed pulp check > > I'm looking in /var/log/ everything to see what I can see and not coming up with much tbh, apart from the previously mentioned katelloplunin:208 error message in /var/log/messages and journalctl All of this points to a CA/Cert error somewhere. I didn't set this system up, so I'm not 100% sure which certs are where - there seems to be a lot, in a number of places. Since Candlepin isn't working, I thought I'd start there. While searching I found this (very old) wiki page on Certs https://fedorahosted.org/katello/wiki/CertificatesDeployed which suggested that /etc/gopher/plugins/katelloplugin.conf should look like [messaging] uuid= url=ssl://$(host):5674 cacert=/etc/pki/katello/KATELLO-TRUSTED-SSL-CERT clientcert=/etc/pki/consumer/qpid_client.crt but we have: [main] > enabled=1 > latency=1 > > [messaging] > url= > uuid= > cacert=/etc/rhsm/ca/candlepin-local.pem > clientcert=/etc/pki/consumer/bundle.pem > > So, while they are different, one thing is noticable - on my system /etc/rhsm/ca/candlepin-local.pem doesn't exist, although candlepin seems to be conf'd to it. Do I need to create this or should I point it to one of the other files in /etc/rhsm/ca/ - katello-default-ca.pem katello-server-ca.pem redhat-uep.pem ? L. -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
