I am still on 3.2 but as Edgars M. has mentioned in his linked thread my katello.yaml has no ":ca_cert_file" entry in the ":candlepin" or ":pulp" sections.
On Wednesday, March 1, 2017 at 9:12:27 AM UTC+1, Edgars M. wrote: > > I have the same problem: > https://groups.google.com/forum/#!topic/foreman-users/vxj75qlt8k4 > > Have not found any solution yet. > > Edgars > > otrdiena, 2017. gada 28. februāris 19:07:38 UTC+1, Edward Clay rakstīja: >> >> Hello, I've run into an issue where after upgrading a working katello >> 3.2 system to 3.3 I get the following error when attempting to publish a >> content view. >> >> There was an issue with the backend service pulp: SSL_connect returned=1 >> errno=0 state=SSLv3 read server certificate B: certificate verify failed >> >> >> When the system was running katello 3.2 I rand the following to get the >> custom signed ssl certs to work. >> >> foreman-installer --scenario katello --certs-server-cert >> /etc/pki/tls/certs/il-foreman1_slc_westdc_net.crt --certs-server-cert-req >> /etc/pki/tls/private/il-foreman1.slc.westdc.net.csr --certs-server-key >> /etc/pki/tls/private/il-foreman1.slc.westdc.net.key --certs-server-ca-cert >> /etc/pki/tls/certs/comodo-ca-bundle.crt --certs-server-ca-name comodo-ca >> --certs-update-server --certs-update-server-ca >> >> To fix problems with candlepin I did the following found via >> http://projects.theforeman.org/issues/16620 >> >> Copy /root/ssl-build/katello-default-ca.crt to >> /etc/pki/ca-trust/source/anchors/ and rebuild the openssl ca certs with >> update-ca-trust. Due to chicken-and-egg issue, this may prevent a clean >> install using custom certs. After performing these steps, re-run the >> installer. It should complete correctly the second time through. >> >> I've attempted both of theses steps along with the second fix on the >> above url for issue 16620 without any success. I see the following details >> in the /etc/foreman/plugins/katello.yaml >> >> ### File managed with puppet ### >> ## Module: puppet-katello >> >> :katello: >> :rest_client_timeout: 3600 >> >> :post_sync_url: >> https://il-foreman1.domain.net/katello/api/v2/repositories/sync_complete?token=gQ7efFZPwo8oWXg9abmdG3v8gkY29fcs >> >> :candlepin: >> :url: https://il-foreman1.domain.net:8443/candlepin >> :oauth_key: katello >> :oauth_secret: qXZyiEhe8WqoCeTtPJqhpUGCPV65GmeL >> :ca_cert_file: /etc/pki/katello/certs/katello-default-ca.crt >> >> :pulp: >> :url: https://il-foreman1.domain.net/pulp/api/v2/ >> :oauth_key: katello >> :oauth_secret: qXZyiEhe8WqoCeTtPJqhpUGCPV65GmeL >> :ca_cert_file: /etc/pki/katello/certs/katello-default-ca.crt >> >> :qpid: >> :url: amqp:ssl:localhost:5671 >> :subscriptions_queue_address: katello_event_queue >> >> I'm not sure what additional information to provide to help identify the >> problem here. Any ideas what to try/do next? >> >> Thanks >> > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
