I don't have file 05-katello-ssl.conf just following
[root@myserver ~]# ls /etc/httpd/conf.d/
03-crane.conf 05-foreman-ssl.conf 25-puppet.conf pulp_content.conf
pulp_rpm.conf
05-foreman.conf 05-foreman-ssl.d passenger.conf pulp_docker.conf
pulp_streamer.conf
05-foreman.d 15-default.conf pulp.conf pulp_puppet.conf
ssl.conf
[root@myserver ~]#
I tried to use keys and certs from this configs, but with the same result.
Dne středa 19. července 2017 13:33:31 UTC+2 Daniel Lobato napsal(a):
>
> On 07/19, Dan Sk wrote:
> > Hi Daniel Lobato,
> > thanks for the replay. I use foreman with katello. So I
> > used /etc/pki/katello/certs/katello-apache.crt
> > and /etc/pki/katello/private/katello-apache.key as mentioned
> > in /etc/httpd/conf.d/05-foreman-ssl.conf but still without success.
>
> Are you sure that's it? My Apache config file is 05-katello-ssl.conf,
> and the cert/key are:
>
>
> SSLCertificateFile "/etc/pki/katello/certs/katello-default-ca.crt"
> SSLCertificateKeyFile "/etc/pki/katello/private/katello-default-ca.key"
>
>
>
>
> >
> > Here are current logs:
> > ==> /var/log/foreman/production.log <==
> > 2017-07-19 09:27:50 d0a8c61a [app] [I] Started POST
> "/api/v2/hosts/facts"
> > for 172.27.9.166 at 2017-07-19 09:27:50 +0200
> > 2017-07-19 09:27:50 d0a8c61a [app] [I] Processing by
> > Api::V2::HostsController#facts as JSON
> > 2017-07-19 09:27:50 d0a8c61a [app] [I] Parameters:
> > {"facts"=>"[FILTERED]", "name"=>"client.in.corp", "apiv"=>"v2",
> > :host=>{"name"=>"client.in.corp"}}
> > 2017-07-19 09:27:50 d0a8c61a [app] [W] No SSL cert with CN supplied -
> > request from 172.27.9.166,
> > 2017-07-19 09:27:50 d0a8c61a [app] [W] SSO failed
> > 2017-07-19 09:27:50 d0a8c61a [app] [I] Rendered
> > api/v2/errors/access_denied.json.rabl within api/v2/layouts/error_layout
> > (1.0ms)
> > 2017-07-19 09:27:50 d0a8c61a [app] [I] Filter chain halted as
> >
> #<Proc:0x00000009905b10@/usr/share/foreman/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb:14>
>
>
> > rendered or redirected
> > 2017-07-19 09:27:50 d0a8c61a [app] [I] Completed 403 Forbidden in 10ms
> > (Views: 2.1ms | ActiveRecord: 0.5ms)
> > 2017-07-19 09:27:50 5216bc1a [app] [I] Started POST
> "/api/v2/hosts/facts"
> > for IP_FOREMAN_URL at 2017-07-19 09:27:50 +0200
> > 2017-07-19 09:27:50 5216bc1a [app] [I] Processing by
> > Api::V2::HostsController#facts as JSON
> > 2017-07-19 09:27:50 5216bc1a [app] [I] Parameters:
> > {"facts"=>"[FILTERED]", "name"=>"client.in.corp", "apiv"=>"v2",
> > :host=>{"name"=>"client.in.corp"}}
> > 2017-07-19 09:27:50 5216bc1a [app] [W] No SSL cert with CN supplied -
> > request from IP_FOREMAN_URL,
> > 2017-07-19 09:27:50 5216bc1a [app] [W] SSO failed
> > 2017-07-19 09:27:50 5216bc1a [app] [I] Rendered
> > api/v2/errors/access_denied.json.rabl within api/v2/layouts/error_layout
> > (0.5ms)
> > 2017-07-19 09:27:50 5216bc1a [app] [I] Filter chain halted as
> >
> #<Proc:0x00000009905b10@/usr/share/foreman/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb:14>
>
>
> > rendered or redirected
> > 2017-07-19 09:27:50 5216bc1a [app] [I] Completed 403 Forbidden in 5ms
> > (Views: 1.4ms | ActiveRecord: 0.0ms)
> >
> > Is there any debug mode or curl command which could give me some hint?
> >
> > Thank you very moch.
> > Daniel Slezak
> >
> > Dne úterý 18. července 2017 17:23:01 UTC+2 Daniel Lobato napsal(a):
> > >
> > > On 07/18, Dan Sk wrote:
> > > >
> > > >
> > > > Hi,
> > > >
> > > > I am lost with setting of callback/foreman.py.
> > > >
> > > > We use Foreman 1.15.2, Katello 3.4.2, foreman_ansible 1.4.5 (with
> > > updated callback/forman.py from github) and ansible 2.3.1 on CentOS 7.
> > > >
> > > > I think i know where Foreman runs.
> > > > curl -k -H "Accept: application/json" https://fqdn.in.corp/status
> > > >
> {"result":"ok","status":"ok","version":"1.15.2","db_duration_ms":"3"}
> > > >
> > > > Checked certification as is on
> > >
> https://www.theforeman.org/plugins/foreman_ansible/1.x/index.html#2.1Ansiblecallback
>
> > > > Request check for certifications
> > >
> http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification
>
> > > > python
> > > >
> > > > import requests
> > > > requests.get('https://fqdn.in.corp/',
> > > cert=('/etc/foreman/client_cert.pem', '/etc/foreman/client_key.pem'))
> > > >
> > > > <Response [200]>
> > > >
> > > > But when run ansible -m setup client.in.corp i see
> > > >
> > > > 2017-07-18 14:26:25 91503c77 [app] [I] Started POST
> > > "/api/v2/hosts/facts" for IP_FOREMAN_URL at 2017-07-18 14:26:25 +0200
> > > > 2017-07-18 14:26:25 91503c77 [app] [I] Processing by
> > > Api::V2::HostsController#facts as JSON
> > > > 2017-07-18 14:26:25 91503c77 [app] [I] Parameters:
> > > {"facts"=>"[FILTERED]", "name"=>"client.in.corp", "apiv"=>"v2",
> > > :host=>{"name"=>"client.in.corp"}}
> > > > 2017-07-18 14:26:25 91503c77 [app] [D] Importer
> > > Katello::RhsmFactImporter does not implement
> > > authorized_smart_proxy_features.
> > > > 2017-07-18 14:26:25 91503c77 [app] [D] Importer
> > > ForemanAnsible::StructuredFactImporter does not implement
> > > authorized_smart_proxy_features.2017-07-18 14:26:25 91503c77 [app] [W]
> No
> > > SSL cert with CN supplied - request from IP_FOREMAN_URL,
> > > > 2017-07-18 14:26:25 91503c77 [app] [W] SSO failed
> > > > 2017-07-18 14:26:25 91503c77 [app] [I] Rendered
> > > api/v2/errors/access_denied.json.rabl within
> api/v2/layouts/error_layout
> > > (0.8ms)
> > > > 2017-07-18 14:26:25 91503c77 [app] [I] Filter chain halted as
> > >
> #<Proc:0x0000000b444908@/usr/share/foreman/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb:14>
>
>
> > >
> <Proc:0x0000000b444908@/usr/share/foreman/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb:14>
>
>
> > > rendered or redirected
> > > > 2017-07-18 14:26:25 91503c77 [app] [I] Completed 403 Forbidden in
> 6ms
> > > (Views: 1.6ms | ActiveRecord: 0.0ms)
> > > >
> > > >
> > > > If i use FOREMAN_USER/FOREMAN_PASSWORD combination facts upload
> > > correctly. So i am pretty sure it is installed correctly.
> > > >
> > > > Configuration part in callback/foreman.py
> > > > FOREMAN_URL = os.getenv('FOREMAN_URL', "https://fqdn.in.corp";
> <
> > > https://fqdn.in.corp>)
> > > >
> > > > FOREMAN_SSL_CERT = (os.getenv('FOREMAN_SSL_CERT',
> > > > "/etc/foreman/client_cert.pem"),
> > > > os.getenv('FOREMAN_SSL_KEY',
> > > > "/etc/foreman/client_key.pem"))
> > > > FOREMAN_SSL_VERIFY = os.getenv('FOREMAN_SSL_VERIFY', "1")
> > > > FOREMAN_USER = os.getenv('FOREMAN_USER', "admin") #It works
> with
> > > user
> > > > FOREMAN_PASSWORD = os.getenv('FOREMAN_PASSWORD', "S3cr3tPASS") #
> and
> > > password
> > > >
> > > > I do not know which cert/key is for what. Thanks for hints and
> kicking
> > > me
> > > > in right direction.
> > >
> > > You can find the keys in /etc/httpd/conf.d/05-katello-ssl.conf or a
> > > similar file if you just have Foreman. The values match those of
> > > SSLCertificateFile, SSLCertificateKeyFile.
> > >
> > > By default these are in
> > >
> > > "/etc/pki/katello/certs/katello-default-ca.crt"
> > > "/etc/pki/katello/private/katello-default-ca.key"
> > >
> > > in a Foreman+Katello installation
> > >
> > > If you just use foreman, it'd be something like:
> > >
> > > /etc/puppetlabs/puppet/ssl/certs/yourfqdn.pem'
> > > /etc/puppetlabs/puppet/ssl/private_keys/yourfqdn.pem'
> > >
> > > (or maybe /var/lib/puppet/ssl, depending on your Puppet version)
> > >
> > > >
> > > >
> > > > Daniel Slezak
> > > >
> > > >
> > > >
> > > > --
> > > > You received this message because you are subscribed to the Google
> > > Groups "Foreman users" group.
> > > > To unsubscribe from this group and stop receiving emails from it,
> send
> > > an email to [email protected] <javascript:>.
> > > > To post to this group, send email to [email protected]
> > > <javascript:>.
> > > > Visit this group at https://groups.google.com/group/foreman-users.
> > > > For more options, visit https://groups.google.com/d/optout.
> > >
> > >
> > > --
> > > Daniel Lobato Garcia
> > >
> > > @dLobatog
> > > blog.daniellobato.me
> > > daniellobato.me
> > >
> > > GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30
> > > Keybase: https://keybase.io/elobato
> > >
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Foreman users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to [email protected] <javascript:>.
> > To post to this group, send email to [email protected]
> <javascript:>.
> > Visit this group at https://groups.google.com/group/foreman-users.
> > For more options, visit https://groups.google.com/d/optout.
>
>
> --
> Daniel Lobato Garcia
>
> @dLobatog
> blog.daniellobato.me
> daniellobato.me
>
> GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30
> Keybase: https://keybase.io/elobato
>
--
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
