No, there is nothing special about our certificates. No wildcard, no even SAN. 2048 bits.
Why is Crane needed? Can I disable it? Can I disable everything related to Puppet as we don't need that functionality? I just tested it and it failed again, here is my full install command: sudo foreman-installer --scenario katello \ --certs-server-cert="/etc/pki/tls/certs/katello.tld.crt" \ --certs-server-cert-req="/etc/pki/tls/csr/katello.tld.csr" \ --certs-server-key="/etc/pki/tls/private/katello.tld.key" \ --certs-server-ca-cert="/etc/pki/tls/certs/CompanyInternalCA.crt" \ --foreman-admin-email="n...@company.tld" \ --foreman-admin-first-name="Name" \ --foreman-admin-last-name="LastName" \ --foreman-admin-password="SomeCustomPassword" \ --foreman-initial-organization="Company" \ --katello-num-pulp-workers="24" \ --katello-proxy-url="http://corporate.proxy.tld"; \ --katello-proxy-port="8080" \ --verbose Errors: [ERROR 2016-07-08 10:48:00 verbose] Could not start Service[httpd]: Execution of '/usr/share/katello-installer-base/modules/service_wait/bin/service-wait start httpd' returned 1: Redirecting to /bin/systemctl start httpd.service [ INFO 2016-07-08 10:48:00 verbose] Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details. [ERROR 2016-07-08 10:48:00 verbose] /Stage[main]/Apache::Service/Service[ httpd]/ensure: change from stopped to running failed: Could not start Service[httpd]: Execution of '/usr/share/katello-installer-base/modules/service_wait/bin/service-wait start httpd' returned 1: Redirecting to /bin/systemctl start httpd.service [ERROR 2016-07-08 10:48:18 verbose] /Stage[main]/Foreman::Database/Foreman ::Rake[db:seed]/Exec[foreman-rake-db:seed]: Failed to call refresh: /usr/ sbin/foreman-rake db:seed returned 1 instead of one of [0] [ERROR 2016-07-08 10:48:18 verbose] /Stage[main]/Foreman::Database/Foreman ::Rake[db:seed]/Exec[foreman-rake-db:seed]: /usr/sbin/foreman-rake db:seed returned 1 instead of one of [0] [ERROR 2016-07-08 10:49:15 verbose] /Stage[main]/Foreman_proxy::Register/ Foreman_smartproxy[katello.tld]: Failed to call refresh: Proxy katello.tld cannot be registered (Could not load data from https://katello.tld [ INFO 2016-07-08 10:49:15 verbose] - is your server down? [ INFO 2016-07-08 10:49:15 verbose] - was rake apipie:cache run when using apipie cache? (typical production settings)): N/A [ERROR 2016-07-08 10:49:15 verbose] /Stage[main]/Foreman_proxy::Register/ Foreman_smartproxy[katello.tld]: Proxy katello.tld cannot be registered ( Could not load data from https://katello.tld [ INFO 2016-07-08 10:49:15 verbose] - is your server down? [ INFO 2016-07-08 10:49:15 verbose] - was rake apipie:cache run when using apipie cache? (typical production settings)): N/A [ INFO 2016-07-08 10:49:15 verbose] /usr/share/ruby/vendor_ruby/puppet/util/ errors.rb:106:in `fail' [ INFO 2016-07-08 10:49:19 verbose] Executing hooks in group post Something went wrong! Check the log for ERROR-level output sudo cat /var/log/httpd/crane_error_ssl.log [Fri Jul 08 10:48:00.480289 2016] [ssl:emerg] [pid 13049] AH01903: Failed to configure CA certificate chain! [Fri Jul 08 10:57:44.197492 2016] [ssl:emerg] [pid 13508] AH01903: Failed to configure CA certificate chain! Edgars ceturtdiena, 2016. gada 7. jūlijs 20:26:43 UTC+2, Eric Helms rakstīja: > > Edgars, > > I tested this scenario today and could not duplicate your results. Is > there anything special about your custom certificates? Wildcard? Attributes > special to them? This is my test scenario: > > https://github.com/Katello/forklift/pull/247/files > > On Thu, Jul 7, 2016 at 8:07 AM, Eric D Helms <ericd...@gmail.com > <javascript:>> wrote: > >> Edgars, >> >> I will test this today and report back to you. >> >> >> Eric >> >> On Thu, Jul 7, 2016 at 5:53 AM, Edgars M. <edgars...@gmail.com >> <javascript:>> wrote: >> >>> Hi >>> >>> I still cannot install new Katello because of this issue: >>> http://projects.theforeman.org/issues/15507 >>> >>> It fails every time.. Does anyone know workaround? >>> >>> Edgars >>> >>> >>> trešdiena, 2016. gada 6. jūlijs 22:51:48 UTC+2, Eric Helms rakstīja: >>>> >>>> Katello 3.0.2 has been released to supply bug fixes and major upgrade >>>> issues found by some awesome users. Please see the changelog for more >>>> information ( >>>> https://github.com/Katello/katello/blob/KATELLO-3.0/CHANGELOG.md). >>>> >>>> Installation >>>> ============ >>>> >>>> For installation, please see the instructions at: >>>> >>>> Server: http://www.katello.org/docs/3.0/installation/index.html >>>> <http://www.katello.org/docs/2.4/installation/index.html> >>>> Capsule: http://www.katello.org/docs/3.0/installation/capsule.html >>>> <http://www.katello.org/docs/2.4/installation/capsule.html> >>>> >>>> Bug reporting >>>> ============= >>>> If you come across a bug in your testing, please file it and note the >>>> version of Katello that you're using in the report and set the release >>>> to 3.0.2. >>>> >>>> http://projects.theforeman.org/projects/katello/issues/new >>>> >>>> >>>> -- >>>> Eric D. Helms >>>> Red Hat Engineering >>>> Ph.D. Student - North Carolina State University >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Foreman users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to foreman-user...@googlegroups.com <javascript:>. >>> To post to this group, send email to forema...@googlegroups.com >>> <javascript:>. >>> Visit this group at https://groups.google.com/group/foreman-users. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Eric D. Helms >> Red Hat Engineering >> Ph.D. Student - North Carolina State University >> > > > > -- > Eric D. Helms > Red Hat Engineering > Ph.D. Student - North Carolina State University > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
