Re: [foreman-users] Re: Foreman Proxy is not recognized
On 28/07/16 16:08, Sai Krishna wrote: > # see http://theforeman.org/projects/smart-proxy/wiki/SSL for > more information > > :ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem > > :ssl_certificate: /var/lib/puppet/ssl/certs/puppetmaster.com.pem > > :ssl_private_key: > /var/lib/puppet/ssl/private_keys/puppetmaster.com.pem > > :trusted_hosts: > > - foremanserver.com > > # Endpoint for reverse communication > > :foreman_url: https://foremanserver.com > > I have replaced the puppetmaster certificates > /var/lib/puppet/ssl/certs/ca.pem , > /var/lib/puppet/ssl/certs/puppetmaster.pem, > /var/lib/puppet/ssl/private_keys/puppetmaster.pem with foreman > server certificates. which are also mentioned in settings.yml. > after this I have ran the foreman installer again enabling > puppet and foreman- proxy but still the error is same after > finishing the foreman installer installation. As you said I have > checked the ruby-kafo it is to the latest 0.9.1. On the > puppetmaster the smart proxy is running but when trying to add > in the foreman gui it is throwing same error. Let me know you > want me to check any other configuration settings or cert > settings. according to the error there is something wrong with > certificates configuration but not sure where to make changes. > > > error on foreman gui > *Unable to save* > Unable to communicate with the proxy: ERF12-2530 > [ProxyAPI::ProxyException]: Unable to detect features > ([OpenSSL::SSL::SSLError]: hostname "nyrhdv146.cusa.canon.com" does not > match the server certificate) for proxy > https://nyrhdv146.cusa.canon.com:8443/features > Please check the proxy is configured and running on the host. This is a different error. It states that the hostname you're entering in the Foreman UI is different to the hostname on the certificates. Your later response says you're using "puppet cert generate new-puppetmaster.example.com", which means you would need to use that hostname (new-puppetmaster.example.com) when adding the smart proxy. If the hostname you're adding is actually "nyrhdv146.cusa.canon.com" then you should use "puppet cert generate nyrhdv146.cusa.canon.com" too. -- Dominic Cleal domi...@cleal.org -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Re: Foreman Proxy is not recognized
puppet cert generate new-puppetmaster.example.com am generating new certs for puppetmaster on foreman server and replacing new certs in puppetmaster is this correct way ? Please advice Sai Krishna -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Re: Foreman Proxy is not recognized
/etc/foreman-proxy/settings.d/puppet_proxy_puppet_api.yml > >>- --- >>- # URL of the puppet master itself for API requests. >>- :puppet_url: https://puppetmaster:8140 >>- # SSL certificates used to access the puppet API >>- :puppet_ssl_ca: /etc/puppetlabs/puppet/ssl/certs/ca.pem >>- :puppet_ssl_cert: /etc/puppetlabs/puppet/ssl/certs/puppetmaster.pem >>- :puppet_ssl_key: >>/etc/puppetlabs/puppet/ssl/private_keys/puppetmaster.pem >> >> Here the paths are different from settings.yml is this causing any cert issue ? -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Re: Foreman Proxy is not recognized
On 27/07/16 21:43, Sai Krishna wrote: > *[ERROR 2016-07-27 16:13:21 main] Errors encountered during run:* > *[ERROR 2016-07-27 16:13:21 main] Evaluation Error: Error while > evaluating a Function Call, undefined class/module HighLine:: at > /usr/share/gems/gems/kafo-0.9.1/modules/kafo_configure/manifests/init.pp:14:3 > on node puppetserver.com* This appears similar to http://projects.theforeman.org/issues/15111, so ensure ruby-kafo is at least version 0.8.2, preferably the latest we ship (0.9.x). -- Dominic Cleal domi...@cleal.org -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Re: Foreman Proxy is not recognized
On 27/07/16 20:27, Sai Krishna wrote: > I have changed the /etc/foreman-proxy/settings.yml file. I have change > trusted host and foreman_url from puppetmaster to foremanvers FQDN. is > this a wrong move ? > > # the hosts which the proxy accepts connections from > # commenting the following lines would mean every verified SSL > connection allowed > :trusted_hosts: > - foremansever.com > > # Endpoint for reverse communication > :foreman_url: https://foremanserver.com > > I have generated new smart proxy certificates from foreman server and > replaced the /etc/puppetlabs/ssl/certs/ca.pem, puppetserver.pem, > /etc/puppetlabs/ssl/private_keys/puppetserver.pem > > Still do I need to change anything. Please advice. That sounds correct, but what happens now? It's unclear from your message whether this works or if you still receive an error. Also verify that those paths are the ones referenced in settings.yml. -- Dominic Cleal domi...@cleal.org -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] Re: Foreman Proxy is not recognized
No you don't want to change the https port, you want to enable http so you'll have :https_port: 8443 :http_port: 8000 you then need to restart the proxy (systemctl restart foreman-proxy), make sure the local firewall has that port open - firewall-cmd --permanent --zone=public --add-port="8000/tcp" firewall-cmd --complete-reload and then try and connect via the GUI. Note this is just to test that foreman can actually contact the proxy, you'll still have to figure out the certificates issue (which I went into in quite a lot of detail in the ticket, http://projects.theforeman.org/issues/15530) Dylan On Thursday, July 28, 2016 at 9:57:40 AM UTC+12, Sai Krishna wrote: > > Hi Dylan, >> > > Appreciate your reply. > > # http is disabled by default. To enable, uncomment 'http_port' setting > # https is enabled if certificate, CA certificate, and private key are > present in locations specifed by > # ssl_certificate, ssl_ca_file, and ssl_private_key correspondingly > # default values for https_port is 8443 > :https_port: 8443 > > this was the intial setting I have changed it to 8000 but still facing > same error. > > Please advice. > Sai Krishna > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] Re: Foreman Proxy is not recognized
> > Hi Dylan, > Appreciate your reply. # http is disabled by default. To enable, uncomment 'http_port' setting # https is enabled if certificate, CA certificate, and private key are present in locations specifed by # ssl_certificate, ssl_ca_file, and ssl_private_key correspondingly # default values for https_port is 8443 :https_port: 8443 this was the intial setting I have changed it to 8000 but still facing same error. Please advice. Sai Krishna -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] Re: Foreman Proxy is not recognized
Hi Sai, your SSL error sounds exactly like this issue: http://projects.theforeman.org/issues/15530 For my proxy, settings.yml as this as trusted hosts and reverse communications entries: # the hosts which the proxy accepts connections from # commenting the following lines would mean every verified SSL connection allowed :trusted_hosts: - mainformanserver.com - foremanproxy.com # Endpoint for reverse communication :foreman_url: https://mainforemanserver.com It is worth checking you can connect the proxy via HTTP - so in settings.yml make sure :http_port: is configured - e.g. :http_port: 8000 and then try adding the smart proxy via that address - http://foremanproxy.com:8000/ Hope that helps Dylan -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] Re: Foreman Proxy is not recognized
using foreman - installer in interactive mode enabled puppet and foreman proxy and configured according to https://theforeman.org/manuals/1.12/index.html#3.2.3InstallationScenarios | setting up foreman with external puppet master. Preparing installation Done Something went wrong! Check the log for ERROR-level output * Foreman Proxy is running at https://puppetserver.com:8443 The full log is at /var/log/foreman-installer/foreman.log [ INFO 2016-07-27 16:13:21 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:128:in `run' [ INFO 2016-07-27 16:13:21 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:72:in `execute' [ INFO 2016-07-27 16:13:21 main] /opt/puppetlabs/bin/puppet:5:in `' [ INFO 2016-07-27 16:13:21 main] Puppet has finished, bye! [ INFO 2016-07-27 16:13:21 main] Executing hooks in group post [DEBUG 2016-07-27 16:13:21 main] Hook /usr/share/foreman-installer/hooks/post/10-post_install_message.rb returned nil [ INFO 2016-07-27 16:13:21 main] All hooks in group post finished [DEBUG 2016-07-27 16:13:21 main] Exit with status code: 1 (signal was 1) *[ERROR 2016-07-27 16:13:21 main] Errors encountered during run:* *[ERROR 2016-07-27 16:13:21 main] Evaluation Error: Error while evaluating a Function Call, undefined class/module HighLine:: at /usr/share/gems/gems/kafo-0.9.1/modules/kafo_configure/manifests/init.pp:14:3 on node puppetserver.com* [DEBUG 2016-07-27 16:13:21 main] Cleaning /tmp/d20160727-13857-1irv5ck [DEBUG 2016-07-27 16:13:21 main] Cleaning /tmp/kafo_hiera20160727-13857-16fcv4y [DEBUG 2016-07-27 16:13:21 main] Cleaning /tmp/default_values.yaml Please advice -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.