Hi there Did you have all the port needed open from Katello server to you capsule and reverse?
Katello to Capsule ports 8443/tcp 443/tcp 9090/tcp 5647/tcp Capsule to Katello Ports 443/tcp 5646/tcp Also try without firewall enable on the machines and selinux disable this normally indicate a firewall issue On Friday, February 10, 2017 at 5:40:45 PHM UTC+1, Edson Manners wrote: > > I'm trying to add a DNS/DHCP capsule/proxy to a Katello 3.1 instance with > custom web certs. I've tried using these instructions but they don't seem > to help. > > http://projects.theforeman.org/issues/16620 > > Definitey seems like a cert issue becasue of the custom Web Cert that > we're running but I can't seem to get the proxy to connect. Any help > pointing me int he right direction is appreciated. > > Here's what I do: > ======================================================================= > 1. yum -y localinstall > http://katello3.xxx.xxx.xxx/pub/katello-ca-consumer-latest.noarch.rpm > 2. subscription-manager register --org "XXX" --environment > "production/centos7" > > > 3. foreman-installer --scenario capsule\ > --capsule-parent-fqdn > "katello3.xxx.xxx.xxx"\ > --foreman-proxy-register-in-foreman "true"\ > --foreman-proxy-foreman-base-url " > https://katello3.xxx.xxx.xxx"\ > --foreman-proxy-trusted-hosts > "katello3.xxx.xxx.xxx"\ > --foreman-proxy-oauth-consumer-key > "WNhk9x8zxdxhxRUsagocAkmdTRtAD8Q"\ > --foreman-proxy-oauth-consumer-secret > "LqiNeGEbhxgxrex8AV6kqxXeiNCsyz7um"\ > --capsule-pulp-oauth-secret > "5rdFmrpSsxHXxsxdxJXacjyn9NCcAKi"\ > --capsule-certs-tar > "/root/capsule.dns1.xx.xxx.xxx-certs.tar"\ > --foreman-proxy-puppetca "false"\ > --foreman-proxy-puppet "false"\ > --foreman-proxy-http "false"\ > --foreman-proxy-templates "false"\ > --foreman-proxy-plugin-pulp-pulpnode-enabled "false"\ > --foreman-proxy-dhcp "true"\ > --foreman-proxy-dhcp-interface "ens3"\ > --foreman-proxy-dns "true"\ > --foreman-proxy-dns-interface "ens3" > ======================================================================= > > Here is the error: > Proxy dns1.yyy.yyy.yyy cannot be registered: Unable to communicate with > the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features > ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 > state=SSLv3 read server certificate B: certificate verif...) for proxy > https://dns1.yyy.yyy.yyy:9090/features Please check the proxy is > configured and running on the host. > > /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[dns1.yyy.yyy.yyy]/ensure: > > change from absent to present failed: Proxy dns1.yyy.yyy.yyy cannot be > registered: Unable to communicate with the proxy: ERF12-2530 > [ProxyAPI::ProxyException]: Unable to detect features > ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 > state=SSLv3 read server certificate B: certificate verif...) for proxy > https://dns1.yyy.yyy.yyy:9090/features Please check the proxy is > configured and running on the host. > Installing Done > [100%] [...................................................................] > Something went wrong! Check the log for ERROR-level output > The full log is at /var/log/foreman-installer/capsule.log > > > Here is the proxy status: > [root@dns1 named]# systemctl status foreman-proxy > ● foreman-proxy.service - Foreman Proxy > Loaded: loaded (/usr/lib/systemd/system/foreman-proxy.service; enabled; > vendor preset: disabled) > Active: active (running) since Wed 2017-02-08 16:33:31 EST; 1 day 18h > ago > ... > > Here is the proxy showing the correct features: > [root@katello3 foreman-proxy]# wget https://dns1.xxx.xxx.xxx:9090/features > ... > Saving to: ‘features’ > ... > [root@katello3 foreman-proxy]# cat features > ["dhcp","dns"] > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.