How to install Capsule for Satellite 6 with certficate signed by different Certification Authority (CA)

Solution Verified - Updated -

Issue

While installing a capsule server in a different domain from Satellite 6 (or 6.1 beta), I'm stuck with a strange error.
Satellite 6 is in domain1.local, while the capsule is in domain2.local. Both of them have different certificates signed by different Certification Authorities (CA).

  • On the capsule side while running:
# capsule-installer --parent-fqdn "satellite6.domain1.local" --register-in-foreman  "true" --foreman-oauth-key    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" --foreman-oauth-secret "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" --pulp-oauth-secret "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" --certs-tar "capsule.domain2.local-certs.tar" --puppet "true" --puppetca "true" --puppet-ca-proxy "https://satellite6.domain1.local" --pulp "true" --qpid-router="true" --dhcp "true" --tftp "true"

OUTPUT:

 Could not set 'present' on ensure: 422 Unprocessable Entity at 12:/usr/share/katello-installer/modules/foreman_proxy/manifests/register.pp
 Could not set 'present' on ensure: 422 Unprocessable Entity at 12:/usr/share/katello-installer/modules/foreman_proxy/manifests/register.pp
 /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[capsule.domain2.local]/ensure: change from absent to present failed: Could not set 'present' on ensure: 422 Unprocessable Entity at 12:/usr/share/katello-installer/modules/foreman_proxy/manifests/register.pp
Installing             Done                                               [100%] [...............................................................................................................................................]
  Something went wrong! Check the log for ERROR-level output
  The full log is at /var/log/capsule-installer/capsule-installer.log

On the satellite side, looking at foreman log, I saw:

...
2015-07-21 15:34:52 [I] Completed 200 OK in 864ms (Views: 9.6ms | ActiveRecord: 13.8ms)
2015-07-21 15:35:16 [I] Processing by Apipie::ApipiesController#index as JSON
2015-07-21 15:35:16 [I]   Parameters: {"version"=>"v2.json", "apipy"=>{}}
2015-07-21 15:35:16 [I] Sent file /usr/share/foreman/public/apipie-cache/apidoc/v2.json (0.3ms)
2015-07-21 15:35:16 [I] Completed 200 OK in 3ms (ActiveRecord: 0.0ms)
2015-07-21 15:35:17 [I] Processing by Api::V2::SmartProxiesController#index as JSON
2015-07-21 15:35:17 [I]   Parameters: {"search"=>"name=capsule.domain2.local", "apiv"=>"v2", "smart_proxy"=>{}}
2015-07-21 15:35:17 [I] Authorized user foreman_api_admin(API Admin)
2015-07-21 15:35:17 [I]   Rendered api/v2/smart_proxies/index.json.rabl within api/v2/layouts/index_layout (14.0ms)
2015-07-21 15:35:17 [I] Completed 200 OK in 78ms (Views: 25.8ms | ActiveRecord: 7.3ms)
2015-07-21 15:35:17 [I] Processing by Api::V2::SmartProxiesController#create as JSON
2015-07-21 15:35:17 [I]   Parameters: {"smart_proxy"=>{"name"=>"capsule.domain2.local", "url"=>"https://capsule.domain2.local:9090"}, "apiv"=>"v2"}
2015-07-21 15:35:17 [I] Authorized user foreman_api_admin(API Admin)
2015-07-21 15:35:17 [E] Unprocessable entity SmartProxy (id: new):
  Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([OpenSSL::SSL::SSLError]: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verif...) for proxy https://capsule.domain2.local:9090/features
  Please check the proxy is configured and running on the host.
...

Environment

  • Red Hat Satellite
    • 6.0
    • 6.1 beta

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.