How to install Capsule for Satellite 6 with certificate signed by different Certification Authority (CA)

Solution Verified - Updated -

Issue

While installing a capsule server in a different domain from Satellite 6 , I'm stuck with a strange error.
Satellite 6 is in domain1.local, while the capsule is in domain2.local. Both of them have different certificates signed by different Certification Authorities (CA).

  • On the capsule side while running:
# satellite-installer --scenario capsule --foreman-proxy-content-parent-fqdn "satellite6.domain1.local" --foreman-proxy-register-in-foreman "true" --foreman-proxy-foreman-base-url "https://satellite6.domain1.local" --foreman-proxy-trusted-hosts "satellite6.domain1.local" --foreman-proxy-trusted-hosts "capsule.domain2.local" --foreman-proxy-oauth-consumer-key "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx" --foreman-proxy-oauth-consumer-secret  "xxxxxxxxxxxxxxxxxxxxxxxxx" --foreman-proxy-content-certs-tar "/root/capsule_certs.tar" --puppet-server-foreman-url "https://satellite6.domain1.local"

OUTPUT:

 Could not set 'present' on ensure: 422 Unprocessable Entity at 12:/usr/share/katello-installer/modules/foreman_proxy/manifests/register.pp
 Could not set 'present' on ensure: 422 Unprocessable Entity at 12:/usr/share/katello-installer/modules/foreman_proxy/manifests/register.pp
 /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[capsule.domain2.local]/ensure: change from absent to present failed: Could not set 'present' on ensure: 422 Unprocessable Entity at 12:/usr/share/katello-installer/modules/foreman_proxy/manifests/register.pp
Installing             Done                                               [100%] [...............................................................................................................................................]
  Something went wrong! Check the log for ERROR-level output
  The full log is at /var/log/capsule-installer/capsule-installer.log

On the satellite side, looking at foreman log, I saw:

...
2015-07-21 15:34:52 [I] Completed 200 OK in 864ms (Views: 9.6ms | ActiveRecord: 13.8ms)
2015-07-21 15:35:16 [I] Processing by Apipie::ApipiesController#index as JSON
2015-07-21 15:35:16 [I]   Parameters: {"version"=>"v2.json", "apipy"=>{}}
2015-07-21 15:35:16 [I] Sent file /usr/share/foreman/public/apipie-cache/apidoc/v2.json (0.3ms)
2015-07-21 15:35:16 [I] Completed 200 OK in 3ms (ActiveRecord: 0.0ms)
2015-07-21 15:35:17 [I] Processing by Api::V2::SmartProxiesController#index as JSON
2015-07-21 15:35:17 [I]   Parameters: {"search"=>"name=capsule.domain2.local", "apiv"=>"v2", "smart_proxy"=>{}}
2015-07-21 15:35:17 [I] Authorized user foreman_api_admin(API Admin)
2015-07-21 15:35:17 [I]   Rendered api/v2/smart_proxies/index.json.rabl within api/v2/layouts/index_layout (14.0ms)
2015-07-21 15:35:17 [I] Completed 200 OK in 78ms (Views: 25.8ms | ActiveRecord: 7.3ms)
2015-07-21 15:35:17 [I] Processing by Api::V2::SmartProxiesController#create as JSON
2015-07-21 15:35:17 [I]   Parameters: {"smart_proxy"=>{"name"=>"capsule.domain2.local", "url"=>"https://capsule.domain2.local:9090"}, "apiv"=>"v2"}
2015-07-21 15:35:17 [I] Authorized user foreman_api_admin(API Admin)
2015-07-21 15:35:17 [E] Unprocessable entity SmartProxy (id: new):
  Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([OpenSSL::SSL::SSLError]: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verif...) for proxy https://capsule.domain2.local:9090/features
  Please check the proxy is configured and running on the host.
...

Environment

  • Red Hat Satellite 6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In