Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-34214

Advisor engine does not work with custom certificates

XMLWordPrintable

    • 2
    • False
    • foreman_rh_cloud-11.4.1
    • Important
    • None
    • None
    • None
    • None

      Description of problem:

      Clients attempting to register with insights-client when the local iop-advisor-engine is enabled will fail. This happens when a Satellite is configured with custom certificates.

       

      How reproducible:

      Always

       

      Is this issue a regression from an earlier version:

      No

       

      Steps to Reproduce:

      1. Install satellite with custom certificates

      2. Pull down iop-advisor-engine from stage to Satellite

      3. Enable `foreman-installer --foreman-plugin-rh-cloud-enable-iop-advisor-engine true`

      Actual behavior:
      The insights-client will throw the error:

      Unable to fetch egg url https://satellite.fbd8t.sandbox3988.opentlc.com:443/redhat_access/r/insights/platform/module-update-router/v1/channel?module=insights-core: 502: Bad Gateway. Defaulting to /release
      Machine-id found, insights-client can not be registered. Please, unregister insights-client first: `insights-client --unregister`
      

      The following is seen in the production.log file:

      2025-04-02T14:35:38 [I|app|3f5ecf58] Completed 502 Bad Gateway in 38ms (Views: 0.2ms | ActiveRecord: 3.8ms | Allocations: 21055)
      2025-04-02T14:35:38 [I|app|6f1bfa3d] Started GET "/redhat_access/r/insights/v1/static/release/insights-core.el9.egg" for 18.223.171.62 at 2025-04-02 14:35:38 +0000
      2025-04-02T14:35:38 [I|app|6f1bfa3d] Processing by InsightsCloud::Api::MachineTelemetriesController#forward_request as */*
      2025-04-02T14:35:38 [I|app|6f1bfa3d]   Parameters: {"path"=>"v1/static/release/insights-core.el9"}
      2025-04-02T14:35:38 [I|app|6f1bfa3d] Forwarding request failed with exception: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
      2025-04-02T14:35:38 [I|app|6f1bfa3d] Completed 502 Bad Gateway in 24ms (Views: 0.1ms | ActiveRecord: 2.3ms | Allocations: 11441)
      2025-04-02T14:35:39 [I|app|73d59d57] Started GET "/redhat_access/r/insights/v1/branch_info" for 18.223.171.62 at 2025-04-02 14:35:39 +0000
      2025-04-02T14:35:39 [I|app|73d59d57] Processing by InsightsCloud::Api::MachineTelemetriesController#branch_info as JSON
      2025-04-02T14:35:39 [I|app|73d59d57] Completed 200 OK in 14ms (Views: 0.1ms | ActiveRecord: 3.0ms | Allocations: 6769)
      2025-04-02T14:35:40 [I|app|f0ff3bec] Started GET "/redhat_access/r/insights/v1/systems/30e1417b-0adc-448f-9fc7-47e1b78810f8" for 18.223.171.62 at 2025-04-02 14:35:40 +0000
      2025-04-02T14:35:40 [I|app|f0ff3bec] Processing by InsightsCloud::Api::MachineTelemetriesController#forward_request as JSON
      2025-04-02T14:35:40 [I|app|f0ff3bec]   Parameters: {"path"=>"v1/systems/30e1417b-0adc-448f-9fc7-47e1b78810f8"}
      2025-04-02T14:35:40 [I|app|f0ff3bec] Forwarding request failed with exception: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
      2025-04-02T14:35:40 [I|app|f0ff3bec] Completed 502 Bad Gateway in 47ms (Views: 0.2ms | ActiveRecord: 4.8ms | Allocations: 23988)
      

      Expected behavior:
      insights-client should behave normally

      Business Impact / Additional info:

       

              ehelms@redhat.com Eric Helms
              ehelms@redhat.com Eric Helms
              Tasos Papaioannou Tasos Papaioannou
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: