-
Bug
-
Resolution: Done-Errata
-
Major
-
6.17.0
Description of problem:
Clients attempting to register with insights-client when the local iop-advisor-engine is enabled will fail. This happens when a Satellite is configured with custom certificates.
How reproducible:
Always
Is this issue a regression from an earlier version:
No
Steps to Reproduce:
1. Install satellite with custom certificates
2. Pull down iop-advisor-engine from stage to Satellite
3. Enable `foreman-installer --foreman-plugin-rh-cloud-enable-iop-advisor-engine true`
Actual behavior:
The insights-client will throw the error:
Unable to fetch egg url https://satellite.fbd8t.sandbox3988.opentlc.com:443/redhat_access/r/insights/platform/module-update-router/v1/channel?module=insights-core: 502: Bad Gateway. Defaulting to /release Machine-id found, insights-client can not be registered. Please, unregister insights-client first: `insights-client --unregister`
The following is seen in the production.log file:
2025-04-02T14:35:38 [I|app|3f5ecf58] Completed 502 Bad Gateway in 38ms (Views: 0.2ms | ActiveRecord: 3.8ms | Allocations: 21055) 2025-04-02T14:35:38 [I|app|6f1bfa3d] Started GET "/redhat_access/r/insights/v1/static/release/insights-core.el9.egg" for 18.223.171.62 at 2025-04-02 14:35:38 +0000 2025-04-02T14:35:38 [I|app|6f1bfa3d] Processing by InsightsCloud::Api::MachineTelemetriesController#forward_request as */* 2025-04-02T14:35:38 [I|app|6f1bfa3d] Parameters: {"path"=>"v1/static/release/insights-core.el9"} 2025-04-02T14:35:38 [I|app|6f1bfa3d] Forwarding request failed with exception: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) 2025-04-02T14:35:38 [I|app|6f1bfa3d] Completed 502 Bad Gateway in 24ms (Views: 0.1ms | ActiveRecord: 2.3ms | Allocations: 11441) 2025-04-02T14:35:39 [I|app|73d59d57] Started GET "/redhat_access/r/insights/v1/branch_info" for 18.223.171.62 at 2025-04-02 14:35:39 +0000 2025-04-02T14:35:39 [I|app|73d59d57] Processing by InsightsCloud::Api::MachineTelemetriesController#branch_info as JSON 2025-04-02T14:35:39 [I|app|73d59d57] Completed 200 OK in 14ms (Views: 0.1ms | ActiveRecord: 3.0ms | Allocations: 6769) 2025-04-02T14:35:40 [I|app|f0ff3bec] Started GET "/redhat_access/r/insights/v1/systems/30e1417b-0adc-448f-9fc7-47e1b78810f8" for 18.223.171.62 at 2025-04-02 14:35:40 +0000 2025-04-02T14:35:40 [I|app|f0ff3bec] Processing by InsightsCloud::Api::MachineTelemetriesController#forward_request as JSON 2025-04-02T14:35:40 [I|app|f0ff3bec] Parameters: {"path"=>"v1/systems/30e1417b-0adc-448f-9fc7-47e1b78810f8"} 2025-04-02T14:35:40 [I|app|f0ff3bec] Forwarding request failed with exception: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) 2025-04-02T14:35:40 [I|app|f0ff3bec] Completed 502 Bad Gateway in 47ms (Views: 0.2ms | ActiveRecord: 4.8ms | Allocations: 23988)
Expected behavior:
insights-client should behave normally
Business Impact / Additional info:
- depends on
-
SAT-32482 Explicitly include CA file when making calls to advisor engine by ehelms · Pull Request #971 · theforeman/foreman_rh_cloud · GitHub
-
- Closed
-
- links to
-
RHSA-2025:150804 Satellite 6.17.1 Async Update