[Satellite] upgrading Capsule fails with error: 'Error: Unable to communicate with the Capsule: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([OpenSSL::SSL::SSLError]'.

Solution Verified - Updated 14 Jun 2024

Environment

Red Hat Satellite 6.x

Issue

Could not upgrade Capsule server. Follwing error observed in /var/log/foreman-installer/capsule.log:

  Error: Unable to communicate with the Capsule: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([OpenSSL::SSL::SSLError]

Resolution

Remove duplicate DNS entries on the capsule server.
Make sure that the /etc/hosts file of the Satellite server has the correct IP address of the capsule server.

For more KB articles/solutions related to Red Hat Satellite 6.x Installation/Upgrade/Update Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Installation/Upgrade/Update Issues.

Root Cause

This is a DNS resolution issue as there were duplicate entries in DNS.

  curl -v --cacert /etc/foreman/proxy_ca.pem --cert /etc/foreman/client_cert.pem --key /etc/foreman/client_key.pem https://capsule.example.com:9090/features
  * About to connect() to satellite.example.com port 9090 (#0)
  *   Trying 192.168.122.1...  <== the capsule server is resolved with wrong IP
  * Connected to capsule.example.com (192.168.122.1) port 9090 (#0)
  * Initializing NSS with certpath: sql:/etc/pki/nssdb

Wrong IP address of the capsule server in the /etc/hosts file of the Satellite server.

Diagnostic Steps

Check DNS records.

  dig capsule.example.com

  ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> capsule.example.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20437
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 4000
  ;; QUESTION SECTION:
  ;capsule.example.com. IN A

  ;; ANSWER SECTION:
  capsule.example.com. 3600 IN A 102.70.6.4
  capsule.example.com. 3600 IN A 192.168.122.1

  ;; Query time: 0 msec
  ;; SERVER: 100.70.5.225#53(100.70.5.225)
  ;; WHEN: Wed Aug 22 10:15:48 CEST 2018
  ;; MSG SIZE  rcvd: 119

Make sure that the capsule hostname is resolved properly.

 curl -v --cacert /etc/foreman/proxy_ca.pem --cert /etc/foreman/client_cert.pem --key /etc/foreman/client_key.pem https://capsule.example.com:9090/features
 * About to connect() to capsule.example.com port 9090 (#0)
 *   Trying 192.168.122.1...  <== it should be connecting to 102.70.6.4

SBR

SysMgmt

Product(s)

Red Hat Satellite

Components

Category

Upgrade

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.