Not too long ago we had an issue while setting up a custom catalog for one of our clients. Long story short, it turned out that the wildcard ssl certificate in use was not properly accepted by the rancher server. Besides looking for a proper certificate we needed a solution for the time being. Unfortunately the frontend error associated with this issue did not help too much
The template request answer was:
{"actions":{},"links":{"self":"http://.../v1-catalog/templates"},"message":"[Catalog refresh failed for CUSTOM-Catalog (https://...@git.yourcompany.net/RANCHER/rancher-catalogs.git): Update failed: exit status 128]","status":"500","type":"error"}
The host could talk to the Gitlab, Logs did not reveal much more but then we eventually ended up checking the git connection from inside the rancher-server container. And tada:
unable to access 'https://...@git.yourcompany.net/RANCHER/rancher-catalogs.git': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Until we managed to get the Root-Cert working as expected here is the workaround:
connect to the rancher server
docker exec -it rancher-server bash
disable ssl verification for all repos
git config --global http.sslVerify false
refresh the catalog, it should work now
enable slls verification again
git config --global http.sslVerify true
switch to the rancher catalog repo and disable ssl verification soly for this repo
cd /var/lib/cattle/cache/global/<id of the new repo>
git config http.sslVerify false
From now on, subsequent request should work too. Without sacrificing all other ssl checks.