On 25/04/17 18:34, Jason McMahan wrote: > Has anyone else used the foreman puppet module to create a new formean host? > We used the module, created the host, and manually added it to our f5 > but odd things show up. > > If i go to https://foreman.com (load balancer) go to infrastructure > > smart proxy > click on puppetca host and look at certificates 1 out of 2 > times it is fine. > If i go to https://foreman1.com (our original formean server that is > also the certificate authority) ever proxy looks fine, life is happy. > > If i go to https://foreman2.com (the new foreman we created with the > theforeman module logon is fine, hosts report ok but when i go to smart > proxy it shows red and give the error > > *Error: *Unable to communicate with the proxy: Permission denied @ > rb_sysopen - /etc/puppetlabs/puppet/ssl/private_keys/foreman2.com.pem > and Please check the proxy is configured and running on the host.
The certificate used by Foreman to communicate with its smart proxies is set by the ssl_* settings under Administer > Settings > Auth. theforeman/puppet configures this via /etc/foreman/settings.yaml, and it's controlled by the "client_ssl_ca", "client_ssl_cert", and "client_ssl_key" parameters on the "foreman" class (http://www.puppetmodule.info/modules/theforeman-foreman/puppet_classes/foreman). Check what values are appropriate for your smart proxy instance, perhaps compare against your existing Foreman server, then set these parameters to the same values. -- Dominic Cleal [email protected] -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8bb118f4-bd64-7725-7f6a-07eb743284f4%40cleal.org. For more options, visit https://groups.google.com/d/optout.
