Thank you for the quick response Dominic,
When i look under settings
foreman1 = (the original working)
SSL CA file /etc/puppetlabs/puppet/ssl/certs/ca.pem SSL CA file
that Foreman will use to communicate with its proxies
SSL certificate /etc/puppetlabs/puppet/ssl/certs/foreman1.com.pem
SSL Certificate path that Foreman would use to communicate with its proxies
SSL client cert env SSL_CLIENT_CERT Environment variable
containing a client's SSL certificate
SSL client DN env SSL_CLIENT_S_DN Environment variable
containing the subject DN from a client SSL certificate
SSL client verify env SSL_CLIENT_VERIFY Environment variable
containing the verification status of a client SSL certificate
SSL private key /etc/puppetlabs/puppet/ssl/private_keys/foreman1.com.pem
SSL Private Key file that Foreman will use to communicate with its
proxies
foreman2:
SSL CA file /etc/puppetlabs/puppet/ssl/certs/ca.pem
SSL CA file that Foreman will use to communicate with its
proxies
SSL certificate /etc/puppetlabs/puppet/ssl/certs/foreman1.com.pem
SSL Certificate path that Foreman would use to communicate with its
proxies
SSL client cert env SSL_CLIENT_CERT
Environment variable containing a client's SSL
certificate
SSL client DN env SSL_CLIENT_S_DN
Environment variable containing the subject DN from a
client SSL certificate
SSL client verify env SSL_CLIENT_VERIFY
Environment variable containing the verification status
of a client SSL certificate
SSL private key /etc/puppetlabs/puppet/ssl/private_keys/foreman1.com.pem
SSL Private Key file that Foreman will use to communicate with its
proxies
When i look in the settings.yaml
foreman1:
:ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/foreman1.com.pem
:ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem
:ssl_priv_key: /etc/puppetlabs/puppet/ssl/private_keys/foreman1.com.pem
foreman2:
:ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/foreman2.com.pem
:ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem
:ssl_priv_key: /etc/puppetlabs/puppet/ssl/private_keys/foreman2.com.pem
On Wednesday, April 26, 2017 at 6:00:06 AM UTC-5, Dominic Cleal wrote:
>
> On 25/04/17 18:34, Jason McMahan wrote:
> > Has anyone else used the foreman puppet module to create a new formean
> host?
> > We used the module, created the host, and manually added it to our f5
> > but odd things show up.
> >
> > If i go to https://foreman.com (load balancer) go to infrastructure >
> > smart proxy > click on puppetca host and look at certificates 1 out of 2
> > times it is fine.
> > If i go to https://foreman1.com (our original formean server that is
> > also the certificate authority) ever proxy looks fine, life is happy.
> >
> > If i go to https://foreman2.com (the new foreman we created with the
> > theforeman module logon is fine, hosts report ok but when i go to smart
> > proxy it shows red and give the error
> >
> > *Error: *Unable to communicate with the proxy: Permission denied @
> > rb_sysopen - /etc/puppetlabs/puppet/ssl/private_keys/foreman2.com.pem
> > and Please check the proxy is configured and running on the host.
>
> The certificate used by Foreman to communicate with its smart proxies is
> set by the ssl_* settings under Administer > Settings > Auth.
>
> theforeman/puppet configures this via /etc/foreman/settings.yaml, and
> it's controlled by the "client_ssl_ca", "client_ssl_cert", and
> "client_ssl_key" parameters on the "foreman" class
> (
> http://www.puppetmodule.info/modules/theforeman-foreman/puppet_classes/foreman).
>
>
>
> Check what values are appropriate for your smart proxy instance, perhaps
> compare against your existing Foreman server, then set these parameters
> to the same values.
>
> --
> Dominic Cleal
> [email protected] <javascript:>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/4853cf92-dc30-4b0c-ac26-eed75e8e1240%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
