Thank you for the quick response Dominic,
When i look under settings
foreman1 = (the original working)
SSL CA file /etc/puppetlabs/puppet/ssl/certs/ca.pem SSL CA file
that Foreman will use to communicate with its proxies
SSL certificate /etc/puppetlabs/puppet/ssl/certs/foreman1.com.pem
SSL Certificate path that Foreman would use to communicate with its proxies
SSL client cert env SSL_CLIENT_CERT Environment variable
containing a client's SSL certificate
SSL client DN env SSL_CLIENT_S_DN Environment variable
containing the subject DN from a client SSL certificate
SSL client verify env SSL_CLIENT_VERIFY Environment variable
containing the verification status of a client SSL certificate
SSL private key /etc/puppetlabs/puppet/ssl/private_keys/foreman1.com.pem
SSL Private Key file that Foreman will use to communicate with its
proxies
foreman2:
SSL CA file /etc/puppetlabs/puppet/ssl/certs/ca.pem
SSL CA file that Foreman will use to communicate with its
proxies
SSL certificate /etc/puppetlabs/puppet/ssl/certs/foreman1.com.pem
SSL Certificate path that Foreman would use to communicate with its
proxies
SSL client cert env SSL_CLIENT_CERT
Environment variable containing a client's SSL
certificate
SSL client DN env SSL_CLIENT_S_DN
Environment variable containing the subject DN from a
client SSL certificate
SSL client verify env SSL_CLIENT_VERIFY
Environment variable containing the verification status
of a client SSL certificate
SSL private key /etc/puppetlabs/puppet/ssl/private_keys/foreman1.com.pem
SSL Private Key file that Foreman will use to communicate with its
proxies
When i look in the settings.yaml
foreman1:
:ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/foreman1.com.pem
:ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem
:ssl_priv_key: /etc/puppetlabs/puppet/ssl/private_keys/foreman1.com.pem
foreman2:
:ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/foreman2.com.pem
:ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem
:ssl_priv_key: /etc/puppetlabs/puppet/ssl/private_keys/foreman2.com.pem
On Wednesday, April 26, 2017 at 6:00:06 AM UTC-5, Dominic Cleal wrote:
>
> On 25/04/17 18:34, Jason McMahan wrote:
> > Has anyone else used the foreman puppet module to create a new formean
> host?
> > We used the module, created the host, and manually added it to our f5
> > but odd things show up.
> >
> > If i go to https://foreman.com (load balancer) go to infrastructure >
> > smart proxy > click on puppetca host and look at certificates 1 out of 2
> > times it is fine.
> > If i go to https://foreman1.com (our original formean server that is
> > also the certificate authority) ever proxy looks fine, life is happy.
> >
> > If i go to https://foreman2.com (the new foreman we created with the
> > theforeman module logon is fine, hosts report ok but when i go to smart
> > proxy it shows red and give the error
> >
> > *Error: *Unable to communicate with the proxy: Permission denied @
> > rb_sysopen - /etc/puppetlabs/puppet/ssl/private_keys/foreman2.com.pem
> > and Please check the proxy is configured and running on the host.
>
> The certificate used by Foreman to communicate with its smart proxies is
> set by the ssl_* settings under Administer > Settings > Auth.
>
> theforeman/puppet configures this via /etc/foreman/settings.yaml, and
> it's controlled by the "client_ssl_ca", "client_ssl_cert", and
> "client_ssl_key" parameters on the "foreman" class
> (
> http://www.puppetmodule.info/modules/theforeman-foreman/puppet_classes/foreman).
>
>
>
> Check what values are appropriate for your smart proxy instance, perhaps
> compare against your existing Foreman server, then set these parameters
> to the same values.
>
> --
> Dominic Cleal
> dom...@cleal.org <javascript:>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/4853cf92-dc30-4b0c-ac26-eed75e8e1240%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
