Re: [foreman-users] Re: Foreman Proxy is not recognized
On 28/07/16 16:08, Sai Krishna wrote: > # see http://theforeman.org/projects/smart-proxy/wiki/SSL for > more information > > :ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem > > :ssl_certificate: /var/lib/puppet/ssl/certs/puppetmaster.com.pem > > :ssl_private_key: > /var/lib/puppet/ssl/private_keys/puppetmaster.com.pem > > :trusted_hosts: > > - foremanserver.com > > # Endpoint for reverse communication > > :foreman_url: https://foremanserver.com > > I have replaced the puppetmaster certificates > /var/lib/puppet/ssl/certs/ca.pem , > /var/lib/puppet/ssl/certs/puppetmaster.pem, > /var/lib/puppet/ssl/private_keys/puppetmaster.pem with foreman > server certificates. which are also mentioned in settings.yml. > after this I have ran the foreman installer again enabling > puppet and foreman- proxy but still the error is same after > finishing the foreman installer installation. As you said I have > checked the ruby-kafo it is to the latest 0.9.1. On the > puppetmaster the smart proxy is running but when trying to add > in the foreman gui it is throwing same error. Let me know you > want me to check any other configuration settings or cert > settings. according to the error there is something wrong with > certificates configuration but not sure where to make changes. > > > error on foreman gui > *Unable to save* > Unable to communicate with the proxy: ERF12-2530 > [ProxyAPI::ProxyException]: Unable to detect features > ([OpenSSL::SSL::SSLError]: hostname "nyrhdv146.cusa.canon.com" does not > match the server certificate) for proxy > https://nyrhdv146.cusa.canon.com:8443/features > Please check the proxy is configured and running on the host. This is a different error. It states that the hostname you're entering in the Foreman UI is different to the hostname on the certificates. Your later response says you're using "puppet cert generate new-puppetmaster.example.com", which means you would need to use that hostname (new-puppetmaster.example.com) when adding the smart proxy. If the hostname you're adding is actually "nyrhdv146.cusa.canon.com" then you should use "puppet cert generate nyrhdv146.cusa.canon.com" too. -- Dominic Cleal domi...@cleal.org -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Re: Foreman Proxy is not recognized
puppet cert generate new-puppetmaster.example.com am generating new certs for puppetmaster on foreman server and replacing new certs in puppetmaster is this correct way ? Please advice Sai Krishna -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Re: Foreman Proxy is not recognized
/etc/foreman-proxy/settings.d/puppet_proxy_puppet_api.yml > >>- --- >>- # URL of the puppet master itself for API requests. >>- :puppet_url: https://puppetmaster:8140 >>- # SSL certificates used to access the puppet API >>- :puppet_ssl_ca: /etc/puppetlabs/puppet/ssl/certs/ca.pem >>- :puppet_ssl_cert: /etc/puppetlabs/puppet/ssl/certs/puppetmaster.pem >>- :puppet_ssl_key: >>/etc/puppetlabs/puppet/ssl/private_keys/puppetmaster.pem >> >> Here the paths are different from settings.yml is this causing any cert issue ? -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Re: Foreman Proxy is not recognized
On 27/07/16 21:43, Sai Krishna wrote: > *[ERROR 2016-07-27 16:13:21 main] Errors encountered during run:* > *[ERROR 2016-07-27 16:13:21 main] Evaluation Error: Error while > evaluating a Function Call, undefined class/module HighLine:: at > /usr/share/gems/gems/kafo-0.9.1/modules/kafo_configure/manifests/init.pp:14:3 > on node puppetserver.com* This appears similar to http://projects.theforeman.org/issues/15111, so ensure ruby-kafo is at least version 0.8.2, preferably the latest we ship (0.9.x). -- Dominic Cleal domi...@cleal.org -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Re: Foreman Proxy is not recognized
On 27/07/16 20:27, Sai Krishna wrote: > I have changed the /etc/foreman-proxy/settings.yml file. I have change > trusted host and foreman_url from puppetmaster to foremanvers FQDN. is > this a wrong move ? > > # the hosts which the proxy accepts connections from > # commenting the following lines would mean every verified SSL > connection allowed > :trusted_hosts: > - foremansever.com > > # Endpoint for reverse communication > :foreman_url: https://foremanserver.com > > I have generated new smart proxy certificates from foreman server and > replaced the /etc/puppetlabs/ssl/certs/ca.pem, puppetserver.pem, > /etc/puppetlabs/ssl/private_keys/puppetserver.pem > > Still do I need to change anything. Please advice. That sounds correct, but what happens now? It's unclear from your message whether this works or if you still receive an error. Also verify that those paths are the ones referenced in settings.yml. -- Dominic Cleal domi...@cleal.org -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.