We are running puppet master 4.10 on CentOS with foreman 1.15.2 on the same server. As per standard, we tried to replace the web self signed cert of foreman with local CA but running into out of sync on foreman. The nodes are communicating with puppet master with no issues, pulling the catalogs but foreman reports them all as out of sync for some reason.
After getting the local CA signed cert, replaced it by running this command, $foreman-installer -v --foreman-server-ssl-cert=/etc/puppetlabs/puppet/ssl/certs/custom.cer --foreman-server-ssl-key=/etc/puppetlabs/puppet/ssl/private_keys/custom-2048.key --foreman-server-ssl-chain=/etc/puppetlabs/puppet/ssl/custom_root.pem This command updated the file /etc/httpd/conf.d/05-foreman-ssl.conf with given values. Followed this link but i dont see any definition as ssl_ca on node.rb file. as mentioned in the document. https://flakrat.blogspot.com/2014/06/replace-foreman-self-signed-certificate.html Here is my file content, $ grep ssl_ca /etc/puppetlabs/puppet/node.rb if SETTINGS[:ssl_ca] && !SETTINGS[:ssl_ca].empty? res.ca_file = SETTINGS[:ssl_ca] if SETTINGS[:ssl_ca] && !SETTINGS[:ssl_ca].empty? http.ca_file = SETTINGS[:ssl_ca] $ locate foreman.rb /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/reports/foreman.rb /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli_foreman-0.10.2/lib/hammer_cli_foreman.rb /usr/share/foreman/config/initializers/foreman.rb /usr/share/foreman/lib/foreman.rb /usr/share/foreman-installer/modules/foreman/lib/puppet/parser/functions/foreman.rb /usr/share/ruby/vendor_ruby/puppet/reports/foreman.rb $ grep ssl_ca /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/reports/foreman.rb if SETTINGS[:ssl_ca] && !SETTINGS[:ssl_ca].empty? http.ca_file = SETTINGS[:ssl_ca] If this file is correct, how do I edit them to change the value, I dont see anywhere this ssl_ca is defined though. Any help would be really helpful to move forward. Thanks -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
