We are running puppet master 4.10 on CentOS with foreman 1.15.2 on the same 
server.  As per standard, we tried to replace the web self signed cert of 
foreman with local CA but running into out of sync on foreman.  The nodes 
are communicating with puppet master with no issues,  pulling the catalogs 
but foreman reports them all as out of sync for some reason. 

After getting the local CA signed cert, replaced it by running this command,

$foreman-installer -v 
--foreman-server-ssl-cert=/etc/puppetlabs/puppet/ssl/certs/custom.cer 
--foreman-server-ssl-key=/etc/puppetlabs/puppet/ssl/private_keys/custom-2048.key
 
--foreman-server-ssl-chain=/etc/puppetlabs/puppet/ssl/custom_root.pem


This command updated the file /etc/httpd/conf.d/05-foreman-ssl.conf with 
given values. 

Followed this link but i dont see any definition as ssl_ca on node.rb file. 
as mentioned in the document. 
https://flakrat.blogspot.com/2014/06/replace-foreman-self-signed-certificate.html

Here is my file content,

$ grep ssl_ca /etc/puppetlabs/puppet/node.rb
    if SETTINGS[:ssl_ca] && !SETTINGS[:ssl_ca].empty?
      res.ca_file = SETTINGS[:ssl_ca]
    if SETTINGS[:ssl_ca] && !SETTINGS[:ssl_ca].empty?
      http.ca_file = SETTINGS[:ssl_ca]

$ locate foreman.rb
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/reports/foreman.rb
/opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli_foreman-0.10.2/lib/hammer_cli_foreman.rb
/usr/share/foreman/config/initializers/foreman.rb
/usr/share/foreman/lib/foreman.rb
/usr/share/foreman-installer/modules/foreman/lib/puppet/parser/functions/foreman.rb
/usr/share/ruby/vendor_ruby/puppet/reports/foreman.rb

$ grep ssl_ca 
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/reports/foreman.rb
        if SETTINGS[:ssl_ca] && !SETTINGS[:ssl_ca].empty?
          http.ca_file = SETTINGS[:ssl_ca]

If this file is correct, how do I edit them to change the value, I dont see 
anywhere this ssl_ca is defined though. 

Any help would be really helpful to move forward. 

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Reply via email to