On 25/04/17 18:34, Jason McMahan wrote: > Has anyone else used the foreman puppet module to create a new formean host? > We used the module, created the host, and manually added it to our f5 > but odd things show up. > > If i go to https://foreman.com (load balancer) go to infrastructure > > smart proxy > click on puppetca host and look at certificates 1 out of 2 > times it is fine. > If i go to https://foreman1.com (our original formean server that is > also the certificate authority) ever proxy looks fine, life is happy. > > If i go to https://foreman2.com (the new foreman we created with the > theforeman module logon is fine, hosts report ok but when i go to smart > proxy it shows red and give the error > > *Error: *Unable to communicate with the proxy: Permission denied @ > rb_sysopen - /etc/puppetlabs/puppet/ssl/private_keys/foreman2.com.pem > and Please check the proxy is configured and running on the host.
The certificate used by Foreman to communicate with its smart proxies is set by the ssl_* settings under Administer > Settings > Auth. theforeman/puppet configures this via /etc/foreman/settings.yaml, and it's controlled by the "client_ssl_ca", "client_ssl_cert", and "client_ssl_key" parameters on the "foreman" class (http://www.puppetmodule.info/modules/theforeman-foreman/puppet_classes/foreman). Check what values are appropriate for your smart proxy instance, perhaps compare against your existing Foreman server, then set these parameters to the same values. -- Dominic Cleal domi...@cleal.org -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8bb118f4-bd64-7725-7f6a-07eb743284f4%40cleal.org. For more options, visit https://groups.google.com/d/optout.