This may sound stupid, or even idiotic, but have you tried running the foreman-installer --noop --verbose to see what it shows? I have found that when I patch my Linux servers that HTTP and other configs get completely messed up. Running the foreman-installer pulls the details from the answers file and reconfigures the setups accordingly. It has become my first troubleshooting step when things aren't working.
Seeing that your foreman2 box still shows the SSL certs for foreman1, but your answers file has the foreman2 certs defined, running the installer in noop with verbose will show you what would have changed to see if this would make the modifications you need to get the proxy working. On Wednesday, April 26, 2017 at 2:18:43 PM UTC-4, Jason McMahan wrote: > > Thank you for the quick response Dominic, > When i look under settings > > foreman1 = (the original working) > SSL CA file /etc/puppetlabs/puppet/ssl/certs/ca.pem SSL CA > file that Foreman will use to communicate with its proxies > SSL certificate /etc/puppetlabs/puppet/ssl/certs/foreman1.com.pem > SSL Certificate path that Foreman would use to communicate with its > proxies > SSL client cert env SSL_CLIENT_CERT Environment variable > containing a client's SSL certificate > SSL client DN env SSL_CLIENT_S_DN Environment variable > containing the subject DN from a client SSL certificate > SSL client verify env SSL_CLIENT_VERIFY Environment variable > containing the verification status of a client SSL certificate > SSL private key /etc/puppetlabs/puppet/ssl/private_keys/foreman1.com.pem > SSL Private Key file that Foreman will use to communicate with its > proxies > > foreman2: > SSL CA file /etc/puppetlabs/puppet/ssl/certs/ca.pem > SSL CA file that Foreman will use to communicate with its > proxies > SSL certificate /etc/puppetlabs/puppet/ssl/certs/foreman1.com.pem > SSL Certificate path that Foreman would use to communicate with its > proxies > SSL client cert env SSL_CLIENT_CERT > Environment variable containing a client's SSL > certificate > SSL client DN env SSL_CLIENT_S_DN > Environment variable containing the subject DN from > a client SSL certificate > SSL client verify env SSL_CLIENT_VERIFY > Environment variable containing the verification > status of a client SSL certificate > SSL private key /etc/puppetlabs/puppet/ssl/private_keys/foreman1.com.pem > SSL Private Key file that Foreman will use to communicate with its > proxies > > > When i look in the settings.yaml > foreman1: > :ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/foreman1.com.pem > :ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem > :ssl_priv_key: /etc/puppetlabs/puppet/ssl/private_keys/foreman1.com.pem > > foreman2: > :ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/foreman2.com.pem > :ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem > :ssl_priv_key: /etc/puppetlabs/puppet/ssl/private_keys/foreman2.com.pem > > > On Wednesday, April 26, 2017 at 6:00:06 AM UTC-5, Dominic Cleal wrote: >> >> On 25/04/17 18:34, Jason McMahan wrote: >> > Has anyone else used the foreman puppet module to create a new formean >> host? >> > We used the module, created the host, and manually added it to our f5 >> > but odd things show up. >> > >> > If i go to https://foreman.com (load balancer) go to infrastructure > >> > smart proxy > click on puppetca host and look at certificates 1 out of >> 2 >> > times it is fine. >> > If i go to https://foreman1.com (our original formean server that is >> > also the certificate authority) ever proxy looks fine, life is happy. >> > >> > If i go to https://foreman2.com (the new foreman we created with the >> > theforeman module logon is fine, hosts report ok but when i go to smart >> > proxy it shows red and give the error >> > >> > *Error: *Unable to communicate with the proxy: Permission denied @ >> > rb_sysopen - /etc/puppetlabs/puppet/ssl/private_keys/foreman2.com.pem >> > and Please check the proxy is configured and running on the host. >> >> The certificate used by Foreman to communicate with its smart proxies is >> set by the ssl_* settings under Administer > Settings > Auth. >> >> theforeman/puppet configures this via /etc/foreman/settings.yaml, and >> it's controlled by the "client_ssl_ca", "client_ssl_cert", and >> "client_ssl_key" parameters on the "foreman" class >> ( >> http://www.puppetmodule.info/modules/theforeman-foreman/puppet_classes/foreman). >> >> >> >> Check what values are appropriate for your smart proxy instance, perhaps >> compare against your existing Foreman server, then set these parameters >> to the same values. >> >> -- >> Dominic Cleal >> dom...@cleal.org >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/fab05cfa-b931-4c7d-b4ea-4aa2e163b25b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
