Add new client

kirand · May 7, 2020, 1:12am

Problem:
/opt/puppetlabs/bin/puppet agent -t
on client gives error

Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get issuer certificate for /CN=Puppet CA:xxx

Warning: Not using cache on failed catalog

Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get issuer certificate for /CN=Puppet CA: …

Expected outcome:
agent gets added
Foreman and Proxy versions:
foreman-postgresql-2.0.0-2.el7.noarch
foreman-cli-2.0.0-2.el7.noarch
rubygem-foreman_maintain-0.6.2-1.el7.noarch
foreman-installer-2.0.0-1.el7.noarch
foreman-release-2.0.0-1.el7.noarch
foreman-selinux-2.0.0-1.el7.noarch
foreman-2.0.0-2.el7.noarch
foreman-proxy-2.0.0-1.el7.noarch
tfm-rubygem-hammer_cli_foreman-2.0.2-1.el7.noarch
foreman-debug-2.0.0-2.el7.noarch
foreman-dynflow-sidekiq-2.0.0-2.el7.noarch
foreman-release-scl-7-2.el7.noarch

Foreman and Proxy plugin versions:
NA
Distribution and version:
CentOS 7
Other relevant data:

I am planning to use this tool only for complaince check eg is all servers patched ? to start with

Please suggest

kirand · May 7, 2020, 4:04am

tbrisker · May 7, 2020, 9:30am

Without commenting to the error you are seeing with puppet (which seems like possibly a certificate misconfiguration), you might be interested in the OpenSCAP plugin which handles automated compliance scans and can use both puppet, ansible or manual policy deployment to your hosts.