Problem:
Puppet agent certificate signing request ends with a 404 error :
Expected outcome:
Puppet agent certificate signing request being signed by the Puppetca
Foreman and Proxy versions:
Foreman version : 1.21.3
Other relevant data:
Hello,
I’m trying to configure a Puppetserver + Foreman/Puppetca stack.
There is no Puppetca on the Puppetserver, the Puppetca is hosted on the same host as Foreman.
I think that most of it is well configured, I added the Puppetserver’s smart-proxy in Foreman, execution reports are correctly sent to Foreman from the Puppetserver.
The only part that fails, is the certificate signing of new Puppet agents.
New clients can contact the Puppetserver and get their catalog executed as long as their client certificate is manually generated on the Puppetca (same host as Foreman) and manually copied on the client.
I tried to configure hosts to contact directly the Foreman/Puppetca host :
user@client ~]# grep “ca_server” /etc/puppetlabs/puppet/puppet.conf
ca_server = foreman.domain.com
ca_port = 8443
But I always get this error :
[user@client ~]# /opt/puppetlabs/bin/puppet agent -t
Error: Could not request certificate: Find /puppet-ca/v1/certificate/ca?environment=production&fail_on_404=true resulted in 404 with the message: Requested url was not found
Exiting; failed to retrieve certificate and waitforcert is disabled
I guess that the foreman-proxy is well configured on the Foreman host :
[user@foreman ~]# cat /etc/foreman-proxy/settings.d/puppetca.yml
:enabled: https
:ssldir: /etc/puppetlabs/puppet/ssl
:use_provider: puppetca_hostname_whitelisting
[user@foreman ~]# cat /etc/puppetlabs/puppet/autosign.conf
*.domain.com
There must be somthing I’m missing or did not understand, can you please help me with that ?
Thanks =)