I'm pretty new to foreman & puppet. I have installed foreman server with
puppet master. Now, I have installed the smart proxy on another vlan to
manage VMs on those VLAN. Since, I want to secure all communications
because my setup will become in production later, I want to use SSL. When I
try to lauched the service foreman-proxy, it complains that certificates
are not installed. Of course, I didn't even create one for him. Question:
Where should I create this certificate ? I read practically all the manual
many times since the last 3 weeks I'm working on this, I didn't find a
place who explain the best way, with foreman, to create those certificates.
As indicated in the section "Smart Proxy Installation", I installed the deb
package coming from deb.theforeman.org after configuring the repo and his
pub key.
After starting the service with "service foreman-proxy start", I simply got
the message:
"Facter was not found, Facts API disabled
from /usr/share/foreman-proxy/lib/smart_proxy.rb:45:in rescue in <class:SmartProxy>' Unable to access the SSL keys. Are the values correct in settings.yml and do permissions allow reading?: No such file or directory - ssl/private_keys/fqdn.key from /usr/share/foreman-proxy/lib/smart_proxy.rb:65:inrescue in
<class:SmartProxy>'"
Since I didn't genereate the certif, It's normal that the service failed to
start.
Then, I come back to the original question: What's the best way to create
certificates within a foreman architecture ?
Note: Foreman server and puppet master are running on another VM ready to
receive new nodes.
Regards,
Ben
···
Le lundi 11 mai 2015 04:14:23 UTC-4, Daniel Lobato a écrit :
>
> On 05/10, Ben wrote:
> > Hi everyone,
> >
> > I'm pretty new to foreman & puppet. I have installed foreman server with
> > puppet master. Now, I have installed the smart proxy on another vlan to
> > manage VMs on those VLAN. Since, I want to secure all communications
> > because my setup will become in production later, I want to use SSL.
> When I
> > try to lauched the service foreman-proxy, it complains that certificates
> > are not installed. Of course, I didn't even create one for him.
> Question:
> > Where should I create this certificate ? I read practically all the
> manual
> > many times since the last 3 weeks I'm working on this, I didn't find a
> > place who explain the best way, with foreman, to create those
> certificates.
>
> Hi Ben,
>
> The foreman-installer should've created the certificates for you. Did
> you disable the SSL options? You can run it again with the right
> options, it is idempotent.
> >
> > Thanks for your help
> >
> > Ben
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Foreman users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to foreman-user...@googlegroups.com .
> > To post to this group, send email to forema...@googlegroups.com
> .
> > Visit this group at http://groups.google.com/group/foreman-users.
> > For more options, visit https://groups.google.com/d/optout.
>
>
> --
> Daniel Lobato Garcia
>
> @eLobatoss
> blog.daniellobato.me
> daniellobato.me
>
> GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30
> Keybase: https://keybase.io/elobato
>
In a default installation you would use the Puppet certs for this, so
you can either set up a Puppet client + sign its certs as usual, then
configure the foreman-proxy to use those, or manually sign and copy
certs to your new smart proxy server.
···
On 11/05/15 04:10, Ben wrote:
> Hi everyone,
>
> I'm pretty new to foreman & puppet. I have installed foreman server with
> puppet master. Now, I have installed the smart proxy on another vlan to
> manage VMs on those VLAN. Since, I want to secure all communications
> because my setup will become in production later, I want to use SSL.
> When I try to lauched the service foreman-proxy, it complains that
> certificates are not installed. Of course, I didn't even create one for
> him. Question: Where should I create this certificate ? I read
> practically all the manual many times since the last 3 weeks I'm working
> on this, I didn't find a place who explain the best way, with foreman,
> to create those certificates.