Hello,
I am trying to setup a distributed installation of Foreman but need some
help. For testing I have a very simple setup where I have two CentOS 6.6
servers, one (foreman) is configured as a Puppet Master and Puppet CA, the
second (foreman-sp) is configured as a Puppet Master using the instructions
posted here
<Foreman :: Manual>.
I have installed the Puppet agent on a test Ubuntu 14.04 server (test01)
and configured the agent to connect to foreman-sp (I added server=foreman-sp to
/etc/puppet/puppet.conf), but when I run sudo puppet agent -t I get the
following error Error: Could not request certificate: Error 400 on SERVER:
this master is not a CA, the server test01 has no connection to foreman, it
was my impression that the request for its certificate would go via
foreman-sp (which does have a connection to foreman).
We have various segmented customer networks, I would like the agents for
each customer to me managed by a central Foreman server, is it possible to
those targets to connect to a Puppet Master within that network, then for
the central Foreman server manage the various Puppet Masters/Smart Proxies?
Thank you, Ben.
Dominic helped me via #theforeman, I forgot
–puppet-server-ca-proxy=https://foreman:8140 when installing my Smart
Proxy and also --puppet-allow-any-crl-auth=true on my Puppet CA.
···
On Friday, 12 June 2015 11:18:49 UTC+1, Ben Vassie wrote:
>
> Hello,
>
> I am trying to setup a distributed installation of Foreman but need some
> help. For testing I have a very simple setup where I have two CentOS 6.6
> servers, one (foreman) is configured as a Puppet Master and Puppet CA, the
> second (foreman-sp) is configured as a Puppet Master using the instructions
> posted here
> .
>
> I have installed the Puppet agent on a test Ubuntu 14.04 server (test01)
> and configured the agent to connect to foreman-sp (I added
> server=foreman-sp to /etc/puppet/puppet.conf), but when I run sudo puppet
> agent -t I get the following error Error: Could not request certificate:
> Error 400 on SERVER: this master is not a CA, the server test01 has no
> connection to foreman, it was my impression that the request for its
> certificate would go via foreman-sp (which does have a connection to
> foreman).
>
> We have various segmented customer networks, I would like the agents for
> each customer to me managed by a central Foreman server, is it possible to
> those targets to connect to a Puppet Master within that network, then for
> the central Foreman server manage the various Puppet Masters/Smart Proxies?
>
> Thank you, Ben.
>