Problem:
I am preparing to migrate an old Puppet 3.8, Foreman 1.12, CentOS 6.x server to a modern Puppet & Foreman installation. As part of this process, I swapped out the Apache/Passenger stack for a new Puppetserver daemon (as recommended at https://puppet.com/docs/puppet/5.5/upgrade_major_pre.html ).
Many things seem to work okay, but one remaining problem is that certain commands fail with an error about the Puppet CA:
$ hammer host update --name host1.example.org --environment dev
Could not update the host:
Puppet ca proxy does not have the Puppet CA feature
$
I am unsure which component is broken here. Can anyone point me in the correct direction?
-
/etc/foreman-proxy/settings.d/puppetca.yml contains the following configuration. These settings look correct to me, and match the settings from Foreman :: Manual .
# PuppetCA management :enabled: https :ssldir: /var/lib/puppet/ssl :puppetdir: /etc/puppet
-
/var/lib/puppet/ssl does indeed contain our certificates, and
sudo -u foreman-proxy ls -l /var/lib/puppet/ssl/ca/signed/
shows the client certs.
Expected outcome:
I expected hammer host update --name host1.example.org --environment dev
to change the environment for this host.
Foreman and Proxy versions:
Foreman: 1.12.4
Foreman-proxy: 1.12.4
Foreman and Proxy plugin versions:
Unsure. Version 1.12.4 I think?
Other relevant data:
[e.g. logs from Foreman and/or the Proxy, modified templates, commands issued, etc]
No logs are generated under /var/log/* after I run this command, even after setting :log_level: DEBUG
Our architecture is fairly straightforward. One EL6 host hosts Foreman, the Foreman Proxies & the Puppet Master. Everything lives on one host.