I was wondering if anyone could help me as I have spent a lot of time
trying to get this to work with no success.
I can install foreman on debian wheezy using foreman-installer and the
default settings. This installs using a self signed cert meaning if I go to
https://foreman.mydomain.com in my browser the connection is not verified.
I have a certificate for this domain that I would like to use with foreman
and it is saved in the following locations
ca -> /var/lib/puppet/ssl/certs/GandiProSSLCA.pem
cert -> /var/lib/puppet/ssl/certs/REALforeman.mydomain.com.crt
key -> /var/lib/puppet/ssl/private_keys/REALforeman.mydomain.com.key
Now I have edited /etc/foreman/foreman-installer-answers.yaml and set :
server_ssl_ca: /var/lib/puppet/ssl/certs/GandiProSSLCA.pem
server_ssl_chain: /var/lib/puppet/ssl/certs/GandiProSSLCA.pem
server_ssl_cert: /var/lib/puppet/ssl/certs/REALforeman.mydomain.com.crt
server_ssl_key: /var/lib/puppet/ssl/private_keys/REALforeman.mydomain.
com.key
Then I run foreman-installer again
When I do this my connection to https://foreman.mydomain.com in my browser
is verified but then puppet does not work, if I run 'puppet agent -t' I get
the following
Warning: Unable to fetch my node definition, but the agent run will continue
:
Warning: Error 400 on SERVER: Failed to find foreman.mydomain.com via exec:
Execution of '/etc/puppet/node.rb foreman.mydomain.com' returned 1:
Info: Retrieving pluginfacts
Info: Retrieving plugin
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
Failed when searching for node foreman.mydomain.com: Failed to find foreman.
mydomain.com via exec: Execution of '/etc/puppet/node.rb
foreman.mydomain.com' returned 1:
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Running /etc/puppet/node.rb foreman.mydomain.com manually gets me this
Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=SSLv3
read server certificate B: certificate verify failed
I have also tried pointing these settings to my certs with no luck
websockets_ssl_key
websockets_ssl_cert
ssl_ca
ssl_cert
ssl_key
puppet_ssl_ca
puppet_ssl_cert
puppet_ssl_key
server_foreman_ssl_ca
server_foreman_ssl_cert
server_foreman_ssl_key
Would anyone be able to help me with the correct options that I should be
setting? I can attach any necessary files, just ask.