There is this article (Installing a puppet smart proxy against a katello main server), though I’m not using puppet (AFAIK), it does provide helpful insight in how to add custom certs to a smart-proxy deployment.
The following however doesn’t work and changes the group ownership of the key file from foreman-proxy to puppet:
sudo foreman-installer \
--foreman-proxy-ssl-cert "/etc/ssl/certs/$(hostname).crt" \
--foreman-proxy-ssl-key "/etc/ssl/private/$(hostname).key" \
--foreman-proxy-ssl-ca "/etc/ipa/ca.crt" \
--foreman-proxy-register-in-foreman "true" \
--foreman-proxy-trusted-hosts "foreman.site.domain.com" \
--foreman-proxy-trusted-hosts "$(hostname)" \
--foreman-proxy-oauth-consumer-key "********" \
--foreman-proxy-oauth-consumer-secret "********"
The output complains about the permissions on the key file:
2023-08-09 01:22:09 [ERROR ] [configure] Aug 09 01:22:08 dhcp.site.domain.com systemd[1]: Starting Foreman Proxy...
2023-08-09 01:22:09 [ERROR ] [configure] Aug 09 01:22:09 dhcp.site.domain.com smart-proxy[1089286]: /usr/lib/ruby/vendor_ruby/mustermann/pattern.rb:59: warning: Using the last argument as keyword parameters is deprecated; maybe ** should be added to the call
2023-08-09 01:22:09 [ERROR ] [configure] Aug 09 01:22:09 dhcp.site.domain.com smart-proxy[1089286]: /usr/lib/ruby/vendor_ruby/mustermann/regular.rb:22: warning: The called method `initialize' is defined here
2023-08-09 01:22:09 [ERROR ] [configure] Aug 09 01:22:09 dhcp.site.domain.com smart-proxy[1089286]: /usr/lib/ruby/vendor_ruby/mustermann/pattern.rb:59: warning: Using the last argument as keyword parameters is deprecated; maybe ** should be added to the call
2023-08-09 01:22:09 [ERROR ] [configure] Aug 09 01:22:09 dhcp.site.domain.com smart-proxy[1089286]: /usr/lib/ruby/vendor_ruby/mustermann/regexp_based.rb:17: warning: The called method `initialize' is defined here
2023-08-09 01:22:09 [ERROR ] [configure] Aug 09 01:22:09 dhcp.site.domain.com smart-proxy[1089286]: /usr/lib/ruby/vendor_ruby/mustermann/ast/compiler.rb:43: warning: Using the last argument as keyword parameters is deprecated; maybe ** should be added to the call
2023-08-09 01:22:09 [ERROR ] [configure] Aug 09 01:22:09 dhcp.site.domain.com smart-proxy[1089286]: /usr/lib/ruby/vendor_ruby/mustermann/ast/compiler.rb:49: warning: The called method `pattern' is defined here
2023-08-09 01:22:09 [ERROR ] [configure] Aug 09 01:22:09 dhcp.site.domain.com smart-proxy[1089286]: /usr/lib/ruby/vendor_ruby/rsec/helpers.rb:90: warning: constant ::Fixnum is deprecated
2023-08-09 01:22:09 [ERROR ] [configure] Aug 09 01:22:09 dhcp.site.domain.com smart-proxy[1089286]: Errors detected on startup, see log for details. Exiting: Permission denied @ rb_sysopen - /etc/ssl/private/dhcp.site.domain.com.key
2023-08-09 01:22:09 [ERROR ] [configure] Aug 09 01:22:09 dhcp.site.domain.com systemd[1]: foreman-proxy.service: Main process exited, code=exited, status=1/FAILURE
2023-08-09 01:22:09 [ERROR ] [configure] Aug 09 01:22:09 dhcp.site.domain.com systemd[1]: foreman-proxy.service: Failed with result 'exit-code'.
2023-08-09 01:22:09 [ERROR ] [configure] Aug 09 01:22:09 dhcp.site.domain.com systemd[1]: Failed to start Foreman Proxy.
2023-08-09 01:22:09 [NOTICE] [configure] System configuration has finished.
Before running foreman-installer:
user@dhcp:~$ sudo ls -al /etc/ssl/private/dhcp.site.domain.com.key
-rw-r----- 1 root foreman-proxy 1704 Aug 8 18:41 /etc/ssl/private/dhcp.site.domain.com.key
And after:
user@dhcp:~$ sudo ls -al /etc/ssl/private/dhcp.site.domain.com.key
-rw-r----- 1 root puppet 1704 Aug 8 18:41 /etc/ssl/private/dhcp.site.domain.com.key
The puppet group exists and contains the foreman-proxy user:
user@dhcp:~$ sudo grep foreman-proxy /etc/group
foreman-proxy:x:997:
puppet:x:1001:foreman-proxy
How do I appease foreman-installer so that I can run foreman-proxy for ISC DHCP on this Ubuntu host? The Foreman server is a CentOS 8 server with Katello.