Problem:
If I configure puppet-proxy with --foreman-proxy-puppetca=true
, the foreman-proxy is registered on the foreman-base correctly. Unfortunately if I switch over to the tab “Puppet CA”, I am getting this error:
Failure: ERF50-5345 [Foreman::WrappedException]: Unable to connect ([ProxyAPI::ProxyException]: ERF12-5356 [ProxyAPI::ProxyException]: Unable to get PuppetCA certificates ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy https://foreman-proxy.example.com:8443/puppet/ca)
This is the full statement:
foreman-installer \
> --no-enable-foreman \
> --no-enable-foreman-cli \
> --enable-foreman-proxy \
> --no-enable-foreman-plugin-templates \
> --enable-foreman-proxy-plugin-remote-execution-ssh \
> --enable-foreman-proxy-plugin-discovery \
> --foreman-proxy-plugin-discovery-install-images=true \
> --foreman-proxy-puppetca=true \
> --foreman-proxy-tftp=true \
> --foreman-proxy-foreman-ssl-ca=/etc/foreman-proxy/ca.pem \
> --foreman-proxy-foreman-ssl-cert=/etc/foreman-proxy/cert.pem \
> --foreman-proxy-foreman-ssl-key=/etc/foreman-proxy/key.pem \
> --foreman-proxy-foreman-base-url=https://foreman.example.com \
> --foreman-proxy-trusted-hosts=foreman.example.com \
> --foreman-proxy-oauth-consumer-key=...\
> --foreman-proxy-oauth-consumer-secret=...
In my initial setup I created a certificate on the foreman server for the smart proxy:
puppetserver ca generate --certname foreman-proxy.example.com
After this I copied those files to
/etc/foreman-proxy/ca.pem
/etc/foreman-proxy/key.pem
/etc/foreman-proxy/cert.pem
Expected outcome:
Puppet CA working without errors
Foreman and Proxy versions:
Foreman Smart Proxy:
Discovery
Version
1.0.5
Dynflow
Version
0.2.4
HTTPBoot
Version
1.24.2
SSH
Version
0.2.1
TFTP
Version
1.24.2
TFTP server
false
Foreman Main Server
Discovery
Version
1.0.5
Dynflow
Version
0.2.4
HTTPBoot
Version
1.24.2
SSH
Version
0.2.1
TFTP
Version
1.24.2
TFTP server
false