We are running puppet master 4.10 on CentOS with foreman 1.15.2 on the same
server. As per standard, we tried to replace the web self signed cert of
foreman with local CA but running into out of sync on foreman. The nodes
are communicating with puppet master with no issues, pulling the catalogs
but foreman reports them all as out of sync for some reason.
After getting the local CA signed cert, replaced it by running this command,
$foreman-installer -v
–foreman-server-ssl-cert=/etc/puppetlabs/puppet/ssl/certs/custom.cer
–foreman-server-ssl-key=/etc/puppetlabs/puppet/ssl/private_keys/custom-2048.key
–foreman-server-ssl-chain=/etc/puppetlabs/puppet/ssl/custom_root.pem
This command updated the file /etc/httpd/conf.d/05-foreman-ssl.conf with
given values.
Followed this link but i dont see any definition as ssl_ca on node.rb file.
as mentioned in the document.
Here is my file content,
$ grep ssl_ca /etc/puppetlabs/puppet/node.rb
if SETTINGS[:ssl_ca] && !SETTINGS[:ssl_ca].empty?
res.ca_file = SETTINGS[:ssl_ca]
if SETTINGS[:ssl_ca] && !SETTINGS[:ssl_ca].empty?
http.ca_file = SETTINGS[:ssl_ca]
$ locate foreman.rb
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/reports/foreman.rb
/opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli_foreman-0.10.2/lib/hammer_cli_foreman.rb
/usr/share/foreman/config/initializers/foreman.rb
/usr/share/foreman/lib/foreman.rb
/usr/share/foreman-installer/modules/foreman/lib/puppet/parser/functions/foreman.rb
/usr/share/ruby/vendor_ruby/puppet/reports/foreman.rb
$ grep ssl_ca
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/reports/foreman.rb
if SETTINGS[:ssl_ca] && !SETTINGS[:ssl_ca].empty?
http.ca_file = SETTINGS[:ssl_ca]
If this file is correct, how do I edit them to change the value, I dont see
anywhere this ssl_ca is defined though.
Any help would be really helpful to move forward.
Thanks