Problem:
Each time I execute foreman-installer it reverts all the certificate settings to the defaults. To use my custom self-signed certs, after foreman installation I made some changes into to read different certs:
foreman/settings.yaml
foreman-proxy/settings.yml
Everything works fine… Until I execute foreman-installer.
I can’t install any new plugin because I think by default it tries to revert all the certificates to the default ones.
I even found 2 parameters which can be responsible for this behaviour:
--reset-foreman-ssl Reset ssl to the default value (true)
--reset-foreman-proxy-ssl Reset ssl to the default value (true)
Default values of both are true.
Is it possible to change it to false?
I tried to set both values to false but even with just 1 argument provided I am getting…
foreman-installer --reset-foreman-ssl=false
2024-02-28 09:45:36 [NOTICE] [root] Loading installer configuration. This will take some time.
2024-02-28 09:45:39 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2024-02-28 09:45:39 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
ERROR: too many arguments
Expected outcome:
I do not want to regenerate certs each time foreman-installer is executed.
In general, the --reset-XY options of the installer are there to reset any XY option to its default value. Those parameters don’t do anything specific other than that and do not accept parameters.
For your actual problem at hand: You have to tell foreman-installer which certs to use instead of the default ones. You can take a look at the docs here for the required options, also here for smart-proxies.
These docs are written for Katello (which I’m not sure if you are using), but the general idea should work the same for plain Foreman.
The foreman-installer replaces the configs every time you run it, which has to be done on every update/patch of Foreman. So, if you do any custom configs outside of the installer, you will constantly be fighting with it.
Really, the only way to keep it from redoing what IT wants to do is for you to provide your certs as part of ITS config so it does what you want it to do every time.
In your case, I think instead of just replacing the files yourself outside of the installer, you should provide it the options to use your certs you want via the --foreman-server-ssl… options.
I don’t have any ssl errors and I can see both smart proxies on the Foreman Website. It works just fine.
However, I am not sure if it’s the correct way, perhaps some parameters are not required, some are missing. If it’s the case please let me know.