Hi All,
Thanks for a great tool! I'm a new Foreman user and I'm using it more each day.
My problem is that I originally installed Foreman with self-signed certs (the ones generated by Puppet). I attempted to install trusted certs today, and now all of my Puppet clients get an error and can't get their catalogs.
I have Foreman 1.5.1 running on CenOS 6.5. I followed the instructions here:
And the Puppet clients get the following error:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find node 'server.example.com'; cannot compile
Any help is greatly appreciated!
Best,
Martín
The ENC script puppet runs uses client certificate to communicate with
Foreman, same goes for the Puppet reports mechanism.
I'd try to set up two apache virtual hosts, one for API with the Puppet CA
and another for browser access with the trusted certificate.
···
On Friday, October 17, 2014 6:16:52 PM UTC+3, Martín B wrote:
>
> Hi All,
>
> Thanks for a great tool! I'm a new Foreman user and I'm using it more each
> day.
>
> My problem is that I originally installed Foreman with self-signed certs
> (the ones generated by Puppet). I attempted to install trusted certs today,
> and now all of my Puppet clients get an error and can't get their catalogs.
>
> I have Foreman 1.5.1 running on CenOS 6.5. I followed the instructions
> here:
>
>
> http://flakrat.blogspot.com/2014/06/replace-foreman-self-signed-certificate.html
>
> And the Puppet clients get the following error:
>
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Could not find node 'server.example.com'; cannot compile
>
> Any help is greatly appreciated!
>
> Best,
> Martín
>
Typically the Puppet master runs "node.rb" to look up the host information.
Try running "/etc/puppet/node.rb server.example.com" on your master and
see what it reports. It's probably something SSL related, so you may
need to debug.
···
On 17/10/14 16:16, Martin Beauchamp wrote:
> Hi All,
>
> Thanks for a great tool! I'm a new Foreman user and I'm using it more
> each day.
>
> My problem is that I originally installed Foreman with self-signed certs
> (the ones generated by Puppet). I attempted to install trusted certs
> today, and now all of my Puppet clients get an error and can't get their
> catalogs.
>
> I have Foreman 1.5.1 running on CenOS 6.5. I followed the instructions here:
>
> http://flakrat.blogspot.com/2014/06/replace-foreman-self-signed-certificate.html
>
> And the Puppet clients get the following error:
>
> Error: Could not retrieve catalog from remote server: Error 400 on
> SERVER: Could not find node 'server.example.com'; cannot compile
–
Dominic Cleal
Red Hat Engineering
Thanks, Dominic! Debugging was needed.
The issue was due to my cert provider not sending me the correct intermediate CA chain. They've yet to iron out the kinks in their SHA-2 process apparently.
Best,
Martín
···
----- Original Message -----
> From: "Dominic Cleal"
> To: foreman-users@googlegroups.com
> Sent: Tuesday, October 21, 2014 3:40:37 AM
> Subject: Re: [foreman-users] Installing Non-Selfsigned SSL Certs
>
> On 17/10/14 16:16, Martin Beauchamp wrote:
> > Hi All,
> >
> > Thanks for a great tool! I'm a new Foreman user and I'm using it
> > more
> > each day.
> >
> > My problem is that I originally installed Foreman with self-signed
> > certs
> > (the ones generated by Puppet). I attempted to install trusted
> > certs
> > today, and now all of my Puppet clients get an error and can't get
> > their
> > catalogs.
> >
> > I have Foreman 1.5.1 running on CenOS 6.5. I followed the
> > instructions here:
> >
> > http://flakrat.blogspot.com/2014/06/replace-foreman-self-signed-certificate.html
> >
> > And the Puppet clients get the following error:
> >
> > Error: Could not retrieve catalog from remote server: Error 400 on
> > SERVER: Could not find node 'server.example.com'; cannot compile
>
> Typically the Puppet master runs "node.rb" to look up the host
> information.
>
> Try running "/etc/puppet/node.rb server.example.com" on your master
> and
> see what it reports. It's probably something SSL related, so you may
> need to debug.
>
> --
> Dominic Cleal
> Red Hat Engineering
>
> --
> You received this message because you are subscribed to the Google
> Groups "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to foreman-users+unsubscribe@googlegroups.com.
> To post to this group, send email to foreman-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.
>
