I’m running into a weird issue that if I don’t explicitly set --foreman-server-ssl-ca to a file, it uses “/etc/puppetlabs/puppet/ssl/certs/ca.pem”. How do i omit client auth altogether since i’m not using Puppet (but rather Ansible) or Smart Proxy?
Expected outcome:
By omitting that flag or setting it to an empty string, I would expect the value to not be set.
Hmm, what do you want to control with foreman if you don’t want to have a smart proxy at all? Ansible needs remote execution, which runs on a smart proxy (even if that smart proxy runs locally). As you’ll set-up foreman, you’ll quickly see that, as you configure your subnet (which in turn gets linked to your host), that remote execution is linked to a smart proxy (if it is not, foreman would not know who should run the ansible playbook, as a smart proxy can be in different subnets).
Perhaps I should rephrase the question: what’s the harm of having the file? Client auth can, for the API, be omitted by passing a username and password instead (but as Auth header); but I’m not sure that’s what you’re really after?
I would suggest to read the documentation a bit through and set-up the wanted set-up with the least amount of (premature?) optimizations and see if it works for you. Afterwards you can still remove things that you are sure you don’t need.