[katello] Exiting; no certificate found and waitforcert is disabled

Hi,

On Katello 2.1 with Foreman 1.7.2, I currently cannot get puppet to work
after deployment.

Everytime I deploy some hosts, they are out of sync and I get "Exiting;
no certificate found and waitforcert is disabled" when running "puppet
agent -t"

When I check "var/lib/puppet/ssl/certs/" there is only a "ca.pem" and no
host certificate. I see the same error in the "install.post.log".

In the proxy.log I see the following:

E, [2015-02-24T12:06:23.838445 #30042] ERROR -- : Attempt to remove
nonexistant client certificate for test1.netbulae.test
10.100.100.24 - - [24/Feb/2015 12:06:23] "DELETE
/test1.netbulae.test HTTP/1.1" 404 77 1.3976
10.100.100.24 - - [24/Feb/2015 12:06:23] "POST
/autosign/test1.netbulae.testHTTP/1.1" 200 - 0.0009
10.100.100.24 - - [24/Feb/2015 12:15:22] "GET /serverName HTTP/1.1"
200 30 0.0008
10.100.100.24 - - [24/Feb/2015 12:15:24] "DELETE
/autosign/test1.netbulae.test HTTP/1.1" 200 - 0.0007

When I check the puppetmaster it is dead:

service puppetmaster restart

puppet dead but pid file exists

netstat -anp | grep 8140
tcp        0      0 :::8140                    
:::*                        LISTEN      1893/httpd 

It appears httpd is listening to this port

./conf.d/25-puppet.conf:<VirtualHost *:8140>
./conf/ports.conf:Listen 8140
./conf/ports.conf:NameVirtualHost *:8140

Is this normal? In the firewall ports I see 8140 is reserved for
puppetmaster:

Port    Protocol    Required For
53    TCP & UDP    DNS Server
67, 68    UDP    DHCP Server
69    UDP    * TFTP Server
*80, 443    TCP    * HTTP & HTTPS access to Foreman web UI - using
Apache + Passenger*
*3000    TCP    HTTP access to Foreman web UI - using standalone
WEBrick service*
3306    TCP    Separate MySQL database
5910 - 5930    TCP    Server VNC Consoles
5432    TCP    Separate PostgreSQL database
*8140    TCP    * Puppet Master*
8443    TCP    Smart Proxy, open only to Foreman

Met vriendelijke groet, With kind regards,

Jorick Astrego

Netbulae Virtualization Experts

··· ----------------
Tel: 053 20 30 270 	info@netbulae.eu 	Staalsteden 4-3A 	KvK 08198180
Fax: 053 20 30 271 	www.netbulae.eu 	7547 TA Enschede 	BTW NL821234584B01

> Hi,
>
> On Katello 2.1 with Foreman 1.7.2, I currently cannot get puppet to work
> after deployment.
>
> Everytime I deploy some hosts, they are out of sync and I get "Exiting;
> no certificate found and waitforcert is disabled" when running "puppet
> agent -t"

The logs below indicate that Foreman is correctly setting the autosign
(that's the POST @ 12.06). You should see the FQDN in
/etc/puppet/autosign.conf during provisioning.

It looks like maybe the hostname of the host isn't matching what's in
autosign.conf?

What does hostname -f on your clients return? And facter fqdn?

>
> When I check "var/lib/puppet/ssl/certs/" there is only a "ca.pem" and no
> host certificate. I see the same error in the "install.post.log".
>
> In the proxy.log I see the following:
>
> E, [2015-02-24T12:06:23.838445 #30042] ERROR – : Attempt to remove
> nonexistant client certificate for test1.netbulae.test
> 10.100.100.24 - - [24/Feb/2015 12:06:23] "DELETE
> /test1.netbulae.test HTTP/1.1" 404 77 1.3976
> 10.100.100.24 - - [24/Feb/2015 12:06:23] "POST
> /autosign/test1.netbulae.testHTTP/1.1" 200 - 0.0009
> 10.100.100.24 - - [24/Feb/2015 12:15:22] "GET /serverName HTTP/1.1"
> 200 30 0.0008
> 10.100.100.24 - - [24/Feb/2015 12:15:24] "DELETE
> /autosign/test1.netbulae.test HTTP/1.1" 200 - 0.0007
>
>
>
> When I check the puppetmaster it is dead:
>
> service puppetmaster restart
>
> puppet dead but pid file exists
>
> netstat -anp | grep 8140
> tcp 0 0 :::8140
> :::* LISTEN 1893/httpd
>
> It appears httpd is listening to this port
>
> ./conf.d/25-puppet.conf:<VirtualHost *:8140>
> ./conf/ports.conf:Listen 8140
> ./conf/ports.conf:NameVirtualHost *:8140
>
> Is this normal? In the firewall ports I see 8140 is reserved for
> puppetmaster:

Yea, puppetmaster runs through Apache in passenger, the service provided
by Puppet isn't used. Passenger scales better.

··· On Tue, Feb 24, 2015 at 01:34:02PM +0100, Jorick Astrego wrote:
Port    Protocol    Required For
53    TCP & UDP    DNS Server
67, 68    UDP    DHCP Server
69    UDP    * TFTP Server
*80, 443    TCP    * HTTP & HTTPS access to Foreman web UI - using
Apache + Passenger*
*3000    TCP    HTTP access to Foreman web UI - using standalone
WEBrick service*
3306    TCP    Separate MySQL database
5910 - 5930    TCP    Server VNC Consoles
5432    TCP    Separate PostgreSQL database
*8140    TCP    * Puppet Master*
8443    TCP    Smart Proxy, open only to Foreman

Met vriendelijke groet, With kind regards,

Jorick Astrego

Netbulae Virtualization Experts


Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180
Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01



You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


Best Regards,

Stephen Benjamin
Red Hat Engineering

>> Hi,
>>
>> On Katello 2.1 with Foreman 1.7.2, I currently cannot get puppet to work
>> after deployment.
>>
>> Everytime I deploy some hosts, they are out of sync and I get "Exiting;
>> no certificate found and waitforcert is disabled" when running "puppet
>> agent -t"
>
>
> The logs below indicate that Foreman is correctly setting the autosign
> (that's the POST @ 12.06). You should see the FQDN in
> /etc/puppet/autosign.conf during provisioning.
>
> It looks like maybe the hostname of the host isn't matching what's in
> autosign.conf?
>
> What does hostname -f on your clients return? And facter fqdn?

I think I found the problem but I can't explain. When I provision the
host without doing anything with the network, it works. When I configure
another network interface for gluster with the same name but a different
subnet and domain it fails. I tried it on several hosts and for me it's
reproducible.

I will now try with a different hostname for the gluster
subnet/interface but my install is having problems again. The "content
hosts" view is not loading, so I cannot delete the host anymore.

>>
>> When I check "var/lib/puppet/ssl/certs/" there is only a "ca.pem" and no
>> host certificate. I see the same error in the "install.post.log".
>>
>> In the proxy.log I see the following:
>>
>> E, [2015-02-24T12:06:23.838445 #30042] ERROR – : Attempt to remove
>> nonexistant client certificate for test1.netbulae.test
>> .*.***.*** - - [24/Feb/2015 12:06:23] "DELETE
>> /test1.netbulae.test HTTP/1.1" 404 77 1.3976
>> .*.***.*** - - [24/Feb/2015 12:06:23] "POST
>> /autosign/test1.netbulae.testHTTP/1.1" 200 - 0.0009
>> .*.***.*** - - [24/Feb/2015 12:15:22] "GET /serverName HTTP/1.1"
>> 200 30 0.0008
>> .*.**.*** - - [24/Feb/2015 12:15:24] "DELETE
>> /autosign/test1.netbulae.test HTTP/1.1" 200 - 0.0007
>>
>>
>>
>> When I check the puppetmaster it is dead:
>>
>> service puppetmaster restart
>>
>> puppet dead but pid file exists
>>
>> netstat -anp | grep 8140
>> tcp 0 0 :::8140
>> :::
LISTEN 1893/httpd
>>
>> It appears httpd is listening to this port
>>
>> ./conf.d/25-puppet.conf:<VirtualHost *:8140>
>> ./conf/ports.conf:Listen 8140
>> ./conf/ports.conf:NameVirtualHost *:8140
>>
>> Is this normal? In the firewall ports I see 8140 is reserved for
>> puppetmaster:
>
> Yea, puppetmaster runs through Apache in passenger, the service provided
> by Puppet isn't used. Passenger scales better.
>
>
>>
>> Port Protocol Required For
>> 53 TCP & UDP DNS Server
>> 67, 68 UDP DHCP Server
>> 69 UDP * TFTP Server
>> 80, 443 TCP * HTTP & HTTPS access to Foreman web UI - using
>> Apache + Passenger

>> 3000 TCP HTTP access to Foreman web UI - using standalone
>> WEBrick service

>> 3306 TCP Separate MySQL database
>> 5910 - 5930 TCP Server VNC Consoles
>> 5432 TCP Separate PostgreSQL database
>> 8140 TCP * Puppet Master
>> 8443 TCP Smart Proxy, open only to Foreman
>>
>>
>>
>>
>>
>> Met vriendelijke groet, With kind regards,
>>
>> Jorick Astrego
>>
>> Netbulae Virtualization Experts
>>
>> ----------------
>>
>> Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A
KvK 08198180
>> Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede
BTW NL821234584B01
>>
>> ----------------
>>
>> –
>> You received this message because you are subscribed to the Google
Groups "Foreman users" group.
>> To unsubscribe from this group and stop receiving emails from it,
send an email to foreman-users+unsubscribe@googlegroups.com.
>> To post to this group, send email to foreman-users@googlegroups.com.
>> Visit this group at http://groups.google.com/group/foreman-users.
>> For more options, visit https://groups.google.com/d/optout.
>
> –
> Best Regards,
>
> Stephen Benjamin
> Red Hat Engineering
>

Met vriendelijke groet, With kind regards,

Jorick Astrego

Netbulae Virtualization Experts

··· On 02/24/2015 02:41 PM, Stephen Benjamin wrote: > On Tue, Feb 24, 2015 at 01:34:02PM +0100, Jorick Astrego wrote:
Tel: 053 20 30 270 	info@netbulae.eu 	Staalsteden 4-3A 	KvK 08198180
Fax: 053 20 30 271 	www.netbulae.eu 	7547 TA Enschede 	BTW NL821234584B01

>
> >> Hi,
> >>
> >> On Katello 2.1 with Foreman 1.7.2, I currently cannot get puppet to work
> >> after deployment.
> >>
> >> Everytime I deploy some hosts, they are out of sync and I get "Exiting;
> >> no certificate found and waitforcert is disabled" when running "puppet
> >> agent -t"
> >
> >
> > The logs below indicate that Foreman is correctly setting the autosign
> > (that's the POST @ 12.06). You should see the FQDN in
> > /etc/puppet/autosign.conf during provisioning.
> >
> > It looks like maybe the hostname of the host isn't matching what's in
> > autosign.conf?
> >
> > What does hostname -f on your clients return? And facter fqdn?
>
>
>
> I think I found the problem but I can't explain. When I provision the
> host without doing anything with the network, it works. When I configure
> another network interface for gluster with the same name but a different
> subnet and domain it fails. I tried it on several hosts and for me it's
> reproducible.

It could be related to the interfaces changes in Foreman in 1.7, I might
ask the question again without [katello] so it gets noticed by Foreman
devs.

>
> I will now try with a different hostname for the gluster
> subnet/interface but my install is having problems again. The "content
> hosts" view is not loading, so I cannot delete the host anymore.

Are you sure you just don't have an org selected? Production.log will
tell you why the page didn't load.

··· On Tue, Feb 24, 2015 at 03:37:26PM +0100, Jorick Astrego wrote: > On 02/24/2015 02:41 PM, Stephen Benjamin wrote: > > On Tue, Feb 24, 2015 at 01:34:02PM +0100, Jorick Astrego wrote:

When I check “var/lib/puppet/ssl/certs/” there is only a “ca.pem” and no
host certificate. I see the same error in the “install.post.log”.

In the proxy.log I see the following:

E, [2015-02-24T12:06:23.838445 #30042] ERROR -- : Attempt to remove
nonexistant client certificate for test1.netbulae.test
**.***.***.*** - - [24/Feb/2015 12:06:23] "DELETE
/test1.netbulae.test HTTP/1.1" 404 77 1.3976
**.***.***.*** - - [24/Feb/2015 12:06:23] "POST
/autosign/test1.netbulae.testHTTP/1.1" 200 - 0.0009
**.***.***.*** - - [24/Feb/2015 12:15:22] "GET /serverName HTTP/1.1"
200 30 0.0008
**.***.***.*** - - [24/Feb/2015 12:15:24] "DELETE
/autosign/test1.netbulae.test HTTP/1.1" 200 - 0.0007

When I check the puppetmaster it is dead:

service puppetmaster restart

puppet dead but pid file exists

netstat -anp | grep 8140
tcp        0      0 :::8140
:::*                        LISTEN      1893/httpd

It appears httpd is listening to this port

./conf.d/25-puppet.conf:<VirtualHost *:8140>
./conf/ports.conf:Listen 8140
./conf/ports.conf:NameVirtualHost *:8140

Is this normal? In the firewall ports I see 8140 is reserved for
puppetmaster:

Yea, puppetmaster runs through Apache in passenger, the service provided
by Puppet isn’t used. Passenger scales better.

Port    Protocol    Required For
53    TCP & UDP    DNS Server
67, 68    UDP    DHCP Server
69    UDP    * TFTP Server
*80, 443    TCP    * HTTP & HTTPS access to Foreman web UI - using
Apache + Passenger*
*3000    TCP    HTTP access to Foreman web UI - using standalone
WEBrick service*
3306    TCP    Separate MySQL database
5910 - 5930    TCP    Server VNC Consoles
5432    TCP    Separate PostgreSQL database
*8140    TCP    * Puppet Master*
8443    TCP    Smart Proxy, open only to Foreman

Met vriendelijke groet, With kind regards,

Jorick Astrego

Netbulae Virtualization Experts


Tel: 053 20 30 270     info@netbulae.eu     Staalsteden 4-3A

KvK 08198180

 Fax: 053 20 30 271     www.netbulae.eu     7547 TA Enschede

BTW NL821234584B01



You received this message because you are subscribed to the Google
Groups “Foreman users” group.

To unsubscribe from this group and stop receiving emails from it,
send an email to foreman-users+unsubscribe@googlegroups.com.

To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


Best Regards,

Stephen Benjamin
Red Hat Engineering

Met vriendelijke groet, With kind regards,

Jorick Astrego

Netbulae Virtualization Experts


Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180
Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01



You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


Best Regards,

Stephen Benjamin
Red Hat Engineering

>>
>>>> Hi,
>>>>
>>>> On Katello 2.1 with Foreman 1.7.2, I currently cannot get puppet to
work
>>>> after deployment.
>>>>
>>>> Everytime I deploy some hosts, they are out of sync and I get "Exiting;
>>>> no certificate found and waitforcert is disabled" when running "puppet
>>>> agent -t"
>>>
>>>
>>> The logs below indicate that Foreman is correctly setting the autosign
>>> (that's the POST @ 12.06). You should see the FQDN in
>>> /etc/puppet/autosign.conf during provisioning.
>>>
>>> It looks like maybe the hostname of the host isn't matching what's in
>>> autosign.conf?
>>>
>>> What does hostname -f on your clients return? And facter fqdn?
>>
>>
>>
>> I think I found the problem but I can't explain. When I provision the
>> host without doing anything with the network, it works. When I configure
>> another network interface for gluster with the same name but a different
>> subnet and domain it fails. I tried it on several hosts and for me it's
>> reproducible.
>
> It could be related to the interfaces changes in Foreman in 1.7, I might
> ask the question again without [katello] so it gets noticed by Foreman
> devs.

done, I will do manual network setup for now and spend some time testing
the network changes in 1.8

>
>>
>> I will now try with a different hostname for the gluster
>> subnet/interface but my install is having problems again. The "content
>> hosts" view is not loading, so I cannot delete the host anymore.
>
> Are you sure you just don't have an org selected? Production.log will
> tell you why the page didn't load.

Ah yes, I switched back to "Any/Any" to check something else. Maybe a
warning could be displayed, "please select an organisation/location"?

>>
>>
>>
>>>>
>>>> When I check "var/lib/puppet/ssl/certs/" there is only a "ca.pem"
and no
>>>> host certificate. I see the same error in the "install.post.log".
>>>>
>>>> In the proxy.log I see the following:
>>>>
>>>> E, [2015-02-24T12:06:23.838445 #30042] ERROR – : Attempt to remove
>>>> nonexistant client certificate for test1.netbulae.test
>>>> .*.***.*** - - [24/Feb/2015 12:06:23] "DELETE
>>>> /test1.netbulae.test HTTP/1.1" 404 77 1.3976
>>>> .*.***.*** - - [24/Feb/2015 12:06:23] "POST
>>>> /autosign/test1.netbulae.testHTTP/1.1" 200 - 0.0009
>>>> .*.***.*** - - [24/Feb/2015 12:15:22] "GET /serverName
HTTP/1.1"
>>>> 200 30 0.0008
>>>> .*.**.*** - - [24/Feb/2015 12:15:24] "DELETE
>>>> /autosign/test1.netbulae.test HTTP/1.1" 200 - 0.0007
>>>>
>>>>
>>>>
>>>> When I check the puppetmaster it is dead:
>>>>
>>>> service puppetmaster restart
>>>>
>>>> puppet dead but pid file exists
>>>>
>>>> netstat -anp | grep 8140
>>>> tcp 0 0 :::8140
>>>> :::
LISTEN 1893/httpd
>>>>
>>>> It appears httpd is listening to this port
>>>>
>>>> ./conf.d/25-puppet.conf:<VirtualHost *:8140>
>>>> ./conf/ports.conf:Listen 8140
>>>> ./conf/ports.conf:NameVirtualHost *:8140
>>>>
>>>> Is this normal? In the firewall ports I see 8140 is reserved for
>>>> puppetmaster:
>>>
>>> Yea, puppetmaster runs through Apache in passenger, the service provided
>>> by Puppet isn't used. Passenger scales better.

My bad, so the puppetmaster service can be disabled?

>>>
>>>>
>>>> Port Protocol Required For
>>>> 53 TCP & UDP DNS Server
>>>> 67, 68 UDP DHCP Server
>>>> 69 UDP * TFTP Server
>>>> 80, 443 TCP * HTTP & HTTPS access to Foreman web UI - using
>>>> Apache + Passenger

>>>> 3000 TCP HTTP access to Foreman web UI - using standalone
>>>> WEBrick service

>>>> 3306 TCP Separate MySQL database
>>>> 5910 - 5930 TCP Server VNC Consoles
>>>> 5432 TCP Separate PostgreSQL database
>>>> 8140 TCP * Puppet Master
>>>> 8443 TCP Smart Proxy, open only to Foreman
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Met vriendelijke groet, With kind regards,
>>>>
>>>> Jorick Astrego
>>>>
>>>> Netbulae Virtualization Experts
>>>>
>>>>
>
> –
> Best Regards,
>
> Stephen Benjamin
> Red Hat Engineering
>

Met vriendelijke groet, With kind regards,

Jorick Astrego

Netbulae Virtualization Experts

··· On 02/24/2015 04:40 PM, Stephen Benjamin wrote: > On Tue, Feb 24, 2015 at 03:37:26PM +0100, Jorick Astrego wrote: >> On 02/24/2015 02:41 PM, Stephen Benjamin wrote: >>> On Tue, Feb 24, 2015 at 01:34:02PM +0100, Jorick Astrego wrote:
Tel: 053 20 30 270 	info@netbulae.eu 	Staalsteden 4-3A 	KvK 08198180
Fax: 053 20 30 271 	www.netbulae.eu 	7547 TA Enschede 	BTW NL821234584B01

>
> >>
> >>>> Hi,
> >>>>
> >>>> On Katello 2.1 with Foreman 1.7.2, I currently cannot get puppet to
> work
> >>>> after deployment.
> >>>>
> >>>> Everytime I deploy some hosts, they are out of sync and I get "Exiting;
> >>>> no certificate found and waitforcert is disabled" when running "puppet
> >>>> agent -t"
> >>>
> >>>
> >>> The logs below indicate that Foreman is correctly setting the autosign
> >>> (that's the POST @ 12.06). You should see the FQDN in
> >>> /etc/puppet/autosign.conf during provisioning.
> >>>
> >>> It looks like maybe the hostname of the host isn't matching what's in
> >>> autosign.conf?
> >>>
> >>> What does hostname -f on your clients return? And facter fqdn?
> >>
> >>
> >>
> >> I think I found the problem but I can't explain. When I provision the
> >> host without doing anything with the network, it works. When I configure
> >> another network interface for gluster with the same name but a different
> >> subnet and domain it fails. I tried it on several hosts and for me it's
> >> reproducible.
> >
> > It could be related to the interfaces changes in Foreman in 1.7, I might
> > ask the question again without [katello] so it gets noticed by Foreman
> > devs.
>
> done, I will do manual network setup for now and spend some time testing
> the network changes in 1.8
>
> >
> >>
> >> I will now try with a different hostname for the gluster
> >> subnet/interface but my install is having problems again. The "content
> >> hosts" view is not loading, so I cannot delete the host anymore.
> >
> > Are you sure you just don't have an org selected? Production.log will
> > tell you why the page didn't load.
>
> Ah yes, I switched back to "Any/Any" to check something else. Maybe a
> warning could be displayed, "please select an organisation/location"?

Yea, in 2.2 this is definitely fixed, you'll see a menu to select an
org.

··· On Tue, Feb 24, 2015 at 05:05:55PM +0100, Jorick Astrego wrote: > On 02/24/2015 04:40 PM, Stephen Benjamin wrote: > > On Tue, Feb 24, 2015 at 03:37:26PM +0100, Jorick Astrego wrote: > >> On 02/24/2015 02:41 PM, Stephen Benjamin wrote: > >>> On Tue, Feb 24, 2015 at 01:34:02PM +0100, Jorick Astrego wrote:

When I check “var/lib/puppet/ssl/certs/” there is only a "ca.pem"
and no

host certificate. I see the same error in the “install.post.log”.

In the proxy.log I see the following:

E, [2015-02-24T12:06:23.838445 #30042] ERROR -- : Attempt to remove
nonexistant client certificate for test1.netbulae.test
**.***.***.*** - - [24/Feb/2015 12:06:23] "DELETE
/test1.netbulae.test HTTP/1.1" 404 77 1.3976
**.***.***.*** - - [24/Feb/2015 12:06:23] "POST
/autosign/test1.netbulae.testHTTP/1.1" 200 - 0.0009
**.***.***.*** - - [24/Feb/2015 12:15:22] "GET /serverName

HTTP/1.1"

200 30 0.0008
**.***.***.*** - - [24/Feb/2015 12:15:24] "DELETE
/autosign/test1.netbulae.test HTTP/1.1" 200 - 0.0007

When I check the puppetmaster it is dead:

service puppetmaster restart

puppet dead but pid file exists

netstat -anp | grep 8140
tcp        0      0 :::8140
:::*                        LISTEN      1893/httpd

It appears httpd is listening to this port

./conf.d/25-puppet.conf:<VirtualHost *:8140>
./conf/ports.conf:Listen 8140
./conf/ports.conf:NameVirtualHost *:8140

Is this normal? In the firewall ports I see 8140 is reserved for
puppetmaster:

Yea, puppetmaster runs through Apache in passenger, the service provided
by Puppet isn’t used. Passenger scales better.

My bad, so the puppetmaster service can be disabled?

Port    Protocol    Required For
53    TCP & UDP    DNS Server
67, 68    UDP    DHCP Server
69    UDP    * TFTP Server
*80, 443    TCP    * HTTP & HTTPS access to Foreman web UI - using
Apache + Passenger*
*3000    TCP    HTTP access to Foreman web UI - using standalone
WEBrick service*
3306    TCP    Separate MySQL database
5910 - 5930    TCP    Server VNC Consoles
5432    TCP    Separate PostgreSQL database
*8140    TCP    * Puppet Master*
8443    TCP    Smart Proxy, open only to Foreman

Met vriendelijke groet, With kind regards,

Jorick Astrego

Netbulae Virtualization Experts


Best Regards,

Stephen Benjamin
Red Hat Engineering

Met vriendelijke groet, With kind regards,

Jorick Astrego

Netbulae Virtualization Experts


Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180
Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01



You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


Best Regards,

Stephen Benjamin
Red Hat Engineering