Missing Foreman report after Puppet certificate regenerated

Hi all,

I’m currently building a Foreman instance from a cloned Foreman host.

Yesterday I decided to regenerate the Puppet certificates following this documentation : Regenerate the CA and all certificates.

Since then no reports are showing in Foreman :

image1170×106 12.3 KB

Question
How can I solve the missing reports issue starting with the Foreman/Puppet server itself ?

I will detail how I regenerated the certificates below as the missing reports started after that.

Expected outcome: See reports in Foreman for the Puppet/Foreman server.

Here’s the log with debug output from running puppet agent -tvd on the puppet server itself :

Notice: Requesting catalog from foreman-server.internal:8140 (XX.100.0.XX)
Debug: catalog supports formats: rich_data_json json rich_data_msgpack msgpack pson yaml dot
Debug: Using cached connection for https://foreman-server.internal:8140
Debug: HTTP POST https://foreman-server.internal:8140/puppet/v3/catalog/foreman-server.internal?environment=production returned 200 OK
Debug: Caching connection for https://foreman-server.internal:8140
Notice: Catalog compiled by foreman-server.internal
Debug: Not creating default schedules: default_schedules is false
Info: Caching catalog for foreman-server.internal
Debug: Loaded state in 0.05 seconds
Debug: Loaded transaction store file in 0.00 seconds
Info: Applying configuration version '1718116230'
Debug: Finishing transaction 23420
Debug: Storing state
Debug: Pruned old state cache entries in 0.00 seconds
Debug: Stored state in 0.03 seconds
Notice: Applied catalog in 0.08 seconds
Debug: Resolving service 'report' using Puppet::HTTP::Resolver::Settings
Debug: Using cached connection for https://foreman-server.internal:8140
Debug: Caching connection for https://foreman-server.internal:8140
Debug: Resolved service 'report' to https://foreman-server.internal:8140/puppet/v3
Debug: report supports formats: json msgpack pson yaml
Debug: Using cached connection for https://foreman-server.internal:8140
Debug: HTTP PUT https://foreman-server.internal:8140/puppet/v3/report/foreman-server.internal?environment=production returned 200 OK
Debug: Caching connection for https://foreman-server.internal:8140
Debug: Closing connection for https://foreman-server.internal:8140

Foreman and Proxy versions:

Foreman/Proxy version : 3.10

Foreman and Proxy plugin versions:

rubygem-foreman_maintain-0.8.6-1.el7.noarch
foreman-release-3.10.0-1.el9.noarch
foreman-selinux-3.10.0-1.el9.noarch
foreman-3.10.0-1.el9.noarch
foreman-postgresql-3.10.0-1.el9.noarch
foreman-service-3.10.0-1.el9.noarch
foreman-dynflow-sidekiq-3.10.0-1.el9.noarch
foreman-redis-3.10.0-1.el9.noarch
foreman-proxy-3.10.0-1.el9.noarch
rubygem-hammer_cli_foreman-3.10.0-1.el9.noarch
foreman-cli-3.10.0-1.el9.noarch
rubygem-hammer_cli_foreman_puppet-0.0.7-1.el9.noarch
rubygem-foreman_puppet-6.2.0-1.fm3_10.el9.noarch
foreman-installer-3.10.0-1.el9.noarch

Commands issued (as root)

puppet resource service puppet ensure=stopped
puppet resource service puppetserver ensure=stopped
rm -rf /etc/puppetlabs/puppet/ssl/
rm -rf /etc/puppetlabs/puppetserver/ca/*
puppetserver ca setup
puppet resource service puppetserver ensure=running
puppet resource service puppet ensure=running

If this is of any help, I’m able to create a “fake” report for the Foreman/Puppet server by using the Foreman API :

curl -k -u admin:admin_password -H "Content-Type: application/json" -X POST -d @report.json "https://foreman-server.internal/api/v2/config_reports"

image1295×239 18.5 KB

There is actually an error regarding certificate check in the Puppet server log /var/log/puppetlabs/puppetserver/puppetserver.log :

2024-06-13T08:45:29.847Z ERROR [qtp789584187-48] [puppetserver] Puppet Report processor failed: Could not send report to Foreman at https://foreman-server.internal/api/config_reports: certificate verify failed

Solution

After regenerating the Puppet certificates, it was necessary to restart the httpd service to force the Apache webserver to use the new Puppet certificates.