No es posible acceder a las claves SSL - Unable to access the SSL keys

Alexander_Jose_Labra · December 22, 2015, 2:46pm

Recientemente se actualizo centOS a la version CentOS Linux release
7.2.1511 (Core)
y mi servicio de foreman-proxy dejo de funcionar una de las soluciones que
dieron fue algo así:

modificar /etc/puppet/puppet.conf y añadir:

[main]
privatekeydir = $ssldir/private_keys { group = service }
hostprivkey = $privatekeydir/$certname.pem { mode = 640 }

y el error me sigue apareciendo, revisando los permisos de el certificado:

ls -l /var/lib/puppet/ssl/private_keys/maquina.pem

-rw-r–r--+ 1 puppet puppet 3243 dic 17 14:16
/var/lib/puppet/ssl/private_keys/maquina.pem

la salida de /var/log/foreman-proxy/proxy.log

E, [2015-12-22T10:03:06.644826 #14438] ERROR – : Unable to access the SSL
keys. Are the values correct in settings.yml and do permissions allow
reading?: Permission denied - /var/lib/puppet/ssl/private_keys/maquina.pem
E, [2015-12-22T10:03:06.644917 #14438] ERROR – : Both http and https are
disabled, unable to start.

Cuales serian el usuario, grupo y permisos para esta nueva versión de centos

Gracias

Gwmngilfen · December 22, 2015, 11:12pm

Firstly, this is a generally English list, you'll have much greater success
in asking for answers if you use the common language of the list.

My translation skills may be poor, but your problem may be here:

On 22 December 2015 at 14:46, Alexander Jose Labrador Guevara
>
> E, [2015-12-22T10:03:06.644917 #14438] ERROR – : Both http and https are
> disabled, unable to start.
>

Your proxy isn't configured to listen on any ports, so it's not starting. I
assume this is a custom install? I'd highly recoomend taking a clean CentOS
base and using our installer, which will set all this up for you
automatically.

Regards.
Greg

dLobatog · December 23, 2015, 9:59am

> # ls -l /var/lib/puppet/ssl/private_keys/maquina.pem
> -rw-r–r--+ 1 puppet puppet 3243 dic 17 14:16
> /var/lib/puppet/ssl/private_keys/maquina.pem
>
> Cuales serian el usuario, grupo y permisos para esta nueva versión de centos
translation - what would be the user, group and permissions needed for
this file on the newest CentOS.

puppet:puppet should be fine. You need to make sure that the user
'foreman-proxy' is in the group puppet. This is done automatically but
maybe the OS update has changed it.

What's the output of 'groups foreman-proxy'? It should be at least
foreman-proxy : foreman-proxy puppet

···

-- Daniel Lobato Garcia

@dLobatog
blog.daniellobato.me
daniellobato.me

GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30
Keybase: https://keybase.io/elobato