Problem:
2 datacenter setup. The first dc works fine. One CA (ca1) and one catalog compiler (pm1). We have a geotrust cert for the foreman host. On pm1 clients run fine, reports, node.rb, all good.
Generated a second CA for dc 2. Used puppetserver ca import --config /etc/puppetlabs/puppet/puppet.conf --private-key ca/ca_key.pem --crl-chain ca/ca_crl.pem --cert-bundle ca/ca_crt.pem to generate the new CA (ca2) from ca1.
Updated the config for ca2 to act as the puppetmaster. The proxy setup looks good as well. It reports to the foreman, shows features.
The problem is when running puppet agents in dc2, they fail with a node.rb SSL error (Execution of ‘/etc/puppetlabs/puppet/node.rb eac-b125-le01.myhostname.com’ returned 1). When you execute node.rb on the server you get this:
Serving cached ENC: Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=error: certificate verify failed
However we are seeing reports posted to the foreman for the host, which implies that the foreman connection is OK for reports.
The foreman log contains this for the host:
2020-02-24T16:40:16 [I|app|d5a2cc30] Started POST “/api/config_reports” for 10.60.77.200 at 2020-02-24 16:40:16 +0000
2020-02-24T16:40:16 [I|app|d5a2cc30] Processing by Api::V2::ConfigReportsController#create as JSON
2020-02-24T16:40:16 [I|app|d5a2cc30] Parameters: {“config_report”=>"[FILTERED]", “apiv”=>“v2”}
2020-02-24T16:40:16 [I|app|d5a2cc30] Scanning report with: Foreman::PuppetReportScanner, ForemanAnsible::AnsibleReportScanner
2020-02-24T16:40:16 [I|app|d5a2cc30] Imported report for eac-b125-le01.myhostname.com in 192.0 ms, status refreshed in 11.7 ms
2020-02-24T16:40:16 [I|app|d5a2cc30] Rendering api/v2/config_reports/create.json.rabl
2020-02-24T16:40:16 [I|app|d5a2cc30] Rendered api/v2/config_reports/create.json.rabl (23.6ms)
2020-02-24T16:40:16 [I|app|d5a2cc30] Completed 201 Created in 276ms (Views: 23.0ms | ActiveRecord: 61.6ms)
Also node.rb does not work when run on pm1 using the hostname fqdn from dc2 (hierdata and node has been created on foreman).
Expected outcome:
node.rb returns valid data when run for hosts in dc2 on ca2.
Foreman and Proxy versions:
Foreman & proxy all same version: v1.24.2
Foreman and Proxy plugin versions:
Distribution and version:
Other relevant data: