Hi I am having issues polling from Foreman server to the PuppetMaster.
I keep getting:
/tmp/proxy.log
W, [2012-03-08T10:04:53.252447 #30947] WARN – : PuppetCA: SSL/CA
unavailable on this machine
E, [2012-03-08T10:04:53.252639 #30947] ERROR – : Failed to list
certificates: SSL/CA unavailable on this machine
W, [2012-03-08T10:04:54.456270 #30947] WARN – : PuppetCA: SSL/CA
unavailable on this machine
E, [2012-03-08T10:04:54.456446 #30947] ERROR – : Failed to list
certificates: SSL/CA unavailable on this machine
W, [2012-03-08T10:04:56.213388 #30947] WARN – : PuppetCA: SSL/CA
unavailable on this machine
E, [2012-03-08T10:04:56.213572 #30947] ERROR – : Failed to list
certificates: SSL/CA unavailable on this machine
Here is the path to ca:
pwd
/etc/puppet/ssl/ca
Here is the lis and permissions of the ca directory:
ls -alh
total 164K
drwxrwx— 6 puppet puppet 4.0K Mar 8 10:00 .
drwxrwx–x 9 puppet puppet 4.0K Aug 9 2011 …
-rw-rw-r-- 1 puppet puppet 26K Mar 5 05:44 ca_crl.pem
-rw-rw---- 1 puppet puppet 839 Aug 9 2011 ca_crt.pem
-rw-rw---- 1 puppet puppet 887 Aug 9 2011 ca_key.pem
-rwxrwx–x 1 puppet puppet 251 Aug 9 2011 ca_pub.pem
-rw-rw-r-- 1 puppet puppet 60K Mar 8 01:18 inventory.txt
drwxrwx— 3 puppet puppet 4.0K Aug 9 2011 private
drwxrwx–x 3 puppet puppet 4.0K Mar 8 01:18 requests
-rw-r–r-- 1 puppet puppet 4 Mar 8 01:18 serial
drwxrwx— 3 puppet puppet 36K Mar 8 01:18 signed
drwxrwx–x 6 puppet puppet 4.0K Mar 8 02:44 .svn
Since I am using puppet 2.7, my /etc/sudoers looks like this:
Allow root to run any commands anywhere
root ALL=(ALL) ALL
Defaults:foreman !requiretty
foreman-proxy ALL = NOPASSWD: /usr/sbin/puppetca, /opt/puppet/bin/
puppet, /usr/local/bin/puppet
Defaults:foreman-proxy !requiretty
Here is foreman-proxy settings:
···
--- # SSL Setupif enabled, all communication would be verfied via SSL
NOTE that both certificates need to be signed by the same CA in
order for this to work
see SSL - Smart Proxy - Foreman for more
information
#:ssl_certificate: ssl/certs/fqdn.pem
#:ssl_ca_file: ssl/certs/ca.pem
#:ssl_private_key: ssl/private_keys/fqdn.key
the hosts which the proxy accepts connections from
commenting the following lines would mean every verified SSL
connection allowed
#:trusted_hosts:
#- foreman.prod.domain
#- foreman.dev.domain
enable the daemon to run in the background
:daemon: true
:daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
port used by the proxy
:port: 8443
Enable TFTP management
:tftp: false
#:tftproot: /var/lib/tftpboot
Defines the TFTP Servername to use, overrides the name in the subnet
declaration
#:tftp_servername: tftp.domain.com
Enable DNS management
:dns: false
#:dns_key: /etc/rndc.key
use this setting if you are managing a dns server which is not
localhost though this proxy
#:dns_server: dns.domain.com
Enable DHCP management
:dhcp: false
The vendor can be either isc or native_ms
:dhcp_vendor: isc
dhcp_subnets is a Native MS implementation setting. It restricts the
subnets queried to a
subset, so as to reduce the query time.
#:dhcp_subnets: [192.168.205.0/255.255.255.128,
192.168.205.128/255.255.255.128]
Settings for Ubuntu ISC
#:dhcp_config: /etc/dhcp3/dhcpd.conf
#:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
Settings for Redhat ISC
#:dhcp_config: /etc/dhcpd.conf
#:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
#:dhcp_key_name: secret_key_name
#:dhcp_key_secret: secret_key
enable PuppetCA management
:puppetca: true
:ssldir: /etc/puppet/ssl/ca
enable Puppet management
:puppet: false
Where our proxy log files are stored
filename or STDOUT
:log_file: /tmp/proxy.log
valid options are
WARN, DEBUG, Error, Fatal, INFO, UNKNOWN
:log_level: DEBUG
~
Here is foreman-proxy path and permissions:
pwd
/usr/share/foreman-proxy
ls -alh
total 28K
drwxr-xr-x 5 foreman-proxy foreman-proxy 4.0K Mar 7 21:53 .
drwxr-xr-x 150 root root 4.0K Mar 7 21:53 …
drwxr-xr-x 2 foreman-proxy foreman-proxy 4.0K Mar 7 21:53 bin
drwxr-xr-x 2 foreman-proxy foreman-proxy 4.0K Mar 7 21:53 config
drwxr-xr-x 3 foreman-proxy foreman-proxy 4.0K Mar 8 09:23 lib
lrwxrwxrwx 1 foreman-proxy foreman-proxy 22 Mar 7 21:53 logs -> /
var/log/foreman-proxy
lrwxrwxrwx 1 foreman-proxy foreman-proxy 29 Mar 7 21:53 public -
/var/lib/foreman-proxy/public
-rw-r–r-- 1 foreman-proxy foreman-proxy 1.7K Dec 28 04:07 Rakefile
lrwxrwxrwx 1 foreman-proxy foreman-proxy 8 Mar 7 21:53 tmp -> /
var/tmp
lrwxrwxrwx 1 foreman-proxy foreman-proxy 28 Mar 7 21:53 views -> /
var/lib/foreman-proxy/views