Puppet ca proxy

Support
1

Problem: Puppet CA Proxy on Smart Proxy does NOT redirect traffic to Puppet CA master on The Foreman main server

Expected outcome: Puppet ca proxy forwards traffic to puppet Ca master on The Foreman main server

Foreman and Proxy versions: 3.15.1

Foreman and Proxy plugin versions: 3.15.1

Distribution and version: 3.15.1

Other relevant data: 3.15.1

I have puppet and puppet CA configured on The Foreman main server.
It works as intended,
I created a Smart Proxy on other site and enabled puppet and puppet ca on it
foreman-installer
–enable-puppet
–foreman-proxy-puppet true
–foreman-proxy-puppetca true
–puppet-server-ca false
–puppet-server true
–foreman-proxy-puppet-url=https://FQDN_of_the_Foreman_main_server:8140
–puppet-ca-server FQDN_of_the_Foreman_main_server
–puppet-ca-port 8140

When I try to sign the certificate on client host I get:
Info: Certificate for client_host_FQDN has not been signed yet
Couldn’t fetch certificate from CA server; you might still need to sign this agent’s certificate (client_host_FQDN).
Info: Will try again in 120 seconds.
Debug: Closing connection for https://smart_proxy_FQDN:8140
Debug: Loading CA certs
Debug: Loading CRLs
Debug: Loading/generating private key
Debug: Generating and submitting a CSR
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for client_host_FQDN
Debug: Added csr attribute: 1.3.6.1.4.1.34380.1.3.2 => #<OpenSSL::ASN1::Set:0x00007f96b181a520 @tag=17, @value=[#<OpenSSL::ASN1::PrintableString:0x00007f96b181a570 @tag=19, @value=“true”, @tagging=nil, @tag_class=:UNIVERSAL, @indefinite_length=false>], @tagging=nil, @tag_class=:UNIVERSAL, @indefinite_length=false>
Info: Certificate Request fingerprint (SHA256): 23:29:9C:7B:F2:85:E4:B2:04:FE:DF:43:0B:3A:32:18:77:AB:58:08:50:B8:92:A9:59:91:4E:00:84:C2:3C:D8
Debug: Resolving service ‘ca’ using Puppet::HTTP::Resolver::Settings
Debug: Creating new connection for https://smart_proxy_FQDN:8140
Debug: Starting connection for https://smart_proxy_FQDN:8140
Error: Connection to https://smart_proxy_FQDN:8140/puppet-ca/v1 failed, trying next route: Request to https://smart_proxy_FQDN:8140/puppet-ca/v1 failed after 0.003 seconds: Failed to open TCP connection to smart_proxy_FQDN:8140 (Connection refused - connect(2) for “smart_proxy_FQDN” port 8140)
Wrapped exception:
Failed to open TCP connection to smart_proxy_FQDN:8140 (Connection refused - connect(2) for “smart_proxy_FQDN” port 8140)
Error: No more routes to ca
Info: Will try again in 120 seconds.
Debug: Loading CA certs
Debug: Loading CRLs
Debug: Loading/generating private key
Debug: Generating and submitting a CSR
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for client_host_FQDN
Debug: Added csr attribute: 1.3.6.1.4.1.34380.1.3.2 => #<OpenSSL::ASN1::Set:0x00007f96b18180e0 @tag=17, @value=[#<OpenSSL::ASN1::PrintableString:0x00007f96b1818130 @tag=19, @value=“true”, @tagging=nil, @tag_class=:UNIVERSAL, @indefinite_length=false>], @tagging=nil, @tag_class=:UNIVERSAL, @indefinite_length=false>
Info: Certificate Request fingerprint (SHA256): 23:29:9C:7B:F2:85:E4:B2:04:FE:DF:43:0B:3A:32:18:77:AB:58:08:50:B8:92:A9:59:91:4E:00:84:C2:3C:D8
Debug: Resolving service ‘ca’ using Puppet::HTTP::Resolver::Settings
Debug: Creating new connection for https://smart_proxy_FQDN:8140
Debug: Starting connection for https://smart_proxy_FQDN:8140
Error: certificate verify failed [unable to get local issuer certificate for CN=smart_proxy_FQDN]
Info: Will try again in 120 seconds.
Error: Could not run:

Puppet confi on client:
cat /etc/puppetlabs/puppet/puppet.conf
[agent]
server = smart_proxy_FQDN
ca_server = smart_proxy_FQDN
log_level = debug

Smart proxy and main the foreman server cannot see the CSR to sign
puppetserver ca list
No certificates to list

2

When I try to install puppet ca proxy with the following I get error:
rm -rf /etc/puppetlabs/puppet/ssl
foreman-installer
–enable-puppet
–foreman-proxy-puppet true
–foreman-proxy-puppetca true
–puppet-server-ca true
–puppet-server true
–foreman-proxy-puppet-url=https://FQDN_of_the_Foreman_main_server:8140
–puppet-ca-server smart_proxy_FQDN
–puppet-ca-port 8140
2025-11-28 10:06:31 [NOTICE] [root] Loading installer configuration. This will take some time.
2025-11-28 10:06:35 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2025-11-28 10:06:35 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2025-11-28 10:06:37 [NOTICE] [checks] System checks passed
2025-11-28 10:06:48 [NOTICE] [configure] Starting system configuration.
2025-11-28 10:06:57 [NOTICE] [configure] 250 configuration steps out of 1593 steps complete.
2025-11-28 10:06:58 [NOTICE] [configure] 500 configuration steps out of 1595 steps complete.
2025-11-28 10:06:59 [NOTICE] [configure] 750 configuration steps out of 1600 steps complete.
2025-11-28 10:06:59 [NOTICE] [configure] 1000 configuration steps out of 1601 steps complete.
2025-11-28 10:06:59 [NOTICE] [configure] 1250 configuration steps out of 1601 steps complete.
2025-11-28 10:07:11 [NOTICE] [configure] 1500 configuration steps out of 1602 steps complete.
2025-11-28 10:07:16 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[smart_proxy_FQDN]: Failed to call refresh: Proxy smart_proxy_FQDN has failed to load one or more features (Puppet, Puppet CA), check /var/log/foreman-proxy/proxy.log for configuration errors
2025-11-28 10:07:16 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[smart_proxy_FQDN]: Proxy smart_proxy_FQDN has failed to load one or more features (Puppet, Puppet CA), check /var/log/foreman-proxy/proxy.log for configuration errors
2025-11-28 10:07:19 [NOTICE] [configure] System configuration has finished.

Error 1: Puppet Foreman_smartproxy resource ‘smart_proxy_FQDN’ failed. Logs:
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[smart_proxy_FQDN]/before
before to Cron[puppet]
before to Service[puppet]
before to Service[puppetserver]
before to Service[puppet-run.timer]
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[smart_proxy_FQDN]
Adding autorequire relationship with Anchor[foreman::providers::oauth]
Starting to evaluate the resource (1559 of 1602)
Failed to call refresh: Proxy smart_proxy_FQDN has failed to load one or more features (Puppet, Puppet CA), check /var/log/foreman-proxy/proxy.log for configuration errors
Proxy smart_proxy_FQDN has failed to load one or more features (Puppet, Puppet CA), check /var/log/foreman-proxy/proxy.log for configuration errors
Evaluated in 1.18 seconds
Foreman_smartproxysmart_proxy_FQDN
Making get request to https://FQDN_of_the_Foreman_main_server/api/v2/smart_proxies?search=name%3D%22smart_proxy_FQDN%22
Received response 200 from request to https://FQDN_of_the_Foreman_main_server/api/v2/smart_proxies?search=name%3D%22smart_proxy_FQDN%22
Making put request to https://FQDN_of_the_Foreman_main_server/api/v2/smart_proxies/2/refresh
Received response 200 from request to https://FQDN_of_the_Foreman_main_server/api/v2/smart_proxies/2/refresh

1 error was detected during installation.
Please address the errors and re-run the installer to ensure the system is properly configured.
Failing to do so is likely to result in broken functionality.

The full log is at /var/log/foreman-installer/foreman-proxy-content.log

rm -rf /etc/puppetlabs/puppet/sslforeman-installer --enable-puppet --foreman-proxy-puppet true --foreman-proxy-puppetca true --puppet-server-ca true --puppet-server true --foreman-proxy-puppet-url=https://FQDN_of_the_Foreman_main_server:8140 --puppet-ca-server FQDN_of_the_Foreman_main_server --puppet-ca-port 8140
2025-11-28 10:07:54 [NOTICE] [root] Loading installer configuration. This will take some time.
2025-11-28 10:07:57 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2025-11-28 10:07:57 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2025-11-28 10:07:59 [NOTICE] [checks] System checks passed
2025-11-28 10:08:10 [NOTICE] [configure] Starting system configuration.
2025-11-28 10:08:18 [NOTICE] [configure] 250 configuration steps out of 1593 steps complete.
2025-11-28 10:08:20 [NOTICE] [configure] 500 configuration steps out of 1595 steps complete.
2025-11-28 10:08:20 [NOTICE] [configure] 750 configuration steps out of 1600 steps complete.
2025-11-28 10:08:20 [NOTICE] [configure] 1000 configuration steps out of 1601 steps complete.
2025-11-28 10:08:21 [NOTICE] [configure] 1250 configuration steps out of 1601 steps complete.
2025-11-28 10:08:32 [NOTICE] [configure] 1500 configuration steps out of 1602 steps complete.
2025-11-28 10:08:37 [ERROR ] [configure] Proxy smart_proxy_FQDN has failed to load one or more features (Puppet, Puppet CA), check /var/log/foreman-proxy/proxy.log for configuration errors
2025-11-28 10:08:37 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[smart_proxy_FQDN]/features: change from [“Container_Gateway”, “Dynflow”, “Logs”, “Openscap”, “Pulpcore”, “Registration”, “Script”, “Templates”] to [“Container_Gateway”, “Dynflow”, “Logs”, “Openscap”, “Pulpcore”, “Puppet”, “Puppet CA”, “Registration”, “Script”, “Templates”] failed: Proxy smart_proxy_FQDN has failed to load one or more features (Puppet, Puppet CA), check /var/log/foreman-proxy/proxy.log for configuration errors
2025-11-28 10:08:38 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[smart_proxy_FQDN]: Failed to call refresh: Proxy smart_proxy_FQDN has failed to load one or more features (Puppet, Puppet CA), check /var/log/foreman-proxy/proxy.log for configuration errors
2025-11-28 10:08:38 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[smart_proxy_FQDN]: Proxy smart_proxy_FQDN has failed to load one or more features (Puppet, Puppet CA), check /var/log/foreman-proxy/proxy.log for configuration errors
2025-11-28 10:08:41 [NOTICE] [configure] System configuration has finished.

Error 1: Puppet Foreman_smartproxy resource ‘smart_proxy_FQDN’ failed. Logs:
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[smart_proxy_FQDN]/before
before to Cron[puppet]
before to Service[puppet]
before to Service[puppetserver]
before to Service[puppet-run.timer]
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[smart_proxy_FQDN]
Adding autorequire relationship with Anchor[foreman::providers::oauth]
Starting to evaluate the resource (1559 of 1602)
Failed to call refresh: Proxy smart_proxy_FQDN has failed to load one or more features (Puppet, Puppet CA), check /var/log/foreman-proxy/proxy.log for configuration errors
Proxy smart_proxy_FQDN has failed to load one or more features (Puppet, Puppet CA), check /var/log/foreman-proxy/proxy.log for configuration errors
Evaluated in 2.25 seconds
Foreman_smartproxysmart_proxy_FQDN
Making get request to https://FQDN_of_the_Foreman_main_server/api/v2/smart_proxies?search=name%3D%22smart_proxy_FQDN%22
Received response 200 from request to https://FQDN_of_the_Foreman_main_server/api/v2/smart_proxies?search=name%3D%22smart_proxy_FQDN%22
Making put request to https://FQDN_of_the_Foreman_main_server/api/v2/smart_proxies/2/refresh
Received response 200 from request to https://FQDN_of_the_Foreman_main_server/api/v2/smart_proxies/2/refresh
Making put request to https://FQDN_of_the_Foreman_main_server/api/v2/smart_proxies/2/refresh
Received response 200 from request to https://FQDN_of_the_Foreman_main_server/api/v2/smart_proxies/2/refresh
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[smart_proxy_FQDN]/features
change from [“Container_Gateway”, “Dynflow”, “Logs”, “Openscap”, “Pulpcore”, “Registration”, “Script”, “Templates”] to [“Container_Gateway”, “Dynflow”, “Logs”, “Openscap”, “Pulpcore”, “Puppet”, “Puppet CA”, “Registration”, “Script”, “Templates”] failed: Proxy smart_proxy_FQDN has failed to load one or more features (Puppet, Puppet CA), check /var/log/foreman-proxy/proxy.log for configuration errors

1 error was detected during installation.
Please address the errors and re-run the installer to ensure the system is properly configured.
Failing to do so is likely to result in broken functionality.

The full log is at /var/log/foreman-installer/foreman-proxy-content.log

So I reverted back to., but then I cannot sign CSR as it is stated in my first post
rm -rf /etc/puppetlabs/puppet/ssl
cp -r /etc/puppetlabs/puppet/ssl_not_working_puppet_proxy_and_puppetca_working_puppet_agent/ /etc/puppetlabs/puppet/ssl
foreman-installer --enable-puppet --foreman-proxy-puppet true --foreman-proxy-puppetca true --puppet-server-ca false --puppet-server true --foreman-proxy-puppet-url=https://FQDN_of_the_Foreman_main_server:8140 --puppet-ca-server FQDN_of_the_Foreman_main_server --puppet-ca-port 8140
2025-11-28 10:18:28 [NOTICE] [root] Loading installer configuration. This will take some time.
2025-11-28 10:18:32 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2025-11-28 10:18:32 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2025-11-28 10:18:33 [NOTICE] [checks] System checks passed
2025-11-28 10:18:43 [NOTICE] [configure] Starting system configuration.
2025-11-28 10:18:52 [NOTICE] [configure] 250 configuration steps out of 1591 steps complete.
2025-11-28 10:18:53 [NOTICE] [configure] 500 configuration steps out of 1593 steps complete.
2025-11-28 10:18:54 [NOTICE] [configure] 750 configuration steps out of 1598 steps complete.
2025-11-28 10:18:54 [NOTICE] [configure] 1000 configuration steps out of 1599 steps complete.
2025-11-28 10:18:54 [NOTICE] [configure] 1250 configuration steps out of 1599 steps complete.
2025-11-28 10:19:15 [NOTICE] [configure] System configuration has finished.
Success!

  • Foreman Proxy is running at https://smart_proxy_FQDN:9090

The full log is at /var/log/foreman-installer/foreman-proxy-content.log

3

I get the following error on client host:
/opt/puppetlabs/bin/puppet ssl bootstrap --verbose --config /etc/puppetlabs/puppet/puppet.conf
Debug: Facter: Resolving facts sequentially
Debug: Facter: resolving fact with user_query: networking.hostname
Debug: Facter: Searching fact: networking.hostname in file: networking.hostname.rb
Debug: Facter: Searching fact: networking.hostname in core facts and external facts
Debug: Facter: Loading all internal facts
Debug: Facter: List of resolvable facts: [#<Facter::SearchedFact:0x00007f0a57a111d0 @name=“networking.hostname”, @fact_class=Facts::Linux::Networking::Hostname, @user_query=“networking.hostname”, @type=:core, @file=nil>]
Debug: Facter: Tried to retrieve hostname and got: client_server_name
Debug: Facter: Only managed to read hostname: client_server_name, no domain was found.
Debug: Facter: Managed to read hostname: client_server_name and domain: verit.dnv.com
Debug: Facter: Loading external facts
Debug: Facter: fact “networking.hostname” has resolved to: client_server_name
Debug: Facter: resolving fact with user_query: networking.domain
Debug: Facter: Searching fact: networking.domain in file: networking.domain.rb
Debug: Facter: Searching fact: networking.domain in core facts and external facts
Debug: Facter: Loading all internal facts
Debug: Facter: List of resolvable facts: [#<Facter::SearchedFact:0x00007f0a587cede0 @name=“networking.domain”, @fact_class=Facts::Linux::Networking::Domain, @user_query=“networking.domain”, @type=:core, @file=nil>]
Debug: Facter: Loading external facts
Debug: Facter: fact “networking.domain” has resolved to: verit.dnv.com
Debug: Caching environment :production (ttl = 0 sec)
Debug: Evicting cache entry for environment :production
Debug: Deleted text domain :production: false
Debug: Caching environment :production (ttl = 0 sec)
Debug: Runtime environment: puppet_version=8.10.0, ruby_version=3.2.5, run_mode=agent, openssl_version=‘OpenSSL 3.0.15 3 Sep 2024’, openssl_fips=false, default_encoding=UTF-8
Debug: Applying settings catalog for sections main, agent
Debug: Using settings: adding file resource ‘confdir’: ‘File[/etc/puppetlabs/puppet]{:path=>“/etc/puppetlabs/puppet”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘codedir’: ‘File[/etc/puppetlabs/code]{:path=>“/etc/puppetlabs/code”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Could not find library ‘cfpropertylist’ required to enable feature ‘cfpropertylist’
Debug: Facter: resolving fact with user_query: os.name
Debug: Facter: Searching fact: os.name in file: os.name.rb
Debug: Facter: Searching fact: os.name in core facts and external facts
Debug: Facter: Loading all internal facts
Debug: Facter: List of resolvable facts: [#<Facter::SearchedFact:0x00007f0a58373bb0 @name=“os.name”, @fact_class=Facts::Rhel::Os::Name, @user_query=“os.name”, @type=:core, @file=nil>]
Debug: Facter: Loading external facts
Debug: Facter: fact “os.name” has resolved to: Rocky
Debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dsimport does not exist
Debug: Could not find library ‘ldap’ required to enable feature ‘ldap’
Debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
Debug: Puppet::Type::User::ProviderPw: file pw does not exist
Debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist
Debug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl does not exist
Debug: Puppet::Type::Group::ProviderLdap: feature ldap is missing
Debug: Puppet::Type::Group::ProviderPw: file pw does not exist
Debug: Using settings: adding file resource ‘vardir’: ‘File[/opt/puppetlabs/puppet/cache]{:path=>“/opt/puppetlabs/puppet/cache”, :owner=>“root”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘logdir’: ‘File[/var/log/puppetlabs/puppet]{:path=>“/var/log/puppetlabs/puppet”, :mode=>“750”, :owner=>“root”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘statedir’: ‘File[/opt/puppetlabs/puppet/cache/state]{:path=>“/opt/puppetlabs/puppet/cache/state”, :mode=>“1755”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘rundir’: ‘File[/var/run/puppetlabs]{:path=>“/var/run/puppetlabs”, :mode=>“755”, :owner=>“root”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘libdir’: ‘File[/opt/puppetlabs/puppet/cache/lib]{:path=>“/opt/puppetlabs/puppet/cache/lib”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘hiera_config’: ‘File[/etc/puppetlabs/puppet/hiera.yaml]{:path=>“/etc/puppetlabs/puppet/hiera.yaml”, :ensure=>:file, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘preview_outputdir’: ‘File[/opt/puppetlabs/puppet/cache/preview]{:path=>“/opt/puppetlabs/puppet/cache/preview”, :mode=>“750”, :owner=>“root”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘certdir’: ‘File[/etc/puppetlabs/puppet/ssl/certs]{:path=>“/etc/puppetlabs/puppet/ssl/certs”, :mode=>“755”, :owner=>“root”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘ssldir’: ‘File[/etc/puppetlabs/puppet/ssl]{:path=>“/etc/puppetlabs/puppet/ssl”, :mode=>“771”, :owner=>“root”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘publickeydir’: ‘File[/etc/puppetlabs/puppet/ssl/public_keys]{:path=>“/etc/puppetlabs/puppet/ssl/public_keys”, :mode=>“755”, :owner=>“root”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘requestdir’: ‘File[/etc/puppetlabs/puppet/ssl/certificate_requests]{:path=>“/etc/puppetlabs/puppet/ssl/certificate_requests”, :mode=>“755”, :owner=>“root”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘privatekeydir’: ‘File[/etc/puppetlabs/puppet/ssl/private_keys]{:path=>“/etc/puppetlabs/puppet/ssl/private_keys”, :mode=>“750”, :owner=>“root”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘privatedir’: ‘File[/etc/puppetlabs/puppet/ssl/private]{:path=>“/etc/puppetlabs/puppet/ssl/private”, :mode=>“750”, :owner=>“root”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘clientyamldir’: ‘File[/opt/puppetlabs/puppet/cache/client_yaml]{:path=>“/opt/puppetlabs/puppet/cache/client_yaml”, :mode=>“750”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘client_datadir’: ‘File[/opt/puppetlabs/puppet/cache/client_data]{:path=>“/opt/puppetlabs/puppet/cache/client_data”, :mode=>“750”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘deviceconfdir’: ‘File[/etc/puppetlabs/puppet/devices]{:path=>“/etc/puppetlabs/puppet/devices”, :mode=>“750”, :owner=>“root”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘clientbucketdir’: ‘File[/opt/puppetlabs/puppet/cache/clientbucket]{:path=>“/opt/puppetlabs/puppet/cache/clientbucket”, :mode=>“750”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘publicdir’: ‘File[/opt/puppetlabs/puppet/public]{:path=>“/opt/puppetlabs/puppet/public”, :mode=>“755”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘graphdir’: ‘File[/opt/puppetlabs/puppet/cache/state/graphs]{:path=>“/opt/puppetlabs/puppet/cache/state/graphs”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘pluginfactdest’: ‘File[/opt/puppetlabs/puppet/cache/facts.d]{:path=>“/opt/puppetlabs/puppet/cache/facts.d”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: Using settings: adding file resource ‘localedest’: ‘File[/opt/puppetlabs/puppet/cache/locales]{:path=>“/opt/puppetlabs/puppet/cache/locales”, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}’
Debug: /File[/etc/puppetlabs/puppet]/seluser: Found seluser default ‘system_u’ for /etc/puppetlabs/puppet
Debug: /File[/etc/puppetlabs/puppet]/selrole: Found selrole default ‘object_r’ for /etc/puppetlabs/puppet
Debug: /File[/etc/puppetlabs/puppet]/seltype: Found seltype default ‘puppet_etc_t’ for /etc/puppetlabs/puppet
Debug: /File[/etc/puppetlabs/puppet]/selrange: Found selrange default ‘s0’ for /etc/puppetlabs/puppet
Debug: /File[/etc/puppetlabs/code]/seluser: Found seluser default ‘system_u’ for /etc/puppetlabs/code
Debug: /File[/etc/puppetlabs/code]/selrole: Found selrole default ‘object_r’ for /etc/puppetlabs/code
Debug: /File[/etc/puppetlabs/code]/seltype: Found seltype default ‘puppet_etc_t’ for /etc/puppetlabs/code
Debug: /File[/etc/puppetlabs/code]/selrange: Found selrange default ‘s0’ for /etc/puppetlabs/code
Debug: /File[/opt/puppetlabs/puppet/cache]/seluser: Found seluser default ‘system_u’ for /opt/puppetlabs/puppet/cache
Debug: /File[/opt/puppetlabs/puppet/cache]/selrole: Found selrole default ‘object_r’ for /opt/puppetlabs/puppet/cache
Debug: /File[/opt/puppetlabs/puppet/cache]/seltype: Found seltype default ‘usr_t’ for /opt/puppetlabs/puppet/cache
Debug: /File[/opt/puppetlabs/puppet/cache]/selrange: Found selrange default ‘s0’ for /opt/puppetlabs/puppet/cache
Debug: /File[/var/log/puppetlabs/puppet]/seluser: Found seluser default ‘system_u’ for /var/log/puppetlabs/puppet
Debug: /File[/var/log/puppetlabs/puppet]/selrole: Found selrole default ‘object_r’ for /var/log/puppetlabs/puppet
Debug: /File[/var/log/puppetlabs/puppet]/seltype: Found seltype default ‘var_log_t’ for /var/log/puppetlabs/puppet
Debug: /File[/var/log/puppetlabs/puppet]/selrange: Found selrange default ‘s0’ for /var/log/puppetlabs/puppet
Debug: /File[/opt/puppetlabs/puppet/cache/state]/seluser: Found seluser default ‘system_u’ for /opt/puppetlabs/puppet/cache/state
Debug: /File[/opt/puppetlabs/puppet/cache/state]/selrole: Found selrole default ‘object_r’ for /opt/puppetlabs/puppet/cache/state
Debug: /File[/opt/puppetlabs/puppet/cache/state]/seltype: Found seltype default ‘usr_t’ for /opt/puppetlabs/puppet/cache/state
Debug: /File[/opt/puppetlabs/puppet/cache/state]/selrange: Found selrange default ‘s0’ for /opt/puppetlabs/puppet/cache/state
Debug: /File[/var/run/puppetlabs]/seluser: Found seluser default ‘system_u’ for /var/run/puppetlabs
Debug: /File[/var/run/puppetlabs]/selrole: Found selrole default ‘object_r’ for /var/run/puppetlabs
Debug: /File[/var/run/puppetlabs]/seltype: Found seltype default ‘var_run_t’ for /var/run/puppetlabs
Debug: /File[/var/run/puppetlabs]/selrange: Found selrange default ‘s0’ for /var/run/puppetlabs
Debug: /File[/opt/puppetlabs/puppet/cache/lib]/seluser: Found seluser default ‘system_u’ for /opt/puppetlabs/puppet/cache/lib
Debug: /File[/opt/puppetlabs/puppet/cache/lib]/selrole: Found selrole default ‘object_r’ for /opt/puppetlabs/puppet/cache/lib
Debug: /File[/opt/puppetlabs/puppet/cache/lib]/seltype: Found seltype default ‘lib_t’ for /opt/puppetlabs/puppet/cache/lib
Debug: /File[/opt/puppetlabs/puppet/cache/lib]/selrange: Found selrange default ‘s0’ for /opt/puppetlabs/puppet/cache/lib
Debug: /File[/etc/puppetlabs/puppet/hiera.yaml]/seluser: Found seluser default ‘system_u’ for /etc/puppetlabs/puppet/hiera.yaml
Debug: /File[/etc/puppetlabs/puppet/hiera.yaml]/selrole: Found selrole default ‘object_r’ for /etc/puppetlabs/puppet/hiera.yaml
Debug: /File[/etc/puppetlabs/puppet/hiera.yaml]/seltype: Found seltype default ‘puppet_etc_t’ for /etc/puppetlabs/puppet/hiera.yaml
Debug: /File[/etc/puppetlabs/puppet/hiera.yaml]/selrange: Found selrange default ‘s0’ for /etc/puppetlabs/puppet/hiera.yaml
Debug: /File[/opt/puppetlabs/puppet/cache/preview]/seluser: Found seluser default ‘system_u’ for /opt/puppetlabs/puppet/cache/preview
Debug: /File[/opt/puppetlabs/puppet/cache/preview]/selrole: Found selrole default ‘object_r’ for /opt/puppetlabs/puppet/cache/preview
Debug: /File[/opt/puppetlabs/puppet/cache/preview]/seltype: Found seltype default ‘usr_t’ for /opt/puppetlabs/puppet/cache/preview
Debug: /File[/opt/puppetlabs/puppet/cache/preview]/selrange: Found selrange default ‘s0’ for /opt/puppetlabs/puppet/cache/preview
Debug: /File[/etc/puppetlabs/puppet/ssl/certs]/seluser: Found seluser default ‘system_u’ for /etc/puppetlabs/puppet/ssl/certs
Debug: /File[/etc/puppetlabs/puppet/ssl/certs]/selrole: Found selrole default ‘object_r’ for /etc/puppetlabs/puppet/ssl/certs
Debug: /File[/etc/puppetlabs/puppet/ssl/certs]/seltype: Found seltype default ‘puppet_etc_t’ for /etc/puppetlabs/puppet/ssl/certs
Debug: /File[/etc/puppetlabs/puppet/ssl/certs]/selrange: Found selrange default ‘s0’ for /etc/puppetlabs/puppet/ssl/certs
Debug: /File[/etc/puppetlabs/puppet/ssl]/seluser: Found seluser default ‘system_u’ for /etc/puppetlabs/puppet/ssl
Debug: /File[/etc/puppetlabs/puppet/ssl]/selrole: Found selrole default ‘object_r’ for /etc/puppetlabs/puppet/ssl
Debug: /File[/etc/puppetlabs/puppet/ssl]/seltype: Found seltype default ‘puppet_etc_t’ for /etc/puppetlabs/puppet/ssl
Debug: /File[/etc/puppetlabs/puppet/ssl]/selrange: Found selrange default ‘s0’ for /etc/puppetlabs/puppet/ssl
Debug: /File[/etc/puppetlabs/puppet/ssl/public_keys]/seluser: Found seluser default ‘system_u’ for /etc/puppetlabs/puppet/ssl/public_keys
Debug: /File[/etc/puppetlabs/puppet/ssl/public_keys]/selrole: Found selrole default ‘object_r’ for /etc/puppetlabs/puppet/ssl/public_keys
Debug: /File[/etc/puppetlabs/puppet/ssl/public_keys]/seltype: Found seltype default ‘puppet_etc_t’ for /etc/puppetlabs/puppet/ssl/public_keys
Debug: /File[/etc/puppetlabs/puppet/ssl/public_keys]/selrange: Found selrange default ‘s0’ for /etc/puppetlabs/puppet/ssl/public_keys
Debug: /File[/etc/puppetlabs/puppet/ssl/certificate_requests]/seluser: Found seluser default ‘system_u’ for /etc/puppetlabs/puppet/ssl/certificate_requests
Debug: /File[/etc/puppetlabs/puppet/ssl/certificate_requests]/selrole: Found selrole default ‘object_r’ for /etc/puppetlabs/puppet/ssl/certificate_requests
Debug: /File[/etc/puppetlabs/puppet/ssl/certificate_requests]/seltype: Found seltype default ‘puppet_etc_t’ for /etc/puppetlabs/puppet/ssl/certificate_requests
Debug: /File[/etc/puppetlabs/puppet/ssl/certificate_requests]/selrange: Found selrange default ‘s0’ for /etc/puppetlabs/puppet/ssl/certificate_requests
Debug: /File[/etc/puppetlabs/puppet/ssl/private_keys]/seluser: Found seluser default ‘system_u’ for /etc/puppetlabs/puppet/ssl/private_keys
Debug: /File[/etc/puppetlabs/puppet/ssl/private_keys]/selrole: Found selrole default ‘object_r’ for /etc/puppetlabs/puppet/ssl/private_keys
Debug: /File[/etc/puppetlabs/puppet/ssl/private_keys]/seltype: Found seltype default ‘puppet_etc_t’ for /etc/puppetlabs/puppet/ssl/private_keys
Debug: /File[/etc/puppetlabs/puppet/ssl/private_keys]/selrange: Found selrange default ‘s0’ for /etc/puppetlabs/puppet/ssl/private_keys
Debug: /File[/etc/puppetlabs/puppet/ssl/private]/seluser: Found seluser default ‘system_u’ for /etc/puppetlabs/puppet/ssl/private
Debug: /File[/etc/puppetlabs/puppet/ssl/private]/selrole: Found selrole default ‘object_r’ for /etc/puppetlabs/puppet/ssl/private
Debug: /File[/etc/puppetlabs/puppet/ssl/private]/seltype: Found seltype default ‘puppet_etc_t’ for /etc/puppetlabs/puppet/ssl/private
Debug: /File[/etc/puppetlabs/puppet/ssl/private]/selrange: Found selrange default ‘s0’ for /etc/puppetlabs/puppet/ssl/private
Debug: /File[/opt/puppetlabs/puppet/cache/client_yaml]/seluser: Found seluser default ‘system_u’ for /opt/puppetlabs/puppet/cache/client_yaml
Debug: /File[/opt/puppetlabs/puppet/cache/client_yaml]/selrole: Found selrole default ‘object_r’ for /opt/puppetlabs/puppet/cache/client_yaml
Debug: /File[/opt/puppetlabs/puppet/cache/client_yaml]/seltype: Found seltype default ‘usr_t’ for /opt/puppetlabs/puppet/cache/client_yaml
Debug: /File[/opt/puppetlabs/puppet/cache/client_yaml]/selrange: Found selrange default ‘s0’ for /opt/puppetlabs/puppet/cache/client_yaml
Debug: /File[/opt/puppetlabs/puppet/cache/client_data]/seluser: Found seluser default ‘system_u’ for /opt/puppetlabs/puppet/cache/client_data
Debug: /File[/opt/puppetlabs/puppet/cache/client_data]/selrole: Found selrole default ‘object_r’ for /opt/puppetlabs/puppet/cache/client_data
Debug: /File[/opt/puppetlabs/puppet/cache/client_data]/seltype: Found seltype default ‘usr_t’ for /opt/puppetlabs/puppet/cache/client_data
Debug: /File[/opt/puppetlabs/puppet/cache/client_data]/selrange: Found selrange default ‘s0’ for /opt/puppetlabs/puppet/cache/client_data
Debug: /File[/etc/puppetlabs/puppet/devices]/seluser: Found seluser default ‘system_u’ for /etc/puppetlabs/puppet/devices
Debug: /File[/etc/puppetlabs/puppet/devices]/selrole: Found selrole default ‘object_r’ for /etc/puppetlabs/puppet/devices
Debug: /File[/etc/puppetlabs/puppet/devices]/seltype: Found seltype default ‘puppet_etc_t’ for /etc/puppetlabs/puppet/devices
Debug: /File[/etc/puppetlabs/puppet/devices]/selrange: Found selrange default ‘s0’ for /etc/puppetlabs/puppet/devices
Debug: /File[/opt/puppetlabs/puppet/cache/clientbucket]/seluser: Found seluser default ‘system_u’ for /opt/puppetlabs/puppet/cache/clientbucket
Debug: /File[/opt/puppetlabs/puppet/cache/clientbucket]/selrole: Found selrole default ‘object_r’ for /opt/puppetlabs/puppet/cache/clientbucket
Debug: /File[/opt/puppetlabs/puppet/cache/clientbucket]/seltype: Found seltype default ‘usr_t’ for /opt/puppetlabs/puppet/cache/clientbucket
Debug: /File[/opt/puppetlabs/puppet/cache/clientbucket]/selrange: Found selrange default ‘s0’ for /opt/puppetlabs/puppet/cache/clientbucket
Debug: /File[/opt/puppetlabs/puppet/public]/seluser: Found seluser default ‘system_u’ for /opt/puppetlabs/puppet/public
Debug: /File[/opt/puppetlabs/puppet/public]/selrole: Found selrole default ‘object_r’ for /opt/puppetlabs/puppet/public
Debug: /File[/opt/puppetlabs/puppet/public]/seltype: Found seltype default ‘usr_t’ for /opt/puppetlabs/puppet/public
Debug: /File[/opt/puppetlabs/puppet/public]/selrange: Found selrange default ‘s0’ for /opt/puppetlabs/puppet/public
Debug: /File[/opt/puppetlabs/puppet/cache/state/graphs]/seluser: Found seluser default ‘system_u’ for /opt/puppetlabs/puppet/cache/state/graphs
Debug: /File[/opt/puppetlabs/puppet/cache/state/graphs]/selrole: Found selrole default ‘object_r’ for /opt/puppetlabs/puppet/cache/state/graphs
Debug: /File[/opt/puppetlabs/puppet/cache/state/graphs]/seltype: Found seltype default ‘usr_t’ for /opt/puppetlabs/puppet/cache/state/graphs
Debug: /File[/opt/puppetlabs/puppet/cache/state/graphs]/selrange: Found selrange default ‘s0’ for /opt/puppetlabs/puppet/cache/state/graphs
Debug: /File[/opt/puppetlabs/puppet/cache/facts.d]/seluser: Found seluser default ‘system_u’ for /opt/puppetlabs/puppet/cache/facts.d
Debug: /File[/opt/puppetlabs/puppet/cache/facts.d]/selrole: Found selrole default ‘object_r’ for /opt/puppetlabs/puppet/cache/facts.d
Debug: /File[/opt/puppetlabs/puppet/cache/facts.d]/seltype: Found seltype default ‘usr_t’ for /opt/puppetlabs/puppet/cache/facts.d
Debug: /File[/opt/puppetlabs/puppet/cache/facts.d]/selrange: Found selrange default ‘s0’ for /opt/puppetlabs/puppet/cache/facts.d
Debug: /File[/opt/puppetlabs/puppet/cache/locales]/seluser: Found seluser default ‘system_u’ for /opt/puppetlabs/puppet/cache/locales
Debug: /File[/opt/puppetlabs/puppet/cache/locales]/selrole: Found selrole default ‘object_r’ for /opt/puppetlabs/puppet/cache/locales
Debug: /File[/opt/puppetlabs/puppet/cache/locales]/seltype: Found seltype default ‘usr_t’ for /opt/puppetlabs/puppet/cache/locales
Debug: /File[/opt/puppetlabs/puppet/cache/locales]/selrange: Found selrange default ‘s0’ for /opt/puppetlabs/puppet/cache/locales
Debug: /File[/opt/puppetlabs/puppet/cache/state]: Adding autorequire relationship with File[/opt/puppetlabs/puppet/cache]
Debug: /File[/opt/puppetlabs/puppet/cache/lib]: Adding autorequire relationship with File[/opt/puppetlabs/puppet/cache]
Debug: /File[/etc/puppetlabs/puppet/hiera.yaml]: Adding autorequire relationship with File[/etc/puppetlabs/puppet]
Debug: /File[/opt/puppetlabs/puppet/cache/preview]: Adding autorequire relationship with File[/opt/puppetlabs/puppet/cache]
Debug: /File[/etc/puppetlabs/puppet/ssl/certs]: Adding autorequire relationship with File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl]: Adding autorequire relationship with File[/etc/puppetlabs/puppet]
Debug: /File[/etc/puppetlabs/puppet/ssl/public_keys]: Adding autorequire relationship with File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl/certificate_requests]: Adding autorequire relationship with File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl/private_keys]: Adding autorequire relationship with File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl/private]: Adding autorequire relationship with File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/opt/puppetlabs/puppet/cache/client_yaml]: Adding autorequire relationship with File[/opt/puppetlabs/puppet/cache]
Debug: /File[/opt/puppetlabs/puppet/cache/client_data]: Adding autorequire relationship with File[/opt/puppetlabs/puppet/cache]
Debug: /File[/etc/puppetlabs/puppet/devices]: Adding autorequire relationship with File[/etc/puppetlabs/puppet]
Debug: /File[/opt/puppetlabs/puppet/cache/clientbucket]: Adding autorequire relationship with File[/opt/puppetlabs/puppet/cache]
Debug: /File[/opt/puppetlabs/puppet/cache/state/graphs]: Adding autorequire relationship with File[/opt/puppetlabs/puppet/cache/state]
Debug: /File[/opt/puppetlabs/puppet/cache/facts.d]: Adding autorequire relationship with File[/opt/puppetlabs/puppet/cache]
Debug: /File[/opt/puppetlabs/puppet/cache/locales]: Adding autorequire relationship with File[/opt/puppetlabs/puppet/cache]
Debug: Finishing transaction 11220
Debug: Loading CA certs
Debug: Resolving service ‘ca’ using Puppet::HTTP::Resolver::Settings
Debug: Creating new connection for https://FQDN_of_the_Foreman_main_server:8140
Debug: Starting connection for https://FQDN_of_the_Foreman_main_server:8140
Debug: Using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256
Debug: Closing connection for https://FQDN_of_the_Foreman_main_server:8140
Debug: Resolved service ‘ca’ to https://FQDN_of_the_Foreman_main_server:8140/puppet-ca/v1
Debug: Creating new connection for https://FQDN_of_the_Foreman_main_server:8140
Debug: Starting connection for https://FQDN_of_the_Foreman_main_server:8140
Debug: Using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256
Debug: HTTP GET https://FQDN_of_the_Foreman_main_server:8140/puppet-ca/v1/certificate/ca returned 404 Not Found
Debug: Closing connection for https://FQDN_of_the_Foreman_main_server:8140
Error: CA certificate is missing from the server
Info: Will try again in 120 seconds.
Error: Could not run: