Re-posting this as I accidentally put it in the wrong category and don’t seem to be able to move it.
I cannot get the node.rb Puppet ENC to work on a new installation. It’s giving SSL errors due to using the wrong client cert. foreman.yaml is referencing Puppet CA signed cert.
/etc/puppetlabs/puppetserver/ca/ca_crt.pem
Looking at an older (working) installation I see it’s using the Katello CA, which makes sense as that’s what it’s authenticating against.
/etc/pki/katello/puppet/puppet_client_ca.crt
So I could use the installer params to change the reference
--puppet-server-foreman-ssl-*
But my installation is not created a key and cert in that directory. So I’m a bit stuck, I can’t see a param to pass to the installer to force creation of that key/cert. Only way forward I can see is to manually create the key and sign with the Katello CA. But surely the installer should handle that?
This is how I’m calling the installer
foreman-installer \
--scenario katello \
--tuning development \
--enable-foreman-plugin-puppet \
--foreman-initial-admin-password XXXX \
--foreman-initial-organization "CTO" \
--foreman-initial-location "EUW2" \
--certs-cname ha-sat.eu-west-2.compute.internal \
--enable-puppet \
--enable-foreman-proxy \
--puppet-server true \
--foreman-proxy-puppet true \
--foreman-proxy-puppetca true \
--puppet-autosign-entries '*.eu-west-2.compute.internal'`
Foreman: 3.4
Katello: 4.6