Let me preface this with a disclaimer: I dont know if this is related to foreman or not.
After setting up Foreman with a Standalone Puppet Master (as CA) everything is working fine for existing nodes, they are reporting and facts are both going to Foreman.
What is going on now is I cannot add any new hosts. They are failing to get a ssl cert from the puppet master and I cannot figure out why!
From agent, after cleaning all ssl certs in both sides (puppet master and node), I get this:
[root@myhost ssl]# puppet agent -t
Info: Creating a new SSL key for myhost.domain.com
Error: Could not request certificate: No content type in http response; cannot parse
Exiting; failed to retrieve certificate and waitforcert is disabled
Puppet Master access log:
10.64.80.235 - - [04/Nov/2019:15:39:54 +0800] "GET /puppet-ca/v1/certificate/ca?environment=production&fail_on_404=true HTTP/1.1" 404 0 "-" "Puppet/5.5.2 Ruby/2.4.4-p296 (x86_64-linux)" 0
10.64.80.235 - - [04/Nov/2019:15:41:54 +0800] "GET /puppet-ca/v1/certificate/ca?environment=production&fail_on_404=true HTTP/1.1" 404 0 "-" "Puppet/5.5.2 Ruby/2.4.4-p296 (x86_64-linux)" 1
Has anyone come across this before?
My puppet.conf looks like this:
[main]
basemodulepath = /etc/puppetlabs/code/environments/common:/etc/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules:/usr/share/puppet/modules
certname = puppet.domain
codedir = /etc/puppetlabs/code
environmentpath = /etc/puppetlabs/code/environments
hiera_config = $confdir/hiera.yaml
hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
logdir = /var/log/puppetlabs/puppet
pluginfactsource = puppet:///pluginfacts
pluginsource = puppet:///plugins
privatekeydir = $ssldir/private_keys { group = service }
reports = foreman
rundir = /var/run/puppetlabs
server = puppet.domain
show_diff = false
ssldir = /etc/puppetlabs/puppet/ssl
vardir = /opt/puppetlabs/puppet/cache
[agent]
classfile = $statedir/classes.txt
default_schedules = false
environment = production
listen = false
localconfig = $vardir/localconfig
masterport = 8140
noop = false
report = true
runinterval = 1800
splay = false
splaylimit = 1800
usecacheonfailure = true
[master]
autosign = /etc/puppetlabs/puppet/autosign.conf { mode = 0664 }
ca = true
certname = puppet.domain
external_nodes = /etc/puppetlabs/puppet/node.rb
logdir = /var/log/puppetlabs/puppetserver
node_terminus = exec
parser = current
rundir = /var/run/puppetlabs/puppetserver
ssldir = /etc/puppetlabs/puppet/ssl
strict_variables = false
vardir = /opt/puppetlabs/server/data/puppetserver
One thing I did notice was this:
autosign = /etc/puppetlabs/puppet/autosign.conf { mode = 0664 }
That file does not exist, I am not sure where that value came from, I changed it to ‘false’ but that didnt make any difference.
Thanks in advance if there is someone that knows what is going on here, I’ve been at it for a day now it has me boggled!