I recently updated Katello to 2.2 and Foreman now to 1.8.1, and it appears
somewhere in the upgrade that Puppet now cannot contact Foreman:
> [root@virt5 ~]# puppet agent --test
info: Retrieving plugin
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Failed when searching for node virt5.domain.com: Failed to find
> virt5.domain.com via exec: Execution of '/etc/puppet/node.rb
> virt5.domain.com' returned 1:
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
> When running the same command on my puppetmaster I see:
> [root@foreman certs]# /etc/puppet/node.rb virt5.domain.com
> Could not send facts to Foreman: SSL_connect returned=1 errno=0
> state=SSLv3 read server session ticket A: tlsv1 alert unknown ca
- I verified that the certificates in place for Foreman to use are being
referenced by Puppet
> [root@foreman puppet]# cat foreman.yaml
> :url: "https://foreman.domain.com"
> :ssl_ca: "/etc/puppet/katello-default-ca.crt"
> :ssl_cert: "/etc/puppet/foreman.crt"
> :ssl_key: "/etc/puppet/foreman.key"
> :user: ""
> :password: ""
> :puppetdir: "/var/lib/puppet"
> :puppetuser: "puppet"
> :facts: true
> :timeout: 60
> :threads: null
> I can also curl the Foreman webpage directly, although I know that uses
different cert trust mechanisms
Any help with this would be greatly appreciated. Thanks!