I recently updated Katello to 2.2 and Foreman now to 1.8.1, and it appears
somewhere in the upgrade that Puppet now cannot contact Foreman:
> [root@virt5 ~]# puppet agent --test
info: Retrieving plugin
<snipped>
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Failed when searching for node virt5.domain.com: Failed to find
> virt5.domain.com via exec: Execution of '/etc/puppet/node.rb
> virt5.domain.com' returned 1:
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
> When running the same command on my puppetmaster I see:
> [root@foreman certs]# /etc/puppet/node.rb virt5.domain.com
> Could not send facts to Foreman: SSL_connect returned=1 errno=0
> state=SSLv3 read server session ticket A: tlsv1 alert unknown ca
Per suggestion
(http://serverfault.com/questions/693668/puppet-unable-to-send-facts-to-foreman-tlsv1-alert-unknown-ca/693762#693762)
- I verified that the certificates in place for Foreman to use are being
referenced by Puppet
> [root@foreman puppet]# cat foreman.yaml
>
> —
>
> :url: "https://foreman.domain.com"
>
> :ssl_ca: "/etc/puppet/katello-default-ca.crt"
>
> :ssl_cert: "/etc/puppet/foreman.crt"
>
> :ssl_key: "/etc/puppet/foreman.key"
>
> :user: ""
>
> :password: ""
>
> :puppetdir: "/var/lib/puppet"
>
> :puppetuser: "puppet"
>
> :facts: true
>
> :timeout: 60
>
> :threads: null
>
>
> I can also curl the Foreman webpage directly, although I know that uses
different cert trust mechanisms
> [root@foreman puppet]# curl https://foreman.domain.com
> <html><body>You are being <a
> href="https://foreman.domain.com/users/login">redirected</a>.</body></html>[root@foreman
> puppet]#
Any help with this would be greatly appreciated. Thanks!