PuppetCA foreman proxy disabled beacuse of autosign issue

Ade · December 21, 2018, 2:17pm

**Problem:Foreman-Proxy puppetCA module does not load due to :autosignfile: feature in puppetca.yml

**Expected outcome:Foreman-Proxy should work with the :autosignfile: feature as described in the documentation

**Foreman and Proxy versions:*Foreman -Version 1.20.1, Foreman-proxy 1.20.1

Foreman and Proxy plugin versions:

Other relevant data:
cat /var/log/foreman-proxy/proxy.log|head -n 10
2018-12-21T16:08:17 [E] Disabling all modules in the group [‘puppetca_hostname_whitelisting’, ‘puppetca’] due to a failure in one of them: Provider ‘puppetca_hostname_whitelisting’ settings conflict with the main plugin’s settings: [:autosignfile]

cat /etc/foreman-proxy/settings.d/puppetca.yml

# PuppetCA management
:enabled: https
:ssldir: /etc/puppetlabs/puppet/ssl
:autosignfile: /etc/puppetlabs/puppet/autosign.conf

logs

Ade · December 21, 2018, 2:24pm

I followed the guide: https://www.theforeman.org/manuals/1.20/index.html#4.3.7PuppetCA

It seems that on the foreman-proxy you can configure in puppetca.yml (:use_provider: puppetca_hostname_whitelisting) and configure the autosingfile in puppetca_hostname_whitelisting.yml not in puppetca.yml.

This approach seems to work, I`ll test it to see if the autosign.conf file will be generated on the PuppetCA for the new provisioned host.

Will come back later with more info

ekohl · December 30, 2018, 4:14pm

You’re right that the guide is outdated. This changed in 1.19.0 but we failed to update the docs. I suppose most people use the installer instead.

TimoGoebel · January 7, 2019, 1:52pm

@Ade: Do you mind updating our docs? They’re on github: https://github.com/theforeman/theforeman.org/blob/gh-pages/_includes/manuals/1.20/4.3.7_smartproxy_puppetca.md

That would help a lot. Thank you.

tck-lt · January 8, 2019, 3:55pm

Ade, thanks for the tip.

After foreman upgrade (?), PuppetCA didn’t start because value if autosignfile parameter was empty in puppetca_hostname_whitelisting.yml:

:autosignfile:

I set a file path to this parameter and starting PuppetCA is OK.

Dirk · January 8, 2019, 4:24pm

I have created a pull-request to update the manual

Ade · January 9, 2019, 6:35pm

Hi,

Sorry I saw the email too late, I’ve noticed Dirk already updated them.

Let me know if I can help with anything else.

Cheers,
Ade