Hi,
…snip
Processing UnattendedController#provision (for 10.10.11.237 at
2011-07-06 23:00:19) [GET]
Found XXX.fasel.at
DEPRECATION WARNING* Managing Puppet CA without a smart-proxy will
not be supported in the next release
PuppetCA: SSL/CA or puppetca unavailable on this machine
Filter chain halted as [:handle_ca] rendered_or_redirected.
Completed in 8ms (View: 0, DB: 2) | 200 OK [http://10.10.11.233/
unattended/provision]
snap…
The resulting resulting kickstart contains the following:
"Failed to clean any old certificates or add the autosign entry.
Terminating the build!"
and anaconda bails out.
I run the puppetmaster on OS-X with puppet installed as a gem.
puppetca resides at /usr/bin/puppetca. I think The foreman has
hardcoded /usr/sbin/puppetca.
Should it be configurable ?
For the moment I am mainly interested in the unattended features of
The Foreman, so is it possible to turn off the puppet things ? But
also if I want to use puppet with The Foreman (I eventually will) is
it possible to turn off the autosign stuff ?
– Markus
> Hi,
>
> …snip
> Processing UnattendedController#provision (for 10.10.11.237 at
> 2011-07-06 23:00:19) [GET]
> Found XXX.fasel.at
> DEPRECATION WARNING* Managing Puppet CA without a smart-proxy will
> not be supported in the next release
> PuppetCA: SSL/CA or puppetca unavailable on this machine
> Filter chain halted as [:handle_ca] rendered_or_redirected.
> Completed in 8ms (View: 0, DB: 2) | 200 OK [http://10.10.11.233/
> unattended/provision]
> snap…
>
> The resulting resulting kickstart contains the following:
> "Failed to clean any old certificates or add the autosign entry.
> Terminating the build!"
>
> and anaconda bails out.
>
> I run the puppetmaster on OS-X with puppet installed as a gem.
> puppetca resides at /usr/bin/puppetca. I think The foreman has
> hardcoded /usr/sbin/puppetca.
> Should it be configurable ?
>
> it is, if you use a smart proxy, (you are still using the legacy way which
would be removed real soon).
> For the moment I am mainly interested in the unattended features of
> The Foreman, so is it possible to turn off the puppet things ? But
> also if I want to use puppet with The Foreman (I eventually will) is
> it possible to turn off the autosign stuff ?
>
You can probably hack two things:
- link puppetca (if he cant find it, but afaik, foreman is smart enough to
find it in your path).
- ensure that foreman user can write to /etc/puppet/autosign.conf
I guess we can support that too, its probably easy to add it as a
configurable option, please open a new feature request.
Ohad
···
On Tue, Jul 12, 2011 at 2:56 PM, Markus Falb wrote:
– Markus
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
I did a feature request
http://theforeman.org/issues/1043
– Thanks, Markus
PGP.sig (243 Bytes)
···
On 12.Jul.2011, at 14:14, Ohad Levy wrote:
On Tue, Jul 12, 2011 at 2:56 PM, Markus Falb wnefal@gmail.com wrote:
Hi,
…snip
Processing UnattendedController#provision (for 10.10.11.237 at
2011-07-06 23:00:19) [GET]
Found XXX.fasel.at
DEPRECATION WARNING* Managing Puppet CA without a smart-proxy will
not be supported in the next release
PuppetCA: SSL/CA or puppetca unavailable on this machine
Filter chain halted as [:handle_ca] rendered_or_redirected.
Completed in 8ms (View: 0, DB: 2) | 200 OK [http://10.10.11.233/
unattended/provision]
snap…
The resulting resulting kickstart contains the following:
“Failed to clean any old certificates or add the autosign entry.
Terminating the build!”
and anaconda bails out.
I run the puppetmaster on OS-X with puppet installed as a gem.
puppetca resides at /usr/bin/puppetca. I think The foreman has
hardcoded /usr/sbin/puppetca.
Should it be configurable ?
it is, if you use a smart proxy, (you are still using the legacy way which would be removed real soon).
For the moment I am mainly interested in the unattended features of
The Foreman, so is it possible to turn off the puppet things ? But
also if I want to use puppet with The Foreman (I eventually will) is
it possible to turn off the autosign stuff ?
You can probably hack two things:
- link puppetca (if he cant find it, but afaik, foreman is smart enough to find it in your path).
- ensure that foreman user can write to /etc/puppet/autosign.conf
I guess we can support that too, its probably easy to add it as a configurable option, please open a new feature request.
