The empty value on the right is probably the issue here, I think you
need to check the settings specified in foreman.rb. There should be
$foreman_ssl* settings in the file, which will need initialising to a
key, certificate and CA that you want to use for SSL.
If you're using your existing Puppet CA, then the key + cert settings
can be the puppetmaster host's own key and cert, e.g.
$foreman_ssl_cert = "/var/lib/puppet/ssl/certs/FQDN.pem"
$foreman_ssl_key = "/var/lib/puppet/ssl/private_keys/FQDN.pem"
Then the CA setting should reference the CA that your Foreman host's
HTTPS cert is signed by. If it's a Puppet signed cert again, then point
to your Puppet CA:
$foreman_ssl_ca = "/var/lib/puppet/ssl/certs/ca.pem"
Else point to a copy of the CA you used (e.g. a corporate one).
···
On 26/02/13 13:03, Peter Van Biesen wrote:
> Hi,
>
> we've been running foreman and the puppetmaster on separate machines for
> a while. I now wanted to enable ssl on foreman so I set it up using
> apache and passenger. The dashboard is working perfectly, but the
> puppetmaster doesn't seem to be able to send the reports through to
> Foreman. The error I get in the puppetmaster log is :
>
> Feb 26 13:51:07 vbxl075 puppet-master[15688]: Report processor failed:
> Could not send report to Foreman at
> https://foreman.service.vaph.be:3001/reports/create?format=yml: No such
> file or directory -
> Feb 26 13:51:08 vbxl075 puppet-master[15688]: Report processor failed:
> Could not send report to Foreman at
> https://foreman.service.vaph.be:3001/reports/create?format=yml: No such
> file or directory -
–
Dominic Cleal
Red Hat Engineering
Right, you're spot on. Don't worry about a ticket, I've submitted a fix
to allow either nil or empty strings:
https://github.com/theforeman/puppet-foreman/pull/44
Thanks!
···
--
Dominic Cleal
Red Hat Engineering
On 26/02/13 14:02, Peter Van Biesen wrote:
Thanks for the response. I found the problem in the meantime. Foreman.rb
seems to be wrong. It seems that the empty string does not evaluate to
false, so the code would look for certificate files I did not specify.
The code :
if $foreman_ssl_cert
http.cert =
OpenSSL::X509::Certificate.new(File.read($foreman_ssl_cert))
http.key =
OpenSSL::PKey::RSA.new(File.read($foreman_ssl_key), nil)
end
One would assume that if foreman_ssl_cert = “” the else part would be
taken, but the empty string is actually TRUE so an error occurs.
So one does not want to supply a client certificate or ca, the values
should be set to NIL instead of the empty string. Or the condition
should check for the empty string.
Should I open an issue ?
Kindest regards,
Peter.
IK GA ERVOOR
Een zorgjob. Da’s werken met je hoofd, handen en hart.
http://www.ikgaervoor.be http://www.ikgaervoor.be/
DISCLAIMER :
De personeelsleden van het agentschap doen hun best om in e-mails
betrouwbare informatie te geven. Toch kan niemand rechten doen gelden op
basis van deze inhoud. Als in de e-mail een stellingname voorkomt, is
dat niet noodzakelijk het standpunt van het agentschap. Rechtsgeldige
beslissingen of officiele standpunten worden alleen per brief toegestuurd.
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
