Hi Nikolay,
> I have upgraded Foreman and Foreman-Proxy to 1.1. I've used to have a
> working SSL setup with the old version but not I can't connect to
> Foreman-Proxy.
>
> Unable to communicate with the proxy: SSL_CTX_use_PrivateKey:: key
> values mismatch
I've seen similar errors when the app is unable to read its key and/or
certificate. This error looks like it's being shown in the Foreman UI,
so begin with More->Settings->Provisioning and check that the paths of
ssl_ca_file, ssl_priv_key and ssl_certificate are all accessible to the
"foreman" user.
Particularly check the priv key file and its parent directory, since
Puppet usually restricts it to 0700. You can change this with two lines
in puppet.conf, scroll down a bit on this link for them:
http://theforeman.org/manuals/1.1/index.html#5.4.2SecuringSmartProxyRequests
So that's a connection error from Foreman to the proxy.
> [root@is-puppet-t01 foreman-proxy]# sudo -u puppet /etc/puppet/node.rb
> puppetmaster.host.com
> Error retrieving node pupetmaster.host.com: Net::HTTPForbidden
This is different, it's an error from the puppetmaster to Foreman. Can
you check /var/log/foreman/production.log for errors?
You should see a request to /node/puppetmaster.host.com in the log file
and there will be a line beneath it saying why it's been refused.
···
On 08/03/13 00:47, Nikolay Georgieff wrote:–
Dominic Cleal
Red Hat Engineering