Bug #13522

Error 406 loading Puppet CA certificate list on Puppet 4 due to PATH difference

Added by Choon Ming Goh over 3 years ago. Updated about 1 year ago.

Target version:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:


I'm currently running smart proxy from source with foreman 1.10. It is unable to list all the puppet certificates on the foreman dashboard. It returns error 406 on the /GET request.

D, [2016-02-02T12:43:15.849720 #5933] DEBUG -- : accept:
D, [2016-02-02T12:43:15.850991 #5933] DEBUG -- : Rack::Handler::WEBrick is invoked.
D, [2016-02-02T12:43:15.856388 #5933] DEBUG -- : verifying remote client against trusted_hosts ["master.olindata.vm"]
D, [2016-02-02T12:43:15.858154 #5933] DEBUG -- : Found puppetca at /opt/smart-proxy/vendor/ruby/bin/puppet
D, [2016-02-02T12:43:15.858351 #5933] DEBUG -- : Found sudo at /usr/bin/sudo
D, [2016-02-02T12:43:15.858390 #5933] DEBUG -- : Executing /usr/bin/sudo -S /opt/smart-proxy/vendor/ruby/bin/puppet cert --ssldir /etc/puppetlabs/puppet/ssl --list --all
W, [2016-02-02T12:43:15.896385 #5933]  WARN -- : Failed to run puppetca:
E, [2016-02-02T12:43:15.896825 #5933] ERROR -- : Failed to list certificates: Execution of puppetca failed, check log files
I, [2016-02-02T12:43:15.897933 #5933]  INFO -- : - - [02/Feb/2016 12:43:15] "GET /puppet/ca HTTP/1.1" 406 74 0.0418

The code below ought to fix it:

diff --git a/modules/puppetca/puppetca_main.rb b/modules/puppetca/puppetca_main.rb
index 228bb95..3e75456 100644
--- a/modules/puppetca/puppetca_main.rb
+++ b/modules/puppetca/puppetca_main.rb
@@ -103,7 +103,7 @@ module Proxy::PuppetCa
         raise "SSL/CA unavailable on this machine" 

-      default_path = ["/opt/puppet/bin", "/opt/puppet/sbin"]
+      default_path = "/opt/puppetlabs/bin" 

       # puppetca is the old method of using puppet cert which is new in puppet 2.6
       if Puppet::PUPPETVERSION.to_i < 3

Associated revisions

Revision 9bd44701 (diff)
Added by Goh Choon Ming over 3 years ago

fixes #13522 - add correct path to puppet binary

Puppet 4 AIO uses /opt/puppetlabs/bin to store the puppet executable


#1 Updated by Dominic Cleal over 3 years ago

  • Subject changed from Puppet 4: smart proxy's puppetca returning error 406 to Error 406 loading Puppet CA certificate list on Puppet 4 due to PATH difference
  • Category set to Puppet

If you'd like to get your patch in, please follow the steps at to submit it (though the instructions for setting up Foreman are mostly irrelevant for the smart proxy). Feel free to stop by the foreman-dev mailing list or IRC channel if you'd like more help ( is another useful resource for general coding styles etc.

I'd suggest having your patch append to the existing list of possible paths instead of replacing them entirely.

#2 Updated by The Foreman Bot over 3 years ago

  • Status changed from New to Ready For Testing
  • Pull request added

#3 Updated by Anonymous over 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#4 Updated by Dominic Cleal over 3 years ago

  • Legacy Backlogs Release (now unused) set to 123

Also available in: Atom PDF