Bug #15152
closedInstaller ignores foreman-proxy-foreman-ssl-* options
Description
foreman-installer seems to be ignoring these options:
--foreman-proxy-foreman-ssl-cert=/var/lib/puppet/ssl/certs/<some-hostname>.pem \
--foreman-proxy-foreman-ssl-key=/var/lib/puppet/ssl/private_keys/<some-hostname>.pem
and uses FQDN of the host where installer runs instead. The actual files specified above do exist and the paths are correct.
Updated by Konstantin Orekhov almost 8 years ago
1.11.2 is affected too. I think I saw that in 1.10.2 as well, but can't be 100% sure at this point.
Updated by Dominic Cleal almost 8 years ago
- Status changed from New to Need more information
How are you checking exactly? What error are you seeing?
Updated by Konstantin Orekhov almost 8 years ago
Yes, you're correct once again - I was trying to change the wrong things. The ones above are correctly updated in /etc/foreman-proxy/settings.yml.
What I'm trying to do is to update these Foreman settings:
[root@spc03 ~]# curl -kSs -H "Content-type:application/json" -u admin:$FOREMAN_PASSWORD -X GET https://$FOREMAN_EP/api/settings/ssl_certificate | jq '.'
{
"value": "/var/lib/puppet/ssl/certs/spc.vip.domain.com.pem",
"description": "SSL Certificate path that Foreman would use to communicate with its proxies",
"category": "Setting::Auth",
"settings_type": "string",
"default": "/var/lib/puppet/ssl/certs/spc01.syd.domain.pem",
"created_at": "2016-01-27 00:08:34 UTC",
"updated_at": "2016-05-24 21:30:07 UTC",
"id": 20,
"name": "ssl_certificate"
}
[root@spc03 ~]# curl -kSs -H "Content-type:application/json" -u admin:$FOREMAN_PASSWORD -X GET https://$FOREMAN_EP/api/settings/ssl_priv_key | jq '.'
{
"value": "/var/lib/puppet/ssl/private_keys/spc.vip.domain.com.pem",
"description": "SSL Private Key file that Foreman will use to communicate with its proxies",
"category": "Setting::Auth",
"settings_type": "string",
"default": "/var/lib/puppet/ssl/private_keys/spc01.domain.com.pem",
"created_at": "2016-01-27 00:08:34 UTC",
"updated_at": "2016-05-24 21:30:07 UTC",
"id": 22,
"name": "ssl_priv_key"
}
[root@spc03 ~]#
Are there corresponding installer options? If not, it is OK and I'll just use the API to update that, just trying to avoid extra calls if possible.
Thanks and sorry for confusion, it is my bad.
Updated by Dominic Cleal almost 8 years ago
- Status changed from Need more information to Rejected
There aren't at the moment, but you'll find them in Foreman 1.12 as they were added the other day: https://github.com/theforeman/puppet-foreman/pull/442
They'll be --foreman-client-ssl-ca= etc.