Project

General

Profile

Actions

Bug #24470

closed

Installer is failing when adding a chain

Added by Dor Pinhas over 5 years ago. Updated over 5 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

Hello,

foreman-installer is failing when adding the parameter: 'server_ssl_chain' to the foreman-answers.yaml file,
With the below error:
https://pastebin.com/x9xVmyZz

The foreman-answer file contains:
server_ssl_port: 443
server_ssl_ca: /etc/puppetlabs/puppet/ssl/certs/ca.pem
server_ssl_chain: /etc/pki/tls/certs/RHChain.cer
server_ssl_cert: /etc/puppetlabs/puppet/ssl/certs/theforeman.eng.lab.tlv.redhat.com-2017.crt
server_ssl_certs_dir: ''
server_ssl_key: /etc/puppetlabs/puppet/ssl/private_keys/theforeman.eng.lab.tlv.redhat.com-2017.key
server_ssl_crl: /etc/puppetlabs/puppet/ssl/crl.pem
server_ssl_protocol:
client_ssl_ca: /etc/puppetlabs/puppet/ssl/certs/ca.pem
client_ssl_cert: /etc/puppetlabs/puppet/ssl/certs/theforeman.eng.lab.tlv.redhat.com.pem
client_ssl_key: /etc/puppetlabs/puppet/ssl/private_keys/theforeman.eng.lab.tlv.redhat.com.pem

  • Verified - no error appear when removing the chain and changing the certs back to the internal ones
  • Verified - this specific answer file worked perfectly when I have puppet-server 3 installed.
    After upgrading to puppet4, it breaks
Actions #1

Updated by Dor Pinhas over 5 years ago

Another note - even though installer failed - certificates, ca, chain seems to be working on the foreman instance itself.

Actions #2

Updated by Ewoud Kohl van Wijngaarden over 5 years ago

  • Status changed from New to Rejected

This is to be expected. When changing the certificate of Foreman you also need to set --foreman-proxy-foreman-ssl-ca and --puppet-server-foreman-ssl-ca.

Actions

Also available in: Atom PDF