Bug #24470
closedInstaller is failing when adding a chain
Description
Hello,
foreman-installer is failing when adding the parameter: 'server_ssl_chain' to the foreman-answers.yaml file,
With the below error:
https://pastebin.com/x9xVmyZz
The foreman-answer file contains:
server_ssl_port: 443
server_ssl_ca: /etc/puppetlabs/puppet/ssl/certs/ca.pem
server_ssl_chain: /etc/pki/tls/certs/RHChain.cer
server_ssl_cert: /etc/puppetlabs/puppet/ssl/certs/theforeman.eng.lab.tlv.redhat.com-2017.crt
server_ssl_certs_dir: ''
server_ssl_key: /etc/puppetlabs/puppet/ssl/private_keys/theforeman.eng.lab.tlv.redhat.com-2017.key
server_ssl_crl: /etc/puppetlabs/puppet/ssl/crl.pem
server_ssl_protocol:
client_ssl_ca: /etc/puppetlabs/puppet/ssl/certs/ca.pem
client_ssl_cert: /etc/puppetlabs/puppet/ssl/certs/theforeman.eng.lab.tlv.redhat.com.pem
client_ssl_key: /etc/puppetlabs/puppet/ssl/private_keys/theforeman.eng.lab.tlv.redhat.com.pem
- Verified - no error appear when removing the chain and changing the certs back to the internal ones
- Verified - this specific answer file worked perfectly when I have puppet-server 3 installed.
After upgrading to puppet4, it breaks
Updated by Dor Pinhas over 6 years ago
Another note - even though installer failed - certificates, ca, chain seems to be working on the foreman instance itself.
Updated by Ewoud Kohl van Wijngaarden over 6 years ago
- Status changed from New to Rejected
This is to be expected. When changing the certificate of Foreman you also need to set --foreman-proxy-foreman-ssl-ca and --puppet-server-foreman-ssl-ca.