ERF12-0104 » History » Version 1
Dominic Cleal, 06/16/2014 04:16 PM
| 1 | 1 | Dominic Cleal | h1. ERF12-0104 |
|---|---|---|---|
| 2 | |||
| 3 | h2. Generic or SSL connection errors |
||
| 4 | |||
| 5 | Please see [[Proxy_communication_errors]] first for SSL or communication errors, which aren't specific to this particular proxy action. |
||
| 6 | |||
| 7 | h2. Unable to set PuppetCA autosign for ... |
||
| 8 | |||
| 9 | The proxy is responsible for writing host entries to Puppet's /etc/puppet/autosign.conf file while provisioning, so they get automatically signed during the build process. This means the foreman-proxy user must have write access to the file - usually it's owned by "foreman-proxy", group "puppet" and with mode 0664. |
||
| 10 | |||
| 11 | <pre> |
||
| 12 | -rw-rw-r--. 1 foreman-proxy puppet 0 May 14 16:26 /etc/puppet/autosign.conf |
||
| 13 | </pre> |
||
| 14 | |||
| 15 | If relying on group write, ensure foreman-proxy is a member of the puppet group (and restart foreman-proxy after doing this) and you may need to add this line into puppet.conf to ensure it remains 0664: |
||
| 16 | |||
| 17 | <pre> |
||
| 18 | autosign = $confdir/autosign.conf { mode = 664 } |
||
| 19 | </pre> |