ERF12-0104 » History » Version 2
Adail Antônio Júnior, 02/26/2019 06:29 PM
| 1 | 1 | Dominic Cleal | h1. ERF12-0104 |
|---|---|---|---|
| 2 | |||
| 3 | h2. Generic or SSL connection errors |
||
| 4 | |||
| 5 | Please see [[Proxy_communication_errors]] first for SSL or communication errors, which aren't specific to this particular proxy action. |
||
| 6 | |||
| 7 | h2. Unable to set PuppetCA autosign for ... |
||
| 8 | |||
| 9 | The proxy is responsible for writing host entries to Puppet's /etc/puppet/autosign.conf file while provisioning, so they get automatically signed during the build process. This means the foreman-proxy user must have write access to the file - usually it's owned by "foreman-proxy", group "puppet" and with mode 0664. |
||
| 10 | |||
| 11 | <pre> |
||
| 12 | -rw-rw-r--. 1 foreman-proxy puppet 0 May 14 16:26 /etc/puppet/autosign.conf |
||
| 13 | </pre> |
||
| 14 | |||
| 15 | If relying on group write, ensure foreman-proxy is a member of the puppet group (and restart foreman-proxy after doing this) and you may need to add this line into puppet.conf to ensure it remains 0664: |
||
| 16 | |||
| 17 | <pre> |
||
| 18 | autosign = $confdir/autosign.conf { mode = 664 } |
||
| 19 | </pre> |
||
| 20 | 2 | Adail Antônio Júnior | |
| 21 | h2. Foreman installed with Katello |
||
| 22 | |||
| 23 | When using Foreman in a Katello installation foreman-proxy needs a puppetca_hostname_whitelisting.yml (normally in /etc/foreman-proxy/settings.d) with the path to the autosign.conf file. Ex.: |
||
| 24 | |||
| 25 | <pre> |
||
| 26 | --- |
||
| 27 | :autosignfile: /etc/puppetlabs/puppet/autosign.conf |
||
| 28 | </pre> |