ERF12-7740 » History » Version 2
Dominic Cleal, 07/01/2014 10:46 AM
1 | 1 | Dominic Cleal | h1. ERF12-7740 |
---|---|---|---|
2 | |||
3 | h2. Generic or SSL connection errors |
||
4 | |||
5 | Please see [[Proxy_communication_errors]] first for SSL or communication errors, which aren't specific to this particular proxy action. |
||
6 | |||
7 | h2. Check the proxy log |
||
8 | |||
9 | Foreman will be contacting the smart proxy (responsible for Puppet CA management on that host) to request that the old certificate for the host is deleted. |
||
10 | |||
11 | Check /var/log/foreman-proxy/proxy.log on your Puppet CA server for any errors. |
||
12 | |||
13 | h2. Failed to run puppetca: [sudo] password for foreman-proxy |
||
14 | |||
15 | The proxy is trying to run a Puppet command to delete the certificate via sudo, but the sudoers rules aren't allowing it to do so without a password - suggesting the rules aren't right (they vary for Puppet 2 versus 3) or are missing. |
||
16 | |||
17 | See http://theforeman.org/manuals/latest/index.html#4.3.2SmartProxySettings, scroll down a little for the Puppet CA configuration and the sudoers rules are listed. These should be in /etc/sudoers.d/foreman-proxy and the file should have @-r--r-----@ (0440) permissions. |
||
18 | 2 | Dominic Cleal | |
19 | Note that if you've upgraded from Puppet 2 to 3, the rule needs changing to @/usr/bin/puppet cert *@ (you should also read [[FAQ]] for other changes, or re-run the installer). |