ERF12-7740 » History » Revision 2
Revision 1 (Dominic Cleal, 07/01/2014 10:43 AM) → Revision 2/6 (Dominic Cleal, 07/01/2014 10:46 AM)
h1. ERF12-7740
h2. Generic or SSL connection errors
Please see [[Proxy_communication_errors]] first for SSL or communication errors, which aren't specific to this particular proxy action.
h2. Check the proxy log
Foreman will be contacting the smart proxy (responsible for Puppet CA management on that host) to request that the old certificate for the host is deleted.
Check /var/log/foreman-proxy/proxy.log on your Puppet CA server for any errors.
h2. Failed to run puppetca: [sudo] password for foreman-proxy
The proxy is trying to run a Puppet command to delete the certificate via sudo, but the sudoers rules aren't allowing it to do so without a password - suggesting the rules aren't right (they vary for Puppet 2 versus 3) or are missing.
See http://theforeman.org/manuals/latest/index.html#4.3.2SmartProxySettings, scroll down a little for the Puppet CA configuration and the sudoers rules are listed. These should be in /etc/sudoers.d/foreman-proxy and the file should have @-r--r-----@ (0440) permissions.
Note that if you've upgraded from Puppet 2 to 3, the rule needs changing to @/usr/bin/puppet cert *@ (you should also read [[FAQ]] for other changes, or re-run the installer).