Project

General

Profile

ERF12-7740 » History » Version 3

Dominic Cleal, 07/01/2014 02:55 PM

1 1 Dominic Cleal
h1. ERF12-7740
2
3
h2. Generic or SSL connection errors
4
5
Please see [[Proxy_communication_errors]] first for SSL or communication errors, which aren't specific to this particular proxy action.
6
7 3 Dominic Cleal
h2. Unable to delete PuppetCA certificate for ...
8 1 Dominic Cleal
9
Foreman will be contacting the smart proxy (responsible for Puppet CA management on that host) to request that the old certificate for the host is deleted.
10
11
Check /var/log/foreman-proxy/proxy.log on your Puppet CA server for any errors.
12
13
h2. Failed to run puppetca: [sudo] password for foreman-proxy
14
15
The proxy is trying to run a Puppet command to delete the certificate via sudo, but the sudoers rules aren't allowing it to do so without a password - suggesting the rules aren't right (they vary for Puppet 2 versus 3) or are missing.
16
17
See http://theforeman.org/manuals/latest/index.html#4.3.2SmartProxySettings, scroll down a little for the Puppet CA configuration and the sudoers rules are listed.  These should be in /etc/sudoers.d/foreman-proxy and the file should have @-r--r-----@ (0440) permissions.
18 2 Dominic Cleal
19
Note that if you've upgraded from Puppet 2 to 3, the rule needs changing to @/usr/bin/puppet cert *@ (you should also read [[FAQ]] for other changes, or re-run the installer).