ERF12-7740 » History » Revision 4
Revision 3 (Dominic Cleal, 07/01/2014 02:55 PM) → Revision 4/6 (Anonymous, 10/03/2014 12:45 PM)
h1. ERF12-7740 h2. Generic or SSL connection errors Please see [[Proxy_communication_errors]] first for SSL or communication errors, which aren't specific to this particular proxy action. h2. Unable to delete PuppetCA certificate for ... Foreman will be contacting the smart proxy (responsible for Puppet CA management on that host) to request that the old certificate for the host is deleted. Check /var/log/foreman-proxy/proxy.log on your Puppet CA server for any errors. h2. Failed to run puppetca: [sudo] password for foreman-proxy The proxy is trying to run a Puppet command to delete the certificate via sudo, but the sudoers rules aren't allowing it to do so without a password - suggesting the rules aren't right (they vary for Puppet 2 versus 3) or are missing. See http://theforeman.org/manuals/latest/index.html#4.3.2SmartProxySettings, scroll down a little for the Puppet CA configuration and the sudoers rules are listed. These should be in /etc/sudoers.d/foreman-proxy and the file should have @-r--r-----@ (0440) permissions. Note that if you've upgraded from Puppet 2 to 3, the rule needs changing to @/usr/bin/puppet cert *@ (you should also read the [[FAQ##Upgrade-puppet-from-v2-to-v3-gotchas]] [[FAQ]] for other changes, or re-run the installer).