Actions
ERF50-5345¶
Make sure SSL is enabled in foreman-proxy:
:enabled: https
In some cases the Foreman web interface fails to list the host certificates in the "infrastucture"=>"Puppet CA" section. Instead of listing the host certificates it may show the following error:
Failure: ERF50-5345 [Foreman::WrappedException]: Unable to connect ([ProxyAPI::ProxyException]: ERF12-5356 [ProxyAPI::ProxyException]: Unable to get PuppetCA certificates ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy ...
This is most likely due to missing sudo permissions for the local user foreman-proxy. Make sure that
1. The sudo permissions are correct, ie the file /etc/sudoers.d/foreman-proxy contains
foreman-proxy ALL = (root) NOPASSWD : /opt/puppetlabs/bin/puppetserver ca *
Defaults:foreman-proxy !requiretty
2. The sudo permissions apply for local users, ie /etc/security/access.conf contains
+:ALL:LOCAL
Updated by Lukas Zapletal almost 3 years ago · 2 revisions