Hi, just to be clear:
puppet 4: /etc/puppetlabs/puppet/ssl/client_cert.pem puppet 3: /etc/puppetlabs/puppet/ssl/private_keys/foreman.example.com.pem correct? And the path which I set in puppet4 is the correct one for salt? Best regards, Bernhard Von: "Ewoud Kohl van Wijngaarden" <[email protected]> An: [email protected] Gesendet: Montag, 8. Mai 2017 13:55:08 Betreff: Re: [foreman-dev] Salt forman config On Mon, May 08, 2017 at 01:52:35PM +0200, Bernhard Suttner wrote: > Hi, > > I tried to configure salt in forman using: > > https://www.theforeman.org/plugins/foreman_salt/7.0/index.html > > In this documentation, it is specified, that in /etc/salt/foreman.yaml you > need to specify: > > :ssl_ca: /var/lib/puppet/ssl/certs/ca.pem > :ssl_key: /var/lib/puppet/ssl/private_keys/foreman.example.com.pem > :ssl_cert: /var/lib/puppet/ssl/certs/foreman.example.com.pem > > This didn't work and I always got: > [root@salt]# /usr/bin/foreman-node raul-gries.stage.atix > Couldn't retrieve ENC data: Could not send facts to Foreman: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify > failed > > Then, I had a look at the code in smart_proxy_salt to find out, for which the > certificates are used. In the documentation it is specified, to configure > that similar to puppet. Therefore I had a look at the node.rb in > /etc/puppetlabs/puppet. node.rb is using foreman.yaml from > /etc/puppetlabs/puppet and for this, there are "similar" ssl certificate > configurations. > > Therefore, I changed the /etc/salt/foreman.yaml to look similar to > /etc/puppetlabs/puppet/foreman.yaml: > > :ssl_ca: "/etc/puppetlabs/puppet/ssl/ssl_ca.pem" > :ssl_cert: "/etc/puppetlabs/puppet/ssl/client_cert.pem" > :ssl_key: "/etc/puppetlabs/puppet/ssl/client_key.pem" > > And finally. Its working. Maybe I did something completely wrong. Or there is > a nice documentation mistake. That sounds like you were using Puppet 3 paths with a Puppet 4 installation. The documentation should at least mention this, but likely default to the Puppet 4 paths and warn about Puppet 3 paths. -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
