On 09/28, James Evans wrote: > I'm implementing Foreman as a replacement for Puppet Enterprise, and I had > to add PuppetDB to support our existing modules that use exported > resources. I've gotten that part working, I see the resources being > exported and collected correctly. When I try to use the foreman_puppetdb > plugin however, I can't seem to get that part working. > > My Foreman server is also hosting PuppetDB, so I had to move the plaintext > port to 8082 to avoid conflict with candlepin, but left SSL on 8081. I've > configured the puppetdb_adress (and tried about lots of different > combinations of host names and IP addresses). I can see that things are > being added to the DB via the dashboard. When I try to delete a host, I get > the following error: > > *Error: *Could not deactivate host on PuppetDB: SSL_connect returned=1 > errno=0 state=SSLv3 read server certificate B: certificate verify failed
I don't know exactly how your certs are setup, but here's some background on what's going on to help you debug. This is the API request from Foreman to PuppetDB failing. It uses the certificates you see under Administer -> Settings -> Auth, SSL CA file, SSL certificate and SSL private key. Are you able to send manually API requests from the Foreman host to PuppetDB using those certs? You can check the source too https://github.com/theforeman/puppetdb_foreman/blob/master/app/models/puppetdb_foreman/host_extensions.rb > > I've checked everything I can think of with certificates, and everything > looks correct, based on looking at my PE install, and other working OSS > puppet environments. > > Does anyone have any clue on this? It's preventing me from moving forward > with this project. > > james > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout. -- Daniel Lobato Garcia @dLobatog blog.daniellobato.me daniellobato.me GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30 Keybase: https://keybase.io/elobato -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: PGP signature
