----- Original Message ----- > From: "marco giovannini" <[email protected]> > To: "Foreman users" <[email protected]> > Sent: Friday, November 11, 2016 11:16:06 AM > Subject: [foreman-users] api call /puppet/ca to foreman-proxy does not work > > > Does anyone have any idea about what might be wrong ? > > [root@foreman~]# curl -X GET -u admin:XXXXXXXXXXXXXXXX -H > "Accept:pplication/json" -k https://localhost:9090/version > {"version":"1.13.0","modules":{"pulp":"1.3.0","puppetca":"1.13.0","puppet":"1.13.0","logs":"1.13.0"}}[root@foreman > ~]# > > [root@foreman ~]# curl -X GET -u admin:XXXXXXXXXXXXXX -H > "Accept:pplication/json" -k https://localhost:9090/features > ["logs","pulp","puppet","puppetca"][root@foreman~]# > > [root@foreman ~]# curl -X GET -u admin:XXXXXXXXXXXXX -H > "Accept:pplication/json" -k https://localhost:9090/puppet/ca/ > could not read client cert from environment[root@foreman ~]#
The first 2 api calls don't need authentication so they work. The last needs authentication, but we use client certificates to talk to the proxy. The proxy has no access to the foreman database to authenticate with a Foreman user. Foreman uses the client certificates configured in it's Settings: ssl_ca_file | /etc/foreman/proxy_ca.pem | SSL CA file that Foreman will use to communicate with its proxies ssl_certificate | /etc/foreman/client_cert.pem | SSL Certificate path that Foreman would use to communicate with its proxies ssl_priv_key | /etc/foreman/client_key.pem | SSL Private Key file that Foreman will use to communicate with its proxies But, the proxy isn't intended to be used directly by end users for the most part, maybe what you want to do is accessible in the actual Foreman public API (/apidoc on your foreman). > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
