I would start by reading those two posts, they are quite good. https://theforeman.org/2015/12/journey_to_high_availability.html https://deviantony.wordpress.com/2014/06/21/setup-a-scalable-puppet-environment-with-foreman-on-ubuntu-12-04/ (The only thing i dislike about this post is that he uses the same certificate).
As example, to create an HA Puppet master (with Smart Proxy) you will need to generate a general certificate (i.e: puppet.example.com). Let's say the node names are puppet1.example.com and puppet2.example.com, both of them are running smart-proxy and a puppet master which uses the puppet.example.com certificate (smart-proxy and puppetmaster), if you are running a puppet agent on them, the agent can still use puppet1/puppet2 certificate (clientcert), you will need to run a load balancer to balance both the calls to puppet and the calls to the smart-proxy, then you can add puppet.example.com as a smart-proxy. It's a very short summarize, if you read those two blog posts it will make some sense. On Tuesday, November 22, 2016 at 10:52:15 PM UTC+2, Sai Krishna wrote: > > Just now I have seen foreman is running on host1.example.com instead of > foremandv.example.com. The reason I choose generic name so that I can > cluster the foreman servers, but foreman is running based on hostname > specific. Can you please guide me. > > Thank you > > On Tuesday, November 22, 2016 at 1:39:13 PM UTC-5, Erez Zarum wrote: >> >> You already ran the installer, then modified the answer file and replaced >> host1.example.com with foremandv.example.com? >> If you can give more details it will be much more helpful. >> >> But simple as the error state, the smart proxy is using a certificate >> with an CN attribute that does not match the hostname that you call to. >> >> Do you have two smart proxies or only one? >> >> On Tuesday, November 22, 2016 at 8:09:30 PM UTC+2, Sai Krishna wrote: >>> >>> Hello, >>> >>> I have dedicated puppet ca where I have generated certs in the name of >>> foreman url which I want to and copied >>> /etc/puppetlabs/puppet/ssl/certs/ca.pem , foreman.example.com.pem and >>> */private_keys/foremandv.example.com.pem and crl.pem. to >>> host1.example.com. " host1.example.com" using this node to install only >>> foreman. RHEL 7.3 and foreman 13.1 (latest) >>> >>> I have changed hostname (host1.example.com) in few fields using >>> interactive mode while running installer. >>> >>> Finally ended up with https errors as below. >>> >>> Proxy foremandv.examplecom cannot be registered: Unable to communicate >>> with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect >>> features ([OpenSSL::SSL::SSLError]: hostname "host1.example.com" does >>> not match the server certificate) for proxy >>> https://host1.example.com:8443/features Please check the proxy is >>> configured and running on the host. >>> /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:23:in >>> >>> `create' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property/ensure.rb:16:in >>> `block in defaultvalues' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:487:in >>> `set' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:561:in >>> `sync' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:236:in >>> >>> `sync' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:134:in >>> >>> `sync_if_needed' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:80:in >>> >>> `perform_changes' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:21:in >>> >>> `evaluate' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:230:in >>> `apply' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:246:in >>> `eval_resource' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:in >>> `call' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:in >>> `block (2 levels) in evaluate' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:386:in `block >>> in thinmark' >>> /opt/puppetlabs/puppet/lib/ruby/2.1.0/benchmark.rb:294:in `realtime' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:385:in >>> `thinmark' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:in >>> `block in evaluate' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:118:in >>> >>> `traverse' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:154:in >>> `evaluate' >>> /usr/share/gems/gems/kafo-0.9.8/modules/kafo_configure/lib/puppet/parser/functions/add_progress.rb:31:in >>> >>> `evaluate_with_trigger' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:222:in >>> >>> `block in apply' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:155:in >>> `with_destination' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/report.rb:142:in >>> >>> `as_logging_destination' >>> /usr/share/gems/gems/kafo-0.9.8/modules/kafo_configure/lib/kafo/puppet/report_wrapper.rb:34:in >>> >>> `method_missing' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:221:in >>> >>> `apply' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:171:in >>> `block in apply_catalog' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:223:in `block >>> in benchmark' >>> /opt/puppetlabs/puppet/lib/ruby/2.1.0/benchmark.rb:294:in `realtime' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:222:in >>> `benchmark' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:170:in >>> `apply_catalog' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:343:in >>> `run_internal' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:221:in >>> `block in run' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in >>> `override' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:241:in `override' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:195:in >>> `run' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:350:in >>> >>> `apply_catalog' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:274:in >>> >>> `block in main' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in >>> `override' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:241:in `override' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:225:in >>> >>> `main' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:170:in >>> >>> `run_command' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:344:in >>> `block in run' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:540:in >>> `exit_on_fail' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:344:in >>> `run' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:132:in >>> >>> `run' >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:72:in >>> >>> `execute' >>> /opt/puppetlabs/puppet/bin/puppet:5:in `<main>' >>> >>> /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foremandv.examplecom]/ensure: >>> >>> change from absent to present failed: Proxy foremandv.example.com >>> cannot be registered: Unable to communicate with the proxy: ERF12-2530 >>> [ProxyAPI::ProxyException]: Unable to detect features >>> ([OpenSSL::SSL::SSLError]: hostname "host1.example.com" does not match >>> the server certificate) for proxy >>> https://host1.example.com:8443/features Please check the proxy is >>> configured and running on the host. >>> Installing Done >>> [100%] >>> [..........................................................................................................] >>> Something went wrong! Check the log for ERROR-level output >>> * Foreman is running at https://foremandv.example.com >>> Initial credentials are admin / sZ3Twb79PDQoaL4G >>> * Foreman Proxy is running at https://foremandv.example.com:8443 >>> The full log is at /var/log/foreman-installer/foreman.log >>> >>> Can any one please advice the procedure for clustering 3 foreman servers. >>> >>> Thank you >>> Sai Krishna >>> >>> >>> >>> -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
