Hi Chris, Yes I have followed all the instructions as you advised.. able to cluster foreman.
Thank you very much !! On Wednesday, November 30, 2016 at 4:26:20 PM UTC-5, Chris Baldwin wrote: > > Martin's blog is going to be far more in depth than something I can add > here. I would suggest going through that. It deals with self-signed certs, > so if you need something different, I can write something up for you that > covers the differences. > > The short version of what you need to do: > * make sure ServerName is the same on all foreman servers in a cluster > * make sure websocket ssl certs are the same on all foreman servers in a > cluster > * make sure they're talking to the same backend (DB) > * make sure you set the same secret token (for auth purposes) > * if you're using a proxy (i.e. ha proxy), you won't need dns_alt_names, > but you can still use them. If you're using only a LB (i.e. F5 w/o > proxying), then you want dns_alt_names. > > I realize my comments about smart proxy are incomplete. Using an > externally signed cert, we ran in to issues where the smart proxy needed > the same ssl_ca (/etc/puppet/foreman.yaml) and ssl_ca_file > (/etc/foreman-proxy/settings.yaml) file as the "ssl_ca_file" on the Foreman > server (in /etc/foreman/settings.yaml). This only happened with an > external cert, not a self-signed one from the puppet CA. > > On Tuesday, November 29, 2016 at 10:10:25 AM UTC-5, Sai Krishna wrote: >> >> Hi Chris, >>>> >>> >> grep -i servername /etc/httpd/conf.d/*foreman* >> /etc/httpd/conf.d/05-foreman.conf: ServerName foremandv.example.com >> grep: /etc/httpd/conf.d/05-foreman.d: Is a directory >> /etc/httpd/conf.d/05-foreman-ssl.conf: ServerName foremandv.example.com >> grep: /etc/httpd/conf.d/05-foreman-ssl.d: Is a directory >> >> roothost1 [~] # grep -i SSL /etc/httpd/conf.d/*foreman* >> grep: /etc/httpd/conf.d/05-foreman.d: Is a directory >> /etc/httpd/conf.d/05-foreman-ssl.conf: ErrorLog >> "/var/log/httpd/foreman-ssl_error_ssl.log" >> /etc/httpd/conf.d/05-foreman-ssl.conf: CustomLog >> "/var/log/httpd/foreman-ssl_access_ssl.log" combined >> /etc/httpd/conf.d/05-foreman-ssl.conf: ## SSL directives >> /etc/httpd/conf.d/05-foreman-ssl.conf: SSLEngine on >> /etc/httpd/conf.d/05-foreman-ssl.conf: SSLCertificateFile >> "/etc/puppetlabs/puppet/ssl/certs/foremandv.example.com.pem" >> /etc/httpd/conf.d/05-foreman-ssl.conf: SSLCertificateKeyFile >> "/etc/puppetlabs/puppet/ssl/private_keys/foremandv.example.com.pem" >> /etc/httpd/conf.d/05-foreman-ssl.conf: SSLCertificateChainFile >> "/etc/puppetlabs/puppet/ssl/certs/ca.pem" >> /etc/httpd/conf.d/05-foreman-ssl.conf: SSLCACertificateFile >> "/etc/puppetlabs/puppet/ssl/certs/ca.pem" >> /etc/httpd/conf.d/05-foreman-ssl.conf: SSLCARevocationFile >> "/etc/puppetlabs/puppet/ssl/crl.pem" >> /etc/httpd/conf.d/05-foreman-ssl.conf: SSLCARevocationCheck "chain" >> /etc/httpd/conf.d/05-foreman-ssl.conf: SSLVerifyClient optional >> /etc/httpd/conf.d/05-foreman-ssl.conf: SSLVerifyDepth 3 >> /etc/httpd/conf.d/05-foreman-ssl.conf: SSLOptions +StdEnvVars >> +ExportCertData >> /etc/httpd/conf.d/05-foreman-ssl.conf: Include >> /etc/httpd/conf.d/05-foreman-ssl.d/*.conf >> /etc/httpd/conf.d/05-foreman-ssl.conf: IncludeOptional >> /etc/httpd/conf.d/05-foreman-ssl.d/*.conf >> grep: /etc/httpd/conf.d/05-foreman-ssl.d: Is a directory >> >> Yes it rhel 7, as you said these two looks correct. >> >> I don't have any foreman severs, am planning to build 2 >> foreman(WebUI/ENC) servers (clustered) so that both foreman runs on generic >> (https://foremandv.example.com ) so that load will be distributed to >> both servers and I have existing highly available puppet setup. I want to >> integrate this foreman cluster with existing puppet set up. >> >> Can you please guide me about the smart proxy errors, how to configure >> wrt to correct CA cert. >> >> Thank you very much !! >> >> -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
