<https://lh3.googleusercontent.com/-l_wr3aWlAf4/WFzJzJaR8eI/AAAAAAAAAZA/j3REwhL3R3gOnAXg5lhWU_yeYK1ce99VACLcB/s1600/Screen%2BShot%2B2016-12-23%2Bat%2B1.49.50%2BAM.png>
As you can hopefully see from the photo above, when running a simple command through remote execution plugin in foreman I'm getting overal error status...but output is returning correctly. I'm wondering how this can be? It isn't really useful to run arbitrary commands on N number of hosts and receive 100% failure rate even though most are successful. Some context : running : foreman v1.13.3 foreman_remote_execution v1.2.2 puppet v4.8.1 This is all being run from same server, so puppetmaster / foreman / foreman-proxy / ca / etc are all on the same box. Foreman-Proxy user home with .ssh has key in root's .ssh know_hosts file so it can ssh with keys. One thing that I've noticed is messed up, that may be causing the overall status to return as failure is the cert cannot be verified when curl the foreman proxy address. Foreman-Proxy (ca / ssh / discovery / tftp / dynflow) is all running on port 8443. When I curl that port I get error that the cert could not be verified...I'm wondering if that would cause the overall error code to be non-zero even though the command output is successful. root@puppetmaster:/var/log/foreman-proxy# curl -v https://puppetmaster.internaldomain.com:8443 * Rebuilt URL to: https://puppetmaster.internaldomain.com:8443/ * Trying 10.1.1.105... * Connected to puppetmaster.internaldomain.com (10.1.1.105) port 8443 (#0) * found 173 certificates in /etc/ssl/certs/ca-certificates.crt * found 694 certificates in /etc/ssl/certs * ALPN, offering http/1.1 * SSL connection using TLS1.2 / RSA_AES_128_GCM_SHA256 * server certificate verification failed. CAfile: /etc/ssl/certs/ca- certificates.crt CRLfile: none * Closing connection 0 curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca -certificates.crt CRLfile: none More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. any ideas on how to fix this will be greatly appreciated. -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
