I'm working on some documentation and demos around bootstrapping a Foreman environment from scratch. If I manually install Foreman, following the directions on the web site everything is fine, with selinux in enforcing mode. However, I want to build a Foreman installation via the puppet agent. I've installed the latest puppetserver and puppet-agent AIO on CentOS 7, and then installed the theforeman/foreman puppet module (and dependencies). The puppet run errors out with a can't find SSL certificate error:
==> bootstrap-foreman: Error: /Stage[main]/Apache::Service/Service[httpd]/ensure: change from stopped to running failed: Systemd start for httpd failed! ==> bootstrap-foreman: journalctl log for httpd: ==> bootstrap-foreman: -- Logs begin at Thu 2017-03-09 01:30:31 UTC, end at Thu 2017-03-09 01:40:38 UTC. -- ==> bootstrap-foreman: Mar 09 01:40:38 foreman.vagrant systemd[1]: Starting The Apache HTTP Server... ==> bootstrap-foreman: Mar 09 01:40:38 foreman.vagrant httpd[18478]: AH00526: Syntax error on line 30 of /etc/httpd/conf.d/05-foreman-ssl.conf: ==> bootstrap-foreman: Mar 09 01:40:38 foreman.vagrant httpd[18478]: SSLCertificateFile: file '/etc/puppetlabs/puppet/ssl/certs/foreman.vagrant.pem' does not exist or is empty ==> bootstrap-foreman: Mar 09 01:40:38 foreman.vagrant systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE ==> bootstrap-foreman: Mar 09 01:40:38 foreman.vagrant kill[18480]: kill: cannot find process "" The cert is there, and is valid. Manually trying to start the apache server gives the same error. Changing selinux to permissive mode allows apache to start, and everything seems to be working in my simple vagrant tests. The selinux labels seem to be the same from the working "hand installed" version and the puppet installed version: Working: -rw-r--r--. puppet puppet system_u:object_r:puppet_etc_t:s0 /etc/puppetlabs/puppet/ssl/certs/foreman.working.pem Not working: -rw-r--r--. puppet puppet system_u:object_r:puppet_etc_t:s0 /etc/puppetlabs/puppet/ssl/certs/foreman.vagrant.pem I've looked though the source of the foreman-installer, and I don't see anything that is obviously making changes to selinux. I'd really like to get this working in enforcing mode, and it seems like it should work. Does anyone have any ideas about what might be causing the puppet module to break when used without the installer? james -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
