I've added "custom_repo => true," to a foreman class I'm using with "puppet apply" and that allowed me to get further. I'm now getting ERR_SSL_SERVER_CERT_BAD_FORMAT from Chrome when I try to talk to the httpd.
- Iain. On Tuesday, 14 March 2017 10:36:24 UTC, Dominic Cleal wrote: > > On 11/03/17 00:28, James Evans wrote: > > I'm working on some documentation and demos around bootstrapping a > > Foreman environment from scratch. If I manually install Foreman, > > following the directions on the web site everything is fine, with > > selinux in enforcing mode. However, I want to build a Foreman > > installation via the puppet agent. I've installed the latest > > puppetserver and puppet-agent AIO on CentOS 7, and then installed the > > theforeman/foreman puppet module (and dependencies). The puppet run > > errors out with a can't find SSL certificate error: > > > [..] > > > > The cert is there, and is valid. Manually trying to start the apache > > server gives the same error. Changing selinux to permissive mode allows > > apache to start, and everything seems to be working in my simple vagrant > > tests. The selinux labels seem to be the same from the working "hand > > installed" version and the puppet installed version: > > The process labels may be different, but hard to say without the AVC log. > > > I've looked though the source of the foreman-installer, and I don't see > > anything that is obviously making changes to selinux. I'd really like to > > get this working in enforcing mode, and it seems like it should work. > > Does anyone have any ideas about what might be causing the puppet module > > to break when used without the installer? > > The installer also sets the parameter: > > apache::mod::passenger::manage_repo: false > > which on EL7 will install the version of Passenger from EPEL7 rather > than from Phusion. There isn't support in the OS policy for Phusion > Passenger, so it may be running in the wrong context (httpd_t, not > passenger_t), bug #17093. > > -- > Dominic Cleal > [email protected] <javascript:> > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
