On 07/18, Dan Sk wrote: > > > Hi, > > I am lost with setting of callback/foreman.py. > > We use Foreman 1.15.2, Katello 3.4.2, foreman_ansible 1.4.5 (with updated > callback/forman.py from github) and ansible 2.3.1 on CentOS 7. > > I think i know where Foreman runs. > curl -k -H "Accept: application/json" https://fqdn.in.corp/status > {"result":"ok","status":"ok","version":"1.15.2","db_duration_ms":"3"} > > Checked certification as is on > https://www.theforeman.org/plugins/foreman_ansible/1.x/index.html#2.1Ansiblecallback > Request check for certifications > http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification > python > > import requests > requests.get('https://fqdn.in.corp/', cert=('/etc/foreman/client_cert.pem', > '/etc/foreman/client_key.pem')) > > <Response [200]> > > But when run ansible -m setup client.in.corp i see > > 2017-07-18 14:26:25 91503c77 [app] [I] Started POST "/api/v2/hosts/facts" for > IP_FOREMAN_URL at 2017-07-18 14:26:25 +0200 > 2017-07-18 14:26:25 91503c77 [app] [I] Processing by > Api::V2::HostsController#facts as JSON > 2017-07-18 14:26:25 91503c77 [app] [I] Parameters: {"facts"=>"[FILTERED]", > "name"=>"client.in.corp", "apiv"=>"v2", :host=>{"name"=>"client.in.corp"}} > 2017-07-18 14:26:25 91503c77 [app] [D] Importer Katello::RhsmFactImporter > does not implement authorized_smart_proxy_features. > 2017-07-18 14:26:25 91503c77 [app] [D] Importer > ForemanAnsible::StructuredFactImporter does not implement > authorized_smart_proxy_features.2017-07-18 14:26:25 91503c77 [app] [W] No SSL > cert with CN supplied - request from IP_FOREMAN_URL, > 2017-07-18 14:26:25 91503c77 [app] [W] SSO failed > 2017-07-18 14:26:25 91503c77 [app] [I] Rendered > api/v2/errors/access_denied.json.rabl within api/v2/layouts/error_layout > (0.8ms) > 2017-07-18 14:26:25 91503c77 [app] [I] Filter chain halted as > #<Proc:0x0000000b444908@/usr/share/foreman/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb:14> > > <Proc:0x0000000b444908@/usr/share/foreman/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb:14> > rendered or redirected > 2017-07-18 14:26:25 91503c77 [app] [I] Completed 403 Forbidden in 6ms (Views: > 1.6ms | ActiveRecord: 0.0ms) > > > If i use FOREMAN_USER/FOREMAN_PASSWORD combination facts upload correctly. So > i am pretty sure it is installed correctly. > > Configuration part in callback/foreman.py > FOREMAN_URL = os.getenv('FOREMAN_URL', "https://fqdn.in.corp"; > <https://fqdn.in.corp>) > > FOREMAN_SSL_CERT = (os.getenv('FOREMAN_SSL_CERT', > "/etc/foreman/client_cert.pem"), > os.getenv('FOREMAN_SSL_KEY', > "/etc/foreman/client_key.pem")) > FOREMAN_SSL_VERIFY = os.getenv('FOREMAN_SSL_VERIFY', "1") > FOREMAN_USER = os.getenv('FOREMAN_USER', "admin") #It works with user > FOREMAN_PASSWORD = os.getenv('FOREMAN_PASSWORD', "S3cr3tPASS") # and > password > > I do not know which cert/key is for what. Thanks for hints and kicking me > in right direction.
You can find the keys in /etc/httpd/conf.d/05-katello-ssl.conf or a similar file if you just have Foreman. The values match those of SSLCertificateFile, SSLCertificateKeyFile. By default these are in "/etc/pki/katello/certs/katello-default-ca.crt" "/etc/pki/katello/private/katello-default-ca.key" in a Foreman+Katello installation If you just use foreman, it'd be something like: /etc/puppetlabs/puppet/ssl/certs/yourfqdn.pem' /etc/puppetlabs/puppet/ssl/private_keys/yourfqdn.pem' (or maybe /var/lib/puppet/ssl, depending on your Puppet version) > > > Daniel Slezak > > > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout. -- Daniel Lobato Garcia @dLobatog blog.daniellobato.me daniellobato.me GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30 Keybase: https://keybase.io/elobato -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: PGP signature
