Re: [Puppet Users] [Puppet] Can't manage Puppet Certificates on the PuppetCA (404 error)

2020-08-27 Thread Damien Ellul 
Thank you =)

Le mer. 26 août 2020 à 22:46, Mattias Giese  a écrit :

> Heya,
>
> On 26/08/20 09:40:33, Damien Ellul wrote:
> > Actually,  I was missing the "ca_server" parameter in the "main" section
> of
> > the machine that hosts Foreman and the PuppetCA. I used the hostname of
> the
> > server for the value and the "puppetserver ca" command worked.
> >
> > I didn't know that certs could be managed via the Foreman web interface,
> do
> > you know if there is something about this in the Foreman documentation ?
>
> https://www.theforeman.org/manuals/2.1/index.html#4.3.7PuppetCA
>
> Regards,
>
> Mattias
>
> --
> Mattias Giese
> Linux Consultant und Trainer
> Mail: gi...@b1-systems.de
>
> B1 Systems GmbH
> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt, HRB 3537
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/20200826181437.z6bnpaezdrmk5qop%40gintonic
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAJnvW0K4NzvoE3U9eof-FV18g-7AnuneYpt9orT9uDJkVviBYw%40mail.gmail.com.

Re: [Puppet Users] [Puppet] Can't manage Puppet Certificates on the PuppetCA (404 error)

2020-08-26 Thread Mattias Giese 
Heya,

On 26/08/20 09:40:33, Damien Ellul wrote:
> Actually,  I was missing the "ca_server" parameter in the "main" section of
> the machine that hosts Foreman and the PuppetCA. I used the hostname of the
> server for the value and the "puppetserver ca" command worked.
> 
> I didn't know that certs could be managed via the Foreman web interface, do
> you know if there is something about this in the Foreman documentation ?

https://www.theforeman.org/manuals/2.1/index.html#4.3.7PuppetCA

Regards,

Mattias

-- 
Mattias Giese
Linux Consultant und Trainer
Mail: gi...@b1-systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt, HRB 3537

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/20200826181437.z6bnpaezdrmk5qop%40gintonic.


signature.asc
Description: PGP signature

Re: [Puppet Users] [Puppet] Can't manage Puppet Certificates on the PuppetCA (404 error)

2020-08-26 Thread Damien Ellul 
Actually,  I was missing the "ca_server" parameter in the "main" section of
the machine that hosts Foreman and the PuppetCA. I used the hostname of the
server for the value and the "puppetserver ca" command worked.

I didn't know that certs could be managed via the Foreman web interface, do
you know if there is something about this in the Foreman documentation ?

Le mer. 26 août 2020 à 08:43, Martin Alfke  a écrit :

> Hi,
>
> Usually you can do the cert management via Foreman web interface.
> If CLI is not working, please check that your Puppet 6 Master has a cert
> extension.
> If this is missing you can check our blog posting:
> https://blog.example42.com/2018/10/08/puppet6-ca-upgrading/
>
> Best,
> Martin
>
> On 25. Aug 2020, at 00:32, damien...@gmail.com 
> wrote:
>
> Hello,
>
> I have just finished installing a Puppet / Foreman / PuppetDB stack. Here
> is the details :
>
> OS : Centos 8.2
>
> Puppetserver version : 6.12.1
>
> PuppetDB version : 6.11.2
>
> Puppet agent version : 6.17.0
>
> Foreman version : 2.1
>
> I have the PuppetCA and Foreman on one host, the Puppetmaster on a second
> one and the PuppetDB on a third one. I used Foreman-installer to install
> everything except the PuppetDB.
>
> It took me quite some time but it seems to be working fine except for one
> thing, I can't manage the nodes certificates because the following command
> gives me a 404 error (I run it on the PuppetCA/Foreman host) :
> > puppetserver ca list --all
> Error:
> code: 404
> body: {
> "message":"Not Found",
> "url":"/puppet-ca/v1/certificate_statuses/any_key",
> "status":"404"
> }
> No certificates to list
>
> I did set up the autosign with my servers domain name, so the new nodes
> get their certificate request correctly signed, they get their catalogs, I
> see them in Foreman etc...
> > ls -l  /etc/puppetlabs/puppet/ssl/ca/signed/
> total 44
> drwxr-x---. 2 puppet puppet 4096 Aug 24 18:01 .
> drwxr-x---. 4 puppet puppet  232 Aug 24 18:35 ..
> -rw-r--r--. 1 puppet puppet 1960 Aug 24 18:01 host1.domain.local.pem
> -rw-r--r--. 1 puppet puppet 1968 Aug 24 16:45 host2.domain.local.pem
> -rw-r--r--. 1 puppet puppet 1968 Aug 23 11:39 host3.domain.local.pem
> -rw-r--r--. 1 puppet puppet 1968 Aug 23 11:42 host4.domain.local.pem
>
> But I need to revoke and renew some of these certificates so for the
> moment, I am blocked.
>
> I don't know where to look, any help would be appreciated ^^
>
> Thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/68084f23-4154-45c1-b808-c67249ad1770n%40googlegroups.com
> 
> .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/C18CBE52-D96A-45F9-BF6D-46756A89A90E%40gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAJnvW0%2BYu1Vmzpi1Ff%3D_GBPvi3TEDLLtqHCp9AtFhJtyz%2BH0Gg%40mail.gmail.com.

Re: [Puppet Users] [Puppet] Can't manage Puppet Certificates on the PuppetCA (404 error)

2020-08-25 Thread Martin Alfke 
Hi,

Usually you can do the cert management via Foreman web interface.
If CLI is not working, please check that your Puppet 6 Master has a cert 
extension.
If this is missing you can check our blog posting:
https://blog.example42.com/2018/10/08/puppet6-ca-upgrading/ 


Best,
Martin

> On 25. Aug 2020, at 00:32, damien...@gmail.com  wrote:
> 
> Hello,
> 
> I have just finished installing a Puppet / Foreman / PuppetDB stack. Here is 
> the details :
> 
> OS : Centos 8.2
> 
> Puppetserver version : 6.12.1
> 
> PuppetDB version : 6.11.2
> 
> Puppet agent version : 6.17.0
> 
> Foreman version : 2.1
> 
> I have the PuppetCA and Foreman on one host, the Puppetmaster on a second one 
> and the PuppetDB on a third one. I used Foreman-installer to install 
> everything except the PuppetDB.
> 
> It took me quite some time but it seems to be working fine except for one 
> thing, I can't manage the nodes certificates because the following command 
> gives me a 404 error (I run it on the PuppetCA/Foreman host) :
> 
> > puppetserver ca list --all
> Error:
> code: 404
> body: {
> "message":"Not Found",
> "url":"/puppet-ca/v1/certificate_statuses/any_key",
> "status":"404"
> }
> No certificates to list
> I did set up the autosign with my servers domain name, so the new nodes get 
> their certificate request correctly signed, they get their catalogs, I see 
> them in Foreman etc...
> 
> > ls -l  /etc/puppetlabs/puppet/ssl/ca/signed/
> total 44
> drwxr-x---. 2 puppet puppet 4096 Aug 24 18:01 .
> drwxr-x---. 4 puppet puppet  232 Aug 24 18:35 ..
> -rw-r--r--. 1 puppet puppet 1960 Aug 24 18:01 host1.domain.local.pem
> -rw-r--r--. 1 puppet puppet 1968 Aug 24 16:45 host2.domain.local.pem
> -rw-r--r--. 1 puppet puppet 1968 Aug 23 11:39 host3.domain.local.pem
> -rw-r--r--. 1 puppet puppet 1968 Aug 23 11:42 host4.domain.local.pem
> But I need to revoke and renew some of these certificates so for the moment, 
> I am blocked.
> 
> I don't know where to look, any help would be appreciated ^^
> 
> Thanks
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/68084f23-4154-45c1-b808-c67249ad1770n%40googlegroups.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/C18CBE52-D96A-45F9-BF6D-46756A89A90E%40gmail.com.