ERF50-5345 » History » Version 2
Lukas Zapletal, 01/17/2022 01:25 PM
ERF50-5345
| 1 | 1 | El Joppa | h1. ERF50-5345 |
|---|---|---|---|
| 2 | |||
| 3 | Make sure SSL is enabled in foreman-proxy: |
||
| 4 | |||
| 5 | <pre> |
||
| 6 | :enabled: https |
||
| 7 | </pre> |
||
| 8 | 2 | Lukas Zapletal | |
| 9 | In some cases the Foreman web interface fails to list the host certificates in the "infrastucture"=>"Puppet CA" section. Instead of listing the host certificates it may show the following error: |
||
| 10 | |||
| 11 | Failure: ERF50-5345 [Foreman::WrappedException]: Unable to connect ([ProxyAPI::ProxyException]: ERF12-5356 [ProxyAPI::ProxyException]: Unable to get PuppetCA certificates ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy ... |
||
| 12 | |||
| 13 | This is most likely due to missing sudo permissions for the local user foreman-proxy. Make sure that |
||
| 14 | |||
| 15 | 1. The sudo permissions are correct, ie the file /etc/sudoers.d/foreman-proxy contains |
||
| 16 | |||
| 17 | foreman-proxy ALL = (root) NOPASSWD : /opt/puppetlabs/bin/puppetserver ca * |
||
| 18 | Defaults:foreman-proxy !requiretty |
||
| 19 | |||
| 20 | 2. The sudo permissions apply for local users, ie /etc/security/access.conf contains |
||
| 21 | |||
| 22 | +:ALL:LOCAL |