Support #1930
closed
Build host doesn't create autosign entry
Description
Hi,
I am trying to let a smart-proxy manage my puppet certificates.
What works:
I can manually add a autosign entry over the foreman web-ui.
Foreman does successfully list all certificates.
Foreman does successfully remove an entry from the autosign.conf after build is done.
What does not work:
When I add a new host (or click on build) I expect foreman to add an entry in autosign.conf.
In the foreman-proxy log I can see nothing which implies that the proxy is even trying to add it.
But when I add the entry manually I can see that after the host a build the foreman-proxy removes
this manually added entry.
From the logs:
I, [2012-11-07T19:13:13.566840 #25465] INFO -- : TFTP: entry for 00:0c:29:48:80:ce created successfully
D, [2012-11-07T19:13:13.681373 #25465] DEBUG -- : Starting task (total: 0): wget --timeout=10 --tries=3 --no-check-certificate nv -c http://srv-foreman/media/redhat-6.3-x86_64/images/pxeboot/initrd.img -O "/var/lib/tftpboot/boot/RedHat-6.3-x86_64-initrd.img" : Starting task (total: 0): wget --timeout=10 --tries=3 --no-check-certificate
D, [2012-11-07T19:13:14.329914 #25465] DEBUG -nv -c http://srv-foreman/media/redhat-6.3-x86_64/images/pxeboot/vmlinuz -O "/var/lib/tftpboot/boot/RedHat-6.3-x86_64-vmlinuz" : TFTP: entry for 00:0c:29:48:80:ce removed successfully
D, [2012-11-07T19:13:25.280754 #25465] DEBUG -
I, [2012-11-07T19:13:25.330287 #25465] INFO -- : Attempt to remove nonexistant client autosign for test2.tesce
E, [2012-11-07T19:13:25.330933 #25465] ERROR -- : Attempt to remove nonexistant client autosign for test2.tesce
and when I add manually:
I, [2012-11-07T19:15:05.854037 #25465] INFO -- : Added test2.tesce to autosign
foreman-proxy version:
foreman-proxy-1.0.0-3.el6.noarch
Is this a bug or am I trying to use this feature in way I am not supposed to?
Thanks for your attention!
Updated by Ohad Levy over 11 years ago
- Tracker changed from Bug to Support
- Status changed from New to Resolved
this is not how it works, only when a machine actually ask for a provision script (kickstart, jumpstart, or ec2/openstack post launch) autosign entries are added.
they are also removed once provisioning is done.
this is done this way in order to reduce the time window when auto sign is enabled (even if its autosign per certname).
Updated by Rüdiger Block over 11 years ago
Ok that makes sence, but why is it not working?
So I try to rebuild the machine.
I marked the host to build on next reboot and rebooted the machine watching how it gets installed and monitored the logs here is what happens.
D, [2012-11-08T08:54:56.739016 #2554] DEBUG -- : TFTP: entry for 00:0c:29:48:80:ce removed successfully
I, [2012-11-08T08:54:56.778918 #2554] INFO -- : Attempt to remove nonexistant client autosign for test2.tesce
E, [2012-11-08T08:54:56.779329 #2554] ERROR -- : Attempt to remove nonexistant client autosign for test2.tesce
So you say the entry in autsign.conf is added when the hosts ask for a kickstart file. My host did obviously asked
for one, received it and was build according to it. But there is nothing in the logs the would make believe that foreman tried to add a autosign entry in autosign.conf
I don't know what more information you need.
Thanks for your help
Updated by Rüdiger Block over 11 years ago
Never mind it's working now.
Thank you for your help.