Cannot import classes after upgrade Puppet

Neeloj · June 24, 2022, 8:15am

hi all,

after upgrade Foreman to 3.3.0 and Puppet to 7.8.0 I cannot import classes via foreman, the error which I get:

Error
ERF12-4115 [ProxyAPI::ProxyException]: Unable to get classes from Puppet for common ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy https://my-server:8443/puppet

Does anyone have any suggeston/idea?

Neeloj · June 24, 2022, 8:21am

the proxy.log:


/usr/lib/ruby/vendor_ruby/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
2022-06-24T10:12:40 da290930 [E] Failed to show puppet classes: 403 Forbidden request: /puppet/v3/environment_classes (method :get). Please see the server logs for details.
2022-06-24T10:12:40 da290930 [W] Error details for Failed to show puppet classes: 403 Forbidden request: /puppet/v3/environment_classes (method :get). Please see the server logs for details.: <Exception>: Failed to show puppet classes: 403 Forbidden request: /puppet/v3/environment_classes (method :get). Please see the server logs for details.
2022-06-24T10:12:40 da290930 [W] Failed to show puppet classes: 403 Forbidden request: /puppet/v3/environment_classes (method :get). Please see the server logs for details.: <Exception>: Failed to show puppet classes: 403 Forbidden request: /puppet/v3/environment_classes (method :get). Please see the server logs for details.
2022-06-24T10:12:40 da290930 [I] Finished GET /puppet/environments/common/classes with 406 (191.66 ms)
2022-06-24T10:17:49 3c3ea546 [I] Started GET /puppet/environments
2022-06-24T10:17:49 3c3ea546 [I] Finished GET /puppet/environments with 200 (340.13 ms)
2022-06-24T10:17:49 3c3ea546 [I] Started GET /puppet/environments
2022-06-24T10:17:50 3c3ea546 [I] Finished GET /puppet/environments with 200 (387.41 ms)
2022-06-24T10:17:50 3c3ea546 [I] Started GET /puppet/environments
2022-06-24T10:17:50 3c3ea546 [I] Finished GET /puppet/environments with 200 (313.41 ms)
2022-06-24T10:17:50 3c3ea546 [I] Started GET /puppet/environments/common/classes
2022-06-24T10:17:50 3c3ea546 [W] Puppet server classes cache is disabled, classes retrieval can be slow.
2022-06-24T10:17:50 d45dd7ad [E] Error while retrieving puppet classes for 'common' environment
2022-06-24T10:17:50 d45dd7ad [W] Error details for Error while retrieving puppet classes for 'common' environment: <Proxy::Error::HttpError>: 403 Forbidden request: /puppet/v3/environment_classes (method :get). Please see the server logs for details.

Neeloj · June 28, 2022, 6:34am

no one have an idea?

Marek_Hulan · June 28, 2022, 8:46am

Well that looks like the puppet server refuses to give the foreman-proxy an answer. AFAIK we use x509 authnetication in there. Is this the puppet installed with foreman-installer? Did you touch the certificates in any way? That would explain to 403s. It feels like your puppet server does not trust the x509 that foreman-proxy is configured to use. Perhaps take a look at the puppet server logs.

Neeloj · June 28, 2022, 8:52am

thanks for your answer @Marek_Hulan

No I upgrade it via apt update/upgrade to Puppet 7.
So I can also use foreman-installer to upgrade puppet ? if yes how ? thats good idea!

No I dont touch the certificates.

I’ll take a look at the logs.

Marek_Hulan · June 29, 2022, 1:54pm

Perhaps I should ask better. Was the puppet installed initially by apt or by foreman-installer? Puppet server needs to be configured a certain way, so Foreman can talk to it. If you haven’t used foreman-installer at all, that would explain why the two don’t trust each other.

As part of Foreman upgrade, there are typically also instruction on how to update Puppet.

Neeloj · July 1, 2022, 8:14pm

Puppet was installed by apt.

You are absolutely right, so is there a way to make it to talk to each other again ?

On the same page where I upgrade Foreman ?

Thank you so much for your answer

Neeloj · July 28, 2022, 7:45am

@Marek_Hulan any suggestion to solve this issue ?

Neeloj · July 28, 2022, 12:55pm

I change the log_level to DEBUG and below is the output for foreman-proxy.log:

2022-07-28T14:52:46  [D] accept: 192.168.178.140:49674
2022-07-28T14:52:46  [D] Rack::Handler::WEBrick is invoked.
2022-07-28T14:52:46 c9eeecf1 [I] Started GET /puppet/environments
2022-07-28T14:52:46 c9eeecf1 [D] verifying remote client 192.168.178.140 against trusted_hosts ["my-server"]
2022-07-28T14:52:46 c9eeecf1 [I] Finished GET /puppet/environments with 200 (260.69 ms)
2022-07-28T14:52:46  [D] close: 192.168.178.140:49674
2022-07-28T14:52:46  [D] accept: 192.168.178.140:49678
2022-07-28T14:52:46  [D] Rack::Handler::WEBrick is invoked.
2022-07-28T14:52:46 c9eeecf1 [I] Started GET /puppet/environments
2022-07-28T14:52:46 c9eeecf1 [D] verifying remote client 192.168.178.140 against trusted_hosts ["my-server"]
2022-07-28T14:52:46 c9eeecf1 [I] Finished GET /puppet/environments with 200 (269.43 ms)
2022-07-28T14:52:46  [D] accept: 192.168.178.140:49682
2022-07-28T14:52:46  [D] close: 192.168.178.140:49678
2022-07-28T14:52:46  [D] Rack::Handler::WEBrick is invoked.
2022-07-28T14:52:46 c9eeecf1 [I] Started GET /puppet/environments
2022-07-28T14:52:46 c9eeecf1 [D] verifying remote client 192.168.178.140 against trusted_hosts ["my-server"]
2022-07-28T14:52:47 c9eeecf1 [I] Finished GET /puppet/environments with 200 (410.3 ms)
2022-07-28T14:52:47  [D] close: 192.168.178.140:49682
2022-07-28T14:52:47  [D] accept: 192.168.178.140:49686
2022-07-28T14:52:47  [D] Rack::Handler::WEBrick is invoked.
2022-07-28T14:52:47 c9eeecf1 [I] Started GET /puppet/environments/common/classes
2022-07-28T14:52:47 c9eeecf1 [D] verifying remote client 192.168.178.140 against trusted_hosts ["my-server"]
2022-07-28T14:52:47 c9eeecf1 [W] Puppet server classes cache is disabled, classes retrieval can be slow.
2022-07-28T14:52:47 e8c66db6 [E] Error while retrieving puppet classes for 'common' environment
2022-07-28T14:52:47 e8c66db6 [W] Error details for Error while retrieving puppet classes for 'common' environment: <Proxy::Error::HttpError>: 403 Forbidden request: /puppet/v3/environment_classes (method :get). Please see the server logs for details.
/usr/share/foreman-proxy/modules/puppet_proxy_puppet_api/v3_api_request.rb:19:in `list_classes'
/usr/share/foreman-proxy/modules/puppet_proxy_puppet_api/v3_environment_classes_api_classes_retriever.rb:80:in `block in async_get_classes'
/usr/lib/ruby/vendor_ruby/concurrent/executor/safe_task_executor.rb:24:in `block in execute'
/usr/lib/ruby/vendor_ruby/concurrent/synchronization/mutex_lockable_object.rb:41:in `block in synchronize'
/usr/lib/ruby/vendor_ruby/concurrent/synchronization/mutex_lockable_object.rb:41:in `synchronize'
/usr/lib/ruby/vendor_ruby/concurrent/synchronization/mutex_lockable_object.rb:41:in `synchronize'
/usr/lib/ruby/vendor_ruby/concurrent/executor/safe_task_executor.rb:19:in `execute'
/usr/lib/ruby/vendor_ruby/concurrent/promise.rb:563:in `block in realize'
/usr/lib/ruby/vendor_ruby/concurrent/executor/ruby_thread_pool_executor.rb:353:in `run_task'
/usr/lib/ruby/vendor_ruby/concurrent/executor/ruby_thread_pool_executor.rb:342:in `block (3 levels) in create_worker'
/usr/lib/ruby/vendor_ruby/concurrent/executor/ruby_thread_pool_executor.rb:325:in `loop'
/usr/lib/ruby/vendor_ruby/concurrent/executor/ruby_thread_pool_executor.rb:325:in `block (2 levels) in create_worker'
/usr/lib/ruby/vendor_ruby/concurrent/executor/ruby_thread_pool_executor.rb:324:in `catch'
/usr/lib/ruby/vendor_ruby/concurrent/executor/ruby_thread_pool_executor.rb:324:in `block in create_worker'
/usr/lib/ruby/vendor_ruby/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
2022-07-28T14:52:47 c9eeecf1 [E] Failed to show puppet classes: 403 Forbidden request: /puppet/v3/environment_classes (method :get). Please see the server logs for details.
2022-07-28T14:52:47 c9eeecf1 [W] Error details for Failed to show puppet classes: 403 Forbidden request: /puppet/v3/environment_classes (method :get). Please see the server logs for details.: <Exception>: Failed to show puppet classes: 403 Forbidden request: /puppet/v3/environment_classes (method :get). Please see the server logs for details.
2022-07-28T14:52:47 c9eeecf1 [W] Failed to show puppet classes: 403 Forbidden request: /puppet/v3/environment_classes (method :get). Please see the server logs for details.: <Exception>: Failed to show puppet classes: 403 Forbidden request: /puppet/v3/environment_classes (method :get). Please see the server logs for details.
2022-07-28T14:52:47 c9eeecf1 [I] Finished GET /puppet/environments/common/classes with 406 (196.71 ms)
2022-07-28T14:52:47  [D] close: 192.168.178.140:49686

Neeloj · August 3, 2022, 8:44am

so no one have an idea!

Marek_Hulan · August 4, 2022, 2:47pm

Sorry for the late reply. If you enable the puppet in the installer, it should do all that’s necessary. Just make sure to run the installer with --enable-puppet. If you already configured the puppet server, you may need to do the same on this “Foreman’s” puppet.

Neeloj · August 5, 2022, 8:40am

thanks @Marek_Hulan I found the error! I had wrong url in Foreman → Settings → url ( foreman url) I dont know why! but I had there wrong url. it works now