Hey all,
A new problem just came up with my foreman setup, where I cannot load
puppet classes from the foreman UI:
foreman-debug-sbE27.tar.bz2 (11.4 KB)
···
------------------------------
Oops, we're sorry but something went wrong
Warning!
Permission denied -
/var/lib/puppet/ssl/private_keys/puppet.jokefire.com.pem
If you feel this is an error with Foreman itself, please open a new issue
with Foreman ticketing system, You would probably need to attach the Full
trace and relevant log entries.
Back
Here’s the permissions and ownership on that file it’s complaining abuout:
[root@puppet:~] #ls -lh
/var/lib/puppet/ssl/private_keys/puppet.jokefire.com.pem-rw-------. 1
puppet puppet 3.2K Mar 2 17:44
/var/lib/puppet/ssl/private_keys/puppet.jokefire.com.pem
I really have no idea how this error came about. There were no changes to
the system (that I’m aware of). I just went to the page, tried to load
classes and BOOM! There it was.
I’ve tried googling this error and haven’t found much that helps. Enclosed
is a debug trace in case that can help anyone. I’m hoping to resolve this
and would appreciate any help at all that you’d be able to provide.
Thanks!
Tmi
It looks like your puppet.conf is very basic and missing much of the
puppetmaster configuration, and specifically a couple of lines that keep
the permissions of this file in check.
Add to the [main] section of /etc/puppet/puppet.conf these two lines:
privatekeydir = $ssldir/private_keys { group = service }
hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
Re-run "puppet agent -t" and you should find the permissions change to
0640 and the file can now be read.
(Foreman :: Manual)
···
On 03/03/14 17:55, Tim Dunphy wrote:
> Hey all,
>
> A new problem just came up with my foreman setup, where I cannot load
> puppet classes from the foreman UI:
>
>
> ------------------------------
> Oops, we're sorry but something went wrong
> Warning!
> Permission denied -
> /var/lib/puppet/ssl/private_keys/puppet.jokefire.com.pem
>
> If you feel this is an error with Foreman itself, please open a new
> issue with Foreman ticketing system, You would probably need to attach
> the Full trace and relevant log entries.
>
> Back
>
> ----------------------------
>
> Here's the permissions and ownership on that file it's complaining abuout:
>
> [root@puppet:~] #ls -lh
> /var/lib/puppet/ssl/private_keys/puppet.jokefire.com.pem-rw-------. 1
> puppet puppet 3.2K Mar 2 17:44
> /var/lib/puppet/ssl/private_keys/puppet.jokefire.com.pem
>
> I really have no idea how this error came about. There were no changes
> to the system (that I'm aware of). I just went to the page, tried to
> load classes and BOOM! There it was.
>
> I've tried googling this error and haven't found much that helps.
> Enclosed is a debug trace in case that can help anyone. I'm hoping to
> resolve this and would appreciate any help at all that you'd be able to
> provide.
–
Dominic Cleal
Red Hat Engineering
Hello Dominic,
BINGO!! That was it. Thank you! I had forgotten that I had experimented
with my config.pp file because I thought that puppet wasn't xfr'ing files
correctly. So I left out an 'if' statement that tested if the client was
the puppet server. Therefore, a client puppet.conf had gotten distributed
to the server (where foreman was running). The client file (generated from
a template) didn't have the entries you point to. But the server config
did. Just restoring the if statement to test if the host was the puppet
server did the trick.
Thank you!
Tim
···
On Monday, March 3, 2014 1:13:48 PM UTC-5, Dominic Cleal wrote:
>
> On 03/03/14 17:55, Tim Dunphy wrote:
> > Hey all,
> >
> > A new problem just came up with my foreman setup, where I cannot load
> > puppet classes from the foreman UI:
> >
> >
> > ------------------------------
> > Oops, we're sorry but something went wrong
> > Warning!
> > Permission denied -
> > /var/lib/puppet/ssl/private_keys/puppet.jokefire.com.pem
> >
> > If you feel this is an error with Foreman itself, please open a new
> > issue with Foreman ticketing system, You would probably need to attach
> > the Full trace and relevant log entries.
> >
> > Back
> >
> > ----------------------------
> >
> > Here's the permissions and ownership on that file it's complaining
> abuout:
> >
> > [root@puppet:~] #ls -lh
> > /var/lib/puppet/ssl/private_keys/puppet.jokefire.com.pem-rw-------. 1
> > puppet puppet 3.2K Mar 2 17:44
> > /var/lib/puppet/ssl/private_keys/puppet.jokefire.com.pem
> >
> > I really have no idea how this error came about. There were no changes
> > to the system (that I'm aware of). I just went to the page, tried to
> > load classes and BOOM! There it was.
> >
> > I've tried googling this error and haven't found much that helps.
> > Enclosed is a debug trace in case that can help anyone. I'm hoping to
> > resolve this and would appreciate any help at all that you'd be able to
> > provide.
>
> It looks like your puppet.conf is very basic and missing much of the
> puppetmaster configuration, and specifically a couple of lines that keep
> the permissions of this file in check.
>
> Add to the [main] section of /etc/puppet/puppet.conf these two lines:
>
> privatekeydir = $ssldir/private_keys { group = service }
> hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
>
> Re-run "puppet agent -t" and you should find the permissions change to
> 0640 and the file can now be read.
>
> (
> http://theforeman.org/manuals/1.4/index.html#5.4.2SecuringSmartProxyRequests)
>
>
> --
> Dominic Cleal
> Red Hat Engineering
>
