Chef 12 and Foreman 1.10, can't add new hosts

Support
1

Hello,

I'm under debian 8 and I have setup Foreman using foreman installer.
I have then added chef plugins following this document :
http://www.theforeman.org/plugins/foreman_chef/0.2/
and using this command :

foreman-installer
–enable-foreman-plugin-chef
–enable-foreman-plugin-tasks
–enable-foreman-proxy-plugin-chef \

–foreman-proxy-plugin-chef-server-url="https://my-chefserver.com/organizations/default"

–foreman-proxy-plugin-chef-client-name="my-foreman-server.com"
–foreman-proxy-plugin-chef-private-key="/etc/chef/client.pem"
–no-enable-puppet
–foreman-server-ssl-crl=""

I have installed on a server which is chef managed, the gem
chef_handler_foreman :

/opt/chef/embedded/bin/gem install chef_handler_foreman --no-rdoc --no-ri

And added this to my chef client config /etc/chef/client.rb :

require 'chef_handler_foreman'
foreman_server_options :url => 'https://my-foreman-server.com:8443'
foreman_facts_upload true
foreman_reports_upload true
reports_log_level "notice"

But I can't add new hosts.
The only hosts which works correctly is the one where foreman and foreman
proxy is installed (he has also chef-client installed and managed).
I don't see any error in my /var/log/foreman-proxy/proxy.log

I only see an error when I change the my /etc/chef/client.rb config :
require 'chef_handler_foreman'
foreman_server_options :url => 'https://foreman.gcn-lab.fr'
foreman_facts_upload true
foreman_reports_upload true
reports_log_level "notice"

I saw this error in my foreman log /var/log/foreman/production.log :

2016-02-03T09:52:42 [app] [I] Started POST "/api/hosts/facts" for 10.10.0.4
at 2016-02-03 09:52:42 +0100
2016-02-03T09:52:42 [app] [I] Processing by Api::V2::HostsController#facts
as JSON
2016-02-03T09:52:42 [app] [I] Parameters:
{"name"=>"my-chefclient-server.com", "facts"=>"[FILTERED]", "apiv"=>"v2",
:host=>{"name"=>"my-chefclient-server.com"}}
2016-02-03T09:52:42 [app] [W] No SSL cert with CN supplied - request
from 10.10.0.4,
2016-02-03T09:52:42 [app] [I] Rendered
api/v2/errors/access_denied.json.rabl within api/v2/layouts/error_layout
(0.6ms)
2016-02-03T09:52:42 [app] [I] Filter chain halted as
#<Proc:0x00000007e46e50@/usr/share/foreman/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb:14>
rendered or redirected
2016-02-03T09:52:42 [app] [I] Completed 403 Forbidden in 4.4ms (Views:
1.4ms | ActiveRecord: 0.0ms)
2016-02-03T09:52:42 [app] [I] Started POST "/api/reports" for 10.10.0.4 at
2016-02-03 09:52:42 +0100
2016-02-03T09:52:42 [app] [I] Processing by
Api::V2::ReportsController#create as JSON
2016-02-03T09:52:42 [app] [I] Parameters: {"report"=>"[FILTERED]",
"apiv"=>"v2"}
2016-02-03T09:52:42 [app] [W] No SSL cert with CN supplied - request
from 10.10.0.4,
2016-02-03T09:52:42 [app] [I] Rendered
api/v2/errors/access_denied.json.rabl within api/v2/layouts/error_layout
(0.3ms)
2016-02-03T09:52:42 [app] [I] Filter chain halted as
#<Proc:0x0000000761a3a8@/usr/share/foreman/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb:14>
rendered or redirected
2016-02-03T09:52:42 [app] [I] Completed 403 Forbidden in 5.3ms (Views:
1.0ms | ActiveRecord: 0.0ms)

If someone can help me.

Thanks a lot.

2

I have also in my access.log on nginx on chef server, the following error :
"ChefAPI Ruby Gem 0.5.0" "127.0.0.1:8000" "403" "0.010" "11.4.0"

It seems that the connection to chef is not working properly due to
chef-api…

3

I have solved my issue, it seems that for Chef 12, we need to use an admin
user and not a client with admin parameter (it does not exist in chef 12).

4

Thanks for this info. I'm usually using pivotal key for this. I'll update the
manual accordingly.

··· On Friday 05 of February 2016 07:02:36 Grégoire BELLON-GERVAIS wrote: > I have solved my issue, it seems that for Chef 12, we need to use an admin > user and not a client with admin parameter (it does not exist in chef 12).


Marek