foreman 0.3.0
puppet 2.6.9

works fine w/ SSL off

The entire error message is:
Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find node 'ubuntu.ttinet'; cannot compile

this however works…

curl -k https://ubuntu.ttinet:8142/node/ubuntu.ttinet?format=yml

AddDefaultCharset UTF-8

RackAutoDetect Off
RailsAutoDetect On
RailsEnv production

SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

SSLCertificateFile      /etc/puppet/ssl/certs/ubuntu.ttinet.pem
SSLCertificateKeyFile   /etc/puppet/ssl/private_keys/ubuntu.ttinet.pem
SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile    /etc/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can try disabling
# CRL checking by commenting the next line, but this is not recommended.
SSLCARevocationFile     /etc/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth  3
SSLOptions +StdEnvVars
    <Directory /var/www/foreman/public/>
            Options ExecCGI FollowSymLinks
            AddHandler cgi-script .cgi
            AllowOverride all
            Order allow,deny
            Allow from all
    </Directory>

anyone have any suggestions here?

any hints in foreman / apache logs?

Ohad

Do you have these settings defined in your puppmaster puppet.conf file?

node_terminus = exec
external_nodes = /etc/foreman/external_node.rb

what happens when you try the following:

/etc/foreman/external_node.rb myhost.mydomain.org

You should receive yaml output with the classes belonging to the node. If you don't get the yaml then maybe you need to adjust the line:

SETTINGS = {
:url => "http://puppet:3001",
:puppetdir => "/var/lib/puppet",
:timeout => 3,
}

Check that the url points to your foreman host.

Corey

not really…

/var/log/apache2/error_log (this is all I get after my 'mark' and restarting apache after changing the files back to SSL
[Tue Aug 09 12:37:57 2011] [notice] Apache/2.2.14 (Ubuntu) Phusion_Passenger/3.0.7 mod_ssl/2.2.14 OpenSSL/0.9.8k configured – resuming normal operations
/var/www/foreman/vendor/plugins/acts_as_audited/lib/acts_as_audited.rb:37: warning: already initialized constant CALLBACKS

foreman/log/production.log

Logfile created on Wed Aug 03 09:58:33 -0700 2011** has_many_polymorphs: rails environment detected

** has_many_polymorphs: preloading parent model Usergroup
** has_many_polymorphs: preloading parent model Usergroup

Processing ReportsController#create to yml (for 127.0.1.1 at 2011-08-09 12:38:39) [POST]
Parameters: {"report"=>"[FILTERED]", "format"=>"yml", "action"=>"create", "controller"=>"reports"}
processing report for ubuntu26.ttinet
Completed in 1847ms (View: 1, DB: 769) | 200 OK [https://ubuntu.ttinet/reports/create?format=yml]
** has_many_polymorphs: rails environment detected
** has_many_polymorphs: preloading parent model Usergroup
** has_many_polymorphs: preloading parent model Usergroup

Processing ReportsController#create to yml (for 127.0.1.1 at 2011-08-09 12:38:39) [POST]
Parameters: {"report"=>"[FILTERED]", "format"=>"yml", "action"=>"create", "controller"=>"reports"}
processing report for ubuntu.ttinet
Sent mail to craig.white@ttiltd.com
Completed in 3070ms (View: 2, DB: 1111) | 200 OK [https://ubuntu.ttinet/reports/create?format=yml]

The only thing that even comes to mind is that it seems that puppet and puppet-dashboard run (via passenger) as puppet:puppet whereas foreman runs as nobody

ps aux|grep foreman
nobody 29580 25.9 28.8 239400 145668 ? S 13:16 0:03 Passenger ApplicationSpawner: /var/www/foreman
nobody 29590 7.7 28.9 241528 146420 ? S 13:16 0:00 Rack: /var/www/foreman

The web browser application works just fine. The error reports end up on Foreman just fine.

The problem is always that it can't compile the catalog because of the ERROR 400 below.

Craig

Can you try just disabling the client verification?

> SSLVerifyClient optional

Corey

did that - restarted apache2 - same result

Craig

> not really…
>
> /var/log/apache2/error_log (this is all I get after my 'mark' and restarting apache after changing the files back to SSL
> [Tue Aug 09 12:37:57 2011] [notice] Apache/2.2.14 (Ubuntu) Phusion_Passenger/3.0.7 mod_ssl/2.2.14 OpenSSL/0.9.8k configured – resuming normal operations
> /var/www/foreman/vendor/plugins/acts_as_audited/lib/acts_as_audited.rb:37: warning: already initialized constant CALLBACKS
>
> foreman/log/production.log
> # Logfile created on Wed Aug 03 09:58:33 -0700 2011** has_many_polymorphs: rails environment detected
> ** has_many_polymorphs: preloading parent model Usergroup
> ** has_many_polymorphs: preloading parent model Usergroup
>
>
> Processing ReportsController#create to yml (for 127.0.1.1 at 2011-08-09 12:38:39) [POST]
> Parameters: {"report"=>"[FILTERED]", "format"=>"yml", "action"=>"create", "controller"=>"reports"}
> processing report for ubuntu26.ttinet
> Completed in 1847ms (View: 1, DB: 769) | 200 OK [https://ubuntu.ttinet/reports/create?format=yml]
> ** has_many_polymorphs: rails environment detected
> ** has_many_polymorphs: preloading parent model Usergroup
> ** has_many_polymorphs: preloading parent model Usergroup
>
>
> Processing ReportsController#create to yml (for 127.0.1.1 at 2011-08-09 12:38:39) [POST]
> Parameters: {"report"=>"[FILTERED]", "format"=>"yml", "action"=>"create", "controller"=>"reports"}
> processing report for ubuntu.ttinet
> Sent mail to craig.white@ttiltd.com
> Completed in 3070ms (View: 2, DB: 1111) | 200 OK [https://ubuntu.ttinet/reports/create?format=yml]

it sounds to me like you are not getting to foreman at all… maybe
apache ssl is blocking you? (try with curl -v to see whats going on).
>
> The only thing that even comes to mind is that it seems that puppet and puppet-dashboard run (via passenger) as puppet:puppet whereas foreman runs as nobody

when using passenger, the owner of config/environments.rb file is the
user which the application would run under, if its root, then it would
spwan as nobody, chown to foreman user (afair, the puppet module which
configures foreman takes care for this).

Ohad

>> not really…
>>
>> /var/log/apache2/error_log (this is all I get after my 'mark' and restarting apache after changing the files back to SSL
>> [Tue Aug 09 12:37:57 2011] [notice] Apache/2.2.14 (Ubuntu) Phusion_Passenger/3.0.7 mod_ssl/2.2.14 OpenSSL/0.9.8k configured – resuming normal operations
>> /var/www/foreman/vendor/plugins/acts_as_audited/lib/acts_as_audited.rb:37: warning: already initialized constant CALLBACKS
>>
>> foreman/log/production.log
>> # Logfile created on Wed Aug 03 09:58:33 -0700 2011** has_many_polymorphs: rails environment detected
>> ** has_many_polymorphs: preloading parent model Usergroup
>> ** has_many_polymorphs: preloading parent model Usergroup
>>
>>
>> Processing ReportsController#create to yml (for 127.0.1.1 at 2011-08-09 12:38:39) [POST]
>> Parameters: {"report"=>"[FILTERED]", "format"=>"yml", "action"=>"create", "controller"=>"reports"}
>> processing report for ubuntu26.ttinet
>> Completed in 1847ms (View: 1, DB: 769) | 200 OK [https://ubuntu.ttinet/reports/create?format=yml]
>> ** has_many_polymorphs: rails environment detected
>> ** has_many_polymorphs: preloading parent model Usergroup
>> ** has_many_polymorphs: preloading parent model Usergroup
>>
>>
>> Processing ReportsController#create to yml (for 127.0.1.1 at 2011-08-09 12:38:39) [POST]
>> Parameters: {"report"=>"[FILTERED]", "format"=>"yml", "action"=>"create", "controller"=>"reports"}
>> processing report for ubuntu.ttinet
>> Sent mail to craig.white@ttiltd.com
>> Completed in 3070ms (View: 2, DB: 1111) | 200 OK [https://ubuntu.ttinet/reports/create?format=yml]
>
> it sounds to me like you are not getting to foreman at all… maybe
> apache ssl is blocking you? (try with curl -v to see whats going on).

Do you get the 400 even with SSL on?

If you are using the External Nodes script that comes with Foreman, try:

chown -R puppet:puppet /var/lib/puppet/yaml/foreman/

Ohad: there needs to be an exception check in this script.

When run from the cmd line, most people will run it as root,
and /var/lib/puppet/yaml/foreman/ becomes root owned.

But when puppet master runs it, it can't write files in
/var/lib/puppet/yaml/foreman/.

Therefore, the script always works as root from the cmd line,
and gives 400 on the puppet client side.

>>
>>
>>>> not really…
>>>>
>>>> /var/log/apache2/error_log (this is all I get after my 'mark' and restarting apache after changing the files back to SSL
>>>> [Tue Aug 09 12:37:57 2011] [notice] Apache/2.2.14 (Ubuntu) Phusion_Passenger/3.0.7 mod_ssl/2.2.14 OpenSSL/0.9.8k configured – resuming normal operations
>>>> /var/www/foreman/vendor/plugins/acts_as_audited/lib/acts_as_audited.rb:37: warning: already initialized constant CALLBACKS
>>>>
>>>> foreman/log/production.log
>>>> # Logfile created on Wed Aug 03 09:58:33 -0700 2011** has_many_polymorphs: rails environment detected
>>>> ** has_many_polymorphs: preloading parent model Usergroup
>>>> ** has_many_polymorphs: preloading parent model Usergroup
>>>>
>>>>
>>>> Processing ReportsController#create to yml (for 127.0.1.1 at 2011-08-09 12:38:39) [POST]
>>>> Parameters: {"report"=>"[FILTERED]", "format"=>"yml", "action"=>"create", "controller"=>"reports"}
>>>> processing report for ubuntu26.ttinet
>>>> Completed in 1847ms (View: 1, DB: 769) | 200 OK [https://ubuntu.ttinet/reports/create?format=yml]
>>>> ** has_many_polymorphs: rails environment detected
>>>> ** has_many_polymorphs: preloading parent model Usergroup
>>>> ** has_many_polymorphs: preloading parent model Usergroup
>>>>
>>>>
>>>> Processing ReportsController#create to yml (for 127.0.1.1 at 2011-08-09 12:38:39) [POST]
>>>> Parameters: {"report"=>"[FILTERED]", "format"=>"yml", "action"=>"create", "controller"=>"reports"}
>>>> processing report for ubuntu.ttinet
>>>> Sent mail to craig.white@ttiltd.com
>>>> Completed in 3070ms (View: 2, DB: 1111) | 200 OK [https://ubuntu.ttinet/reports/create?format=yml]
>>>
>>> it sounds to me like you are not getting to foreman at all… maybe
>>> apache ssl is blocking you? (try with curl -v to see whats going on).
>> ----
>> I think that is sort of what is happening.
>>
>> I configured
>> - /etc/puppet/node.rb (from foreman) - use https instead of http
>> - /usr/local/lib/ruby/gems/1.8/gems/puppet-2.6.9//lib/puppet/reports/foreman.rb - use https instead of http
>> - /var/www/foreman/config/settings.yaml - uncommented :require_ssl: true
>> - /etc/apache2/sites-available/foreman.conf - uncommented out all of the SSL Directives
>> - restarted apache2 service
>>
>> anyway…
>>
>> curl -k -v https://ubuntu.ttinet:8142/node/ubuntu.ttinet?format=yml
>> * About to connect() to ubuntu.ttinet port 8142 (#0)
>> * Trying 127.0.1.1… connected
>> * Connected to ubuntu.ttinet (127.0.1.1) port 8142 (#0)
>> * successfully set certificate verify locations:
>> * CAfile: none
>> CApath: /etc/ssl/certs
>> * SSLv3, TLS handshake, Client hello (1):
>> * SSLv3, TLS handshake, Server hello (2):
>> * SSLv3, TLS handshake, CERT (11):
>> * SSLv3, TLS handshake, Server key exchange (12):
>> * SSLv3, TLS handshake, Request CERT (13):
>> * SSLv3, TLS handshake, Server finished (14):
>> * SSLv3, TLS handshake, CERT (11):
>> * SSLv3, TLS handshake, Client key exchange (16):
>> * SSLv3, TLS change cipher, Client hello (1):
>> * SSLv3, TLS handshake, Finished (20):
>> * SSLv3, TLS change cipher, Client hello (1):
>> * SSLv3, TLS handshake, Finished (20):
>> * SSL connection using DHE-RSA-AES256-SHA
>> * Server certificate:
>> * subject: CN=ubuntu.ttinet
>> * start date: 2011-08-01 18:31:08 GMT
>> * expire date: 2021-07-29 18:31:08 GMT
>> * subjectAltName: ubuntu.ttinet matched
>> * issuer: CN=Puppet CA: ubuntu.ttinet
>> * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
>>> GET /node/ubuntu.ttinet?format=yml HTTP/1.1
>>> User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
>>> Host: ubuntu.ttinet:8142
>>> Accept: /
>>>
>> < HTTP/1.1 200 OK
>> < Date: Wed, 10 Aug 2011 15:52:01 GMT
>> < Server: Apache/2.2.14 (Ubuntu)
>> < X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.7
>> < ETag: "5ea41dae4f5240cf3990b5e50decbd4f"
>> < X-Runtime: 20
>> < Cache-Control: private, max-age=0, must-revalidate
>> < Content-Length: 397
>> < Status: 200
>> < Vary: Accept-Encoding
>> < Content-Type: text/plain; charset=utf-8
>> <
>> —
>> parameters:
>> puppetmaster: ubuntu.ttinet
>> hostgroup: puppetmaster
>> apt: 7F0CEB10
>> classes:
>> - sudoers::hostgroup
>> - subversion
>> - postfix
>> - ntp
>> - git
>> - etc
>> - apt
>> - sudoers
>> - ldap::configure
>> - ldap::client_install
>> - mysql
>> - apache::service
>> - gems::passenger
>> - apache
>> - firebird
>> - mongodb
>> * Connection #0 to host ubuntu.ttinet left intact
>> * Closing connection #0
>> * SSLv3, TLS alert, Client hello (1):
>>
>> As I think I said when I started this thread, I haven't had a problem using curl to get the catalog when I use https.
>>
>> I also don't have a problem accessing the web site using https and reports end up on forman from any of the puppet clients when I use https.
>>
>> The only thing that seems to not work is that the catalogs don't seem to happen. The error always is…
>>
>> Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find node 'ubuntu.ttinet'; cannot compile
>>
>> and yes, I didn't understand why foreman ran as user 'nobody' but I ignorantly fixed the problem when I finally chown puppet:puppet /var/www/foreman -R and now, I know why it runs as user puppet.
>>
>> Craig
>>
>> –
>> You received this message because you are subscribed to the Google Groups "Foreman users" group.
>> To post to this group, send email to foreman-users@googlegroups.com.
>> To unsubscribe from this group, send email to foreman-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at http://groups.google.com/group/foreman-users?hl=en.
>>
>>
>
> Do you get the 400 even with SSL on?

>>>
>>>
>>>>> not really…
>>>>>
>>>>> /var/log/apache2/error_log (this is all I get after my 'mark' and restarting apache after changing the files back to SSL
>>>>> [Tue Aug 09 12:37:57 2011] [notice] Apache/2.2.14 (Ubuntu) Phusion_Passenger/3.0.7 mod_ssl/2.2.14 OpenSSL/0.9.8k configured – resuming normal operations
>>>>> /var/www/foreman/vendor/plugins/acts_as_audited/lib/acts_as_audited.rb:37: warning: already initialized constant CALLBACKS
>>>>>
>>>>> foreman/log/production.log
>>>>> # Logfile created on Wed Aug 03 09:58:33 -0700 2011** has_many_polymorphs: rails environment detected
>>>>> ** has_many_polymorphs: preloading parent model Usergroup
>>>>> ** has_many_polymorphs: preloading parent model Usergroup
>>>>>
>>>>>
>>>>> Processing ReportsController#create to yml (for 127.0.1.1 at 2011-08-09 12:38:39) [POST]
>>>>> Parameters: {"report"=>"[FILTERED]", "format"=>"yml", "action"=>"create", "controller"=>"reports"}
>>>>> processing report for ubuntu26.ttinet
>>>>> Completed in 1847ms (View: 1, DB: 769) | 200 OK [https://ubuntu.ttinet/reports/create?format=yml]
>>>>> ** has_many_polymorphs: rails environment detected
>>>>> ** has_many_polymorphs: preloading parent model Usergroup
>>>>> ** has_many_polymorphs: preloading parent model Usergroup
>>>>>
>>>>>
>>>>> Processing ReportsController#create to yml (for 127.0.1.1 at 2011-08-09 12:38:39) [POST]
>>>>> Parameters: {"report"=>"[FILTERED]", "format"=>"yml", "action"=>"create", "controller"=>"reports"}
>>>>> processing report for ubuntu.ttinet
>>>>> Sent mail to craig.white@ttiltd.com
>>>>> Completed in 3070ms (View: 2, DB: 1111) | 200 OK [https://ubuntu.ttinet/reports/create?format=yml]
>>>>
>>>> it sounds to me like you are not getting to foreman at all… maybe
>>>> apache ssl is blocking you? (try with curl -v to see whats going on).
>>> ----
>>> I think that is sort of what is happening.
>>>
>>> I configured
>>> - /etc/puppet/node.rb (from foreman) - use https instead of http
>>> - /usr/local/lib/ruby/gems/1.8/gems/puppet-2.6.9//lib/puppet/reports/foreman.rb - use https instead of http
>>> - /var/www/foreman/config/settings.yaml - uncommented :require_ssl: true
>>> - /etc/apache2/sites-available/foreman.conf - uncommented out all of the SSL Directives
>>> - restarted apache2 service
>>>
>>> anyway…
>>>
>>> curl -k -v https://ubuntu.ttinet:8142/node/ubuntu.ttinet?format=yml
>>> * About to connect() to ubuntu.ttinet port 8142 (#0)
>>> * Trying 127.0.1.1… connected
>>> * Connected to ubuntu.ttinet (127.0.1.1) port 8142 (#0)
>>> * successfully set certificate verify locations:
>>> * CAfile: none
>>> CApath: /etc/ssl/certs
>>> * SSLv3, TLS handshake, Client hello (1):
>>> * SSLv3, TLS handshake, Server hello (2):
>>> * SSLv3, TLS handshake, CERT (11):
>>> * SSLv3, TLS handshake, Server key exchange (12):
>>> * SSLv3, TLS handshake, Request CERT (13):
>>> * SSLv3, TLS handshake, Server finished (14):
>>> * SSLv3, TLS handshake, CERT (11):
>>> * SSLv3, TLS handshake, Client key exchange (16):
>>> * SSLv3, TLS change cipher, Client hello (1):
>>> * SSLv3, TLS handshake, Finished (20):
>>> * SSLv3, TLS change cipher, Client hello (1):
>>> * SSLv3, TLS handshake, Finished (20):
>>> * SSL connection using DHE-RSA-AES256-SHA
>>> * Server certificate:
>>> * subject: CN=ubuntu.ttinet
>>> * start date: 2011-08-01 18:31:08 GMT
>>> * expire date: 2021-07-29 18:31:08 GMT
>>> * subjectAltName: ubuntu.ttinet matched
>>> * issuer: CN=Puppet CA: ubuntu.ttinet
>>> * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
>>>> GET /node/ubuntu.ttinet?format=yml HTTP/1.1
>>>> User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
>>>> Host: ubuntu.ttinet:8142
>>>> Accept: /
>>>>
>>> < HTTP/1.1 200 OK
>>> < Date: Wed, 10 Aug 2011 15:52:01 GMT
>>> < Server: Apache/2.2.14 (Ubuntu)
>>> < X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.7
>>> < ETag: "5ea41dae4f5240cf3990b5e50decbd4f"
>>> < X-Runtime: 20
>>> < Cache-Control: private, max-age=0, must-revalidate
>>> < Content-Length: 397
>>> < Status: 200
>>> < Vary: Accept-Encoding
>>> < Content-Type: text/plain; charset=utf-8
>>> <
>>> —
>>> parameters:
>>> puppetmaster: ubuntu.ttinet
>>> hostgroup: puppetmaster
>>> apt: 7F0CEB10
>>> classes:
>>> - sudoers::hostgroup
>>> - subversion
>>> - postfix
>>> - ntp
>>> - git
>>> - etc
>>> - apt
>>> - sudoers
>>> - ldap::configure
>>> - ldap::client_install
>>> - mysql
>>> - apache::service
>>> - gems::passenger
>>> - apache
>>> - firebird
>>> - mongodb
>>> * Connection #0 to host ubuntu.ttinet left intact
>>> * Closing connection #0
>>> * SSLv3, TLS alert, Client hello (1):
>>>
>>> As I think I said when I started this thread, I haven't had a problem using curl to get the catalog when I use https.
>>>
>>> I also don't have a problem accessing the web site using https and reports end up on forman from any of the puppet clients when I use https.
>>>
>>> The only thing that seems to not work is that the catalogs don't seem to happen. The error always is…
>>>
>>> Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find node 'ubuntu.ttinet'; cannot compile
>>>
>>> and yes, I didn't understand why foreman ran as user 'nobody' but I ignorantly fixed the problem when I finally chown puppet:puppet /var/www/foreman -R and now, I know why it runs as user puppet.
>>>
>>> Craig
>>>
>>> –
>>> You received this message because you are subscribed to the Google Groups "Foreman users" group.
>>> To post to this group, send email to foreman-users@googlegroups.com.
>>> To unsubscribe from this group, send email to foreman-users+unsubscribe@googlegroups.com.
>>> For more options, visit this group at http://groups.google.com/group/foreman-users?hl=en.
>>>
>>>
>>
>> Do you get the 400 even with SSL on?
>>
>
> If you are using the External Nodes script that comes with Foreman, try:
>
> chown -R puppet:puppet /var/lib/puppet/yaml/foreman/
>
> Ohad: there needs to be an exception check in this script.
>
> When run from the cmd line, most people will run it as root,
> and /var/lib/puppet/yaml/foreman/ becomes root owned.
>
> But when puppet master runs it, it can't write files in
> /var/lib/puppet/yaml/foreman/.
>
> Therefore, the script always works as root from the cmd line,
> and gives 400 on the puppet client side.

> >>
> >>
> >>>> not really…
> >>>>
> >>>> /var/log/apache2/error_log (this is all I get after my 'mark' and
> restarting apache after changing the files back to SSL
> >>>> [Tue Aug 09 12:37:57 2011] [notice] Apache/2.2.14 (Ubuntu)
> Phusion_Passenger/3.0.7 mod_ssl/2.2.14 OpenSSL/0.9.8k configured –
> resuming normal operations
> >>>>
> /var/www/foreman/vendor/plugins/acts_as_audited/lib/acts_as_audited.rb:37:
> warning: already initialized constant CALLBACKS
> >>>>
> >>>> foreman/log/production.log
> >>>> # Logfile created on Wed Aug 03 09:58:33 -0700 2011**
> has_many_polymorphs: rails environment detected
> >>>> ** has_many_polymorphs: preloading parent model Usergroup
> >>>> ** has_many_polymorphs: preloading parent model Usergroup
> >>>>
> >>>>
> >>>> Processing ReportsController#create to yml (for 127.0.1.1 at
> 2011-08-09 12:38:39) [POST]
> >>>> Parameters: {"report"=>"[FILTERED]", "format"=>"yml",
> "action"=>"create", "controller"=>"reports"}
> >>>> processing report for ubuntu26.ttinet
> >>>> Completed in 1847ms (View: 1, DB: 769) | 200 OK [
> https://ubuntu.ttinet/reports/create?format=yml]
> >>>> ** has_many_polymorphs: rails environment detected
> >>>> ** has_many_polymorphs: preloading parent model Usergroup
> >>>> ** has_many_polymorphs: preloading parent model Usergroup
> >>>>
> >>>>
> >>>> Processing ReportsController#create to yml (for 127.0.1.1 at
> 2011-08-09 12:38:39) [POST]
> >>>> Parameters: {"report"=>"[FILTERED]", "format"=>"yml",
> "action"=>"create", "controller"=>"reports"}
> >>>> processing report for ubuntu.ttinet
> >>>> Sent mail to craig.white@ttiltd.com
> >>>> Completed in 3070ms (View: 2, DB: 1111) | 200 OK [
> https://ubuntu.ttinet/reports/create?format=yml]
> >>>
> >>> it sounds to me like you are not getting to foreman at all… maybe
> >>> apache ssl is blocking you? (try with curl -v to see whats going on).
> >> ----
> >> I think that is sort of what is happening.
> >>
> >> I configured
> >> - /etc/puppet/node.rb (from foreman) - use https instead of http
> >> -
> /usr/local/lib/ruby/gems/1.8/gems/puppet-2.6.9//lib/puppet/reports/foreman.rb
> - use https instead of http
> >> - /var/www/foreman/config/settings.yaml - uncommented :require_ssl: true
> >> - /etc/apache2/sites-available/foreman.conf - uncommented out all of the
> SSL Directives
> >> - restarted apache2 service
> >>
> >> anyway…
> >>
> >> curl -k -v https://ubuntu.ttinet:8142/node/ubuntu.ttinet?format=yml
> >> * About to connect() to ubuntu.ttinet port 8142 (#0)
> >> * Trying 127.0.1.1… connected
> >> * Connected to ubuntu.ttinet (127.0.1.1) port 8142 (#0)
> >> * successfully set certificate verify locations:
> >> * CAfile: none
> >> CApath: /etc/ssl/certs
> >> * SSLv3, TLS handshake, Client hello (1):
> >> * SSLv3, TLS handshake, Server hello (2):
> >> * SSLv3, TLS handshake, CERT (11):
> >> * SSLv3, TLS handshake, Server key exchange (12):
> >> * SSLv3, TLS handshake, Request CERT (13):
> >> * SSLv3, TLS handshake, Server finished (14):
> >> * SSLv3, TLS handshake, CERT (11):
> >> * SSLv3, TLS handshake, Client key exchange (16):
> >> * SSLv3, TLS change cipher, Client hello (1):
> >> * SSLv3, TLS handshake, Finished (20):
> >> * SSLv3, TLS change cipher, Client hello (1):
> >> * SSLv3, TLS handshake, Finished (20):
> >> * SSL connection using DHE-RSA-AES256-SHA
> >> * Server certificate:
> >> * subject: CN=ubuntu.ttinet
> >> * start date: 2011-08-01 18:31:08 GMT
> >> * expire date: 2021-07-29 18:31:08 GMT
> >> * subjectAltName: ubuntu.ttinet matched
> >> * issuer: CN=Puppet CA: ubuntu.ttinet
> >> * SSL certificate verify result: self signed certificate in
> certificate chain (19), continuing anyway.
> >>> GET /node/ubuntu.ttinet?format=yml HTTP/1.1
> >>> User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7
> OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
> >>> Host: ubuntu.ttinet:8142
> >>> Accept: /
> >>>
> >> < HTTP/1.1 200 OK
> >> < Date: Wed, 10 Aug 2011 15:52:01 GMT
> >> < Server: Apache/2.2.14 (Ubuntu)
> >> < X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.7
> >> < ETag: "5ea41dae4f5240cf3990b5e50decbd4f"
> >> < X-Runtime: 20
> >> < Cache-Control: private, max-age=0, must-revalidate
> >> < Content-Length: 397
> >> < Status: 200
> >> < Vary: Accept-Encoding
> >> < Content-Type: text/plain; charset=utf-8
> >> <
> >> —
> >> parameters:
> >> puppetmaster: ubuntu.ttinet
> >> hostgroup: puppetmaster
> >> apt: 7F0CEB10
> >> classes:
> >> - sudoers::hostgroup
> >> - subversion
> >> - postfix
> >> - ntp
> >> - git
> >> - etc
> >> - apt
> >> - sudoers
> >> - ldap::configure
> >> - ldap::client_install
> >> - mysql
> >> - apache::service
> >> - gems::passenger
> >> - apache
> >> - firebird
> >> - mongodb
> >> * Connection #0 to host ubuntu.ttinet left intact
> >> * Closing connection #0
> >> * SSLv3, TLS alert, Client hello (1):
> >>
> >> As I think I said when I started this thread, I haven't had a problem
> using curl to get the catalog when I use https.
> >>
> >> I also don't have a problem accessing the web site using https and
> reports end up on forman from any of the puppet clients when I use https.
> >>
> >> The only thing that seems to not work is that the catalogs don't seem to
> happen. The error always is…
> >>
> >> Could not retrieve catalog from remote server: Error 400 on SERVER:
> Could not find node 'ubuntu.ttinet'; cannot compile
> >>
> >> and yes, I didn't understand why foreman ran as user 'nobody' but I
> ignorantly fixed the problem when I finally chown puppet:puppet
> /var/www/foreman -R and now, I know why it runs as user puppet.
> >>
> >> Craig
> >>
> >> –
> >> You received this message because you are subscribed to the Google
> Groups "Foreman users" group.
> >> To post to this group, send email to foreman-users@googlegroups.com.
> >> To unsubscribe from this group, send email to
> foreman-users+unsubscribe@googlegroups.com.
> >> For more options, visit this group at
> http://groups.google.com/group/foreman-users?hl=en.
> >>
> >>
> >
> > Do you get the 400 even with SSL on?
> >
>
> If you are using the External Nodes script that comes with Foreman, try:
>
> chown -R puppet:puppet /var/lib/puppet/yaml/foreman/
>
> Ohad: there needs to be an exception check in this script.
>
> When run from the cmd line, most people will run it as root,
> and /var/lib/puppet/yaml/foreman/ becomes root owned.
>
> But when puppet master runs it, it can't write files in
> /var/lib/puppet/yaml/foreman/.
>
> Therefore, the script always works as root from the cmd line,
> and gives 400 on the puppet client side.
>
Thanks… ideally :

1. open a new issue
2. send a patch to fix it

>
>
> >>>
> >>>
> >>>>> not really…
> >>>>>
> >>>>> /var/log/apache2/error_log (this is all I get after my 'mark' and
> restarting apache after changing the files back to SSL
> >>>>> [Tue Aug 09 12:37:57 2011] [notice] Apache/2.2.14 (Ubuntu)
> Phusion_Passenger/3.0.7 mod_ssl/2.2.14 OpenSSL/0.9.8k configured –
> resuming normal operations
> >>>>>
> /var/www/foreman/vendor/plugins/acts_as_audited/lib/acts_as_audited.rb:37:
> warning: already initialized constant CALLBACKS
> >>>>>
> >>>>> foreman/log/production.log
> >>>>> # Logfile created on Wed Aug 03 09:58:33 -0700 2011**
> has_many_polymorphs: rails environment detected
> >>>>> ** has_many_polymorphs: preloading parent model Usergroup
> >>>>> ** has_many_polymorphs: preloading parent model Usergroup
> >>>>>
> >>>>>
> >>>>> Processing ReportsController#create to yml (for 127.0.1.1 at
> 2011-08-09 12:38:39) [POST]
> >>>>> Parameters: {"report"=>"[FILTERED]", "format"=>"yml",
> "action"=>"create", "controller"=>"reports"}
> >>>>> processing report for ubuntu26.ttinet
> >>>>> Completed in 1847ms (View: 1, DB: 769) | 200 OK [
> https://ubuntu.ttinet/reports/create?format=yml]
> >>>>> ** has_many_polymorphs: rails environment detected
> >>>>> ** has_many_polymorphs: preloading parent model Usergroup
> >>>>> ** has_many_polymorphs: preloading parent model Usergroup
> >>>>>
> >>>>>
> >>>>> Processing ReportsController#create to yml (for 127.0.1.1 at
> 2011-08-09 12:38:39) [POST]
> >>>>> Parameters: {"report"=>"[FILTERED]", "format"=>"yml",
> "action"=>"create", "controller"=>"reports"}
> >>>>> processing report for ubuntu.ttinet
> >>>>> Sent mail to craig.white@ttiltd.com
> >>>>> Completed in 3070ms (View: 2, DB: 1111) | 200 OK [
> https://ubuntu.ttinet/reports/create?format=yml]
> >>>>
> >>>> it sounds to me like you are not getting to foreman at all… maybe
> >>>> apache ssl is blocking you? (try with curl -v to see whats going on).
> >>> ----
> >>> I think that is sort of what is happening.
> >>>
> >>> I configured
> >>> - /etc/puppet/node.rb (from foreman) - use https instead of http
> >>> -
> /usr/local/lib/ruby/gems/1.8/gems/puppet-2.6.9//lib/puppet/reports/foreman.rb
> - use https instead of http
> >>> - /var/www/foreman/config/settings.yaml - uncommented :require_ssl:
> true
> >>> - /etc/apache2/sites-available/foreman.conf - uncommented out all of
> the SSL Directives
> >>> - restarted apache2 service
> >>>
> >>> anyway…
> >>>
> >>> curl -k -v https://ubuntu.ttinet:8142/node/ubuntu.ttinet?format=yml
> >>> * About to connect() to ubuntu.ttinet port 8142 (#0)
> >>> * Trying 127.0.1.1… connected
> >>> * Connected to ubuntu.ttinet (127.0.1.1) port 8142 (#0)
> >>> * successfully set certificate verify locations:
> >>> * CAfile: none
> >>> CApath: /etc/ssl/certs
> >>> * SSLv3, TLS handshake, Client hello (1):
> >>> * SSLv3, TLS handshake, Server hello (2):
> >>> * SSLv3, TLS handshake, CERT (11):
> >>> * SSLv3, TLS handshake, Server key exchange (12):
> >>> * SSLv3, TLS handshake, Request CERT (13):
> >>> * SSLv3, TLS handshake, Server finished (14):
> >>> * SSLv3, TLS handshake, CERT (11):
> >>> * SSLv3, TLS handshake, Client key exchange (16):
> >>> * SSLv3, TLS change cipher, Client hello (1):
> >>> * SSLv3, TLS handshake, Finished (20):
> >>> * SSLv3, TLS change cipher, Client hello (1):
> >>> * SSLv3, TLS handshake, Finished (20):
> >>> * SSL connection using DHE-RSA-AES256-SHA
> >>> * Server certificate:
> >>> * subject: CN=ubuntu.ttinet
> >>> * start date: 2011-08-01 18:31:08 GMT
> >>> * expire date: 2021-07-29 18:31:08 GMT
> >>> * subjectAltName: ubuntu.ttinet matched
> >>> * issuer: CN=Puppet CA: ubuntu.ttinet
> >>> * SSL certificate verify result: self signed certificate in
> certificate chain (19), continuing anyway.
> >>>> GET /node/ubuntu.ttinet?format=yml HTTP/1.1
> >>>> User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7
> OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
> >>>> Host: ubuntu.ttinet:8142
> >>>> Accept: /
> >>>>
> >>> < HTTP/1.1 200 OK
> >>> < Date: Wed, 10 Aug 2011 15:52:01 GMT
> >>> < Server: Apache/2.2.14 (Ubuntu)
> >>> < X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.7
> >>> < ETag: "5ea41dae4f5240cf3990b5e50decbd4f"
> >>> < X-Runtime: 20
> >>> < Cache-Control: private, max-age=0, must-revalidate
> >>> < Content-Length: 397
> >>> < Status: 200
> >>> < Vary: Accept-Encoding
> >>> < Content-Type: text/plain; charset=utf-8
> >>> <
> >>> —
> >>> parameters:
> >>> puppetmaster: ubuntu.ttinet
> >>> hostgroup: puppetmaster
> >>> apt: 7F0CEB10
> >>> classes:
> >>> - sudoers::hostgroup
> >>> - subversion
> >>> - postfix
> >>> - ntp
> >>> - git
> >>> - etc
> >>> - apt
> >>> - sudoers
> >>> - ldap::configure
> >>> - ldap::client_install
> >>> - mysql
> >>> - apache::service
> >>> - gems::passenger
> >>> - apache
> >>> - firebird
> >>> - mongodb
> >>> * Connection #0 to host ubuntu.ttinet left intact
> >>> * Closing connection #0
> >>> * SSLv3, TLS alert, Client hello (1):
> >>>
> >>> As I think I said when I started this thread, I haven't had a problem
> using curl to get the catalog when I use https.
> >>>
> >>> I also don't have a problem accessing the web site using https and
> reports end up on forman from any of the puppet clients when I use https.
> >>>
> >>> The only thing that seems to not work is that the catalogs don't seem
> to happen. The error always is…
> >>>
> >>> Could not retrieve catalog from remote server: Error 400 on SERVER:
> Could not find node 'ubuntu.ttinet'; cannot compile
> >>>
> >>> and yes, I didn't understand why foreman ran as user 'nobody' but I
> ignorantly fixed the problem when I finally chown puppet:puppet
> /var/www/foreman -R and now, I know why it runs as user puppet.
> >>>
> >>> Craig
> >>>
> >>> –
> >>> You received this message because you are subscribed to the Google
> Groups "Foreman users" group.
> >>> To post to this group, send email to foreman-users@googlegroups.com.
> >>> To unsubscribe from this group, send email to
> foreman-users+unsubscribe@googlegroups.com.
> >>> For more options, visit this group at
> http://groups.google.com/group/foreman-users?hl=en.
> >>>
> >>>
> >>
> >> Do you get the 400 even with SSL on?
> >>
> >
> > If you are using the External Nodes script that comes with Foreman, try:
> >
> > chown -R puppet:puppet /var/lib/puppet/yaml/foreman/
> >
> > Ohad: there needs to be an exception check in this script.
> >
> > When run from the cmd line, most people will run it as root,
> > and /var/lib/puppet/yaml/foreman/ becomes root owned.
> >
> > But when puppet master runs it, it can't write files in
> > /var/lib/puppet/yaml/foreman/.
> >
> > Therefore, the script always works as root from the cmd line,
> > and gives 400 on the puppet client side.
> ----
> seemed like a good thought - especially because for a while,
> passenger/rack/rails/foreman was running as user 'nobody' (which I fixed but
> didn't know exactly how but Ohad clarified).
>
> /var/lib/puppet/yaml directory was permission 0750 but all the files seemed
> to be owned by puppet:puppet - I changed the directory to 0775 but it made
> no difference. /var/lib/puppet/yaml/foreman and all the files therein were
> readable by all.
>
> I also took the big hammer to /var/lib/puppet just in case…
>
> chown puppet:puppet /var/lib/puppet -R
> chmod o+r /var/lib/puppet -R
>
> to no avail
>
> what you really need to do is simple:
sudo su - puppet -s /bin/bash
/node_script <fqdn>

I'm guessing you would get your answer this way.
if that doesn't work, then you can always replace our ENC script with the
following

#! /bin/sh

curl -ks https://foreman/node/$1?format=yml

Ohad

Craig

>
>
>
>
> >>>
> >>>
> >>>>> not really…
> >>>>>
> >>>>> /var/log/apache2/error_log (this is all I get after my 'mark' and restarting apache after changing the files back to SSL
> >>>>> [Tue Aug 09 12:37:57 2011] [notice] Apache/2.2.14 (Ubuntu) Phusion_Passenger/3.0.7 mod_ssl/2.2.14 OpenSSL/0.9.8k configured – resuming normal operations
> >>>>> /var/www/foreman/vendor/plugins/acts_as_audited/lib/acts_as_audited.rb:37: warning: already initialized constant CALLBACKS
> >>>>>
> >>>>> foreman/log/production.log
> >>>>> # Logfile created on Wed Aug 03 09:58:33 -0700 2011** has_many_polymorphs: rails environment detected
> >>>>> ** has_many_polymorphs: preloading parent model Usergroup
> >>>>> ** has_many_polymorphs: preloading parent model Usergroup
> >>>>>
> >>>>>
> >>>>> Processing ReportsController#create to yml (for 127.0.1.1 at 2011-08-09 12:38:39) [POST]
> >>>>> Parameters: {"report"=>"[FILTERED]", "format"=>"yml", "action"=>"create", "controller"=>"reports"}
> >>>>> processing report for ubuntu26.ttinet
> >>>>> Completed in 1847ms (View: 1, DB: 769) | 200 OK [https://ubuntu.ttinet/reports/create?format=yml]
> >>>>> ** has_many_polymorphs: rails environment detected
> >>>>> ** has_many_polymorphs: preloading parent model Usergroup
> >>>>> ** has_many_polymorphs: preloading parent model Usergroup
> >>>>>
> >>>>>
> >>>>> Processing ReportsController#create to yml (for 127.0.1.1 at 2011-08-09 12:38:39) [POST]
> >>>>> Parameters: {"report"=>"[FILTERED]", "format"=>"yml", "action"=>"create", "controller"=>"reports"}
> >>>>> processing report for ubuntu.ttinet
> >>>>> Sent mail to craig.white@ttiltd.com
> >>>>> Completed in 3070ms (View: 2, DB: 1111) | 200 OK [https://ubuntu.ttinet/reports/create?format=yml]
> >>>>
> >>>> it sounds to me like you are not getting to foreman at all… maybe
> >>>> apache ssl is blocking you? (try with curl -v to see whats going on).
> >>> ----
> >>> I think that is sort of what is happening.
> >>>
> >>> I configured
> >>> - /etc/puppet/node.rb (from foreman) - use https instead of http
> >>> - /usr/local/lib/ruby/gems/1.8/gems/puppet-2.6.9//lib/puppet/reports/foreman.rb - use https instead of http
> >>> - /var/www/foreman/config/settings.yaml - uncommented :require_ssl: true
> >>> - /etc/apache2/sites-available/foreman.conf - uncommented out all of the SSL Directives
> >>> - restarted apache2 service
> >>>
> >>> anyway…
> >>>
> >>> curl -k -v https://ubuntu.ttinet:8142/node/ubuntu.ttinet?format=yml
> >>> * About to connect() to ubuntu.ttinet port 8142 (#0)
> >>> * Trying 127.0.1.1… connected
> >>> * Connected to ubuntu.ttinet (127.0.1.1) port 8142 (#0)
> >>> * successfully set certificate verify locations:
> >>> * CAfile: none
> >>> CApath: /etc/ssl/certs
> >>> * SSLv3, TLS handshake, Client hello (1):
> >>> * SSLv3, TLS handshake, Server hello (2):
> >>> * SSLv3, TLS handshake, CERT (11):
> >>> * SSLv3, TLS handshake, Server key exchange (12):
> >>> * SSLv3, TLS handshake, Request CERT (13):
> >>> * SSLv3, TLS handshake, Server finished (14):
> >>> * SSLv3, TLS handshake, CERT (11):
> >>> * SSLv3, TLS handshake, Client key exchange (16):
> >>> * SSLv3, TLS change cipher, Client hello (1):
> >>> * SSLv3, TLS handshake, Finished (20):
> >>> * SSLv3, TLS change cipher, Client hello (1):
> >>> * SSLv3, TLS handshake, Finished (20):
> >>> * SSL connection using DHE-RSA-AES256-SHA
> >>> * Server certificate:
> >>> * subject: CN=ubuntu.ttinet
> >>> * start date: 2011-08-01 18:31:08 GMT
> >>> * expire date: 2021-07-29 18:31:08 GMT
> >>> * subjectAltName: ubuntu.ttinet matched
> >>> * issuer: CN=Puppet CA: ubuntu.ttinet
> >>> * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> >>>> GET /node/ubuntu.ttinet?format=yml HTTP/1.1
> >>>> User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
> >>>> Host: ubuntu.ttinet:8142
> >>>> Accept: /
> >>>>
> >>> < HTTP/1.1 200 OK
> >>> < Date: Wed, 10 Aug 2011 15:52:01 GMT
> >>> < Server: Apache/2.2.14 (Ubuntu)
> >>> < X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.7
> >>> < ETag: "5ea41dae4f5240cf3990b5e50decbd4f"
> >>> < X-Runtime: 20
> >>> < Cache-Control: private, max-age=0, must-revalidate
> >>> < Content-Length: 397
> >>> < Status: 200
> >>> < Vary: Accept-Encoding
> >>> < Content-Type: text/plain; charset=utf-8
> >>> <
> >>> —
> >>> parameters:
> >>> puppetmaster: ubuntu.ttinet
> >>> hostgroup: puppetmaster
> >>> apt: 7F0CEB10
> >>> classes:
> >>> - sudoers::hostgroup
> >>> - subversion
> >>> - postfix
> >>> - ntp
> >>> - git
> >>> - etc
> >>> - apt
> >>> - sudoers
> >>> - ldap::configure
> >>> - ldap::client_install
> >>> - mysql
> >>> - apache::service
> >>> - gems::passenger
> >>> - apache
> >>> - firebird
> >>> - mongodb
> >>> * Connection #0 to host ubuntu.ttinet left intact
> >>> * Closing connection #0
> >>> * SSLv3, TLS alert, Client hello (1):
> >>>
> >>> As I think I said when I started this thread, I haven't had a problem using curl to get the catalog when I use https.
> >>>
> >>> I also don't have a problem accessing the web site using https and reports end up on forman from any of the puppet clients when I use https.
> >>>
> >>> The only thing that seems to not work is that the catalogs don't seem to happen. The error always is…
> >>>
> >>> Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find node 'ubuntu.ttinet'; cannot compile
> >>>
> >>> and yes, I didn't understand why foreman ran as user 'nobody' but I ignorantly fixed the problem when I finally chown puppet:puppet /var/www/foreman -R and now, I know why it runs as user puppet.
> >>>
> >>> Craig
> >>>
> >>> –
> >>> You received this message because you are subscribed to the Google Groups "Foreman users" group.
> >>> To post to this group, send email to foreman-users@googlegroups.com.
> >>> To unsubscribe from this group, send email to foreman-users+unsubscribe@googlegroups.com.
> >>> For more options, visit this group at http://groups.google.com/group/foreman-users?hl=en.
> >>>
> >>>
> >>
> >> Do you get the 400 even with SSL on?
> >>
> >
> > If you are using the External Nodes script that comes with Foreman, try:
> >
> > chown -R puppet:puppet /var/lib/puppet/yaml/foreman/
> >
> > Ohad: there needs to be an exception check in this script.
> >
> > When run from the cmd line, most people will run it as root,
> > and /var/lib/puppet/yaml/foreman/ becomes root owned.
> >
> > But when puppet master runs it, it can't write files in
> > /var/lib/puppet/yaml/foreman/.
> >
> > Therefore, the script always works as root from the cmd line,
> > and gives 400 on the puppet client side.
> ----
> seemed like a good thought - especially because for a while, passenger/rack/rails/foreman was running as user 'nobody' (which I fixed but didn't know exactly how but Ohad clarified).
>
> /var/lib/puppet/yaml directory was permission 0750 but all the files seemed to be owned by puppet:puppet - I changed the directory to 0775 but it made no difference. /var/lib/puppet/yaml/foreman and all the files therein were readable by all.
>
> I also took the big hammer to /var/lib/puppet just in case…
>
> chown puppet:puppet /var/lib/puppet -R
> chmod o+r /var/lib/puppet -R
>
> to no avail
>
> what you really need to do is simple:
> sudo su - puppet -s /bin/bash
> /node_script <fqdn>
>
> I'm guessing you would get your answer this way.
> if that doesn't work, then you can always replace our ENC script with the following
>
> #! /bin/sh
>
> curl -ks https://foreman/node/$1?format=yml
>
> Ohad

>
>> if that doesn't work, then you can always replace our ENC script with the following
>>
>> #! /bin/sh
>>
>> curl -ks https://foreman/node/$1?format=yml
>>
>> Ohad
> ----
> I dont understand exactly what this means…
>
> # su - puppet -s /bin/bash
> Creating directory '/home/puppet'.
> puppet@ubuntu:~$ /etc/puppet/node.rb ubuntu.ttinet
>
> wrong status line: "<!DOCTYPE HTML PUBLIC &quot;-//IETF//DTD HTML 2.0//EN&quot;>"
>
> as for replacing ENC script, I would presume you are speaking about the file that I copied and configured /etc/puppet/node.conf - this works
>
> def enc
> # foreman_url = "#{url}/node/#{certname}?format=yml"
> # uri = URI.parse(foreman_url)
> # req = Net::HTTP::Get.new(foreman_url)
> # res = Net::HTTP.start(uri.host, uri.port) { |http| http.request(req) }
>
> res = system("/usr/bin/curl -k #{url}/node/#{certname}?format=yml")
>
> # raise "Error retrieving node #{certname}: #{res.class}" unless res.code == "200"
> # res.body
> # res
> end

>
>
> >
> >> if that doesn't work, then you can always replace our ENC script with
> the following
> >>
> >> #! /bin/sh
> >>
> >> curl -ks https://foreman/node/$1?format=yml
> >>
> >> Ohad
> > ----
> > I dont understand exactly what this means…
> >
> > # su - puppet -s /bin/bash
> > Creating directory '/home/puppet'.
> > puppet@ubuntu:~$ /etc/puppet/node.rb ubuntu.ttinet
> >
> > wrong status line: "<!DOCTYPE HTML PUBLIC &quot;-//IETF//DTD HTML 2.0//EN&quot;>"
> >
> > as for replacing ENC script, I would presume you are speaking about the
> file that I copied and configured /etc/puppet/node.conf - this works
> >
> > def enc
> > # foreman_url = "#{url}/node/#{certname}?format=yml"
> > # uri = URI.parse(foreman_url)
> > # req = Net::HTTP::Get.new(foreman_url)
> > # res = Net::HTTP.start(uri.host, uri.port) { |http| http.request(req) }
> >
> > res = system("/usr/bin/curl -k #{url}/node/#{certname}?format=yml")
> >
> > # raise "Error retrieving node #{certname}: #{res.class}" unless
> res.code == "200"
> > # res.body
> > # res
> > end
> ----
> I spoke too soon - so near but yet so far.
>
> The above adjustment works for all 'existing' nodes but if I am adding a
> new node, I expect it to get the default node classes but with this setup,
> if fails with a thud (same error). I cant seem to use 'raise "Error…"
> because that seems to relate to the Net::HTTP class which is what I am
> eliminating above.
>

Foreman does not support a concept of default node, if you want one, you can
add it into your puppet manifest.
but, if you use foreman, then the host would show up, and you could assign
the classes / hostgroups to it directly.

>
>
>
> something about how puppetmaster gets the catalog from foreman's ENC -
> works when foreman uses http but fails when foreman uses https
>
that makes very little sense, I suggest you should jump in on irc, could
probably figure it out faster.

Ohad

>
>
>
>
> >
> >> if that doesn't work, then you can always replace our ENC script with the following
> >>
> >> #! /bin/sh
> >>
> >> curl -ks https://foreman/node/$1?format=yml
> >>
> >> Ohad
> > ----
> > I dont understand exactly what this means…
> >
> > # su - puppet -s /bin/bash
> > Creating directory '/home/puppet'.
> > puppet@ubuntu:~$ /etc/puppet/node.rb ubuntu.ttinet
> >
> > wrong status line: "<!DOCTYPE HTML PUBLIC &quot;-//IETF//DTD HTML 2.0//EN&quot;>"
> >
> > as for replacing ENC script, I would presume you are speaking about the file that I copied and configured /etc/puppet/node.conf - this works
> >
> > def enc
> > # foreman_url = "#{url}/node/#{certname}?format=yml"
> > # uri = URI.parse(foreman_url)
> > # req = Net::HTTP::Get.new(foreman_url)
> > # res = Net::HTTP.start(uri.host, uri.port) { |http| http.request(req) }
> >
> > res = system("/usr/bin/curl -k #{url}/node/#{certname}?format=yml")
> >
> > # raise "Error retrieving node #{certname}: #{res.class}" unless res.code == "200"
> > # res.body
> > # res
> > end
> ----
> I spoke too soon - so near but yet so far.
>
> The above adjustment works for all 'existing' nodes but if I am adding a new node, I expect it to get the default node classes but with this setup, if fails with a thud (same error). I cant seem to use 'raise "Error…" because that seems to relate to the Net::HTTP class which is what I am eliminating above.
>
> Foreman does not support a concept of default node, if you want one, you can add it into your puppet manifest.
> but, if you use foreman, then the host would show up, and you could assign the classes / hostgroups to it directly.

>
>
>
>
> >
> >> if that doesn't work, then you can always replace our ENC script with the following
> >>
> >> #! /bin/sh
> >>
> >> curl -ks https://foreman/node/$1?format=yml
> >>
> >> Ohad
> > ----
> > I dont understand exactly what this means…
> >
> > # su - puppet -s /bin/bash
> > Creating directory '/home/puppet'.
> > puppet@ubuntu:~$ /etc/puppet/node.rb ubuntu.ttinet
> >
> > wrong status line: "<!DOCTYPE HTML PUBLIC &quot;-//IETF//DTD HTML 2.0//EN&quot;>"
> >
> > as for replacing ENC script, I would presume you are speaking about the file that I copied and configured /etc/puppet/node.conf - this works
> >
> > def enc
> > # foreman_url = "#{url}/node/#{certname}?format=yml"
> > # uri = URI.parse(foreman_url)
> > # req = Net::HTTP::Get.new(foreman_url)
> > # res = Net::HTTP.start(uri.host, uri.port) { |http| http.request(req) }
> >
> > res = system("/usr/bin/curl -k #{url}/node/#{certname}?format=yml")
> >
> > # raise "Error retrieving node #{certname}: #{res.class}" unless res.code == "200"
> > # res.body
> > # res
> > end
> ----
> I spoke too soon - so near but yet so far.
>
> The above adjustment works for all 'existing' nodes but if I am adding a new node, I expect it to get the default node classes but with this setup, if fails with a thud (same error). I cant seem to use 'raise "Error…" because that seems to relate to the Net::HTTP class which is what I am eliminating above.
>
> Foreman does not support a concept of default node, if you want one, you can add it into your puppet manifest.
> but, if you use foreman, then the host would show up, and you could assign the classes / hostgroups to it directly.