Deleting a host fails

Geoff_Johnson · July 25, 2014, 11:27pm

Any time that I've tried to delete a host I get the error:

Delete PuppetCA certificates for test.domain.net task failed with the
following error: ERF12-7740 [ProxyAPI::ProxyException]: Unable to delete
PuppetCA certificate for test.domain.net ([RestClient::NotAcceptable]: 406
Not Acceptable) for proxy https://foreman.domain.net:8443/puppet…

Is there anywhere that I can find information on why this happens and how
to fix this? I'd like to be able to undo my mistakes when I make them.

Thanks,
Geoff

Luke_Kearney · July 25, 2014, 11:37pm

This can happen for a number of reasons, things/places to look include /etc/foreman-proxy/settings.yaml the other thing worth checking is have you enabled sudo for foreman-proxy user to be able to manipulate the puppet ca db ? Finally when all things go south, go to the foreman-proxy settings file and crank up the logging to debug and watch what happens when you try to make that call.

HTH

···

On Jul 26, 2014, at 8:27 AM, Geoff Johnson wrote:

Any time that I’ve tried to delete a host I get the error:

Delete PuppetCA certificates for test.domain.net task failed with the following error: ERF12-7740 [ProxyAPI::ProxyException]: Unable to delete PuppetCA certificate for test.domain.net ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy https://foreman.domain.net:8443/puppet…

Geoff_Johnson · July 26, 2014, 12:01am

Thanks for the suggestions. It appears to be a sudo issue, the logs show:

D, [2014-07-25T16:28:37.119344 #10614] DEBUG – : TFTP: entry for
00:11:22:33:44:55 removed successfully
D, [2014-07-25T16:28:37.220535 #10614] DEBUG – : Found puppetca at
/usr/bin/puppet
D, [2014-07-25T16:28:37.221105 #10614] DEBUG – : Found sudo at
/usr/bin/sudo
D, [2014-07-25T16:28:37.221463 #10614] DEBUG – : Executing /usr/bin/sudo
-S /usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --clean test.domain.net
W, [2014-07-25T16:28:37.236054 #10614] WARN – : Failed to run puppetca:
sudo: sorry, you must have a tty to run sudo
E, [2014-07-25T16:28:37.236777 #10614] ERROR – : Failed to remove
certificate(s) for test.domain.net: Execution of puppetca failed, check log
files
I, [2014-07-25T16:28:37.467386 #10614] INFO – : TFTP: entry
for 00:11:22:33:44:55 created successfully

The one that stands out is the "Failed to run puppetca: sudo: sorry, you
must have a tty to run sudo". If the command is failing here I imagine it's
not even being given a chance for the foreman-proxy user to make a change
to the database.

···

On Friday, 25 July 2014 16:37:02 UTC-7, lu...@kearney.jp wrote: > > > On Jul 26, 2014, at 8:27 AM, Geoff Johnson > wrote: > > Any time that I've tried to delete a host I get the error: > > Delete PuppetCA certificates for test.domain.net task failed with the > following error: ERF12-7740 [ProxyAPI::ProxyException]: Unable to delete > PuppetCA certificate for test.domain.net ([RestClient::NotAcceptable]: > 406 Not Acceptable) for proxy https://foreman.domain.net:8443/puppet... > > > This can happen for a number of reasons, things/places to look include > /etc/foreman-proxy/settings.yaml the other thing worth checking is have you > enabled sudo for foreman-proxy user to be able to manipulate the puppet ca > db ? Finally when all things go south, go to the foreman-proxy settings > file and crank up the logging to debug and watch what happens when you try > to make that call. > > HTH >

Luke_Kearney · July 26, 2014, 12:05am

take a good look at Foreman :: Manual

cheers

···

On Jul 26, 2014, at 9:01 AM, Geoff Johnson wrote:

Thanks for the suggestions. It appears to be a sudo issue, the logs show:

D, [2014-07-25T16:28:37.119344 #10614] DEBUG – : TFTP: entry for 00:11:22:33:44:55 removed successfully
D, [2014-07-25T16:28:37.220535 #10614] DEBUG – : Found puppetca at /usr/bin/puppet
D, [2014-07-25T16:28:37.221105 #10614] DEBUG – : Found sudo at /usr/bin/sudo
D, [2014-07-25T16:28:37.221463 #10614] DEBUG – : Executing /usr/bin/sudo -S /usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --clean test.domain.net
W, [2014-07-25T16:28:37.236054 #10614] WARN – : Failed to run puppetca: sudo: sorry, you must have a tty to run sudo
E, [2014-07-25T16:28:37.236777 #10614] ERROR – : Failed to remove certificate(s) for test.domain.net: Execution of puppetca failed, check log files
I, [2014-07-25T16:28:37.467386 #10614] INFO – : TFTP: entry for 00:11:22:33:44:55 created successfully

The one that stands out is the “Failed to run puppetca: sudo: sorry, you must have a tty to run sudo”. If the command is failing here I imagine it’s not even being given a chance for the foreman-proxy user to make a change to the database.

On Friday, 25 July 2014 16:37:02 UTC-7, lu...@kearney.jp wrote:

On Jul 26, 2014, at 8:27 AM, Geoff Johnson geoff....@coanda.ca wrote:

Any time that I’ve tried to delete a host I get the error:

Delete PuppetCA certificates for test.domain.net task failed with the following error: ERF12-7740 [ProxyAPI::ProxyException]: Unable to delete PuppetCA certificate for test.domain.net ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy https://foreman.domain.net:8443/puppet…

This can happen for a number of reasons, things/places to look include /etc/foreman-proxy/settings.yaml the other thing worth checking is have you enabled sudo for foreman-proxy user to be able to manipulate the puppet ca db ? Finally when all things go south, go to the foreman-proxy settings file and crank up the logging to debug and watch what happens when you try to make that call.

HTH

Geoff_Johnson · July 28, 2014, 5:00am

Thanks, I read through that and ended up having to do what was in the
section on ENC as well and now it works correctly. Seems odd that the quick
start guide doesn't even mention this though as continued reading, it seems
to be a pretty important step to perform for the system to be functional.

···

On Friday, 25 July 2014 17:05:03 UTC-7, lu...@kearney.jp wrote: > > > On Jul 26, 2014, at 9:01 AM, Geoff Johnson > wrote: > > Thanks for the suggestions. It appears to be a sudo issue, the logs show: > > D, [2014-07-25T16:28:37.119344 #10614] DEBUG -- : TFTP: entry for > 00:11:22:33:44:55 removed successfully > D, [2014-07-25T16:28:37.220535 #10614] DEBUG -- : Found puppetca at > /usr/bin/puppet > D, [2014-07-25T16:28:37.221105 #10614] DEBUG -- : Found sudo at > /usr/bin/sudo > D, [2014-07-25T16:28:37.221463 #10614] DEBUG -- : Executing /usr/bin/sudo > -S /usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --clean > test.domain.net > W, [2014-07-25T16:28:37.236054 #10614] WARN -- : Failed to run puppetca: > sudo: sorry, you must have a tty to run sudo > E, [2014-07-25T16:28:37.236777 #10614] ERROR -- : Failed to remove > certificate(s) for test.domain.net: Execution of puppetca failed, check > log files > I, [2014-07-25T16:28:37.467386 #10614] INFO -- : TFTP: entry > for 00:11:22:33:44:55 created successfully > > The one that stands out is the "Failed to run puppetca: sudo: sorry, you > must have a tty to run sudo". If the command is failing here I imagine it's > not even being given a chance for the foreman-proxy user to make a change > to the database. > > On Friday, 25 July 2014 16:37:02 UTC-7, lu...@kearney.jp wrote: >> >> >> On Jul 26, 2014, at 8:27 AM, Geoff Johnson wrote: >> >> Any time that I've tried to delete a host I get the error: >> >> Delete PuppetCA certificates for test.domain.net task failed with the >> following error: ERF12-7740 [ProxyAPI::ProxyException]: Unable to delete >> PuppetCA certificate for test.domain.net ([RestClient::NotAcceptable]: >> 406 Not Acceptable) for proxy https://foreman.domain.net:8443/puppet... >> >> >> This can happen for a number of reasons, things/places to look include >> /etc/foreman-proxy/settings.yaml the other thing worth checking is have you >> enabled sudo for foreman-proxy user to be able to manipulate the puppet ca >> db ? Finally when all things go south, go to the foreman-proxy settings >> file and crank up the logging to debug and watch what happens when you try >> to make that call. >> >> HTH >> > > take a good look at > http://theforeman.org/manuals/1.5/index.html#4.3SmartProxies > > cheers >

Gwmngilfen · July 28, 2014, 9:07am

The installer (which the quckstart recommends using) should set up
sudo correctly automatically - if it hasn't, and it's repeatable,
please raise a bug with the details.

Greg

···

On 28 July 2014 06:00, Geoff Johnson wrote: > Thanks, I read through that and ended up having to do what was in the > section on ENC as well and now it works correctly. Seems odd that the quick > start guide doesn't even mention this though as continued reading, it seems > to be a pretty important step to perform for the system to be functional.