Hi,
I actually tries the foreman_bootdisk plugin<https://github.com/theforeman/foreman_bootdisk>
Testing environment :
Server : Foreman 1.5.0 | Puppet 3.6.1 (RHEL 6.5)
*Templates (*Per-host image) : Kickstart default iPXE<https://github.com/theforeman/community-templates/blob/master/kickstart/iPXE.erb>/ Kickstart
RHEL default<https://github.com/theforeman/community-templates/blob/master/kickstart/provision_rhel.erb>(provision) / Kickstart
default P<https://github.com/theforeman/community-templates/blob/master/kickstart/provision_rhel.erb>
XE<https://github.com/theforeman/community-templates/blob/master/kickstart/PXELinux.erb>
Host (to build) : RHEL 6.5 X86_64 (VM Ware)
This host was built and removed a dozen times without problems All was good
except the installation of the puppet agent which didn't work at that time.
I tried again (with modifications into the provision template) and the
following error appeared when it tries to retrieve the Kickstart provision
template :
production.log
Started GET
"/unattended/provision?token=ee2baa47-a390-47d9-8ad0-685fbaaa2ff0&static=yes"
for "client IP" at 2014-05-23 18:19:04 +0200
Processing by UnattendedController#provision as /
Parameters: {"token"=>"ee2baa47-a390-47d9-8ad0-685fbaaa2ff0",
"static"=>"yes"}
Found "client.fqdn"
Remove puppet certificate for "client.fqdn"
Adding autosign entry for "client.fqdn"
Rendered inline template (18.1ms)
Rendered text template (0.0ms)
Completed 500 Internal Server Error in 1564ms (Views: 0.6ms | ActiveRecord:
0.0ms)
proxy.log
D, [2014-05-23T18:19:04.586483 #1876] DEBUG – : Found puppetca at
/usr/bin/puppet
D, [2014-05-23T18:19:04.586731 #1876] DEBUG – : Found sudo at
/usr/bin/sudo
D, [2014-05-23T18:19:04.586853 #1876] DEBUG – : Executing /usr/bin/sudo -S
/usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --clean "client.fqdn"
I, [2014-05-23T18:19:05.935719 #1876] INFO – : Attempt to remove
nonexistant client certificate for "client.fqdn"
E, [2014-05-23T18:19:05.936343 #1876] ERROR – : Attempt to remove
nonexistant client certificate for "client.fqdn"
I, [2014-05-23T18:19:06.042209 #1876] INFO – : Added "client.fqdn" to
autosign
autosign.conf
"client.fqdn"
I tried to :
- cancel the built process and retry
- to remove the host and submit it
Regards
Benjamin
The issue might be that you don't have the proper sudo command for
foreman-proxy. It will fail and then rollback.
Check your /var/log/foreman-proxy/proxy.log for something like this:
Executing /usr/bin/sudo -S /usr/bin/puppet cert --ssldir
/var/lib/puppet/ssl --clean
Check the foreman-proxy sudoers. You should have something like the
following:
cat /etc/sudoers.d/foreman-proxy
Defaults:foreman-proxy !requiretty
foreman-proxy ALL = NOPASSWD: /usr/bin/mco puppet runonce * ,
/usr/bin/puppet cert *
···
On Friday, May 23, 2014 3:47:27 PM UTC-4, Benjamin72 wrote:
>
> Hi,
>
> I actually tries the foreman_bootdisk plugin
>
> *Testing environment* :
>
> *Server :* Foreman 1.5.0 | Puppet 3.6.1 (RHEL 6.5)
> *Templates (**Per-host image) :* Kickstart default iPXE/ Kickstart
> RHEL default(provision) / Kickstart
> default P
> XE
>
> *Host (to build) :* RHEL 6.5 X86_64 (VM Ware)
>
>
>
> This host was built and removed a dozen times without problems All was
> good except the installation of the puppet agent which didn't work at that
> time.
> I tried again (with modifications into the provision template) and the
> following error appeared when it tries to retrieve the Kickstart
> provision template :
>
> *production.log*
>
> Started GET
> "/unattended/provision?token=ee2baa47-a390-47d9-8ad0-685fbaaa2ff0&static=yes"
> for "client IP" at 2014-05-23 18:19:04 +0200
> Processing by UnattendedController#provision as */*
> Parameters: {"token"=>"ee2baa47-a390-47d9-8ad0-685fbaaa2ff0",
> "static"=>"yes"}
> Found "client.fqdn"
> Remove puppet certificate for "client.fqdn"
> Adding autosign entry for "client.fqdn"
> Rendered inline template (18.1ms)
> Rendered text template (0.0ms)
> Completed 500 Internal Server Error in 1564ms (Views: 0.6ms |
> ActiveRecord: 0.0ms)
>
>
> *proxy.log*
>
> D, [2014-05-23T18:19:04.586483 #1876] DEBUG -- : Found puppetca at
> /usr/bin/puppet
> D, [2014-05-23T18:19:04.586731 #1876] DEBUG -- : Found sudo at
> /usr/bin/sudo
> D, [2014-05-23T18:19:04.586853 #1876] DEBUG -- : Executing /usr/bin/sudo
> -S /usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --clean "client.fqdn"
> I, [2014-05-23T18:19:05.935719 #1876] INFO -- : Attempt to remove
> nonexistant client certificate for "client.fqdn"
> E, [2014-05-23T18:19:05.936343 #1876] ERROR -- : Attempt to remove
> nonexistant client certificate for "client.fqdn"
> I, [2014-05-23T18:19:06.042209 #1876] INFO -- : Added "client.fqdn" to
> autosign
>
>
> *autosign.conf*
>
> "client.fqdn"
>
>
> I tried to :
> - cancel the built process and retry
> - to remove the host and submit it
>
> Regards
>
> Benjamin
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
Restart foreman-proxy after this also although I am not sure that is
needed.
···
On Saturday, May 24, 2014 4:56:34 PM UTC-4, OmarAThg5 wrote:
>
> The issue might be that you don't have the proper sudo command for
> foreman-proxy. It will fail and then rollback.
>
> Check your /var/log/foreman-proxy/proxy.log for something like this:
>
> Executing /usr/bin/sudo -S /usr/bin/puppet cert --ssldir
> /var/lib/puppet/ssl --clean
>
> Check the foreman-proxy sudoers. You should have something like the
> following:
>
> cat /etc/sudoers.d/foreman-proxy
> Defaults:foreman-proxy !requiretty
> foreman-proxy ALL = NOPASSWD: /usr/bin/mco puppet runonce * ,
> /usr/bin/puppet cert *
>
>
>
> On Friday, May 23, 2014 3:47:27 PM UTC-4, Benjamin72 wrote:
>>
>> Hi,
>>
>> I actually tries the foreman_bootdisk plugin
>>
>> *Testing environment* :
>>
>> *Server :* Foreman 1.5.0 | Puppet 3.6.1 (RHEL 6.5)
>> *Templates (**Per-host image) :* Kickstart default iPXE/ Kickstart
>> RHEL default(provision) / Kickstart
>> default P
>> XE
>>
>> *Host (to build) :* RHEL 6.5 X86_64 (VM Ware)
>>
>>
>>
>> This host was built and removed a dozen times without problems All was
>> good except the installation of the puppet agent which didn't work at that
>> time.
>> I tried again (with modifications into the provision template) and the
>> following error appeared when it tries to retrieve the Kickstart
>> provision template :
>>
>> *production.log*
>>
>> Started GET
>> "/unattended/provision?token=ee2baa47-a390-47d9-8ad0-685fbaaa2ff0&static=yes"
>> for "client IP" at 2014-05-23 18:19:04 +0200
>> Processing by UnattendedController#provision as */*
>> Parameters: {"token"=>"ee2baa47-a390-47d9-8ad0-685fbaaa2ff0",
>> "static"=>"yes"}
>> Found "client.fqdn"
>> Remove puppet certificate for "client.fqdn"
>> Adding autosign entry for "client.fqdn"
>> Rendered inline template (18.1ms)
>> Rendered text template (0.0ms)
>> Completed 500 Internal Server Error in 1564ms (Views: 0.6ms |
>> ActiveRecord: 0.0ms)
>>
>>
>> *proxy.log*
>>
>> D, [2014-05-23T18:19:04.586483 #1876] DEBUG -- : Found puppetca at
>> /usr/bin/puppet
>> D, [2014-05-23T18:19:04.586731 #1876] DEBUG -- : Found sudo at
>> /usr/bin/sudo
>> D, [2014-05-23T18:19:04.586853 #1876] DEBUG -- : Executing /usr/bin/sudo
>> -S /usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --clean "client.fqdn"
>> I, [2014-05-23T18:19:05.935719 #1876] INFO -- : Attempt to remove
>> nonexistant client certificate for "client.fqdn"
>> E, [2014-05-23T18:19:05.936343 #1876] ERROR -- : Attempt to remove
>> nonexistant client certificate for "client.fqdn"
>> I, [2014-05-23T18:19:06.042209 #1876] INFO -- : Added "client.fqdn" to
>> autosign
>>
>>
>> *autosign.conf*
>>
>> "client.fqdn"
>>
>>
>> I tried to :
>> - cancel the built process and retry
>> - to remove the host and submit it
>>
>> Regards
>>
>> Benjamin
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
Hi Omar,
Thank you
I retried today,
Sudo configuration already contains the following lines :
Allow foreman-proxy to execute puppetrun
Defaults:foreman-proxy !requiretty
foreman-proxy ALL = NOPASSWD: /usr/bin/puppet kick *
Allow foreman-proxy to execute "puppet cert" commands
foreman-proxy ALL = NOPASSWD: /usr/bin/puppet cert *
Defaults:foreman-proxy !requiretty
foreman-tail :
Started GET
"/unattended/provision?token=da2690b3-bd72-4491-8220-6067ebb74db4&static=yes"
for "client.ip" at 2014-05-25 18:51:30 +0200
Processing by UnattendedController#provision as /
Parameters: {"token"=>"da2690b3-bd72-4491-8220-6067ebb74db4",
"static"=>"yes"}
Found "client.fqdn"
Remove puppet certificate for "client.fqdn"
==> /var/log/foreman-proxy/proxy.log <==
D, [2014-05-25T18:51:30.120275 #4474] DEBUG – : Found puppetca at
/usr/bin/puppet
D, [2014-05-25T18:51:30.120532 #4474] DEBUG – : Found sudo at
/usr/bin/sudo
D, [2014-05-25T18:51:30.120642 #4474] DEBUG – : Executing /usr/bin/sudo -S
/usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --clean "client.fqdn"
I, [2014-05-25T18:51:31.450556 #4474] INFO – : Attempt to remove
nonexistant client certificate for "client.fqdn"
E, [2014-05-25T18:51:31.451002 #4474] ERROR – : Attempt to remove
nonexistant client certificate for "client.fqdn"
==> /var/log/foreman/production.log <==
Adding autosign entry for "client.fqdn"
==> /var/log/foreman-proxy/proxy.log <==
I, [2014-05-25T18:51:31.557757 #4474] INFO – : Added "client.fqdn" to
autosign
==> /var/log/foreman/production.log <==
Rendered inline template (20.0ms)
Rendered text template (0.0ms)
Completed 500 Internal Server Error in 1547ms (Views: 0.8ms | ActiveRecord:
0.0ms)
I also searched for "client.fqdn" on the server … no result.
···
Le samedi 24 mai 2014 23:09:14 UTC+2, OmarATh5g a écrit :
>
> Restart foreman-proxy after this also although I am not sure that is
> needed.
>
> On Saturday, May 24, 2014 4:56:34 PM UTC-4, OmarAThg5 wrote:
>>
>> The issue might be that you don't have the proper sudo command for
>> foreman-proxy. It will fail and then rollback.
>>
>> Check your /var/log/foreman-proxy/proxy.log for something like this:
>>
>> Executing /usr/bin/sudo -S /usr/bin/puppet cert --ssldir
>> /var/lib/puppet/ssl --clean
>>
>> Check the foreman-proxy sudoers. You should have something like the
>> following:
>>
>> cat /etc/sudoers.d/foreman-proxy
>> Defaults:foreman-proxy !requiretty
>> foreman-proxy ALL = NOPASSWD: /usr/bin/mco puppet runonce * ,
>> /usr/bin/puppet cert *
>>
>>
>>
>> On Friday, May 23, 2014 3:47:27 PM UTC-4, Benjamin72 wrote:
>>>
>>> Hi,
>>>
>>> I actually tries the foreman_bootdisk plugin
>>>
>>> *Testing environment* :
>>>
>>> *Server :* Foreman 1.5.0 | Puppet 3.6.1 (RHEL 6.5)
>>> *Templates (**Per-host image) :* Kickstart default iPXE/ Kickstart
>>> RHEL default(provision) / Kickstart
>>> default P
>>> XE
>>>
>>> *Host (to build) :* RHEL 6.5 X86_64 (VM Ware)
>>>
>>>
>>>
>>> This host was built and removed a dozen times without problems All was
>>> good except the installation of the puppet agent which didn't work at that
>>> time.
>>> I tried again (with modifications into the provision template) and the
>>> following error appeared when it tries to retrieve the Kickstart
>>> provision template :
>>>
>>> *production.log*
>>>
>>> Started GET
>>> "/unattended/provision?token=ee2baa47-a390-47d9-8ad0-685fbaaa2ff0&static=yes"
>>> for "client IP" at 2014-05-23 18:19:04 +0200
>>> Processing by UnattendedController#provision as */*
>>> Parameters: {"token"=>"ee2baa47-a390-47d9-8ad0-685fbaaa2ff0",
>>> "static"=>"yes"}
>>> Found "client.fqdn"
>>> Remove puppet certificate for "client.fqdn"
>>> Adding autosign entry for "client.fqdn"
>>> Rendered inline template (18.1ms)
>>> Rendered text template (0.0ms)
>>> Completed 500 Internal Server Error in 1564ms (Views: 0.6ms |
>>> ActiveRecord: 0.0ms)
>>>
>>>
>>> *proxy.log*
>>>
>>> D, [2014-05-23T18:19:04.586483 #1876] DEBUG -- : Found puppetca at
>>> /usr/bin/puppet
>>> D, [2014-05-23T18:19:04.586731 #1876] DEBUG -- : Found sudo at
>>> /usr/bin/sudo
>>> D, [2014-05-23T18:19:04.586853 #1876] DEBUG -- : Executing /usr/bin/sudo
>>> -S /usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --clean "client.fqdn"
>>> I, [2014-05-23T18:19:05.935719 #1876] INFO -- : Attempt to remove
>>> nonexistant client certificate for "client.fqdn"
>>> E, [2014-05-23T18:19:05.936343 #1876] ERROR -- : Attempt to remove
>>> nonexistant client certificate for "client.fqdn"
>>> I, [2014-05-23T18:19:06.042209 #1876] INFO -- : Added "client.fqdn" to
>>> autosign
>>>
>>>
>>> *autosign.conf*
>>>
>>> "client.fqdn"
>>>
>>>
>>> I tried to :
>>> - cancel the built process and retry
>>> - to remove the host and submit it
>>>
>>> Regards
>>>
>>> Benjamin
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
Problem resolved today …
I had an error in my kickstart provision template.
Now it works 
···
Le dimanche 25 mai 2014 19:12:39 UTC+2, Benjamin72 a écrit :
>
> Hi Omar,
>
> Thank you
>
> I retried today,
>
> Sudo configuration already contains the following lines :
>
> ## Allow foreman-proxy to execute puppetrun
> Defaults:foreman-proxy !requiretty
> foreman-proxy ALL = NOPASSWD: /usr/bin/puppet kick *
>
> ## Allow foreman-proxy to execute "puppet cert" commands
> foreman-proxy ALL = NOPASSWD: /usr/bin/puppet cert *
> Defaults:foreman-proxy !requiretty
>
>
> *foreman-tail :*
>
> Started GET
> "/unattended/provision?token=da2690b3-bd72-4491-8220-6067ebb74db4&static=yes"
> for "client.ip" at 2014-05-25 18:51:30 +0200
> Processing by UnattendedController#provision as */*
> Parameters: {"token"=>"da2690b3-bd72-4491-8220-6067ebb74db4",
> "static"=>"yes"}
> Found "client.fqdn"
> Remove puppet certificate for "client.fqdn"
>
> ==> /var/log/foreman-proxy/proxy.log <==
> D, [2014-05-25T18:51:30.120275 #4474] DEBUG -- : Found puppetca at
> /usr/bin/puppet
> D, [2014-05-25T18:51:30.120532 #4474] DEBUG -- : Found sudo at
> /usr/bin/sudo
> D, [2014-05-25T18:51:30.120642 #4474] DEBUG -- : Executing /usr/bin/sudo
> -S /usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --clean "client.fqdn"
> I, [2014-05-25T18:51:31.450556 #4474] INFO -- : Attempt to remove
> nonexistant client certificate for "client.fqdn"
> E, [2014-05-25T18:51:31.451002 #4474] ERROR -- : Attempt to remove
> nonexistant client certificate for "client.fqdn"
>
> ==> /var/log/foreman/production.log <==
> Adding autosign entry for "client.fqdn"
>
> ==> /var/log/foreman-proxy/proxy.log <==
> I, [2014-05-25T18:51:31.557757 #4474] INFO -- : Added "client.fqdn" to
> autosign
>
> ==> /var/log/foreman/production.log <==
> Rendered inline template (20.0ms)
> Rendered text template (0.0ms)
> Completed 500 Internal Server Error in 1547ms (Views: 0.8ms |
> ActiveRecord: 0.0ms)
>
>
> I also searched for "client.fqdn" on the server ... no result.
>
>
> Le samedi 24 mai 2014 23:09:14 UTC+2, OmarATh5g a écrit :
>>
>> Restart foreman-proxy after this also although I am not sure that is
>> needed.
>>
>> On Saturday, May 24, 2014 4:56:34 PM UTC-4, OmarAThg5 wrote:
>>>
>>> The issue might be that you don't have the proper sudo command for
>>> foreman-proxy. It will fail and then rollback.
>>>
>>> Check your /var/log/foreman-proxy/proxy.log for something like this:
>>>
>>> Executing /usr/bin/sudo -S /usr/bin/puppet cert --ssldir
>>> /var/lib/puppet/ssl --clean
>>>
>>> Check the foreman-proxy sudoers. You should have something like the
>>> following:
>>>
>>> cat /etc/sudoers.d/foreman-proxy
>>> Defaults:foreman-proxy !requiretty
>>> foreman-proxy ALL = NOPASSWD: /usr/bin/mco puppet runonce * ,
>>> /usr/bin/puppet cert *
>>>
>>>
>>>
>>> On Friday, May 23, 2014 3:47:27 PM UTC-4, Benjamin72 wrote:
>>>>
>>>> Hi,
>>>>
>>>> I actually tries the foreman_bootdisk plugin
>>>>
>>>> *Testing environment* :
>>>>
>>>> *Server :* Foreman 1.5.0 | Puppet 3.6.1 (RHEL 6.5)
>>>> *Templates (**Per-host image) :* Kickstart default iPXE/ Kickstart
>>>> RHEL default(provision) / Kickstart
>>>> default P
>>>> XE
>>>>
>>>> *Host (to build) :* RHEL 6.5 X86_64 (VM Ware)
>>>>
>>>>
>>>>
>>>> This host was built and removed a dozen times without problems All was
>>>> good except the installation of the puppet agent which didn't work at that
>>>> time.
>>>> I tried again (with modifications into the provision template) and the
>>>> following error appeared when it tries to retrieve the Kickstart
>>>> provision template :
>>>>
>>>> *production.log*
>>>>
>>>> Started GET
>>>> "/unattended/provision?token=ee2baa47-a390-47d9-8ad0-685fbaaa2ff0&static=yes"
>>>> for "client IP" at 2014-05-23 18:19:04 +0200
>>>> Processing by UnattendedController#provision as */*
>>>> Parameters: {"token"=>"ee2baa47-a390-47d9-8ad0-685fbaaa2ff0",
>>>> "static"=>"yes"}
>>>> Found "client.fqdn"
>>>> Remove puppet certificate for "client.fqdn"
>>>> Adding autosign entry for "client.fqdn"
>>>> Rendered inline template (18.1ms)
>>>> Rendered text template (0.0ms)
>>>> Completed 500 Internal Server Error in 1564ms (Views: 0.6ms |
>>>> ActiveRecord: 0.0ms)
>>>>
>>>>
>>>> *proxy.log*
>>>>
>>>> D, [2014-05-23T18:19:04.586483 #1876] DEBUG -- : Found puppetca at
>>>> /usr/bin/puppet
>>>> D, [2014-05-23T18:19:04.586731 #1876] DEBUG -- : Found sudo at
>>>> /usr/bin/sudo
>>>> D, [2014-05-23T18:19:04.586853 #1876] DEBUG -- : Executing
>>>> /usr/bin/sudo -S /usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --clean
>>>> "client.fqdn"
>>>> I, [2014-05-23T18:19:05.935719 #1876] INFO -- : Attempt to remove
>>>> nonexistant client certificate for "client.fqdn"
>>>> E, [2014-05-23T18:19:05.936343 #1876] ERROR -- : Attempt to remove
>>>> nonexistant client certificate for "client.fqdn"
>>>> I, [2014-05-23T18:19:06.042209 #1876] INFO -- : Added "client.fqdn"to autosign
>>>>
>>>>
>>>> *autosign.conf*
>>>>
>>>> "client.fqdn"
>>>>
>>>>
>>>> I tried to :
>>>> - cancel the built process and retry
>>>> - to remove the host and submit it
>>>>
>>>> Regards
>>>>
>>>> Benjamin
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
