I am getting this error with my updated Foreman 1.14.3 system
*Error: *ERF12-4115 [ProxyAPI::ProxyException]: Unable to get classes from
Puppet for production ([RestClient::NotAcceptable]: 406 Not Acceptable) for
proxy https://foreman.t2.ucsd.edu:8443/puppet
I look in the log and I see
I, [2017-04-04T15:47:00.954764 ] INFO – : XXX- - [04/Apr/2017:15:47:00
-0700] "GET /puppet/environments HTTP/1.1" 200 37 0.0856
W, [2017-04-04T15:47:01.176493 ] WARN – : Puppet server classes cache is
disabled, classes retrieval can be slow.
E, [2017-04-04T15:47:01.357118 ] ERROR – : Error while retrieving puppet
classes for 'production' environment
E, [2017-04-04T15:47:01.357542 ] ERROR – : Failed to show puppet classes:
403 Forbidden request: /puppet/v3/environment_classes (method :get). Please
see the server logs for details.
I, [2017-04-04T15:47:01.357849 ] INFO – : XXX- - [04/Apr/2017:15:47:01
-0700] "GET /puppet/environments/production/classes HTTP/1.1" 406 139 0.1822
I have
Puppet v4.9.4
To be honest I have not run an import for a bit so this may have started
when I upgraded to 1.14.2, but I upgraded again just in case.
Presumably this is an issue with v3 vs v4 puppet but I am not sure how best
to proceed to address the issue?
Thanks,
Terrence
Just to add to this, I see this error.
2017-04-04 16:08:47,803 ERROR [qtp686247539-492] [p.t.a.rules] Forbidden
request: foreman.t2.ucsd.edu(169.228.130.124) access to
/puppet/v3/environment_classes (method :get) (authenticated: true) denied
by rule 'puppetlabs deny all'.
2017-04-04 16:08:47,814 ERROR [qtp686247539-424] [p.t.a.rules] Forbidden
request: foreman.t2.ucsd.edu(169.228.130.124) access to
/puppet/v3/environment_classes (method :get) (authenticated: true) denied
by rule 'puppetlabs deny all'.
2017-04-04 16:08:47,871 ERROR [qtp686247539-424] [p.t.a.rules] Forbidden
request: foreman.t2.ucsd.edu(169.228.130.124) access to
/puppet/v3/environment_classes (method :get) (authenticated: true) denied
by rule 'puppetlabs deny all'.
···
On Tuesday, April 4, 2017 at 3:54:27 PM UTC-7, Terrence Martin wrote:
>
> I am getting this error with my updated Foreman 1.14.3 system
>
> *Error: *ERF12-4115 [ProxyAPI::ProxyException]: Unable to get classes
> from Puppet for production ([RestClient::NotAcceptable]: 406 Not
> Acceptable) for proxy https://foreman.t2.ucsd.edu:8443/puppet
>
>
> I look in the log and I see
>
>
> I, [2017-04-04T15:47:00.954764 ] INFO -- : XXX- - [04/Apr/2017:15:47:00
> -0700] "GET /puppet/environments HTTP/1.1" 200 37 0.0856
>
> W, [2017-04-04T15:47:01.176493 ] WARN -- : Puppet server classes cache is
> disabled, classes retrieval can be slow.
> E, [2017-04-04T15:47:01.357118 ] ERROR -- : Error while retrieving puppet
> classes for 'production' environment
> E, [2017-04-04T15:47:01.357542 ] ERROR -- : Failed to show puppet classes:
> 403 Forbidden request: /puppet/v3/environment_classes (method :get). Please
> see the server logs for details.
> I, [2017-04-04T15:47:01.357849 ] INFO -- : XXX- - [04/Apr/2017:15:47:01
> -0700] "GET /puppet/environments/production/classes HTTP/1.1" 406 139 0.1822
>
>
> I have
> Puppet v4.9.4
>
> To be honest I have not run an import for a bit so this may have started
> when I upgraded to 1.14.2, but I upgraded again just in case.
>
> Presumably this is an issue with v3 vs v4 puppet but I am not sure how
> best to proceed to address the issue?
>
> Thanks,
>
> Terrence
>
>
>
>
>
>
I got it sorted
Added this to
/etc/puppetlabs/puppet/auth.conf
path /puppet/v3/environment_classes
method find
allow *
and this to
/etc/puppetlabs/puppetserver/conf.d/auth.conf
{
match-request: {
path: "/puppet/v3/environment_classes"
type: path
method: get
}
allow: "*"
sort-order: 500
name: "puppetlabs environment classes"
},
Is this needed?
In your OP you said you were on puppet 4.9.4 but these errors are referencing puppet v3 paths?
Unless I'm mistaking the v3 meaning in the errors and logs posted, which is possible.
I'd be interested in what is in your puppet.yml and your foreman_proxy_puppet_legacy.yml (or whatever that one is called if it exists - I'm mobile right now and can't check the exact name - sorry)
···
-------- Original Message --------
From: foreman-users@googlegroups.com on behalf of Terrence Martin
Date: Tue, April 04, 2017 8:03 PM -0400
To: Foreman users
Subject: [foreman-users] Re: Error: ERF12-4115 [ProxyAPI::ProxyException]: Unable to get classes from Puppet for production
I got it sorted
Added this to
/etc/puppetlabs/puppet/auth.conf
path /puppet/v3/environment_classes
method find
allow *
and this to
/etc/puppetlabs/puppetserver/conf.d/auth.conf
{
match-request: {
path: "/puppet/v3/environment_classes"
type: path
method: get
}
allow: "*"
sort-order: 500
name: “puppetlabs environment classes”
},
–
You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.commailto:foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.commailto:foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
The information contained in this message may be privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify your representative immediately and delete this message from your computer. Thank you.
It apparently is needed and I am not at all sure why. I do know looking in
the section under here
https://theforeman.org/manuals/1.14/index.html#4.3.6Puppet
All of the changes are under the Puppet v4 section. It made little sense to
me, but adding those lines in "fixed" the issue and I can now see my
classes and import them.
Terrence
···
On Tue, Apr 4, 2017 at 5:12 PM, 'Lang, Jason' via Foreman users < foreman-users@googlegroups.com> wrote:
Is this needed?
In your OP you said you were on puppet 4.9.4 but these errors are
referencing puppet v3 paths?
Unless I’m mistaking the v3 meaning in the errors and logs posted, which
is possible.
I’d be interested in what is in your puppet.yml and your
foreman_proxy_puppet_legacy.yml (or whatever that one is called if it
exists - I’m mobile right now and can’t check the exact name - sorry)
-------- Original Message --------
From: foreman-users@googlegroups.com on behalf of Terrence Martin <
twm139@gmail.com>
Date: Tue, April 04, 2017 8:03 PM -0400
To: Foreman users foreman-users@googlegroups.com
Subject: [foreman-users] Re: Error: ERF12-4115 [ProxyAPI::ProxyException]:
Unable to get classes from Puppet for production
I got it sorted
Added this to
/etc/puppetlabs/puppet/auth.conf
path /puppet/v3/environment_classes
method find
allow *
and this to
/etc/puppetlabs/puppetserver/conf.d/auth.conf
{
match-request: {
path: "/puppet/v3/environment_classes"
type: path
method: get
}
allow: "*"
sort-order: 500
name: “puppetlabs environment classes”
},
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
The information contained in this message may be privileged, confidential
and protected from disclosure. If the reader of this message is not the
intended recipient, or an employee or agent responsible for delivering this
message to the intended recipient, you are hereby notified that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please notify
your representative immediately and delete this message from your computer.
Thank you.
–
You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit https://groups.google.com/d/
topic/foreman-users/_hWAPgY7bIQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
