First puppet run fails

Hi,
when I provision a host using Foreman (on a VMware compute resource, OS
RedHat 6.3, the provision template is more or less the Kickstart default
one), the first puppet run after the system is built always fails.

It doesn't fail with an error, it just returns a warning:

Unable to fetch my node definition, but the agent run will continue:
Error 400 on SERVER: Failed to find <omitted_hostname> via exec:
Execution of '/etc/puppet/node.rb <omitted_hostname>' returned 1:

(I have the full FQDN in the log instead of <omitted_hostname> of course)

But then all puppet classed are skipped, nothing is applied in this first
run.

Soon after this (1-2 minutes), puppet runs again and this time it works
through the end.

I suppose the first run is the one launched by the provision template,
while the second one is the first run by the installed daemon.

Is this an expected behaviour?
Or is there a way I can fix this?
What can be the reason?
Looks like the server cannot resolve the hostname, yet. But the DNS entry
should already have been created, and the DNS server is the same machine
where Foreman and the Puppet master run.

Thanks for any info.
Marco

The hostname is the most likely issue, is the "omitted_hostname" exactly
what Foreman has registered?

At a guess, it might be failing to find the host in Foreman during the
provision step as the hostname isn't set correctly in the kickstart
(check reverse DNS and "network" line in the ks itself), but on the
subsequent reboot it is.

The other place the hostname used by Puppet should be set is in the
certname field in puppet.conf:
https://github.com/theforeman/community-templates/blob/master/snippets/puppet.conf.erb#L22

Also have a look at Foreman's production.log, see if you can tally up
the requests made during the kickstart - you'll see facts arriving
first, then a call for the external nodes output (which is node.rb).

The expected behaviour when provisioning is that Puppet runs in the
kickstart, but is called with "–tags no_such_tag" so that it triggers
Puppet SSL autosigning, fetches the catalog, but doesn't actually change
anything. The proper Puppet run should be done on the next reboot, when
it's in the correct, non-installer environment.

Cheers,

··· On 26/05/14 13:01, zerozerounouno@gmail.com wrote: > Hi, > when I provision a host using Foreman (on a VMware compute resource, OS > RedHat 6.3, the provision template is more or less the Kickstart default > one), the first puppet run after the system is built always fails. > > It doesn't fail with an error, it just returns a warning: > > Unable to fetch my node definition, but the agent run will continue: > Error 400 on SERVER: Failed to find via exec: > Execution of '/etc/puppet/node.rb ' returned 1: > > (I have the full FQDN in the log instead of of course) > > But then all puppet classed are skipped, nothing is applied in this > first run. > > Soon after this (1-2 minutes), puppet runs again and this time it works > through the end. > > I suppose the first run is the one launched by the provision template, > while the second one is the first run by the installed daemon. > > Is this an expected behaviour? > Or is there a way I can fix this? > What can be the reason? > Looks like the server cannot resolve the hostname, yet. But the DNS > entry should already have been created, and the DNS server is the same > machine where Foreman and the Puppet master run.


Dominic Cleal
Red Hat Engineering

> The hostname is the most likely issue, is the "omitted_hostname" exactly
> what Foreman has registered?
>

Yes, the reported hostname is the correct FQDN.

> At a guess, it might be failing to find the host in Foreman during the
> provision step as the hostname isn't set correctly in the kickstart
> (check reverse DNS and "network" line in the ks itself), but on the
> subsequent reboot it is.

The reverse DNS entry is ok as far as I can tell by "dig -x".
The network line in the template uses the @host macro (which isn't listed
in the macros table by the way) just like the default template:
network --device eth0 --bootproto=dhcp --noipv6 --hostname <%= @host %>

> The other place the hostname used by Puppet should be set is in the
> certname field in puppet.conf:
>

The correct host FQDN is in there, too.

> Also have a look at Foreman's production.log, see if you can tally up
> the requests made during the kickstart - you'll see facts arriving
> first, then a call for the external nodes output (which is node.rb).
>

Uhm, I can find this "Unprocessable Entity" in production.log, just before
the /unattended/built call (foreman_ip and host_fqdn are ok):

Started POST "/api/hosts/facts" for <foreman_ip> at 2014-05-27 10:56:03
+0200
Processing by Api::V2::HostsController#facts as JSON
Parameters: {"certname"=>"<host_fqdn>", "name"=>"<host_fqdn>",
"facts"=>"[FILTERED]", "host"=>{"certname"=>"<host_fqdn>",
"name"=>"<host_fqdn>", "facts"=>"[FILTERED]"}}
Completed 422 Unprocessable Entity in 13ms (Views: 0.3ms | ActiveRecord:
2.9ms)

Does it mean anything special?

> The expected behaviour when provisioning is that Puppet runs in the
> kickstart, but is called with "–tags no_such_tag" so that it triggers
> Puppet SSL autosigning, fetches the catalog, but doesn't actually change
> anything. The proper Puppet run should be done on the next reboot, when
> it's in the correct, non-installer environment.
>

Ok, so the first run - and related report - where no classes are applied is
correct.
So, actually, I have no evident problem to report :), I just have that
warning but I can ignore it if puppet's behaviour is ok in the end.

Thank you very much for your help.
Marco

··· Il giorno mercoledì 28 maggio 2014 11:23:42 UTC+2, Dominic Cleal ha scritto:

A post was split to a new topic: First Puppet Run Failing