I get the message “Some or all hosts execution failed, Please check log
files for more information”

I may be looking in the wrong place but I can NOT see any info in the ‘log’
files I have looked in.

Also I think that most of my environment is ok as I can run ‘mco ping’

Not only that ‘mco puppet runonce <fqdn>’ works as expected! (Both run as
root.)

I have set :puppet_provider: mcollective in /etc/foreman-proxy/settings.yml.

Also did the job with visudo for the sudoers rule.

Is this an ownership / permissions issue or have I missed out something?

Regards, Mike.

activemq-5.5.0-1

CentOS 6.4

foreman-1.2.0-1

mcollective-2.2.4-1

puppet-3.2.2-1

[root@foreman11 ~]# tail /etc/foreman-proxy/settings.yml

:puppet: true

:puppet_conf: /etc/puppet/puppet.conf

:puppet_provider: mcollective

Where our proxy log files are stored

filename or STDOUT

:log_file: /var/log/foreman-proxy/proxy.log

valid options are

WARN, DEBUG, Error, Fatal, INFO, UNKNOWN

:log_level: DEBUG

Service foreman-proxy restart

[root@foreman11 ~]# tail /var/log/foreman-proxy/proxy.log

I, [2013-08-14T20:32:14.856046 #17181] INFO – : Initializing from Puppet
config file: /etc/puppet/puppet.conf

I, [2013-08-14T20:32:14.867375 #17181] INFO – : Initializing from Puppet
config file: /etc/puppet/puppet.conf

I, [2013-08-14T20:32:16.280128 #17181] INFO – : Initializing from Puppet
config file: /etc/puppet/puppet.conf

I, [2013-08-14T20:32:16.322453 #17181] INFO – : Initializing from Puppet
config file: /etc/puppet/puppet.conf

I, [2013-08-14T20:32:16.333449 #17181] INFO – : Initializing from Puppet
config file: /etc/puppet/puppet.conf

I, [2013-08-14T20:32:17.139977 #17181] INFO – : Initializing from Puppet
config file: /etc/puppet/puppet.conf

I, [2013-08-14T20:32:17.417358 #17181] INFO – : Initializing from Puppet
config file: /etc/puppet/puppet.conf

I, [2013-08-14T20:32:17.465492 #17181] INFO – : Initializing from Puppet
config file: /etc/puppet/puppet.conf

I, [2013-08-14T20:32:17.477310 #17181] INFO – : Initializing from Puppet
config file: /etc/puppet/puppet.conf

I, [2013-08-14T20:32:18.286151 #17181] INFO – : Initializing from Puppet
config file: /etc/puppet/puppet.conf

[root@foreman11 ~]# tail /etc/sudoers

Allows members of the users group to shutdown this system

%users localhost=/sbin/shutdown -h now

Read drop-in files from /etc/sudoers.d (the # here does not mean a

comment)

#includedir /etc/sudoers.d

Defaults:foreman-proxy !requiretty

foreman-proxy ALL = NOPASSWD: /usr/bin/mco puppet runonce *

bash-4.1$ sudo mco puppet runonce foreman11.hurn.ca

• [ ============================================================> ] 1 / 1

Finished processing 1 / 1 hosts in 1029.90 ms

I have noticed this in mcollective.log

W, [2013-08-15T00:52:28.009620 #25677] WARN – : runner.rb:71:in `run'
Failed to handle message: Could not find a public key for
mcollective-servers_certificate in
/etc/mcollective/ssl/clients/mcollective-servers_certificate.pem -
RuntimeError

W, [2013-08-15T00:52:28.010027 #25677] WARN – : runner.rb:72:in run' /usr/libexec/mcollective/mcollective/security/ssl.rb:259:inpublic_key_file'

Regards, Mike.

> I get the message �Some or all hosts execution failed, Please check log
> files for more information�
>
> I may be looking in the wrong place but I can NOT see any info in the
> �log� files I have looked in.

Can you provide your /var/log/foreman-proxy/proxy.log? Ensure log_level
is set to DEBUG in the proxy settings file first, as it should print the
command it's using etc.

> Also I think that most of my environment is ok as I can run �mco ping�
>
> Not only that �mco puppet runonce <fqdn>� works as expected! (Both run
> as root.)
>
> I have set :puppet_provider: mcollective in /etc/foreman-proxy/settings.yml.
>
> Also did the job with visudo for the sudoers rule.
>
> Is this an ownership / permissions issue or have I missed out something?

Try sudoing to the foreman-proxy user and running "sudo mco puppet
runonce", to check the sudo rules are correct. Can you paste the rules
you've added?

I only have one system for testing but I can also test without using the
Foreman GUI.

[As the foreman-proxy user] First test gets expected results.

bash-4.1$

bash-4.1$ curl -k -d "nodes=foreman11.hurn.ca"
https://foreman11.hurn.ca:8443/puppet/run

bash-4.1$

bash-4.1$

bash-4.1$ curl -d "nodes=foreman11.hurn.ca"
https://foreman11.hurn.ca:8443/puppet/run

curl: (60) Peer certificate cannot be authenticated with known CA
certificates

More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"

of Certificate Authority (CA) public keys (CA certs). If the default

bundle file isn't adequate, you can specify an alternate file

using the --cacert option.

If this HTTPS server uses a certificate signed by a CA represented in

the bundle, the certificate verification probably failed due to a

problem with the certificate (it might be expired, or the name might

not match the domain name in the URL).

If you'd like to turn off curl's verification of the certificate, use

the -k (or --insecure) option.

Hi Dominic,

I took another look at my configs and settings. You were right I did not
have the Puppet Master configured!

What took me off track was that I was not getting logging info from the
proxy.log. I took another look at the production.log and found a message
that stated:

Started POST "/hosts/update_multiple_puppetrun?host_ids%5B%5D=164" for
192.168.42.1 at 2013-08-16 1

Processing by HostsController#update_multiple_puppetrun as HTML

Parameters: {"utf8"=>"â",
"authenticity_token"=>"Z9dX4K+4lqs7tBhm1/9ZQvJPCwnpWjsHZkQb+XapcWs=", "

unable to execute puppet run, no puppet proxies defined

Thank you very much for your help.

Is this a good time to request that the Foreman Installer to also install
mcollective

Regards, Mike.

I have fixed the mcollective WARN issue it was a missing file

But the original problem is still there!

Also I am not getting much luck with getting foreman-proxy to log anything
apart from a few ‘INFO’ messages

Is there a problem with the foreman-proxy code? I suspect that it is more
likely that I have missed configured something So I will continue
loking. I plan to update to Foreman 1.2.1 later today to see if it helps.

Regards, Mike.

It does seem that you're not even getting requests to the proxy to run
Puppet. How are you testing?

If you're doing it from Foreman, check you have the right proxy server
selected for the host you're running Puppet on. Edit the host and on
the first tab is a puppetmaster dropdown menu, which should correspond
to the proxy server you've configured with mco.