Foreman proxy doesn't send reports when external_nodes is enabled

xoffio · January 22, 2024, 3:44pm

Problem:

Hey there! I’ve set up a new Foreman installation and installed Foreman Proxy on a separate host. In the puppet.conf file on the proxy host, I enabled the following lines:

[server]
    external_nodes = /etc/puppetlabs/puppet/node.rb
    node_terminus = exec

Now, when the puppet agent on a client runs and tries to send its reports to the Foreman Proxy, it fails with a timeout error. Here is the error i get :

Error: Could not send report: Request to https://foreman-proxy-test.local:8140/puppet/v3/report/win2.local?environment=windows failed after 210.404 seconds: Net::WriteTimeout with #TCPSocket:(closed)
Wrapped exception:
Net::WriteTimeout with #TCPSocket:(closed)

if I comment out these two lines in puppet.conf on the proxy host, the puppet agent runs successfully and sends the reports to Foreman without any issues.

I’ve also checked that manually executing the node.rb script on the proxy host works fine. When i do /etc/puppetlabs/puppet/node.rb win2.local I get all the parameters and classes

I didn’t noticed anything important in the logs. Anything I should be looking? I Search in the forum and it looks like this is usually a cert issue but I don’t think this is the case since puppet runs everything. when when the ENC is disabled it does communicate with the foreman server

Expected outcome:
puppet should be able to push the reports to foreman

Foreman and Proxy versions:
Foreman 3.8
Foreman Smart Proxy 3.8
Puppet 7.28.0

Marek_Hulan · January 23, 2024, 6:36pm

Are you sure the foreman-proxy-test.local resolves to tge correct IP? Also, are you sure the port 8140 is correct? Afaik the Foreman proxy by default listens on 8443, 8140 is probably the puppet server port.

xoffio · January 23, 2024, 6:56pm

Hi @Marek_Hulan. Yes foreman-proxy-test is resolving correctly, and i know that because puppet agent is talking to it. Puppetserver is listing to port 8140 and smart-proxy to 8443.

The puppet.conf in the agent has the next values

[main]
server=foreman-proxy-test.local
ca_server=foreman-server.local
environment=windows
report=true

This is correct right?

Thank you for taking the time!

ekohl · January 23, 2024, 8:21pm

This is a good test, but only a partial one. The node.rb script retrieves the ENC while the report is separate.

What’s the value for reports?

I’d also check the logs in /var/log/puppetlabs/puppetserver on foreman-proxy-test.local for anything odd. It looks like the write action to puppetserver itself is timing out and that’s surprising.

xoffio · January 26, 2024, 3:20pm

Hi @ekohl.

reports is not set to anything in the puppet agent. but in the server is set to foreman

I actually check the logs in /var/log/puppetlabs/puppetserver but it didn’t show anything “important” other than a trace when the pupppetserver stops after timing out

Now it is sending the reports. I don’t know what exactly fixed it but I will try to look into it just to share to others.

Thank you so much for taking the time!