Hello,
Trying to setup a Puppet v4 system (behind a proxy so hand crafting it for
now) as a POC before moving from v3.
I have the PostGres/PuppetDB/Foreman on one server, and the Puppet
Server/CA on another with foreman-proxy. I have setup the smart proxy as we
did on v3 with the
upgrade steps as mentioned and I have created the smart proxy to it and
configured it to send facts/reports and all these are coming in fine.
Now I want to start using the ENC setup and import from the puppet server
etc and I get errors about reading environments.
On the proxy status page I get a tick, I can read the PuppetCA information
I can see the reports but I cannot read the environments/classes.
Failure: ERF50-5345 [Foreman::WrappedException]: Unable to connect
([ProxyAPI::ProxyException]: ERF12-4115 [ProxyAPI::ProxyException]: Unable
to get classes from Puppet for dev ([Rest…)
Enabling DEBUG on the proxy log doesn't give a lot away. It certainly
doesn't seem permission related (foreman-proxy is in the puppet group). But
getting 503's.
D, [2017-01-25T12:20:46.100097 ] DEBUG – : Found puppetca at
/opt/puppetlabs/bin/puppet
D, [2017-01-25T12:20:46.100211 ] DEBUG – : Found sudo at /usr/bin/sudo
D, [2017-01-25T12:20:46.100267 ] DEBUG – : Executing /usr/bin/sudo -S
/opt/puppetlabs/bin/puppet cert --ssldir /etc/puppetlabs/puppet/ssl --list
–all
I, [2017-01-25T12:20:51.110234 ] INFO – : <IP> - - [25/Jan/2017:12:20:51
+0000] "GET /puppet/ca HTTP/1.1" 200 563 5.5168
D, [2017-01-25T12:20:51.121114 ] DEBUG – : close: <IP>:33374
I, [2017-01-25T12:20:51.420277 ] INFO – : <IP> - - [25/Jan/2017:12:20:51
+0000] "GET /puppet/ca HTTP/1.1" 200 563 5.8772
D, [2017-01-25T12:20:51.427916 ] DEBUG – : close: <IP>:33370
I, [2017-01-25T12:20:51.793828 ] INFO – : <IP> - - [25/Jan/2017:12:20:51
+0000] "GET /puppet/ca HTTP/1.1" 200 563 5.6942
D, [2017-01-25T12:20:51.856961 ] DEBUG – : close: <IP>:33382
E, [2017-01-25T12:21:00.976187 ] ERROR – : Puppet is taking too long to
respond, please try again later.
D, [2017-01-25T12:21:00.976527 ] DEBUG – : Puppet is taking too long to
respond, please try again later.
I, [2017-01-25T12:21:00.976981 ] INFO – : <IP> - - [25/Jan/2017:12:21:00
+0000] "GET /puppet/environments/dev/classes HTTP/1.1" 503 61 15.0253
D, [2017-01-25T12:21:00.983614 ] DEBUG – : close: <IP>:33380
I have this in the auth.conf
{
match-request: {
path: "/puppet/v3/environments"
type: path
method: get
}
allow: ""
sort-order: 500
name: "puppetlabs environments"
},
{
match-request: {
path: "/puppet/v3/resource_type"
type: path
method: [get, post]
}
allow: ""
sort-order: 500
name: "puppetlabs resource type"
},
{
match-request: {
path: "/puppet/v3/environment_classes"
type: path
method: get
}
allow: "*"
sort-order: 500
name: "puppetlabs environment classes"
},
the puppetserver access log shows a 200
<IP> - [25/Jan/2017:12:37:40 +0000] "GET
/puppet/v3/environment_classes?environment=dev HTTP/1.1" 200 609657 "-"
"Ruby" 22363
Any ideas ?
Thanks
Paul