Foreman-proxy puppet environment import issue

Hello,

Trying to setup a Puppet v4 system (behind a proxy so hand crafting it for
now) as a POC before moving from v3.

I have the PostGres/PuppetDB/Foreman on one server, and the Puppet
Server/CA on another with foreman-proxy. I have setup the smart proxy as we
did on v3 with the
upgrade steps as mentioned and I have created the smart proxy to it and
configured it to send facts/reports and all these are coming in fine.

Now I want to start using the ENC setup and import from the puppet server
etc and I get errors about reading environments.

On the proxy status page I get a tick, I can read the PuppetCA information
I can see the reports but I cannot read the environments/classes.

Failure: ERF50-5345 [Foreman::WrappedException]: Unable to connect
([ProxyAPI::ProxyException]: ERF12-4115 [ProxyAPI::ProxyException]: Unable
to get classes from Puppet for dev ([Rest…)

Enabling DEBUG on the proxy log doesn't give a lot away. It certainly
doesn't seem permission related (foreman-proxy is in the puppet group). But
getting 503's.

D, [2017-01-25T12:20:46.100097 ] DEBUG – : Found puppetca at
/opt/puppetlabs/bin/puppet
D, [2017-01-25T12:20:46.100211 ] DEBUG – : Found sudo at /usr/bin/sudo
D, [2017-01-25T12:20:46.100267 ] DEBUG – : Executing /usr/bin/sudo -S
/opt/puppetlabs/bin/puppet cert --ssldir /etc/puppetlabs/puppet/ssl --list
–all
I, [2017-01-25T12:20:51.110234 ] INFO – : <IP> - - [25/Jan/2017:12:20:51
+0000] "GET /puppet/ca HTTP/1.1" 200 563 5.5168

D, [2017-01-25T12:20:51.121114 ] DEBUG – : close: <IP>:33374
I, [2017-01-25T12:20:51.420277 ] INFO – : <IP> - - [25/Jan/2017:12:20:51
+0000] "GET /puppet/ca HTTP/1.1" 200 563 5.8772

D, [2017-01-25T12:20:51.427916 ] DEBUG – : close: <IP>:33370
I, [2017-01-25T12:20:51.793828 ] INFO – : <IP> - - [25/Jan/2017:12:20:51
+0000] "GET /puppet/ca HTTP/1.1" 200 563 5.6942

D, [2017-01-25T12:20:51.856961 ] DEBUG – : close: <IP>:33382
E, [2017-01-25T12:21:00.976187 ] ERROR – : Puppet is taking too long to
respond, please try again later.
D, [2017-01-25T12:21:00.976527 ] DEBUG – : Puppet is taking too long to
respond, please try again later.
I, [2017-01-25T12:21:00.976981 ] INFO – : <IP> - - [25/Jan/2017:12:21:00
+0000] "GET /puppet/environments/dev/classes HTTP/1.1" 503 61 15.0253

D, [2017-01-25T12:21:00.983614 ] DEBUG – : close: <IP>:33380

I have this in the auth.conf
{
match-request: {
path: "/puppet/v3/environments"
type: path
method: get
}
allow: ""
sort-order: 500
name: "puppetlabs environments"
},
{
match-request: {
path: "/puppet/v3/resource_type"
type: path
method: [get, post]
}
allow: ""
sort-order: 500
name: "puppetlabs resource type"
},
{
match-request: {
path: "/puppet/v3/environment_classes"
type: path
method: get
}
allow: "*"
sort-order: 500
name: "puppetlabs environment classes"
},

the puppetserver access log shows a 200
<IP> - [25/Jan/2017:12:37:40 +0000] "GET
/puppet/v3/environment_classes?environment=dev HTTP/1.1" 200 609657 "-"
"Ruby" 22363

Any ideas ?

Thanks
Paul

Hi,

I think I might have tracked this down to a limit of around 1024 classes in
the import. If I remove a bunch of modules (any it seems) and bring it to
under 1024 then the import (via rake task or UI) it works. If I move some
more modules in past 1024 it throws the:-

ERF12-4115 [ProxyAPI::ProxyException]: Unable to get classes from Puppet
for dev ([RestClient::ServiceUnavailable]: 503 Service Unavailable) for
proxy https://vrdevpms001.iggroup.local:8443/puppet

This is on 1.14.0 BTW.

Thanks
Paul