Hello

I am looking for some help as im finding it quite hard to get support from
the web that relates to my issue(s).

At the moment i have setup a Foreman server 1.9 (Dev1) and a Foreman-Proxy
1.9 (Dev2) on a seperate server. As a bit of background this is because
eventually the Proxy Dev2 server will reside in an isolated network and be
used to build, configure (with puppet) clients that also reside in the same
isolated network as they will not have access to the master foreman server
directly. Currently i have a test client (call it Test1) that is configured
to use Dev2 (the proxy) for puppet runs etc. Right now they are all on the
same network for test purposes. The puppet version used is 3.x

At the moment my main issue is:

• Manually running puppet runs (via the proxy over SSH) from the Foreman
  Master (Dev1) from the frontend to the client server Test1 shows from the
  front end that the execution of puppet was successful however no puppet run
  seems to be ran on the client.

When i look at the logs on Dev2 Proxy after hitting the "run puppet" on
Dev1 master I see the following:

D, [2015-12-03T11:45:48.612930 #1305] DEBUG – : verifying remote client
XX.XX.XX.XX against trusted_hosts dev1.com dev2.com
<http://dev1.comdev2.ebrd.com>
D, [2015-12-03T11:45:48.614280 #1305] DEBUG – : about to execute:
/usr/bin/ssh -l root -i /etc/foreman-proxy/id_rsa test1.com
/usr/bin/puppet\ agent\ --onetime\ --no-usecacheonfailure
10.102.245.195 - - [03/Dec/2015 11:45:48] "POST /run HTTP/1.1" 200 - 0.0042

This doesnt work.

However if i manually run the following on the Dev2 proxy:

/usr/bin/ssh -l root -i /etc/foreman-proxy/id_rsa test1.com
/usr/bin/puppet\ agent\ --onetime\ --no-usecacheonfailure

It performs the puppet run on the client.

Any help at this stage would be greatly appreciated!!!

What user are you executing that as? The proxy will execute it as user
"foreman-proxy" - if it works for a different user, try switching to
the proxy user (e.g. there may be a permissions issue for that user).

Hi james!
Have you found any solution to this issue? I'm having the same problem.
I've followed the instructions at
Foreman :: Manual . I'm trying to
use the puppet_proxy_ssh to run puppet through the GUI. When i click "Run
Puppet", it shows a success message, but nothing happens on client side. If
i run the agent from foreman-proxy host (Puppet server) through SSH using
root or foreman-proxy user, everything is OK. Any tips?

Thanks in advance.

Lauro

Do you happen to have any specific SSH configuration on the client or the
server side?
Do you use FreeIPA(IPA) or have SSSD configured on the client/server?

Hi Erez,

i don't have any specific configuration for SSH (client and server side).
I'm doing tests in a lab environment (3 VMs, 1 Foreman, 1 for Puppet
Server/Smart Proxy and the other is a puppet client).
If i try to run puppet agent through ssh from puppet server on client host,
everything is ok. But from Foreman GUI, success message appears but nothing
happens on client side.

Do you see anything in the logs of the server/client, which OS
(server/client)?

I'm getting this too. Here's what I see:

client /var/log/messages (nothing)
client /var/log/secure:
Jan 31 01:03:57 <server-name> sshd[12945]: Connection closed by <server-ip>
[preauth]

So it definitely can reach port 22, but apparently doesn't actually attempt
authentication (or at least gives up pretty quickly). It's not being
rejected (at least not explicitly).

server /var/log/foreman-proxy/proxy.log:
I, [2017-01-30T10:47:02.711901 ] INFO – : <server-ip> - -
[30/Jan/2017:10:47:02 -0600] "POST /puppet/run HTTP/1.1" 200 - 0.0121

From the command line, it works fine:

sudo -u foreman-proxy /bin/bash

bash-4.2$ ssh -l root -i ~/.ssh/id_rsa_foreman_proxy <client>
/opt/puppetlabs/bin/puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for <client>
Info: Applying configuration version '<version>'
Notice: Applied catalog in 0.26 seconds

… so the key is definitely functional, and present in the remote root
users .ssh/authorized_keys file.

It also works properly using the same ssh key, using the
"remote_execution_ssh" functionality. Meaning, I can instead do "Run Job"
on whatever nodes, and run "puppet agent -t" as the job (or the default
"Puppet Run Once" job template), and it works properly.

Server is CentOS 7, foreman-1.14
Client is RHEL 7

Amusingly, this also happens when the client is the server itself (that is,
"restart puppet on yourself"). Not surprising, but amusing.

Any ideas?