Foreman - puppet kick as sudo fails

Support
1

Hey all,

i am a little confused, so i need some ideas. I have a Foreman server
installed on Amazon EC2 and i am able to provision instances to the same
ec2 subnet.
After the provisioning i can run puppet from the agent and everything is
going well.
Ok, but i want to kick the puppet run from my PuppetMaster (same as
Foreman-Server). so i executed

$ /usr/bin/puppet kick --host 'webs.local.cloud'

$ sudo /usr/bin/puppet kick --host 'webs.local.cloud'

Warning: Puppet kick is deprecated. See
http://links.puppetlabs.com/puppet-kick-deprecation
<http://links.puppetlabs.com/puppet-kick-deprecation> Warning: Failed to
load ruby LDAP library. LDAP functionality will not be available Triggering
webs.test.cloud Error: Host webs.local.cloud failed: Server hostname
'webs.local.cloud' did not match server certificate; expected
d2eca8ab-ea7f-4ed0-a8d7-d9ee7d864816 webs.test.cloud finished with exit
code 2 Failed: webs.local.cloud

Shit now it fails. I checked my sudoers rules and ok there is written:

*#includedir /etc/sudoers.d Defaults:foreman-proxy !requiretty
foreman-proxy ALL = NOPASSWD: /usr/bin/puppet kick * foreman-proxy ALL =
NOPASSWD: /usr/bin/puppet cert **

I also checked that the user foreman-proxy exists, but now I have no clue
what to do.

So maybe someone has an idea for me.

Thanks in advanced and greetings Andy

2

Sorry i forgot to mention i am using Foreman 1.5.

ยทยทยท On Thursday, May 15, 2014 3:57:03 PM UTC+2, Andy Adman wrote: > > Hey all, > > i am a little confused, so i need some ideas. I have a Foreman server > installed on Amazon EC2 and i am able to provision instances to the same > ec2 subnet. > After the provisioning i can run puppet from the agent and everything is > going well. > Ok, but i want to kick the puppet run from my PuppetMaster (same as > Foreman-Server). so i executed > > $ /usr/bin/puppet kick --host 'webs.local.cloud' > > > > > > > > > > > > * Warning: Puppet kick is deprecated. See > http://links.puppetlabs.com/puppet-kick-deprecation > Warning: Failed to > load ruby LDAP library. LDAP functionality will not be available Triggering > webs.test.cloud Notice: Using less secure serialization of reports and > query parameters for compatibility Notice: with older puppet master. To > remove this notice, please upgrade your master(s) Notice: to Puppet 3.3 or > newer. Notice: See http://links.puppetlabs.com/deprecate_yaml_on_network > for more > information. Getting status status is success webs.test.cloud finished with > exit code 0 Finished* > > > Ok nice. A strange notice cause my puppet version is 3.5.1 but ok its > running. > Now i want to execute the same command as sudo cause Foreman is doing the > same. > > $ sudo /usr/bin/puppet kick --host 'webs.local.cloud' > > > > > > > *Warning: Puppet kick is deprecated. See > http://links.puppetlabs.com/puppet-kick-deprecation > Warning: Failed to > load ruby LDAP library. LDAP functionality will not be available Triggering > webs.test.cloud Error: Host webs.local.cloud failed: Server hostname > 'webs.local.cloud' did not match server certificate; expected > d2eca8ab-ea7f-4ed0-a8d7-d9ee7d864816 webs.test.cloud finished with exit > code 2 Failed: webs.local.cloud* > > Shit now it fails. I checked my sudoers rules and ok there is written: > > > > > *#includedir /etc/sudoers.d Defaults:foreman-proxy !requiretty > foreman-proxy ALL = NOPASSWD: /usr/bin/puppet kick * foreman-proxy ALL = > NOPASSWD: /usr/bin/puppet cert ** > > I also checked that the user foreman-proxy exists, but now I have no clue > what to do. > > So maybe someone has an idea for me. > > Thanks in advanced and greetings Andy >
3

I found out, that the puppet kick on my bare metal Foreman Server didn't
work when the foreman setting .

use_uuid_for_certificates == true

when

use_uuid_for_certificates == false

the puppet kick works.

But for EC2 provisioning the Foreman manual says:
Enabling use_uuid_for_certificates in Administer > Settings is
recommended for consistent Puppet certificate IDs instead of hostnames

Someone has an advice?

4

The --debug output for the failing run

Warning: Puppet kick is deprecated. See
http://links.puppetlabs.com/puppet-kick-deprecation
Debug: Failed to load library 'ldap' for feature 'ldap'
Warning: Failed to load ruby LDAP library. LDAP functionality will not be
available
Triggering webs.local.cloud
Debug: Failed to load library 'msgpack' for feature 'msgpack'
Debug: Puppet::Network::Format[msgpack]: feature msgpack is missing
Debug: run supports formats: pson b64_zlib_yaml yaml raw
Debug: Failed to load library 'msgpack' for feature 'msgpack'
Debug: Puppet::Network::Format[msgpack]: feature msgpack is missing
Debug: run supports formats: pson b64_zlib_yaml yaml raw
Debug: Failed to load library 'msgpack' for feature 'msgpack'
Debug: Puppet::Network::Format[msgpack]: feature msgpack is missing
Debug: run supports formats: pson b64_zlib_yaml yaml raw
Debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dsimport
does not exist
Debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not
exist
Debug: Failed to load library 'ldap' for feature 'ldap'
Debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
Debug: Puppet::Type::User::ProviderPw: file pw does not exist
Debug: /User[puppet]: Provider useradd does not support features libuser;
not managing attribute forcelocal
Debug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl
does not exist
Debug: Failed to load library 'ldap' for feature 'ldap'
Debug: Puppet::Type::Group::ProviderLdap: feature ldap is missing
Debug: Puppet::Type::Group::ProviderPw: file pw does not exist
Debug: /Group[puppet]: Provider groupadd does not support features libuser;
not managing attribute forcelocal
Debug: Failed to load library 'selinux' for feature 'selinux'
Debug: Using settings: adding file resource 'logdir':
'File[/var/log/puppet]{:ensure=>:directory, :backup=>false,
:group=>"puppet", :loglevel=>:debug, :owner=>"puppet", :mode=>"750",
:links=>:follow, :path=>"/var/log/puppet"}'
Debug: Using settings: adding file resource 'certdir':
'File[/var/lib/puppet/ssl/certs]{:ensure=>:directory, :backup=>false,
:group=>"puppet", :loglevel=>:debug, :owner=>"puppet", :mode=>"755",
:links=>:follow, :path=>"/var/lib/puppet/ssl/certs"}'
Debug: Using settings: adding file resource 'vardir':
'File[/var/lib/puppet]{:ensure=>:directory, :backup=>false,
:group=>"puppet", :loglevel=>:debug, :owner=>"puppet", :links=>:follow,
:path=>"/var/lib/puppet"}'
Debug: Using settings: adding file resource 'hostprivkey':
'File[/var/lib/puppet/ssl/private_keys/ip-172-16-0-48.local.cloud.pem]{:ensure=>:file,
:backup=>false, :group=>"puppet", :loglevel=>:debug, :owner=>"puppet",
:mode=>"640", :links=>:follow,
:path=>"/var/lib/puppet/ssl/private_keys/ip-172-16-0-48.local.cloud.pem"}'
Debug: Using settings: adding file resource 'publickeydir':
'File[/var/lib/puppet/ssl/public_keys]{:ensure=>:directory, :backup=>false,
:group=>"puppet", :loglevel=>:debug, :owner=>"puppet", :mode=>"755",
:links=>:follow, :path=>"/var/lib/puppet/ssl/public_keys"}'
Debug: Using settings: adding file resource 'plugindest':
'File[/var/lib/puppet/lib]{:ensure=>:directory, :backup=>false,
:loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet/lib"}'
Debug: Using settings: adding file resource 'localcacert':
'File[/var/lib/puppet/ssl/certs/ca.pem]{:ensure=>:file, :backup=>false,
:group=>"puppet", :loglevel=>:debug, :owner=>"puppet", :mode=>"644",
:links=>:follow, :path=>"/var/lib/puppet/ssl/certs/ca.pem"}'
Debug: Using settings: adding file resource 'privatekeydir':
'File[/var/lib/puppet/ssl/private_keys]{:ensure=>:directory,
:backup=>false, :group=>"puppet", :loglevel=>:debug, :owner=>"puppet",
:mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/ssl/private_keys"}'
Debug: Using settings: adding file resource 'pluginfactdest':
'File[/var/lib/puppet/facts.d]{:ensure=>:directory, :backup=>false,
:loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet/facts.d"}'
Debug: Using settings: adding file resource 'confdir':
'File[/etc/puppet]{:ensure=>:directory, :backup=>false, :loglevel=>:debug,
:links=>:follow, :path=>"/etc/puppet"}'
Debug: Using settings: adding file resource 'hostcert':
'File[/var/lib/puppet/ssl/certs/ip-172-16-0-48.local.cloud.pem]{:ensure=>:file,
:backup=>false, :group=>"puppet", :loglevel=>:debug, :owner=>"puppet",
:mode=>"644", :links=>:follow,
:path=>"/var/lib/puppet/ssl/certs/ip-172-16-0-48.local.cloud.pem"}'
Debug: Using settings: adding file resource 'ssldir':
'File[/var/lib/puppet/ssl]{:ensure=>:directory, :backup=>false,
:group=>"puppet", :loglevel=>:debug, :owner=>"puppet", :mode=>"771",
:links=>:follow, :path=>"/var/lib/puppet/ssl"}'
Debug: Using settings: adding file resource 'statedir':
'File[/var/lib/puppet/state]{:ensure=>:directory, :backup=>false,
:loglevel=>:debug, :mode=>"1755", :links=>:follow,
:path=>"/var/lib/puppet/state"}'
Debug: Using settings: adding file resource 'hostpubkey':
'File[/var/lib/puppet/ssl/public_keys/ip-172-16-0-48.local.cloud.pem]{:ensure=>:file,
:backup=>false, :group=>"puppet", :loglevel=>:debug, :owner=>"puppet",
:mode=>"644", :links=>:follow,
:path=>"/var/lib/puppet/ssl/public_keys/ip-172-16-0-48.local.cloud.pem"}'
Debug: Using settings: adding file resource 'requestdir':
'File[/var/lib/puppet/ssl/certificate_requests]{:ensure=>:directory,
:backup=>false, :group=>"puppet", :loglevel=>:debug, :owner=>"puppet",
:mode=>"755", :links=>:follow,
:path=>"/var/lib/puppet/ssl/certificate_requests"}'
Debug: Using settings: adding file resource 'rundir':
'File[/var/run/puppet]{:ensure=>:directory, :backup=>false,
:group=>"puppet", :loglevel=>:debug, :owner=>"puppet", :mode=>"755",
:links=>:follow, :path=>"/var/run/puppet"}'
Debug: Using settings: adding file resource 'privatedir':
'File[/var/lib/puppet/ssl/private]{:ensure=>:directory, :backup=>false,
:group=>"puppet", :loglevel=>:debug, :owner=>"puppet", :mode=>"750",
:links=>:follow, :path=>"/var/lib/puppet/ssl/private"}'
Debug: Using settings: adding file resource 'hostcrl':
'File[/var/lib/puppet/ssl/crl.pem]{:ensure=>:file, :backup=>false,
:group=>"puppet", :loglevel=>:debug, :owner=>"puppet", :mode=>"644",
:links=>:follow, :path=>"/var/lib/puppet/ssl/crl.pem"}'
Debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring
File[/var/lib/puppet/ssl]
Debug:
/File[/var/lib/puppet/ssl/public_keys/ip-172-16-0-48.local.cloud.pem]:
Autorequiring File[/var/lib/puppet/ssl/public_keys]
Debug: /File[/var/lib/puppet/facts.d]: Autorequiring File[/var/lib/puppet]
Debug:
/File[/var/lib/puppet/ssl/private_keys/ip-172-16-0-48.local.cloud.pem]:
Autorequiring File[/var/lib/puppet/ssl/private_keys]
Debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring
File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring
File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring
File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/private]: Autorequiring
File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/certs/ip-172-16-0-48.local.cloud.pem]:
Autorequiring File[/var/lib/puppet/ssl/certs]
Debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring
File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring
File[/var/lib/puppet/ssl/certs]
Debug: Finishing transaction 70229732892360
Error: Host webs.local.cloud failed: Server hostname 'webs.local.cloud' did
not match server certificate; expected d2eca8ab-ea7f-4ed0-a8d7-d9ee7d964916

webs.local.cloud finished with exit code 2
Failed: webs.local.cloud

5

and for the successful run:

ubuntu@ip-172-16-0-48:/etc$ /usr/bin/puppet kick --debug --host
webs.local.cloud
Warning: Puppet kick is deprecated. See
http://links.puppetlabs.com/puppet-kick-deprecation
Debug: Failed to load library 'ldap' for feature 'ldap'
Warning: Failed to load ruby LDAP library. LDAP functionality will not be
available
Triggering webs.local.cloud
Debug: Failed to load library 'msgpack' for feature 'msgpack'
Debug: Puppet::Network::Format[msgpack]: feature msgpack is missing
Debug: run supports formats: pson b64_zlib_yaml yaml raw
Debug: Failed to load library 'msgpack' for feature 'msgpack'
Debug: Puppet::Network::Format[msgpack]: feature msgpack is missing
Debug: run supports formats: pson b64_zlib_yaml yaml raw
Debug: Failed to load library 'msgpack' for feature 'msgpack'
Debug: Puppet::Network::Format[msgpack]: feature msgpack is missing
Debug: run supports formats: pson b64_zlib_yaml yaml raw
Debug: Failed to load library 'selinux' for feature 'selinux'
Debug: Using settings: adding file resource 'logdir':
'File[/home/ubuntu/.puppet/var/log]{:ensure=>:directory, :backup=>false,
:loglevel=>:debug, :mode=>"750", :links=>:follow,
:path=>"/home/ubuntu/.puppet/var/log"}'
Debug: Using settings: adding file resource 'certdir':
'File[/home/ubuntu/.puppet/ssl/certs]{:ensure=>:directory, :backup=>false,
:loglevel=>:debug, :mode=>"755", :links=>:follow,
:path=>"/home/ubuntu/.puppet/ssl/certs"}'
Debug: Using settings: adding file resource 'vardir':
'File[/home/ubuntu/.puppet/var]{:ensure=>:directory, :backup=>false,
:loglevel=>:debug, :links=>:follow, :path=>"/home/ubuntu/.puppet/var"}'
Debug: Using settings: adding file resource 'hostprivkey':
'File[/home/ubuntu/.puppet/ssl/private_keys/ip-172-16-0-48.local.cloud.pem]{:ensure=>:file,
:backup=>false, :loglevel=>:debug, :mode=>"640", :links=>:follow,
:path=>"/home/ubuntu/.puppet/ssl/private_keys/ip-172-16-0-48.local.cloud.pem"}'
Debug: Using settings: adding file resource 'publickeydir':
'File[/home/ubuntu/.puppet/ssl/public_keys]{:ensure=>:directory,
:backup=>false, :loglevel=>:debug, :mode=>"755", :links=>:follow,
:path=>"/home/ubuntu/.puppet/ssl/public_keys"}'
Debug: Using settings: adding file resource 'plugindest':
'File[/home/ubuntu/.puppet/var/lib]{:ensure=>:directory, :backup=>false,
:loglevel=>:debug, :links=>:follow, :path=>"/home/ubuntu/.puppet/var/lib"}'
Debug: Using settings: adding file resource 'privatekeydir':
'File[/home/ubuntu/.puppet/ssl/private_keys]{:ensure=>:directory,
:backup=>false, :loglevel=>:debug, :mode=>"750", :links=>:follow,
:path=>"/home/ubuntu/.puppet/ssl/private_keys"}'
Debug: Using settings: adding file resource 'pluginfactdest':
'File[/home/ubuntu/.puppet/var/facts.d]{:ensure=>:directory,
:backup=>false, :loglevel=>:debug, :links=>:follow,
:path=>"/home/ubuntu/.puppet/var/facts.d"}'
Debug: Using settings: adding file resource 'confdir':
'File[/home/ubuntu/.puppet]{:ensure=>:directory, :backup=>false,
:loglevel=>:debug, :links=>:follow, :path=>"/home/ubuntu/.puppet"}'
Debug: Using settings: adding file resource 'ssldir':
'File[/home/ubuntu/.puppet/ssl]{:ensure=>:directory, :backup=>false,
:loglevel=>:debug, :mode=>"771", :links=>:follow,
:path=>"/home/ubuntu/.puppet/ssl"}'
Debug: Using settings: adding file resource 'statedir':
'File[/home/ubuntu/.puppet/var/state]{:ensure=>:directory, :backup=>false,
:loglevel=>:debug, :mode=>"1755", :links=>:follow,
:path=>"/home/ubuntu/.puppet/var/state"}'
Debug: Using settings: adding file resource 'hostpubkey':
'File[/home/ubuntu/.puppet/ssl/public_keys/ip-172-16-0-48.local.cloud.pem]{:ensure=>:file,
:backup=>false, :loglevel=>:debug, :mode=>"644", :links=>:follow,
:path=>"/home/ubuntu/.puppet/ssl/public_keys/ip-172-16-0-48.local.cloud.pem"}'
Debug: Using settings: adding file resource 'requestdir':
'File[/home/ubuntu/.puppet/ssl/certificate_requests]{:ensure=>:directory,
:backup=>false, :loglevel=>:debug, :mode=>"755", :links=>:follow,
:path=>"/home/ubuntu/.puppet/ssl/certificate_requests"}'
Debug: Using settings: adding file resource 'rundir':
'File[/home/ubuntu/.puppet/var/run]{:ensure=>:directory, :backup=>false,
:loglevel=>:debug, :mode=>"755", :links=>:follow,
:path=>"/home/ubuntu/.puppet/var/run"}'
Debug: Using settings: adding file resource 'privatedir':
'File[/home/ubuntu/.puppet/ssl/private]{:ensure=>:directory,
:backup=>false, :loglevel=>:debug, :mode=>"750", :links=>:follow,
:path=>"/home/ubuntu/.puppet/ssl/private"}'
Debug: /File[/home/ubuntu/.puppet/var]: Autorequiring
File[/home/ubuntu/.puppet]
Debug: /File[/home/ubuntu/.puppet/var/facts.d]: Autorequiring
File[/home/ubuntu/.puppet/var]
Debug:
/File[/home/ubuntu/.puppet/ssl/private_keys/ip-172-16-0-48.local.cloud.pem]:
Autorequiring File[/home/ubuntu/.puppet/ssl/private_keys]
Debug:
/File[/home/ubuntu/.puppet/ssl/public_keys/ip-172-16-0-48.local.cloud.pem]:
Autorequiring File[/home/ubuntu/.puppet/ssl/public_keys]
Debug: /File[/home/ubuntu/.puppet/var/state]: Autorequiring
File[/home/ubuntu/.puppet/var]
Debug: /File[/home/ubuntu/.puppet/var/lib]: Autorequiring
File[/home/ubuntu/.puppet/var]
Debug: /File[/home/ubuntu/.puppet/var/log]: Autorequiring
File[/home/ubuntu/.puppet/var]
Debug: /File[/home/ubuntu/.puppet/ssl/private]: Autorequiring
File[/home/ubuntu/.puppet/ssl]
Debug: /File[/home/ubuntu/.puppet/ssl/certificate_requests]: Autorequiring
File[/home/ubuntu/.puppet/ssl]
Debug: /File[/home/ubuntu/.puppet/ssl/private_keys]: Autorequiring
File[/home/ubuntu/.puppet/ssl]
Debug: /File[/home/ubuntu/.puppet/var/run]: Autorequiring
File[/home/ubuntu/.puppet/var]
Debug: /File[/home/ubuntu/.puppet/ssl]: Autorequiring
File[/home/ubuntu/.puppet]
Debug: /File[/home/ubuntu/.puppet/ssl/certs]: Autorequiring
File[/home/ubuntu/.puppet/ssl]
Debug: /File[/home/ubuntu/.puppet/ssl/public_keys]: Autorequiring
File[/home/ubuntu/.puppet/ssl]
Debug: Finishing transaction 69927308006960
Notice: Using less secure serialization of reports and query parameters for
compatibility
Notice: with older puppet master. To remove this notice, please upgrade
your master(s)
Notice: to Puppet 3.3 or newer.
Notice: See http://links.puppetlabs.com/deprecate_yaml_on_network for more
information.
Getting status
status is success
webs.local.cloud finished with exit code 0
Finished