Foreman Remote Execution Fail

Problem: Remote Execution Fails while running command for CentOS 8 Client

Expected outcome:
Error:
Failed to initialize: Foreman::Exception - ERF42-5087 [Foreman::Exception]: ERF42-7327 [Foreman::Exception]: The snippet ‘remote_execution_ssh_keys’ threw an error: undefined method `full_path’ for nil:NilClass

Expected outcome
Remote command should be run successfully

Foreman and Proxy versions:
Foreman is on 2.0.2

Foreman and Proxy plugin versions:
smart proxy dynflow is on 0.2.4-2

Distribution and version:

Other relevant data:

below is the outup of job which failed.
Failed to initialize: Foreman::Exception - ERF42-5087 [Foreman::Exception]: ERF42-7327 [Foreman::Exception]: The snippet ‘remote_execution_ssh_keys’ threw an error: undefined method `full_path’ for nil:NilClass

Hi,
what job were you trying to run? Could you post a full stack trace from that error? It should be in /var/log/foreman/production.log.

Hi,

Found issue with SELinux on Client which was enable and getting error. Not sure what policy I have to apply on client if SELinux is enable.

Also after disabling SELinux on Client I am getting “Error initializing command: Net::SSH::AuthenticationFailed - Authentication failed for user @”

Full stack logs attached here.

Thanks in advance.Job_logs.log (1.2 KB)

Is it the right file? It looks like sssd (or something) config, not our logs.

Could you also post the SELinux denials you were getting on the client?

Sorry, reattaching correct log filesJob_logs.log (37.0 KB)

This are the latest logs which i pull after disabling SELinux on Client.

Do I understand it correctly you are no longer hitting the original error but are running into authentication errors instead now?

Yes, after disabling SELinux i am running into Authentication error now.

Hello, I would really appreciate if someone can help me out with the issue i have reported.

Apparently foreman tries to connect to the target machine and is not let in. Have you deployed public keys as instructed by the manual?

Yes, i did that. I cross check the key as well which looks good.

Check /var/log/secure on the client. It should show the reason if the connection is rejected.

On foreman UI i am getting “Error initializing command: Net::SSH::AuthenticationFailed - Authentication failed for user root@xx.xx.xx.xx”

and on Client /var/log/secure says “sshd[176261]: Connection closed by (Foreman server ip) port 41648 [preauth]”

One thing i found is “dynflow.service not found” not sure if this is something i should be worried about

Sounds like either your server doesn’t uses a ssh key or your client doesn’t have the public key in the authorized_keys file.

Check the remote execution plugin manual https://www.theforeman.org/plugins/foreman_remote_execution/1.7/index.html#ManualInstallation to locate where your server looks for the private key and then try to use that to log in to the client with ssh -v -i privkey … and verify it’s working…

Thanks for the inputs, Yes, while doing ssh from foreman server its prompting me for password.
Forgot to update on thing, we use SSSD/RSA for authentication on client machine and PAM file is modified so that it can work with SSSD & RSA. Do you think this could be an issue?

I can’t tell if you don’t post any output.

ssh -v tells you want the clients tries. Post the command you use and the output.

Did you disable SSH root logins in sshd_config? REX can use a different user and sudo if needed but as you can see it defaults to root.

No, root login is enabled. is there a way i can use different user without Authorization key (i can go with password)