Foreman Remote Execution - Manual Setup

Problem:
Completed a manual install of remote execution following guidance of the documentation for 1.3.

Remote execution appeared to fail, but after recourse to the logs, it transpired that it was the notification callback which was failing and the focus landed on the dynflow config (/etc/smart_proxy_dynflow_core/settings.yml).

I guessed it was an issue relating to authenticating the https connection, but lacking details of the relevant paths, came to a dead end.

Solution:
In the end, I relented by backing up all my yaml configs, running the automated install, and then restoring them afterwards. Hey presto, everything suddenly worked!

I realised that my hunch was correct as I discovered the following lines inserted in the dynflow config file…

:ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem
:ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/mydomain.org.pem
:ssl_private_key: /etc/puppetlabs/puppet/ssl/private_keys/mydomain.org.pem

Is it worth noting this in a little more detail in the documentation where it mentions “This is done by properly configuring :core_url in /etc/foreman-proxy/settings.d/dynflow.yml and :foreman_url, :listen and :port keys in /etc/smart_proxy_dynflow_core/settings.yml.”

Might it also be worth highlighting the necessity to set the associated ssl parameters and what the potential values might be?

I actually did search for these under the foreman directories, but didn’t think to look under the puppet directories. Certainly a newbie mistake, but one pothole worth filling in for the newcomer?

Thanks again to everyone’s strong support of the Foreman - really excellent project!

Foreman and Proxy plugin versions:
Foreman 1.17
Remote Execution: 1.3

Thanks for bringing this to our attention @matthewgjohnson! Often times people who are familiar with the project don’t notice issues such as these as they are used to them, your input as a new user is super valuable.

Would you be willing to contribute a correction to the manual? It is all on github:

I would be happy to help, but I am not sure that I know enough yet to write sufficiently accurately. Perhaps in a few weeks once I gain a little more experience?

1 Like

We can’t force you :slight_smile:

That said, we do always review pull requests and discuss the changes with the authors, so any issues can be ironed out during that process - so the best way to learn may be to jump in! I’ve no idea if that makes you more or less comfortable though :stuck_out_tongue:

:slight_smile:

OK, I’ll submit a bunch of edits when I finish the deployment.

1 Like