A very simple setup but i can't find what is wrong
I enabled DEBUG logging:
D, [2016-08-31T20:45:30.656249 #1955] DEBUG – : about to execute:
["/usr/bin/ssh", "-l", "root", "-i", "/etc/foreman-proxy/id_rsa",
"<HOSTNAME>", "/usr/bin/puppet agent --onetime --no-daemonize"]
W, [2016-08-31T20:45:30.664957 #1955] WARN – : Non-null exit code when
executing '["/usr/bin/ssh", "-l", "root", "-i",
"/etc/foreman-proxy/id_rsa", "<HOSTNAME>", "/usr/bin/puppet agent --onetime
–no-daemonize"]'
I know the return code is 255 (It doesn't even reach the server, it returns
an error which i can't find),I tried to capture the output but managed only
to capture the exitstatus so far.
I can run the command when switching to the foreman-proxy user on the
puppet master (where foreman-proxy for this puppet masters run also)
[root@<puppetmaster>:~]$ su - foreman-proxy -s /bin/bash
-bash-4.2$ /usr/bin/ssh -l root -i /etc/foreman-proxy/id_rsa <HOSTNAME>
/usr/bin/puppet agent --onetime --no-daemonize
-bash-4.2$ echo $?
0
I wouldn't be posting here if this simple test didn't work, but it works as
expected.
/etc/foreman-proxy/settings.d/puppet.yml
:puppet_provider: puppetssh
:puppetssh_command: /usr/bin/puppet agent --onetime --no-daemonize
:puppetssh_wait: 30
:puppetssh_user: root
:puppetssh_keyfile: /etc/foreman-proxy/id_rsa
$ cat /usr/share/foreman-proxy/.ssh/config
Host *
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
I was using an older version of Foreman (1.11.3) and to make sure i
upgraded to 1.12, made sure all settings remained the same (because of the
new puppet_proxy format).
This still happens, it doesn't even reach the host itself.
···
On Wednesday, August 31, 2016 at 11:53:51 PM UTC+3, Erez Zarum wrote:
>
> A very simple setup but i can't find what is wrong
>
> I enabled DEBUG logging:
>
> D, [2016-08-31T20:45:30.656249 #1955] DEBUG -- : about to execute:
> ["/usr/bin/ssh", "-l", "root", "-i", "/etc/foreman-proxy/id_rsa",
> "", "/usr/bin/puppet agent --onetime --no-daemonize"]
> W, [2016-08-31T20:45:30.664957 #1955] WARN -- : Non-null exit code when
> executing '["/usr/bin/ssh", "-l", "root", "-i",
> "/etc/foreman-proxy/id_rsa", "", "/usr/bin/puppet agent --onetime
> --no-daemonize"]'
>
> I know the return code is 255 (It doesn't even reach the server, it
> returns an error which i can't find),I tried to capture the output but
> managed only to capture the exitstatus so far.
>
> I can run the command when switching to the foreman-proxy user on the
> puppet master (where foreman-proxy for this puppet masters run also)
>
> [root@:~]$ su - foreman-proxy -s /bin/bash
> -bash-4.2$ /usr/bin/ssh -l root -i /etc/foreman-proxy/id_rsa
> /usr/bin/puppet agent --onetime --no-daemonize
> -bash-4.2$ echo $?
> 0
>
> I wouldn't be posting here if this simple test didn't work, but it works
> as expected.
>
>
> /etc/foreman-proxy/settings.d/puppet.yml
> :puppet_provider: puppetssh
> :puppetssh_command: /usr/bin/puppet agent --onetime --no-daemonize
> :puppetssh_wait: 30
> :puppetssh_user: root
> :puppetssh_keyfile: /etc/foreman-proxy/id_rsa
>
> $ cat /usr/share/foreman-proxy/.ssh/config
> Host *
> StrictHostKeyChecking no
> UserKnownHostsFile /dev/null
>
As i suspected, this is not a foreman bug, these i didn't open an issue 
I tried to debug it and noticed that for some reason it ignores my
/usr/share/foreman-proxy/.ssh/config file (even when it works under a
shell, i.e: it doesn't save the public keys into the hosts known file), so
it means it's something much more basic, all the servers are managed by IPA
and running SSSD, SSSD also changes the global ssh config file
(/etc/ssh/ssh_config) and it adds a ProxyCommand (to save known_hosts), as
a temporary workaround (until i will have time to debug it more and fix it
for good) i added "ProxyCommand none" in the foreman-proxy ssh config.
As the foreman-proxy user which runs the foreman proxy is not managed by
IPA (local user) i suspect the ProxyCommand fails there when not running
under a shell, I will try to resolve it later, but for now it's working
···
On Sunday, September 4, 2016 at 2:04:22 PM UTC+3, Erez Zarum wrote:
>
> I was using an older version of Foreman (1.11.3) and to make sure i
> upgraded to 1.12, made sure all settings remained the same (because of the
> new puppet_proxy format).
> This still happens, it doesn't even reach the host itself.
>
>
> On Wednesday, August 31, 2016 at 11:53:51 PM UTC+3, Erez Zarum wrote:
>>
>> A very simple setup but i can't find what is wrong
>>
>> I enabled DEBUG logging:
>>
>> D, [2016-08-31T20:45:30.656249 #1955] DEBUG -- : about to execute:
>> ["/usr/bin/ssh", "-l", "root", "-i", "/etc/foreman-proxy/id_rsa",
>> "", "/usr/bin/puppet agent --onetime --no-daemonize"]
>> W, [2016-08-31T20:45:30.664957 #1955] WARN -- : Non-null exit code when
>> executing '["/usr/bin/ssh", "-l", "root", "-i",
>> "/etc/foreman-proxy/id_rsa", "", "/usr/bin/puppet agent --onetime
>> --no-daemonize"]'
>>
>> I know the return code is 255 (It doesn't even reach the server, it
>> returns an error which i can't find),I tried to capture the output but
>> managed only to capture the exitstatus so far.
>>
>> I can run the command when switching to the foreman-proxy user on the
>> puppet master (where foreman-proxy for this puppet masters run also)
>>
>> [root@:~]$ su - foreman-proxy -s /bin/bash
>> -bash-4.2$ /usr/bin/ssh -l root -i /etc/foreman-proxy/id_rsa
>> /usr/bin/puppet agent --onetime --no-daemonize
>> -bash-4.2$ echo $?
>> 0
>>
>> I wouldn't be posting here if this simple test didn't work, but it works
>> as expected.
>>
>>
>> /etc/foreman-proxy/settings.d/puppet.yml
>> :puppet_provider: puppetssh
>> :puppetssh_command: /usr/bin/puppet agent --onetime --no-daemonize
>> :puppetssh_wait: 30
>> :puppetssh_user: root
>> :puppetssh_keyfile: /etc/foreman-proxy/id_rsa
>>
>> $ cat /usr/share/foreman-proxy/.ssh/config
>> Host *
>> StrictHostKeyChecking no
>> UserKnownHostsFile /dev/null
>>
>
