Fresh install of foreman, on RHEL6.4.
Puppet 3, foreman 1.3.
[root@masterofpuppet PROD ~]# rpm -qa | egrep 'foreman|puppet'
foreman-1.3.0-1.el6.noarch
puppet-server-3.3.1-1.el6.noarch
foreman-installer-1.3.0-1.el6.noarch
foreman-ovirt-1.3.0-1.el6.noarch
foreman-selinux-1.3.0-1.el6.noarch
foreman-release-1.3.0-1.el6.noarch
puppet-3.3.1-1.el6.noarch
foreman-compute-1.3.0-1.el6.noarch
foreman-postgresql-1.3.0-1.el6.noarch
foreman-proxy-1.3.0-1.el6.noarch
rubygem-foreman_api-0.1.6-1.el6.noarch
Foreman is running my puppet ca locally, so it has a definition for
itself in the proxies.
I joined an agent to puppet, by configuring its master as the foreman
server, and then running puppet agent --test. This contacted foremans
puppetmaster, and got that step completed.
Normally, what i'd do next, is login to foreman's web ui, browse to
more->configuration->smart proxies, and approve the new agent by
clicking on Certificates next to my proxy (the local foreman-proxy).
I did this, and instead of showing me a list of certs waiting ot be
approved, I got a nice friendly pink error saying:
ActiveRecord::RecordNotFound
I checked some logs, and found the following in the foreman-proxy's
proxy.log.
==> /var/log/foreman-proxy/proxy.log <==
D, [2013-11-06T13:44:08.959516 #30477] DEBUG – : Found puppetca at
/usr/bin/puppet
D, [2013-11-06T13:44:08.959835 #30477] DEBUG – : Found sudo at
/usr/bin/sudo
D, [2013-11-06T13:44:08.959899 #30477] DEBUG – : Executing
/usr/bin/sudo -S /usr/bin/puppet cert --ssldir /var/lib/puppet/ssl
- –list --all
W, [2013-11-06T13:44:08.989254 #30477] WARN – : Failed to run puppetca:
E, [2013-11-06T13:44:08.989621 #30477] ERROR – : Failed to list
certificates: Execution of puppetca failed, check log files
This looks like the issue to me, but why is it happening? I tried the
listed command as root, /usr/bin/puppet cert --ssldir
/var/lib/puppet/ssl --list --all, and it returned a list of certs. I
was even able to manually approve the cert via the cli, and it shows
up in my hosts list, however, it still doesnt let me view the certs
via the web UI.
Is the failure in sudo? Is there another log I can check? Is there
deeper logging i can enable?
Thanks!