When I run puppetrun from the web ui I get an error stating to check
logs. Other processes are working through the smart-proxy, but not
puppetrun. I don't see any errors in the foreman-proxy logs with
logging set to debug. I can use curl -d 'nodes=<client>'
http://<master>:8443/puppet/run and puppetrun is executed
successfully. Somewhere I'm missing correlation in the foreman
settings that says to use a smart-proxy for puppetrun. I point in the
right direction would be great. I've looked through documention, but
I know I missing something stupid.
Packages:
Package foreman-0.4.2-0.1.noarch already installed and latest version
Package foreman-proxy-0.3.1-0.1.noarch already installed and latest
version
Package puppet-2.7.12-1.el6.noarch already installed and latest
version
Package puppet-server-2.7.12-1.el6.noarch already installed and latest
version
[root@puppet ~]# ls -l /usr/lib/ruby/gems/1.8/gems/
total 172
drwxr-xr-x. 4 root root 4096 Apr 2 17:13 abstract-1.0.0
drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionmailer-3.0.10
drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionpack-3.0.10
drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activemodel-3.0.10
drwxr-xr-x. 4 root root 4096 Apr 2 17:36 activerecord-3.0.10
drwxr-xr-x. 4 root root 4096 Apr 2 17:13 activeresource-3.0.10
drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activesupport-3.0.10
drwxr-xr-x. 4 root root 4096 Apr 2 17:13 arel-2.0.10
drwxr-xr-x. 6 root root 4096 Apr 2 17:13 builder-2.1.2
drwxr-xr-x. 6 root root 4096 Apr 2 17:13 bundler-1.1.3
drwxr-xr-x. 4 root root 4096 Apr 2 17:10 daemon_controller-1.0.0
drwxr-xr-x. 10 root root 4096 Apr 2 17:13 erubis-2.6.6
drwxr-xr-x. 7 root root 4096 Apr 2 17:04 facter-1.6.7
drwxr-xr-x. 5 root root 4096 Apr 2 17:10 fastthread-1.0.7
drwxr-xr-x. 7 root root 4096 Apr 2 17:11 ffi-1.0.11
drwxr-xr-x. 5 root root 4096 Apr 2 17:13 i18n-0.5.0
drwxr-xr-x. 5 root root 4096 Apr 2 17:24 json-1.4.6
drwxr-xr-x. 3 root root 4096 Apr 2 17:13 mail-2.2.19
drwxr-xr-x. 3 root root 4096 Apr 2 17:03 mime-types-1.16
drwxr-xr-x. 7 root root 4096 Apr 2 17:33 mysql-2.8.1
drwxr-xr-x. 7 root root 4096 Apr 2 17:07 net-ldap-0.2.2
drwxr-xr-x 6 root root 4096 Apr 3 22:06 net-ping-1.3.7
drwxr-xr-x. 6 root root 4096 Apr 2 17:33 net-ping-1.5.3
drwxr-xr-x. 14 root root 4096 Apr 2 17:39 passenger-3.0.11
drwxr-xr-x. 3 root root 4096 Apr 2 17:13 polyglot-0.3.3
drwxr-xr-x 7 root root 4096 Apr 3 22:06 rack-1.1.0
drwxr-xr-x. 7 root root 4096 Apr 2 17:13 rack-1.2.5
drwxr-xr-x. 7 root root 4096 Apr 2 17:33 rack-1.4.1
drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rack-mount-0.6.14
drwxr-xr-x 4 root root 4096 Apr 3 22:06 rack-test-0.5.4
drwxr-xr-x. 4 root root 4096 Apr 2 17:13 rack-test-0.5.7
drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rails-3.0.10
drwxr-xr-x. 4 root root 4096 Apr 2 17:13 railties-3.0.10
drwxr-xr-x 6 root root 4096 Apr 3 17:03 rake-0.8.7
drwxr-xr-x. 6 root root 4096 Apr 2 17:04 rake-0.9.2.2
drwxr-xr-x. 5 root root 4096 Apr 2 17:13 rdoc-3.12
drwxr-xr-x. 5 root root 4096 Apr 2 17:03 rest-client-1.6.1
drwxr-xr-x 4 root root 4096 Apr 3 22:06 sinatra-1.0
drwxr-xr-x 5 root root 4096 Apr 3 17:03 sqlite3-ruby-1.2.4
drwxr-xr-x. 4 root root 4096 Apr 2 17:20 stomp-1.1.8
drwxr-xr-x. 5 root root 4096 Apr 2 17:13 thor-0.14.6
drwxr-xr-x. 7 root root 4096 Apr 2 17:13 treetop-1.4.10
drwxr-xr-x. 4 root root 4096 Apr 2 17:13 tzinfo-0.3.32
[root@puppet ~]# cat /etc/foreman/settings.yaml
···
---
:modulepath: /etc/puppet/modules/
:tftppath: tftp/
:ldap: false
:puppet_server: puppet.XXX
:unattended: true
:puppet_interval: 30
:document_root: /usr/share/foreman/public
:administrator: puppet@XXX
:foreman_url: puppet.XXX
[root@puppet ~]# cat /etc/foreman/settings.yaml
:modulepath: /etc/puppet/modules/
:tftppath: tftp/
:ldap: false
:puppet_server: puppet.int.mediture.com
:unattended: true
:puppet_interval: 30
:document_root: /usr/share/foreman/public
:administrator: puppet@puppet.int.mediture.com
:foreman_url: puppet.int.mediture.com
[root@puppet ~]# cat /etc/foreman-proxy/settings.yaml
cat: /etc/foreman-proxy/settings.yaml: No such file or directory
[root@puppet ~]# cat /etc/foreman
foreman/ foreman-proxy/
[root@puppet ~]# cat /etc/foreman/
database.yml email.yaml settings.yaml
[root@puppet ~]# cat /etc/foreman-proxy/settings.yml
SSL Setup
if enabled, all communication would be verfied via SSL
NOTE that both certificates need to be signed by the same CA in
order for this to work
information
#:ssl_certificate: /var/lib/puppet/ssl/certs/
puppet.int.mediture.com.pem
#:ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem
#:ssl_private_key: /var/lib/puppet/ssl/private_keys/
puppet.int.mediture.com.pem
the hosts which the proxy accepts connections from
commenting the following lines would mean every verified SSL
connection allowed
#:trusted_hosts:
#- foreman.prod.domain
#- foreman.dev.domain
enable the daemon to run in the background
:daemon: true
:daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
port used by the proxy
:port: 8443
Enable TFTP management
:tftp: false
#:tftproot: /var/lib/tftpboot
Defines the TFTP Servername to use, overrides the name in the subnet
declaration
#:tftp_servername: tftp.domain.com
Enable DNS management
:dns: false
#:dns_key: /etc/rndc.key
use this setting if you are managing a dns server which is not
localhost though this proxy
#:dns_server: dns.domain.com
Enable DHCP management
:dhcp: false
The vendor can be either isc or native_ms
:dhcp_vendor: isc
dhcp_subnets is a Native MS implementation setting. It restricts the
subnets queried to a
subset, so as to reduce the query time.
#:dhcp_subnets: [192.168.205.0/255.255.255.128,
192.168.205.128/255.255.255.128]
Settings for Ubuntu ISC
#:dhcp_config: /etc/dhcp3/dhcpd.conf
#:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
Settings for Redhat ISC
#:dhcp_config: /etc/dhcpd.conf
#:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
#:dhcp_key_name: secret_key_name
#:dhcp_key_secret: secret_key
enable PuppetCA management
:puppetca: true
enable Puppet management
:puppet: true
Where our proxy log files are stored
filename or STDOUT
:log_file: /var/log/foreman-proxy/proxy.log
valid options are
WARN, DEBUG, Error, Fatal, INFO, UNKNOWN
:log_level: DEBUG
Are your hosts/hostgroups configured to use your smart proxy as a 'Puppet
Master Proxy'? You can check by browsing to a host and then editing said
host, this option will be on the 'primary' tab.
···
On Wednesday, April 4, 2012 10:57:16 AM UTC-5, Arthur Ramsey wrote:
>
> When I run puppetrun from the web ui I get an error stating to check
> logs. Other processes are working through the smart-proxy, but not
> puppetrun. I don't see any errors in the foreman-proxy logs with
> logging set to debug. I can use curl -d 'nodes='
> http://:8443/puppet/run and puppetrun is executed
> successfully. Somewhere I'm missing correlation in the foreman
> settings that says to use a smart-proxy for puppetrun. I point in the
> right direction would be great. I've looked through documention, but
> I know I missing something stupid.
>
> Packages:
> Package foreman-0.4.2-0.1.noarch already installed and latest version
> Package foreman-proxy-0.3.1-0.1.noarch already installed and latest
> version
> Package puppet-2.7.12-1.el6.noarch already installed and latest
> version
> Package puppet-server-2.7.12-1.el6.noarch already installed and latest
> version
>
> [root@puppet ~]# ls -l /usr/lib/ruby/gems/1.8/gems/
> total 172
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 abstract-1.0.0
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionmailer-3.0.10
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionpack-3.0.10
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activemodel-3.0.10
> drwxr-xr-x. 4 root root 4096 Apr 2 17:36 activerecord-3.0.10
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 activeresource-3.0.10
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activesupport-3.0.10
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 arel-2.0.10
> drwxr-xr-x. 6 root root 4096 Apr 2 17:13 builder-2.1.2
> drwxr-xr-x. 6 root root 4096 Apr 2 17:13 bundler-1.1.3
> drwxr-xr-x. 4 root root 4096 Apr 2 17:10 daemon_controller-1.0.0
> drwxr-xr-x. 10 root root 4096 Apr 2 17:13 erubis-2.6.6
> drwxr-xr-x. 7 root root 4096 Apr 2 17:04 facter-1.6.7
> drwxr-xr-x. 5 root root 4096 Apr 2 17:10 fastthread-1.0.7
> drwxr-xr-x. 7 root root 4096 Apr 2 17:11 ffi-1.0.11
> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 i18n-0.5.0
> drwxr-xr-x. 5 root root 4096 Apr 2 17:24 json-1.4.6
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 mail-2.2.19
> drwxr-xr-x. 3 root root 4096 Apr 2 17:03 mime-types-1.16
> drwxr-xr-x. 7 root root 4096 Apr 2 17:33 mysql-2.8.1
> drwxr-xr-x. 7 root root 4096 Apr 2 17:07 net-ldap-0.2.2
> drwxr-xr-x 6 root root 4096 Apr 3 22:06 net-ping-1.3.7
> drwxr-xr-x. 6 root root 4096 Apr 2 17:33 net-ping-1.5.3
> drwxr-xr-x. 14 root root 4096 Apr 2 17:39 passenger-3.0.11
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 polyglot-0.3.3
> drwxr-xr-x 7 root root 4096 Apr 3 22:06 rack-1.1.0
> drwxr-xr-x. 7 root root 4096 Apr 2 17:13 rack-1.2.5
> drwxr-xr-x. 7 root root 4096 Apr 2 17:33 rack-1.4.1
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rack-mount-0.6.14
> drwxr-xr-x 4 root root 4096 Apr 3 22:06 rack-test-0.5.4
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 rack-test-0.5.7
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rails-3.0.10
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 railties-3.0.10
> drwxr-xr-x 6 root root 4096 Apr 3 17:03 rake-0.8.7
> drwxr-xr-x. 6 root root 4096 Apr 2 17:04 rake-0.9.2.2
> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 rdoc-3.12
> drwxr-xr-x. 5 root root 4096 Apr 2 17:03 rest-client-1.6.1
> drwxr-xr-x 4 root root 4096 Apr 3 22:06 sinatra-1.0
> drwxr-xr-x 5 root root 4096 Apr 3 17:03 sqlite3-ruby-1.2.4
> drwxr-xr-x. 4 root root 4096 Apr 2 17:20 stomp-1.1.8
> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 thor-0.14.6
> drwxr-xr-x. 7 root root 4096 Apr 2 17:13 treetop-1.4.10
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 tzinfo-0.3.32
>
> [root@puppet ~]# cat /etc/foreman/settings.yaml
> ---
> :modulepath: /etc/puppet/modules/
> :tftppath: tftp/
> :ldap: false
> :puppet_server: puppet.XXX
> :unattended: true
> :puppet_interval: 30
> :document_root: /usr/share/foreman/public
> :administrator: puppet@XXX
> :foreman_url: puppet.XXX
>
> [root@puppet ~]# cat /etc/foreman/settings.yaml
> ---
> :modulepath: /etc/puppet/modules/
> :tftppath: tftp/
> :ldap: false
> :puppet_server: puppet.int.mediture.com
> :unattended: true
> :puppet_interval: 30
> :document_root: /usr/share/foreman/public
> :administrator: puppet@puppet.int.mediture.com
> :foreman_url: puppet.int.mediture.com
> [root@puppet ~]# cat /etc/foreman-proxy/settings.yaml
> cat: /etc/foreman-proxy/settings.yaml: No such file or directory
> [root@puppet ~]# cat /etc/foreman
> foreman/ foreman-proxy/
> [root@puppet ~]# cat /etc/foreman/
> database.yml email.yaml settings.yaml
> [root@puppet ~]# cat /etc/foreman-proxy/settings.yml
> ---
> # SSL Setup
>
> # if enabled, all communication would be verfied via SSL
> # NOTE that both certificates need to be signed by the same CA in
> order for this to work
> # see http://theforeman.org/projects/smart-proxy/wiki/SSL for more
> information
> #:ssl_certificate: /var/lib/puppet/ssl/certs/
> puppet.int.mediture.com.pem
> #:ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem
> #:ssl_private_key: /var/lib/puppet/ssl/private_keys/
> puppet.int.mediture.com.pem
> # the hosts which the proxy accepts connections from
> # commenting the following lines would mean every verified SSL
> connection allowed
> #:trusted_hosts:
> #- foreman.prod.domain
> #- foreman.dev.domain
>
> # enable the daemon to run in the background
> :daemon: true
> :daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
>
> # port used by the proxy
> :port: 8443
>
> # Enable TFTP management
> :tftp: false
> #:tftproot: /var/lib/tftpboot
> # Defines the TFTP Servername to use, overrides the name in the subnet
> declaration
> #:tftp_servername: tftp.domain.com
>
> # Enable DNS management
> :dns: false
> #:dns_key: /etc/rndc.key
> # use this setting if you are managing a dns server which is not
> localhost though this proxy
> #:dns_server: dns.domain.com
>
> # Enable DHCP management
> :dhcp: false
> # The vendor can be either isc or native_ms
> :dhcp_vendor: isc
> # dhcp_subnets is a Native MS implementation setting. It restricts the
> subnets queried to a
> # subset, so as to reduce the query time.
> #:dhcp_subnets: [192.168.205.0/255.255.255.128,
> 192.168.205.128/255.255.255.128]
> # Settings for Ubuntu ISC
> #:dhcp_config: /etc/dhcp3/dhcpd.conf
> #:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
> # Settings for Redhat ISC
> #:dhcp_config: /etc/dhcpd.conf
> #:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
> #:dhcp_key_name: secret_key_name
> #:dhcp_key_secret: secret_key
>
> # enable PuppetCA management
> :puppetca: true
>
> # enable Puppet management
> :puppet: true
>
> # Where our proxy log files are stored
> # filename or STDOUT
> :log_file: /var/log/foreman-proxy/proxy.log
> # valid options are
> # WARN, DEBUG, Error, Fatal, INFO, UNKNOWN
> :log_level: DEBUG
Using the proxy for puppet run was added only in 0.5 (current git
develop branch).
0.5 in general, would require a puppet proxy to operate, and would not
use any puppet commands directly via foreman (puppetca, puppetrun and
any manifest importing).
Ohad
···
On Wed, Apr 4, 2012 at 6:57 PM, Arthur Ramsey wrote:
> When I run puppetrun from the web ui I get an error stating to check
> logs. Other processes are working through the smart-proxy, but not
> puppetrun. I don't see any errors in the foreman-proxy logs with
> logging set to debug. I can use curl -d 'nodes='
> http://:8443/puppet/run and puppetrun is executed
> successfully. Somewhere I'm missing correlation in the foreman
> settings that says to use a smart-proxy for puppetrun. I point in the
> right direction would be great. I've looked through documention, but
> I know I missing something stupid.
>
> Packages:
> Package foreman-0.4.2-0.1.noarch already installed and latest version
> Package foreman-proxy-0.3.1-0.1.noarch already installed and latest
> version
> Package puppet-2.7.12-1.el6.noarch already installed and latest
> version
> Package puppet-server-2.7.12-1.el6.noarch already installed and latest
> version
>
> [root@puppet ~]# ls -l /usr/lib/ruby/gems/1.8/gems/
> total 172
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 abstract-1.0.0
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionmailer-3.0.10
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionpack-3.0.10
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activemodel-3.0.10
> drwxr-xr-x. 4 root root 4096 Apr 2 17:36 activerecord-3.0.10
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 activeresource-3.0.10
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activesupport-3.0.10
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 arel-2.0.10
> drwxr-xr-x. 6 root root 4096 Apr 2 17:13 builder-2.1.2
> drwxr-xr-x. 6 root root 4096 Apr 2 17:13 bundler-1.1.3
> drwxr-xr-x. 4 root root 4096 Apr 2 17:10 daemon_controller-1.0.0
> drwxr-xr-x. 10 root root 4096 Apr 2 17:13 erubis-2.6.6
> drwxr-xr-x. 7 root root 4096 Apr 2 17:04 facter-1.6.7
> drwxr-xr-x. 5 root root 4096 Apr 2 17:10 fastthread-1.0.7
> drwxr-xr-x. 7 root root 4096 Apr 2 17:11 ffi-1.0.11
> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 i18n-0.5.0
> drwxr-xr-x. 5 root root 4096 Apr 2 17:24 json-1.4.6
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 mail-2.2.19
> drwxr-xr-x. 3 root root 4096 Apr 2 17:03 mime-types-1.16
> drwxr-xr-x. 7 root root 4096 Apr 2 17:33 mysql-2.8.1
> drwxr-xr-x. 7 root root 4096 Apr 2 17:07 net-ldap-0.2.2
> drwxr-xr-x 6 root root 4096 Apr 3 22:06 net-ping-1.3.7
> drwxr-xr-x. 6 root root 4096 Apr 2 17:33 net-ping-1.5.3
> drwxr-xr-x. 14 root root 4096 Apr 2 17:39 passenger-3.0.11
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 polyglot-0.3.3
> drwxr-xr-x 7 root root 4096 Apr 3 22:06 rack-1.1.0
> drwxr-xr-x. 7 root root 4096 Apr 2 17:13 rack-1.2.5
> drwxr-xr-x. 7 root root 4096 Apr 2 17:33 rack-1.4.1
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rack-mount-0.6.14
> drwxr-xr-x 4 root root 4096 Apr 3 22:06 rack-test-0.5.4
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 rack-test-0.5.7
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rails-3.0.10
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 railties-3.0.10
> drwxr-xr-x 6 root root 4096 Apr 3 17:03 rake-0.8.7
> drwxr-xr-x. 6 root root 4096 Apr 2 17:04 rake-0.9.2.2
> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 rdoc-3.12
> drwxr-xr-x. 5 root root 4096 Apr 2 17:03 rest-client-1.6.1
> drwxr-xr-x 4 root root 4096 Apr 3 22:06 sinatra-1.0
> drwxr-xr-x 5 root root 4096 Apr 3 17:03 sqlite3-ruby-1.2.4
> drwxr-xr-x. 4 root root 4096 Apr 2 17:20 stomp-1.1.8
> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 thor-0.14.6
> drwxr-xr-x. 7 root root 4096 Apr 2 17:13 treetop-1.4.10
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 tzinfo-0.3.32
>
> [root@puppet ~]# cat /etc/foreman/settings.yaml
> ---
> :modulepath: /etc/puppet/modules/
> :tftppath: tftp/
> :ldap: false
> :puppet_server: puppet.XXX
> :unattended: true
> :puppet_interval: 30
> :document_root: /usr/share/foreman/public
> :administrator: puppet@XXX
> :foreman_url: puppet.XXX
>
> [root@puppet ~]# cat /etc/foreman/settings.yaml
> ---
> :modulepath: /etc/puppet/modules/
> :tftppath: tftp/
> :ldap: false
> :puppet_server: puppet.int.mediture.com
> :unattended: true
> :puppet_interval: 30
> :document_root: /usr/share/foreman/public
> :administrator: puppet@puppet.int.mediture.com
> :foreman_url: puppet.int.mediture.com
> [root@puppet ~]# cat /etc/foreman-proxy/settings.yaml
> cat: /etc/foreman-proxy/settings.yaml: No such file or directory
> [root@puppet ~]# cat /etc/foreman
> foreman/ foreman-proxy/
> [root@puppet ~]# cat /etc/foreman/
> database.yml email.yaml settings.yaml
> [root@puppet ~]# cat /etc/foreman-proxy/settings.yml
> ---
> # SSL Setup
>
> # if enabled, all communication would be verfied via SSL
> # NOTE that both certificates need to be signed by the same CA in
> order for this to work
> # see http://theforeman.org/projects/smart-proxy/wiki/SSL for more
> information
> #:ssl_certificate: /var/lib/puppet/ssl/certs/
> puppet.int.mediture.com.pem
> #:ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem
> #:ssl_private_key: /var/lib/puppet/ssl/private_keys/
> puppet.int.mediture.com.pem
> # the hosts which the proxy accepts connections from
> # commenting the following lines would mean every verified SSL
> connection allowed
> #:trusted_hosts:
> #- foreman.prod.domain
> #- foreman.dev.domain
>
> # enable the daemon to run in the background
> :daemon: true
> :daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
>
> # port used by the proxy
> :port: 8443
>
> # Enable TFTP management
> :tftp: false
> #:tftproot: /var/lib/tftpboot
> # Defines the TFTP Servername to use, overrides the name in the subnet
> declaration
> #:tftp_servername: tftp.domain.com
>
> # Enable DNS management
> :dns: false
> #:dns_key: /etc/rndc.key
> # use this setting if you are managing a dns server which is not
> localhost though this proxy
> #:dns_server: dns.domain.com
>
> # Enable DHCP management
> :dhcp: false
> # The vendor can be either isc or native_ms
> :dhcp_vendor: isc
> # dhcp_subnets is a Native MS implementation setting. It restricts the
> subnets queried to a
> # subset, so as to reduce the query time.
> #:dhcp_subnets: [192.168.205.0/255.255.255.128,
> 192.168.205.128/255.255.255.128]
> # Settings for Ubuntu ISC
> #:dhcp_config: /etc/dhcp3/dhcpd.conf
> #:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
> # Settings for Redhat ISC
> #:dhcp_config: /etc/dhcpd.conf
> #:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
> #:dhcp_key_name: secret_key_name
> #:dhcp_key_secret: secret_key
>
> # enable PuppetCA management
> :puppetca: true
>
> # enable Puppet management
> :puppet: true
>
> # Where our proxy log files are stored
> # filename or STDOUT
> :log_file: /var/log/foreman-proxy/proxy.log
> # valid options are
> # WARN, DEBUG, Error, Fatal, INFO, UNKNOWN
> :log_level: DEBUG
Yes, the hostgroup and host are both configured to use my smart proxy as
the 'Puppet Master Proxy'.
···
On 04/04/2012 01:45 PM, Luke Baker wrote:
> Are your hosts/hostgroups configured to use your smart proxy as a
> 'Puppet Master Proxy'? You can check by browsing to a host and then
> editing said host, this option will be on the 'primary' tab.
>
> On Wednesday, April 4, 2012 10:57:16 AM UTC-5, Arthur Ramsey wrote:
>
> When I run puppetrun from the web ui I get an error stating to check
> logs. Other processes are working through the smart-proxy, but not
> puppetrun. I don't see any errors in the foreman-proxy logs with
> logging set to debug. I can use curl -d 'nodes='
> http://:8443/puppet/run and puppetrun is executed
> successfully. Somewhere I'm missing correlation in the foreman
> settings that says to use a smart-proxy for puppetrun. I point in
> the
> right direction would be great. I've looked through documention, but
> I know I missing something stupid.
>
> Packages:
> Package foreman-0.4.2-0.1.noarch already installed and latest version
> Package foreman-proxy-0.3.1-0.1.noarch already installed and latest
> version
> Package puppet-2.7.12-1.el6.noarch already installed and latest
> version
> Package puppet-server-2.7.12-1.el6.noarch already installed and
> latest
> version
>
> [root@puppet ~]# ls -l /usr/lib/ruby/gems/1.8/gems/
> total 172
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 abstract-1.0.0
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionmailer-3.0.10
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionpack-3.0.10
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activemodel-3.0.10
> drwxr-xr-x. 4 root root 4096 Apr 2 17:36 activerecord-3.0.10
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 activeresource-3.0.10
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activesupport-3.0.10
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 arel-2.0.10
> drwxr-xr-x. 6 root root 4096 Apr 2 17:13 builder-2.1.2
> drwxr-xr-x. 6 root root 4096 Apr 2 17:13 bundler-1.1.3
> drwxr-xr-x. 4 root root 4096 Apr 2 17:10 daemon_controller-1.0.0
> drwxr-xr-x. 10 root root 4096 Apr 2 17:13 erubis-2.6.6
> drwxr-xr-x. 7 root root 4096 Apr 2 17:04 facter-1.6.7
> drwxr-xr-x. 5 root root 4096 Apr 2 17:10 fastthread-1.0.7
> drwxr-xr-x. 7 root root 4096 Apr 2 17:11 ffi-1.0.11
> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 i18n-0.5.0
> drwxr-xr-x. 5 root root 4096 Apr 2 17:24 json-1.4.6
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 mail-2.2.19
> drwxr-xr-x. 3 root root 4096 Apr 2 17:03 mime-types-1.16
> drwxr-xr-x. 7 root root 4096 Apr 2 17:33 mysql-2.8.1
> drwxr-xr-x. 7 root root 4096 Apr 2 17:07 net-ldap-0.2.2
> drwxr-xr-x 6 root root 4096 Apr 3 22:06 net-ping-1.3.7
> drwxr-xr-x. 6 root root 4096 Apr 2 17:33 net-ping-1.5.3
> drwxr-xr-x. 14 root root 4096 Apr 2 17:39 passenger-3.0.11
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 polyglot-0.3.3
> drwxr-xr-x 7 root root 4096 Apr 3 22:06 rack-1.1.0
> drwxr-xr-x. 7 root root 4096 Apr 2 17:13 rack-1.2.5
> drwxr-xr-x. 7 root root 4096 Apr 2 17:33 rack-1.4.1
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rack-mount-0.6.14
> drwxr-xr-x 4 root root 4096 Apr 3 22:06 rack-test-0.5.4
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 rack-test-0.5.7
> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rails-3.0.10
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 railties-3.0.10
> drwxr-xr-x 6 root root 4096 Apr 3 17:03 rake-0.8.7
> drwxr-xr-x. 6 root root 4096 Apr 2 17:04 rake-0.9.2.2
> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 rdoc-3.12
> drwxr-xr-x. 5 root root 4096 Apr 2 17:03 rest-client-1.6.1
> drwxr-xr-x 4 root root 4096 Apr 3 22:06 sinatra-1.0
> drwxr-xr-x 5 root root 4096 Apr 3 17:03 sqlite3-ruby-1.2.4
> drwxr-xr-x. 4 root root 4096 Apr 2 17:20 stomp-1.1.8
> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 thor-0.14.6
> drwxr-xr-x. 7 root root 4096 Apr 2 17:13 treetop-1.4.10
> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 tzinfo-0.3.32
>
> [root@puppet ~]# cat /etc/foreman/settings.yaml
> ---
> :modulepath: /etc/puppet/modules/
> :tftppath: tftp/
> :ldap: false
> :puppet_server: puppet.XXX
> :unattended: true
> :puppet_interval: 30
> :document_root: /usr/share/foreman/public
> :administrator: puppet@XXX
> :foreman_url: puppet.XXX
>
> [root@puppet ~]# cat /etc/foreman/settings.yaml
> ---
> :modulepath: /etc/puppet/modules/
> :tftppath: tftp/
> :ldap: false
> :puppet_server: puppet.int.mediture.com
>
> :unattended: true
> :puppet_interval: 30
> :document_root: /usr/share/foreman/public
> :administrator: puppet@puppet.int.mediture.com
>
> :foreman_url: puppet.int.mediture.com
>
> [root@puppet ~]# cat /etc/foreman-proxy/settings.yaml
> cat: /etc/foreman-proxy/settings.yaml: No such file or directory
> [root@puppet ~]# cat /etc/foreman
> foreman/ foreman-proxy/
> [root@puppet ~]# cat /etc/foreman/
> database.yml email.yaml settings.yaml
> [root@puppet ~]# cat /etc/foreman-proxy/settings.yml
> ---
> # SSL Setup
>
> # if enabled, all communication would be verfied via SSL
> # NOTE that both certificates need to be signed by the same CA in
> order for this to work
> # see http://theforeman.org/projects/smart-proxy/wiki/SSL
> for more
> information
> #:ssl_certificate: /var/lib/puppet/ssl/certs/
> puppet.int.mediture.com.pem
> #:ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem
> #:ssl_private_key: /var/lib/puppet/ssl/private_keys/
> puppet.int.mediture.com.pem
> # the hosts which the proxy accepts connections from
> # commenting the following lines would mean every verified SSL
> connection allowed
> #:trusted_hosts:
> #- foreman.prod.domain
> #- foreman.dev.domain
>
> # enable the daemon to run in the background
> :daemon: true
> :daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
>
> # port used by the proxy
> :port: 8443
>
> # Enable TFTP management
> :tftp: false
> #:tftproot: /var/lib/tftpboot
> # Defines the TFTP Servername to use, overrides the name in the
> subnet
> declaration
> #:tftp_servername: tftp.domain.com
>
> # Enable DNS management
> :dns: false
> #:dns_key: /etc/rndc.key
> # use this setting if you are managing a dns server which is not
> localhost though this proxy
> #:dns_server: dns.domain.com
>
> # Enable DHCP management
> :dhcp: false
> # The vendor can be either isc or native_ms
> :dhcp_vendor: isc
> # dhcp_subnets is a Native MS implementation setting. It restricts
> the
> subnets queried to a
> # subset, so as to reduce the query time.
> #:dhcp_subnets: [192.168.205.0/255.255.255.128
> ,
> 192.168.205.128/255.255.255.128
> ]
> # Settings for Ubuntu ISC
> #:dhcp_config: /etc/dhcp3/dhcpd.conf
> #:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
> # Settings for Redhat ISC
> #:dhcp_config: /etc/dhcpd.conf
> #:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
> #:dhcp_key_name: secret_key_name
> #:dhcp_key_secret: secret_key
>
> # enable PuppetCA management
> :puppetca: true
>
> # enable Puppet management
> :puppet: true
>
> # Where our proxy log files are stored
> # filename or STDOUT
> :log_file: /var/log/foreman-proxy/proxy.log
> # valid options are
> # WARN, DEBUG, Error, Fatal, INFO, UNKNOWN
> :log_level: DEBUG
>
> --
> You received this message because you are subscribed to the Google
> Groups "Foreman users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/foreman-users/-/_RhY3iZ0mNAJ.
> To post to this group, send email to foreman-users@googlegroups.com.
> To unsubscribe from this group, send email to
> foreman-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/foreman-users?hl=en.
Ok, where should I be looking for logs to debug puppetrun? I don't see
anything in my production.log. I'll look at building from git.
···
On 04/04/2012 01:48 PM, Ohad Levy wrote:
> On Wed, Apr 4, 2012 at 6:57 PM, Arthur Ramsey wrote:
>> When I run puppetrun from the web ui I get an error stating to check
>> logs. Other processes are working through the smart-proxy, but not
>> puppetrun. I don't see any errors in the foreman-proxy logs with
>> logging set to debug. I can use curl -d 'nodes='
>> http://:8443/puppet/run and puppetrun is executed
>> successfully. Somewhere I'm missing correlation in the foreman
>> settings that says to use a smart-proxy for puppetrun. I point in the
>> right direction would be great. I've looked through documention, but
>> I know I missing something stupid.
>>
>> Packages:
>> Package foreman-0.4.2-0.1.noarch already installed and latest version
>> Package foreman-proxy-0.3.1-0.1.noarch already installed and latest
>> version
>> Package puppet-2.7.12-1.el6.noarch already installed and latest
>> version
>> Package puppet-server-2.7.12-1.el6.noarch already installed and latest
>> version
>>
>> [root@puppet ~]# ls -l /usr/lib/ruby/gems/1.8/gems/
>> total 172
>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 abstract-1.0.0
>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionmailer-3.0.10
>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionpack-3.0.10
>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activemodel-3.0.10
>> drwxr-xr-x. 4 root root 4096 Apr 2 17:36 activerecord-3.0.10
>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 activeresource-3.0.10
>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activesupport-3.0.10
>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 arel-2.0.10
>> drwxr-xr-x. 6 root root 4096 Apr 2 17:13 builder-2.1.2
>> drwxr-xr-x. 6 root root 4096 Apr 2 17:13 bundler-1.1.3
>> drwxr-xr-x. 4 root root 4096 Apr 2 17:10 daemon_controller-1.0.0
>> drwxr-xr-x. 10 root root 4096 Apr 2 17:13 erubis-2.6.6
>> drwxr-xr-x. 7 root root 4096 Apr 2 17:04 facter-1.6.7
>> drwxr-xr-x. 5 root root 4096 Apr 2 17:10 fastthread-1.0.7
>> drwxr-xr-x. 7 root root 4096 Apr 2 17:11 ffi-1.0.11
>> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 i18n-0.5.0
>> drwxr-xr-x. 5 root root 4096 Apr 2 17:24 json-1.4.6
>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 mail-2.2.19
>> drwxr-xr-x. 3 root root 4096 Apr 2 17:03 mime-types-1.16
>> drwxr-xr-x. 7 root root 4096 Apr 2 17:33 mysql-2.8.1
>> drwxr-xr-x. 7 root root 4096 Apr 2 17:07 net-ldap-0.2.2
>> drwxr-xr-x 6 root root 4096 Apr 3 22:06 net-ping-1.3.7
>> drwxr-xr-x. 6 root root 4096 Apr 2 17:33 net-ping-1.5.3
>> drwxr-xr-x. 14 root root 4096 Apr 2 17:39 passenger-3.0.11
>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 polyglot-0.3.3
>> drwxr-xr-x 7 root root 4096 Apr 3 22:06 rack-1.1.0
>> drwxr-xr-x. 7 root root 4096 Apr 2 17:13 rack-1.2.5
>> drwxr-xr-x. 7 root root 4096 Apr 2 17:33 rack-1.4.1
>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rack-mount-0.6.14
>> drwxr-xr-x 4 root root 4096 Apr 3 22:06 rack-test-0.5.4
>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 rack-test-0.5.7
>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rails-3.0.10
>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 railties-3.0.10
>> drwxr-xr-x 6 root root 4096 Apr 3 17:03 rake-0.8.7
>> drwxr-xr-x. 6 root root 4096 Apr 2 17:04 rake-0.9.2.2
>> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 rdoc-3.12
>> drwxr-xr-x. 5 root root 4096 Apr 2 17:03 rest-client-1.6.1
>> drwxr-xr-x 4 root root 4096 Apr 3 22:06 sinatra-1.0
>> drwxr-xr-x 5 root root 4096 Apr 3 17:03 sqlite3-ruby-1.2.4
>> drwxr-xr-x. 4 root root 4096 Apr 2 17:20 stomp-1.1.8
>> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 thor-0.14.6
>> drwxr-xr-x. 7 root root 4096 Apr 2 17:13 treetop-1.4.10
>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 tzinfo-0.3.32
>>
>> [root@puppet ~]# cat /etc/foreman/settings.yaml
>> ---
>> :modulepath: /etc/puppet/modules/
>> :tftppath: tftp/
>> :ldap: false
>> :puppet_server: puppet.XXX
>> :unattended: true
>> :puppet_interval: 30
>> :document_root: /usr/share/foreman/public
>> :administrator: puppet@XXX
>> :foreman_url: puppet.XXX
>>
>> [root@puppet ~]# cat /etc/foreman/settings.yaml
>> ---
>> :modulepath: /etc/puppet/modules/
>> :tftppath: tftp/
>> :ldap: false
>> :puppet_server: puppet.int.mediture.com
>> :unattended: true
>> :puppet_interval: 30
>> :document_root: /usr/share/foreman/public
>> :administrator: puppet@puppet.int.mediture.com
>> :foreman_url: puppet.int.mediture.com
>> [root@puppet ~]# cat /etc/foreman-proxy/settings.yaml
>> cat: /etc/foreman-proxy/settings.yaml: No such file or directory
>> [root@puppet ~]# cat /etc/foreman
>> foreman/ foreman-proxy/
>> [root@puppet ~]# cat /etc/foreman/
>> database.yml email.yaml settings.yaml
>> [root@puppet ~]# cat /etc/foreman-proxy/settings.yml
>> ---
>> # SSL Setup
>>
>> # if enabled, all communication would be verfied via SSL
>> # NOTE that both certificates need to be signed by the same CA in
>> order for this to work
>> # see http://theforeman.org/projects/smart-proxy/wiki/SSL for more
>> information
>> #:ssl_certificate: /var/lib/puppet/ssl/certs/
>> puppet.int.mediture.com.pem
>> #:ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem
>> #:ssl_private_key: /var/lib/puppet/ssl/private_keys/
>> puppet.int.mediture.com.pem
>> # the hosts which the proxy accepts connections from
>> # commenting the following lines would mean every verified SSL
>> connection allowed
>> #:trusted_hosts:
>> #- foreman.prod.domain
>> #- foreman.dev.domain
>>
>> # enable the daemon to run in the background
>> :daemon: true
>> :daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
>>
>> # port used by the proxy
>> :port: 8443
>>
>> # Enable TFTP management
>> :tftp: false
>> #:tftproot: /var/lib/tftpboot
>> # Defines the TFTP Servername to use, overrides the name in the subnet
>> declaration
>> #:tftp_servername: tftp.domain.com
>>
>> # Enable DNS management
>> :dns: false
>> #:dns_key: /etc/rndc.key
>> # use this setting if you are managing a dns server which is not
>> localhost though this proxy
>> #:dns_server: dns.domain.com
>>
>> # Enable DHCP management
>> :dhcp: false
>> # The vendor can be either isc or native_ms
>> :dhcp_vendor: isc
>> # dhcp_subnets is a Native MS implementation setting. It restricts the
>> subnets queried to a
>> # subset, so as to reduce the query time.
>> #:dhcp_subnets: [192.168.205.0/255.255.255.128,
>> 192.168.205.128/255.255.255.128]
>> # Settings for Ubuntu ISC
>> #:dhcp_config: /etc/dhcp3/dhcpd.conf
>> #:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
>> # Settings for Redhat ISC
>> #:dhcp_config: /etc/dhcpd.conf
>> #:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
>> #:dhcp_key_name: secret_key_name
>> #:dhcp_key_secret: secret_key
>>
>> # enable PuppetCA management
>> :puppetca: true
>>
>> # enable Puppet management
>> :puppet: true
>>
>> # Where our proxy log files are stored
>> # filename or STDOUT
>> :log_file: /var/log/foreman-proxy/proxy.log
>> # valid options are
>> # WARN, DEBUG, Error, Fatal, INFO, UNKNOWN
>> :log_level: DEBUG
> Using the proxy for puppet run was added only in 0.5 (current git
> develop branch).
>
> 0.5 in general, would require a puppet proxy to operate, and would not
> use any puppet commands directly via foreman (puppetca, puppetrun and
> any manifest importing).
>
> Ohad
>
I should note that I'm able to run puppetrun via CLI as the foreman user.
[root@puppet ~]# sudo -u foreman sudo puppetrun XXX
Triggering noc.int.mediture.com
Getting status
status is success
XXX finished with exit code 0
Finished
···
On 04/04/2012 02:59 PM, Arthur Ramsey wrote:
> Ok, where should I be looking for logs to debug puppetrun? I don't
> see anything in my production.log. I'll look at building from git.
>
> On 04/04/2012 01:48 PM, Ohad Levy wrote:
>> On Wed, Apr 4, 2012 at 6:57 PM, Arthur >> Ramsey wrote:
>>> When I run puppetrun from the web ui I get an error stating to check
>>> logs. Other processes are working through the smart-proxy, but not
>>> puppetrun. I don't see any errors in the foreman-proxy logs with
>>> logging set to debug. I can use curl -d 'nodes='
>>> http://:8443/puppet/run and puppetrun is executed
>>> successfully. Somewhere I'm missing correlation in the foreman
>>> settings that says to use a smart-proxy for puppetrun. I point in the
>>> right direction would be great. I've looked through documention, but
>>> I know I missing something stupid.
>>>
>>> Packages:
>>> Package foreman-0.4.2-0.1.noarch already installed and latest version
>>> Package foreman-proxy-0.3.1-0.1.noarch already installed and latest
>>> version
>>> Package puppet-2.7.12-1.el6.noarch already installed and latest
>>> version
>>> Package puppet-server-2.7.12-1.el6.noarch already installed and latest
>>> version
>>>
>>> [root@puppet ~]# ls -l /usr/lib/ruby/gems/1.8/gems/
>>> total 172
>>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 abstract-1.0.0
>>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionmailer-3.0.10
>>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionpack-3.0.10
>>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activemodel-3.0.10
>>> drwxr-xr-x. 4 root root 4096 Apr 2 17:36 activerecord-3.0.10
>>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 activeresource-3.0.10
>>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activesupport-3.0.10
>>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 arel-2.0.10
>>> drwxr-xr-x. 6 root root 4096 Apr 2 17:13 builder-2.1.2
>>> drwxr-xr-x. 6 root root 4096 Apr 2 17:13 bundler-1.1.3
>>> drwxr-xr-x. 4 root root 4096 Apr 2 17:10 daemon_controller-1.0.0
>>> drwxr-xr-x. 10 root root 4096 Apr 2 17:13 erubis-2.6.6
>>> drwxr-xr-x. 7 root root 4096 Apr 2 17:04 facter-1.6.7
>>> drwxr-xr-x. 5 root root 4096 Apr 2 17:10 fastthread-1.0.7
>>> drwxr-xr-x. 7 root root 4096 Apr 2 17:11 ffi-1.0.11
>>> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 i18n-0.5.0
>>> drwxr-xr-x. 5 root root 4096 Apr 2 17:24 json-1.4.6
>>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 mail-2.2.19
>>> drwxr-xr-x. 3 root root 4096 Apr 2 17:03 mime-types-1.16
>>> drwxr-xr-x. 7 root root 4096 Apr 2 17:33 mysql-2.8.1
>>> drwxr-xr-x. 7 root root 4096 Apr 2 17:07 net-ldap-0.2.2
>>> drwxr-xr-x 6 root root 4096 Apr 3 22:06 net-ping-1.3.7
>>> drwxr-xr-x. 6 root root 4096 Apr 2 17:33 net-ping-1.5.3
>>> drwxr-xr-x. 14 root root 4096 Apr 2 17:39 passenger-3.0.11
>>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 polyglot-0.3.3
>>> drwxr-xr-x 7 root root 4096 Apr 3 22:06 rack-1.1.0
>>> drwxr-xr-x. 7 root root 4096 Apr 2 17:13 rack-1.2.5
>>> drwxr-xr-x. 7 root root 4096 Apr 2 17:33 rack-1.4.1
>>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rack-mount-0.6.14
>>> drwxr-xr-x 4 root root 4096 Apr 3 22:06 rack-test-0.5.4
>>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 rack-test-0.5.7
>>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rails-3.0.10
>>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 railties-3.0.10
>>> drwxr-xr-x 6 root root 4096 Apr 3 17:03 rake-0.8.7
>>> drwxr-xr-x. 6 root root 4096 Apr 2 17:04 rake-0.9.2.2
>>> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 rdoc-3.12
>>> drwxr-xr-x. 5 root root 4096 Apr 2 17:03 rest-client-1.6.1
>>> drwxr-xr-x 4 root root 4096 Apr 3 22:06 sinatra-1.0
>>> drwxr-xr-x 5 root root 4096 Apr 3 17:03 sqlite3-ruby-1.2.4
>>> drwxr-xr-x. 4 root root 4096 Apr 2 17:20 stomp-1.1.8
>>> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 thor-0.14.6
>>> drwxr-xr-x. 7 root root 4096 Apr 2 17:13 treetop-1.4.10
>>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 tzinfo-0.3.32
>>>
>>> [root@puppet ~]# cat /etc/foreman/settings.yaml
>>> ---
>>> :modulepath: /etc/puppet/modules/
>>> :tftppath: tftp/
>>> :ldap: false
>>> :puppet_server: puppet.XXX
>>> :unattended: true
>>> :puppet_interval: 30
>>> :document_root: /usr/share/foreman/public
>>> :administrator: puppet@XXX
>>> :foreman_url: puppet.XXX
>>>
>>> [root@puppet ~]# cat /etc/foreman/settings.yaml
>>> ---
>>> :modulepath: /etc/puppet/modules/
>>> :tftppath: tftp/
>>> :ldap: false
>>> :puppet_server: puppet.int.mediture.com
>>> :unattended: true
>>> :puppet_interval: 30
>>> :document_root: /usr/share/foreman/public
>>> :administrator: puppet@puppet.int.mediture.com
>>> :foreman_url: puppet.int.mediture.com
>>> [root@puppet ~]# cat /etc/foreman-proxy/settings.yaml
>>> cat: /etc/foreman-proxy/settings.yaml: No such file or directory
>>> [root@puppet ~]# cat /etc/foreman
>>> foreman/ foreman-proxy/
>>> [root@puppet ~]# cat /etc/foreman/
>>> database.yml email.yaml settings.yaml
>>> [root@puppet ~]# cat /etc/foreman-proxy/settings.yml
>>> ---
>>> # SSL Setup
>>>
>>> # if enabled, all communication would be verfied via SSL
>>> # NOTE that both certificates need to be signed by the same CA in
>>> order for this to work
>>> # see http://theforeman.org/projects/smart-proxy/wiki/SSL for more
>>> information
>>> #:ssl_certificate: /var/lib/puppet/ssl/certs/
>>> puppet.int.mediture.com.pem
>>> #:ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem
>>> #:ssl_private_key: /var/lib/puppet/ssl/private_keys/
>>> puppet.int.mediture.com.pem
>>> # the hosts which the proxy accepts connections from
>>> # commenting the following lines would mean every verified SSL
>>> connection allowed
>>> #:trusted_hosts:
>>> #- foreman.prod.domain
>>> #- foreman.dev.domain
>>>
>>> # enable the daemon to run in the background
>>> :daemon: true
>>> :daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
>>>
>>> # port used by the proxy
>>> :port: 8443
>>>
>>> # Enable TFTP management
>>> :tftp: false
>>> #:tftproot: /var/lib/tftpboot
>>> # Defines the TFTP Servername to use, overrides the name in the subnet
>>> declaration
>>> #:tftp_servername: tftp.domain.com
>>>
>>> # Enable DNS management
>>> :dns: false
>>> #:dns_key: /etc/rndc.key
>>> # use this setting if you are managing a dns server which is not
>>> localhost though this proxy
>>> #:dns_server: dns.domain.com
>>>
>>> # Enable DHCP management
>>> :dhcp: false
>>> # The vendor can be either isc or native_ms
>>> :dhcp_vendor: isc
>>> # dhcp_subnets is a Native MS implementation setting. It restricts the
>>> subnets queried to a
>>> # subset, so as to reduce the query time.
>>> #:dhcp_subnets: [192.168.205.0/255.255.255.128,
>>> 192.168.205.128/255.255.255.128]
>>> # Settings for Ubuntu ISC
>>> #:dhcp_config: /etc/dhcp3/dhcpd.conf
>>> #:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
>>> # Settings for Redhat ISC
>>> #:dhcp_config: /etc/dhcpd.conf
>>> #:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
>>> #:dhcp_key_name: secret_key_name
>>> #:dhcp_key_secret: secret_key
>>>
>>> # enable PuppetCA management
>>> :puppetca: true
>>>
>>> # enable Puppet management
>>> :puppet: true
>>>
>>> # Where our proxy log files are stored
>>> # filename or STDOUT
>>> :log_file: /var/log/foreman-proxy/proxy.log
>>> # valid options are
>>> # WARN, DEBUG, Error, Fatal, INFO, UNKNOWN
>>> :log_level: DEBUG
>> Using the proxy for puppet run was added only in 0.5 (current git
>> develop branch).
>>
>> 0.5 in general, would require a puppet proxy to operate, and would not
>> use any puppet commands directly via foreman (puppetca, puppetrun and
>> any manifest importing).
>>
>> Ohad
>>
>
Hi,
take a look at $foreman_app_root/config/environment.rb the file must owned
by the forman user.
regards Florian
···
Am Mittwoch, 4. April 2012 22:49:23 UTC+2 schrieb Arthur Ramsey:
>
> I should note that I'm able to run puppetrun via CLI as the foreman user.
>
> [root@puppet ~]# sudo -u foreman sudo puppetrun XXX
> Triggering noc.int.mediture.com
> Getting status
> status is success
> XXX finished with exit code 0
> Finished
>
> On 04/04/2012 02:59 PM, Arthur Ramsey wrote:
> > Ok, where should I be looking for logs to debug puppetrun? I don't
> > see anything in my production.log. I'll look at building from git.
> >
> > On 04/04/2012 01:48 PM, Ohad Levy wrote:
> >> On Wed, Apr 4, 2012 at 6:57 PM, Arthur > >> Ramsey wrote:
> >>> When I run puppetrun from the web ui I get an error stating to check
> >>> logs. Other processes are working through the smart-proxy, but not
> >>> puppetrun. I don't see any errors in the foreman-proxy logs with
> >>> logging set to debug. I can use curl -d 'nodes='
> >>> http://:8443/puppet/run and puppetrun is executed
> >>> successfully. Somewhere I'm missing correlation in the foreman
> >>> settings that says to use a smart-proxy for puppetrun. I point in the
> >>> right direction would be great. I've looked through documention, but
> >>> I know I missing something stupid.
> >>>
> >>> Packages:
> >>> Package foreman-0.4.2-0.1.noarch already installed and latest version
> >>> Package foreman-proxy-0.3.1-0.1.noarch already installed and latest
> >>> version
> >>> Package puppet-2.7.12-1.el6.noarch already installed and latest
> >>> version
> >>> Package puppet-server-2.7.12-1.el6.noarch already installed and latest
> >>> version
> >>>
> >>> [root@puppet ~]# ls -l /usr/lib/ruby/gems/1.8/gems/
> >>> total 172
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 abstract-1.0.0
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionmailer-3.0.10
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionpack-3.0.10
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activemodel-3.0.10
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:36 activerecord-3.0.10
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 activeresource-3.0.10
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activesupport-3.0.10
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 arel-2.0.10
> >>> drwxr-xr-x. 6 root root 4096 Apr 2 17:13 builder-2.1.2
> >>> drwxr-xr-x. 6 root root 4096 Apr 2 17:13 bundler-1.1.3
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:10 daemon_controller-1.0.0
> >>> drwxr-xr-x. 10 root root 4096 Apr 2 17:13 erubis-2.6.6
> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:04 facter-1.6.7
> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:10 fastthread-1.0.7
> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:11 ffi-1.0.11
> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 i18n-0.5.0
> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:24 json-1.4.6
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 mail-2.2.19
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:03 mime-types-1.16
> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:33 mysql-2.8.1
> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:07 net-ldap-0.2.2
> >>> drwxr-xr-x 6 root root 4096 Apr 3 22:06 net-ping-1.3.7
> >>> drwxr-xr-x. 6 root root 4096 Apr 2 17:33 net-ping-1.5.3
> >>> drwxr-xr-x. 14 root root 4096 Apr 2 17:39 passenger-3.0.11
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 polyglot-0.3.3
> >>> drwxr-xr-x 7 root root 4096 Apr 3 22:06 rack-1.1.0
> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:13 rack-1.2.5
> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:33 rack-1.4.1
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rack-mount-0.6.14
> >>> drwxr-xr-x 4 root root 4096 Apr 3 22:06 rack-test-0.5.4
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 rack-test-0.5.7
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rails-3.0.10
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 railties-3.0.10
> >>> drwxr-xr-x 6 root root 4096 Apr 3 17:03 rake-0.8.7
> >>> drwxr-xr-x. 6 root root 4096 Apr 2 17:04 rake-0.9.2.2
> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 rdoc-3.12
> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:03 rest-client-1.6.1
> >>> drwxr-xr-x 4 root root 4096 Apr 3 22:06 sinatra-1.0
> >>> drwxr-xr-x 5 root root 4096 Apr 3 17:03 sqlite3-ruby-1.2.4
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:20 stomp-1.1.8
> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 thor-0.14.6
> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:13 treetop-1.4.10
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 tzinfo-0.3.32
> >>>
> >>> [root@puppet ~]# cat /etc/foreman/settings.yaml
> >>> ---
> >>> :modulepath: /etc/puppet/modules/
> >>> :tftppath: tftp/
> >>> :ldap: false
> >>> :puppet_server: puppet.XXX
> >>> :unattended: true
> >>> :puppet_interval: 30
> >>> :document_root: /usr/share/foreman/public
> >>> :administrator: puppet@XXX
> >>> :foreman_url: puppet.XXX
> >>>
> >>> [root@puppet ~]# cat /etc/foreman/settings.yaml
> >>> ---
> >>> :modulepath: /etc/puppet/modules/
> >>> :tftppath: tftp/
> >>> :ldap: false
> >>> :puppet_server: puppet.int.mediture.com
> >>> :unattended: true
> >>> :puppet_interval: 30
> >>> :document_root: /usr/share/foreman/public
> >>> :administrator: puppet@puppet.int.mediture.com
> >>> :foreman_url: puppet.int.mediture.com
> >>> [root@puppet ~]# cat /etc/foreman-proxy/settings.yaml
> >>> cat: /etc/foreman-proxy/settings.yaml: No such file or directory
> >>> [root@puppet ~]# cat /etc/foreman
> >>> foreman/ foreman-proxy/
> >>> [root@puppet ~]# cat /etc/foreman/
> >>> database.yml email.yaml settings.yaml
> >>> [root@puppet ~]# cat /etc/foreman-proxy/settings.yml
> >>> ---
> >>> # SSL Setup
> >>>
> >>> # if enabled, all communication would be verfied via SSL
> >>> # NOTE that both certificates need to be signed by the same CA in
> >>> order for this to work
> >>> # see http://theforeman.org/projects/smart-proxy/wiki/SSL for more
> >>> information
> >>> #:ssl_certificate: /var/lib/puppet/ssl/certs/
> >>> puppet.int.mediture.com.pem
> >>> #:ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem
> >>> #:ssl_private_key: /var/lib/puppet/ssl/private_keys/
> >>> puppet.int.mediture.com.pem
> >>> # the hosts which the proxy accepts connections from
> >>> # commenting the following lines would mean every verified SSL
> >>> connection allowed
> >>> #:trusted_hosts:
> >>> #- foreman.prod.domain
> >>> #- foreman.dev.domain
> >>>
> >>> # enable the daemon to run in the background
> >>> :daemon: true
> >>> :daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
> >>>
> >>> # port used by the proxy
> >>> :port: 8443
> >>>
> >>> # Enable TFTP management
> >>> :tftp: false
> >>> #:tftproot: /var/lib/tftpboot
> >>> # Defines the TFTP Servername to use, overrides the name in the subnet
> >>> declaration
> >>> #:tftp_servername: tftp.domain.com
> >>>
> >>> # Enable DNS management
> >>> :dns: false
> >>> #:dns_key: /etc/rndc.key
> >>> # use this setting if you are managing a dns server which is not
> >>> localhost though this proxy
> >>> #:dns_server: dns.domain.com
> >>>
> >>> # Enable DHCP management
> >>> :dhcp: false
> >>> # The vendor can be either isc or native_ms
> >>> :dhcp_vendor: isc
> >>> # dhcp_subnets is a Native MS implementation setting. It restricts the
> >>> subnets queried to a
> >>> # subset, so as to reduce the query time.
> >>> #:dhcp_subnets: [192.168.205.0/255.255.255.128,
> >>> 192.168.205.128/255.255.255.128]
> >>> # Settings for Ubuntu ISC
> >>> #:dhcp_config: /etc/dhcp3/dhcpd.conf
> >>> #:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
> >>> # Settings for Redhat ISC
> >>> #:dhcp_config: /etc/dhcpd.conf
> >>> #:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
> >>> #:dhcp_key_name: secret_key_name
> >>> #:dhcp_key_secret: secret_key
> >>>
> >>> # enable PuppetCA management
> >>> :puppetca: true
> >>>
> >>> # enable Puppet management
> >>> :puppet: true
> >>>
> >>> # Where our proxy log files are stored
> >>> # filename or STDOUT
> >>> :log_file: /var/log/foreman-proxy/proxy.log
> >>> # valid options are
> >>> # WARN, DEBUG, Error, Fatal, INFO, UNKNOWN
> >>> :log_level: DEBUG
> >> Using the proxy for puppet run was added only in 0.5 (current git
> >> develop branch).
> >>
> >> 0.5 in general, would require a puppet proxy to operate, and would not
> >> use any puppet commands directly via foreman (puppetca, puppetrun and
> >> any manifest importing).
> >>
> >> Ohad
> >>
> >
>
>
[root@puppet foreman]# stat /usr/share/foreman/config/environment.rb
File: `/usr/share/foreman/config/environment.rb'
Size: 2390 Blocks: 8 IO Block: 4096 regular file
Device: fd00h/64768d Inode: 143561 Links: 1
Access: (0644/-rw-r–r--) Uid: ( 498/ foreman) Gid: ( 499/ foreman)
Access: 2012-04-09 18:34:24.189149333 -0500
Modify: 2012-01-11 03:03:36.000000000 -0600
Change: 2012-04-09 18:34:22.105149554 -0500
···
On 04/07/2012 01:34 PM, Florian Koch wrote:
> Hi,
>
> take a look at $foreman_app_root/config/environment.rb the file must
> owned by the forman user.
>
> regards Florian
>
> Am Mittwoch, 4. April 2012 22:49:23 UTC+2 schrieb Arthur Ramsey:
>
> I should note that I'm able to run puppetrun via CLI as the
> foreman user.
>
> [root@puppet ~]# sudo -u foreman sudo puppetrun XXX
> Triggering noc.int.mediture.com
> Getting status
> status is success
> XXX finished with exit code 0
> Finished
>
> On 04/04/2012 02:59 PM, Arthur Ramsey wrote:
> > Ok, where should I be looking for logs to debug puppetrun? I don't
> > see anything in my production.log. I'll look at building from git.
> >
> > On 04/04/2012 01:48 PM, Ohad Levy wrote:
> >> On Wed, Apr 4, 2012 at 6:57 PM, Arthur > >> Ramsey > wrote:
> >>> When I run puppetrun from the web ui I get an error stating to
> check
> >>> logs. Other processes are working through the smart-proxy,
> but not
> >>> puppetrun. I don't see any errors in the foreman-proxy logs with
> >>> logging set to debug. I can use curl -d 'nodes='
> >>> http://:8443/puppet/run and puppetrun is executed
> >>> successfully. Somewhere I'm missing correlation in the foreman
> >>> settings that says to use a smart-proxy for puppetrun. I
> point in the
> >>> right direction would be great. I've looked through
> documention, but
> >>> I know I missing something stupid.
> >>>
> >>> Packages:
> >>> Package foreman-0.4.2-0.1.noarch already installed and latest
> version
> >>> Package foreman-proxy-0.3.1-0.1.noarch already installed and
> latest
> >>> version
> >>> Package puppet-2.7.12-1.el6.noarch already installed and latest
> >>> version
> >>> Package puppet-server-2.7.12-1.el6.noarch already installed
> and latest
> >>> version
> >>>
> >>> [root@puppet ~]# ls -l /usr/lib/ruby/gems/1.8/gems/
> >>> total 172
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 abstract-1.0.0
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionmailer-3.0.10
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionpack-3.0.10
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activemodel-3.0.10
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:36 activerecord-3.0.10
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 activeresource-3.0.10
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activesupport-3.0.10
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 arel-2.0.10
> >>> drwxr-xr-x. 6 root root 4096 Apr 2 17:13 builder-2.1.2
> >>> drwxr-xr-x. 6 root root 4096 Apr 2 17:13 bundler-1.1.3
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:10 daemon_controller-1.0.0
> >>> drwxr-xr-x. 10 root root 4096 Apr 2 17:13 erubis-2.6.6
> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:04 facter-1.6.7
> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:10 fastthread-1.0.7
> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:11 ffi-1.0.11
> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 i18n-0.5.0
> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:24 json-1.4.6
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 mail-2.2.19
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:03 mime-types-1.16
> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:33 mysql-2.8.1
> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:07 net-ldap-0.2.2
> >>> drwxr-xr-x 6 root root 4096 Apr 3 22:06 net-ping-1.3.7
> >>> drwxr-xr-x. 6 root root 4096 Apr 2 17:33 net-ping-1.5.3
> >>> drwxr-xr-x. 14 root root 4096 Apr 2 17:39 passenger-3.0.11
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 polyglot-0.3.3
> >>> drwxr-xr-x 7 root root 4096 Apr 3 22:06 rack-1.1.0
> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:13 rack-1.2.5
> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:33 rack-1.4.1
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rack-mount-0.6.14
> >>> drwxr-xr-x 4 root root 4096 Apr 3 22:06 rack-test-0.5.4
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 rack-test-0.5.7
> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rails-3.0.10
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 railties-3.0.10
> >>> drwxr-xr-x 6 root root 4096 Apr 3 17:03 rake-0.8.7
> >>> drwxr-xr-x. 6 root root 4096 Apr 2 17:04 rake-0.9.2.2
> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 rdoc-3.12
> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:03 rest-client-1.6.1
> >>> drwxr-xr-x 4 root root 4096 Apr 3 22:06 sinatra-1.0
> >>> drwxr-xr-x 5 root root 4096 Apr 3 17:03 sqlite3-ruby-1.2.4
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:20 stomp-1.1.8
> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 thor-0.14.6
> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:13 treetop-1.4.10
> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 tzinfo-0.3.32
> >>>
> >>> [root@puppet ~]# cat /etc/foreman/settings.yaml
> >>> ---
> >>> :modulepath: /etc/puppet/modules/
> >>> :tftppath: tftp/
> >>> :ldap: false
> >>> :puppet_server: puppet.XXX
> >>> :unattended: true
> >>> :puppet_interval: 30
> >>> :document_root: /usr/share/foreman/public
> >>> :administrator: puppet@XXX
> >>> :foreman_url: puppet.XXX
> >>>
> >>> [root@puppet ~]# cat /etc/foreman/settings.yaml
> >>> ---
> >>> :modulepath: /etc/puppet/modules/
> >>> :tftppath: tftp/
> >>> :ldap: false
> >>> :puppet_server: puppet.int.mediture.com
>
> >>> :unattended: true
> >>> :puppet_interval: 30
> >>> :document_root: /usr/share/foreman/public
> >>> :administrator: puppet@puppet.int.mediture.com
>
> >>> :foreman_url: puppet.int.mediture.com
>
> >>> [root@puppet ~]# cat /etc/foreman-proxy/settings.yaml
> >>> cat: /etc/foreman-proxy/settings.yaml: No such file or directory
> >>> [root@puppet ~]# cat /etc/foreman
> >>> foreman/ foreman-proxy/
> >>> [root@puppet ~]# cat /etc/foreman/
> >>> database.yml email.yaml settings.yaml
> >>> [root@puppet ~]# cat /etc/foreman-proxy/settings.yml
> >>> ---
> >>> # SSL Setup
> >>>
> >>> # if enabled, all communication would be verfied via SSL
> >>> # NOTE that both certificates need to be signed by the same CA in
> >>> order for this to work
> >>> # see http://theforeman.org/projects/smart-proxy/wiki/SSL
> for more
> >>> information
> >>> #:ssl_certificate: /var/lib/puppet/ssl/certs/
> >>> puppet.int.mediture.com.pem
> >>> #:ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem
> >>> #:ssl_private_key: /var/lib/puppet/ssl/private_keys/
> >>> puppet.int.mediture.com.pem
> >>> # the hosts which the proxy accepts connections from
> >>> # commenting the following lines would mean every verified SSL
> >>> connection allowed
> >>> #:trusted_hosts:
> >>> #- foreman.prod.domain
> >>> #- foreman.dev.domain
> >>>
> >>> # enable the daemon to run in the background
> >>> :daemon: true
> >>> :daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
> >>>
> >>> # port used by the proxy
> >>> :port: 8443
> >>>
> >>> # Enable TFTP management
> >>> :tftp: false
> >>> #:tftproot: /var/lib/tftpboot
> >>> # Defines the TFTP Servername to use, overrides the name in
> the subnet
> >>> declaration
> >>> #:tftp_servername: tftp.domain.com
> >>>
> >>> # Enable DNS management
> >>> :dns: false
> >>> #:dns_key: /etc/rndc.key
> >>> # use this setting if you are managing a dns server which is not
> >>> localhost though this proxy
> >>> #:dns_server: dns.domain.com
> >>>
> >>> # Enable DHCP management
> >>> :dhcp: false
> >>> # The vendor can be either isc or native_ms
> >>> :dhcp_vendor: isc
> >>> # dhcp_subnets is a Native MS implementation setting. It
> restricts the
> >>> subnets queried to a
> >>> # subset, so as to reduce the query time.
> >>> #:dhcp_subnets: [192.168.205.0/255.255.255.128
> ,
> >>> 192.168.205.128/255.255.255.128
> ]
> >>> # Settings for Ubuntu ISC
> >>> #:dhcp_config: /etc/dhcp3/dhcpd.conf
> >>> #:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
> >>> # Settings for Redhat ISC
> >>> #:dhcp_config: /etc/dhcpd.conf
> >>> #:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
> >>> #:dhcp_key_name: secret_key_name
> >>> #:dhcp_key_secret: secret_key
> >>>
> >>> # enable PuppetCA management
> >>> :puppetca: true
> >>>
> >>> # enable Puppet management
> >>> :puppet: true
> >>>
> >>> # Where our proxy log files are stored
> >>> # filename or STDOUT
> >>> :log_file: /var/log/foreman-proxy/proxy.log
> >>> # valid options are
> >>> # WARN, DEBUG, Error, Fatal, INFO, UNKNOWN
> >>> :log_level: DEBUG
> >> Using the proxy for puppet run was added only in 0.5 (current git
> >> develop branch).
> >>
> >> 0.5 in general, would require a puppet proxy to operate, and
> would not
> >> use any puppet commands directly via foreman (puppetca,
> puppetrun and
> >> any manifest importing).
> >>
> >> Ohad
> >>
> >
>
> --
> You received this message because you are subscribed to the Google
> Groups "Foreman users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/foreman-users/-/LsqIblwgoakJ.
> To post to this group, send email to foreman-users@googlegroups.com.
> To unsubscribe from this group, send email to
> foreman-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/foreman-users?hl=en.
I rebuilt my server and got it working!
···
On 04/10/2012 11:40 AM, Arthur Ramsey wrote:
> [root@puppet foreman]# stat /usr/share/foreman/config/environment.rb
> File: `/usr/share/foreman/config/environment.rb'
> Size: 2390 Blocks: 8 IO Block: 4096 regular file
> Device: fd00h/64768d Inode: 143561 Links: 1
> Access: (0644/-rw-r--r--) Uid: ( 498/ foreman) Gid: ( 499/ foreman)
> Access: 2012-04-09 18:34:24.189149333 -0500
> Modify: 2012-01-11 03:03:36.000000000 -0600
> Change: 2012-04-09 18:34:22.105149554 -0500
>
> On 04/07/2012 01:34 PM, Florian Koch wrote:
>> Hi,
>>
>> take a look at $foreman_app_root/config/environment.rb the file must
>> owned by the forman user.
>>
>> regards Florian
>>
>> Am Mittwoch, 4. April 2012 22:49:23 UTC+2 schrieb Arthur Ramsey:
>>
>> I should note that I'm able to run puppetrun via CLI as the
>> foreman user.
>>
>> [root@puppet ~]# sudo -u foreman sudo puppetrun XXX
>> Triggering noc.int.mediture.com
>> Getting status
>> status is success
>> XXX finished with exit code 0
>> Finished
>>
>> On 04/04/2012 02:59 PM, Arthur Ramsey wrote:
>> > Ok, where should I be looking for logs to debug puppetrun? I
>> don't
>> > see anything in my production.log. I'll look at building from git.
>> >
>> > On 04/04/2012 01:48 PM, Ohad Levy wrote:
>> >> On Wed, Apr 4, 2012 at 6:57 PM, Arthur >> >> Ramsey> > wrote:
>> >>> When I run puppetrun from the web ui I get an error stating
>> to check
>> >>> logs. Other processes are working through the smart-proxy,
>> but not
>> >>> puppetrun. I don't see any errors in the foreman-proxy logs with
>> >>> logging set to debug. I can use curl -d 'nodes='
>> >>> http://:8443/puppet/run and puppetrun is executed
>> >>> successfully. Somewhere I'm missing correlation in the foreman
>> >>> settings that says to use a smart-proxy for puppetrun. I
>> point in the
>> >>> right direction would be great. I've looked through
>> documention, but
>> >>> I know I missing something stupid.
>> >>>
>> >>> Packages:
>> >>> Package foreman-0.4.2-0.1.noarch already installed and latest
>> version
>> >>> Package foreman-proxy-0.3.1-0.1.noarch already installed and
>> latest
>> >>> version
>> >>> Package puppet-2.7.12-1.el6.noarch already installed and latest
>> >>> version
>> >>> Package puppet-server-2.7.12-1.el6.noarch already installed
>> and latest
>> >>> version
>> >>>
>> >>> [root@puppet ~]# ls -l /usr/lib/ruby/gems/1.8/gems/
>> >>> total 172
>> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 abstract-1.0.0
>> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionmailer-3.0.10
>> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 actionpack-3.0.10
>> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activemodel-3.0.10
>> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:36 activerecord-3.0.10
>> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 activeresource-3.0.10
>> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 activesupport-3.0.10
>> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 arel-2.0.10
>> >>> drwxr-xr-x. 6 root root 4096 Apr 2 17:13 builder-2.1.2
>> >>> drwxr-xr-x. 6 root root 4096 Apr 2 17:13 bundler-1.1.3
>> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:10
>> daemon_controller-1.0.0
>> >>> drwxr-xr-x. 10 root root 4096 Apr 2 17:13 erubis-2.6.6
>> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:04 facter-1.6.7
>> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:10 fastthread-1.0.7
>> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:11 ffi-1.0.11
>> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 i18n-0.5.0
>> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:24 json-1.4.6
>> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 mail-2.2.19
>> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:03 mime-types-1.16
>> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:33 mysql-2.8.1
>> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:07 net-ldap-0.2.2
>> >>> drwxr-xr-x 6 root root 4096 Apr 3 22:06 net-ping-1.3.7
>> >>> drwxr-xr-x. 6 root root 4096 Apr 2 17:33 net-ping-1.5.3
>> >>> drwxr-xr-x. 14 root root 4096 Apr 2 17:39 passenger-3.0.11
>> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 polyglot-0.3.3
>> >>> drwxr-xr-x 7 root root 4096 Apr 3 22:06 rack-1.1.0
>> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:13 rack-1.2.5
>> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:33 rack-1.4.1
>> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rack-mount-0.6.14
>> >>> drwxr-xr-x 4 root root 4096 Apr 3 22:06 rack-test-0.5.4
>> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 rack-test-0.5.7
>> >>> drwxr-xr-x. 3 root root 4096 Apr 2 17:13 rails-3.0.10
>> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 railties-3.0.10
>> >>> drwxr-xr-x 6 root root 4096 Apr 3 17:03 rake-0.8.7
>> >>> drwxr-xr-x. 6 root root 4096 Apr 2 17:04 rake-0.9.2.2
>> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 rdoc-3.12
>> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:03 rest-client-1.6.1
>> >>> drwxr-xr-x 4 root root 4096 Apr 3 22:06 sinatra-1.0
>> >>> drwxr-xr-x 5 root root 4096 Apr 3 17:03 sqlite3-ruby-1.2.4
>> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:20 stomp-1.1.8
>> >>> drwxr-xr-x. 5 root root 4096 Apr 2 17:13 thor-0.14.6
>> >>> drwxr-xr-x. 7 root root 4096 Apr 2 17:13 treetop-1.4.10
>> >>> drwxr-xr-x. 4 root root 4096 Apr 2 17:13 tzinfo-0.3.32
>> >>>
>> >>> [root@puppet ~]# cat /etc/foreman/settings.yaml
>> >>> ---
>> >>> :modulepath: /etc/puppet/modules/
>> >>> :tftppath: tftp/
>> >>> :ldap: false
>> >>> :puppet_server: puppet.XXX
>> >>> :unattended: true
>> >>> :puppet_interval: 30
>> >>> :document_root: /usr/share/foreman/public
>> >>> :administrator: puppet@XXX
>> >>> :foreman_url: puppet.XXX
>> >>>
>> >>> [root@puppet ~]# cat /etc/foreman/settings.yaml
>> >>> ---
>> >>> :modulepath: /etc/puppet/modules/
>> >>> :tftppath: tftp/
>> >>> :ldap: false
>> >>> :puppet_server: puppet.int.mediture.com
>>
>> >>> :unattended: true
>> >>> :puppet_interval: 30
>> >>> :document_root: /usr/share/foreman/public
>> >>> :administrator: puppet@puppet.int.mediture.com
>>
>> >>> :foreman_url: puppet.int.mediture.com
>>
>> >>> [root@puppet ~]# cat /etc/foreman-proxy/settings.yaml
>> >>> cat: /etc/foreman-proxy/settings.yaml: No such file or directory
>> >>> [root@puppet ~]# cat /etc/foreman
>> >>> foreman/ foreman-proxy/
>> >>> [root@puppet ~]# cat /etc/foreman/
>> >>> database.yml email.yaml settings.yaml
>> >>> [root@puppet ~]# cat /etc/foreman-proxy/settings.yml
>> >>> ---
>> >>> # SSL Setup
>> >>>
>> >>> # if enabled, all communication would be verfied via SSL
>> >>> # NOTE that both certificates need to be signed by the same CA in
>> >>> order for this to work
>> >>> # see http://theforeman.org/projects/smart-proxy/wiki/SSL
>> for more
>> >>> information
>> >>> #:ssl_certificate: /var/lib/puppet/ssl/certs/
>> >>> puppet.int.mediture.com.pem
>> >>> #:ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem
>> >>> #:ssl_private_key: /var/lib/puppet/ssl/private_keys/
>> >>> puppet.int.mediture.com.pem
>> >>> # the hosts which the proxy accepts connections from
>> >>> # commenting the following lines would mean every verified SSL
>> >>> connection allowed
>> >>> #:trusted_hosts:
>> >>> #- foreman.prod.domain
>> >>> #- foreman.dev.domain
>> >>>
>> >>> # enable the daemon to run in the background
>> >>> :daemon: true
>> >>> :daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
>> >>>
>> >>> # port used by the proxy
>> >>> :port: 8443
>> >>>
>> >>> # Enable TFTP management
>> >>> :tftp: false
>> >>> #:tftproot: /var/lib/tftpboot
>> >>> # Defines the TFTP Servername to use, overrides the name in
>> the subnet
>> >>> declaration
>> >>> #:tftp_servername: tftp.domain.com
>> >>>
>> >>> # Enable DNS management
>> >>> :dns: false
>> >>> #:dns_key: /etc/rndc.key
>> >>> # use this setting if you are managing a dns server which is not
>> >>> localhost though this proxy
>> >>> #:dns_server: dns.domain.com
>> >>>
>> >>> # Enable DHCP management
>> >>> :dhcp: false
>> >>> # The vendor can be either isc or native_ms
>> >>> :dhcp_vendor: isc
>> >>> # dhcp_subnets is a Native MS implementation setting. It
>> restricts the
>> >>> subnets queried to a
>> >>> # subset, so as to reduce the query time.
>> >>> #:dhcp_subnets: [192.168.205.0/255.255.255.128
>> ,
>> >>> 192.168.205.128/255.255.255.128
>> ]
>> >>> # Settings for Ubuntu ISC
>> >>> #:dhcp_config: /etc/dhcp3/dhcpd.conf
>> >>> #:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
>> >>> # Settings for Redhat ISC
>> >>> #:dhcp_config: /etc/dhcpd.conf
>> >>> #:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
>> >>> #:dhcp_key_name: secret_key_name
>> >>> #:dhcp_key_secret: secret_key
>> >>>
>> >>> # enable PuppetCA management
>> >>> :puppetca: true
>> >>>
>> >>> # enable Puppet management
>> >>> :puppet: true
>> >>>
>> >>> # Where our proxy log files are stored
>> >>> # filename or STDOUT
>> >>> :log_file: /var/log/foreman-proxy/proxy.log
>> >>> # valid options are
>> >>> # WARN, DEBUG, Error, Fatal, INFO, UNKNOWN
>> >>> :log_level: DEBUG
>> >> Using the proxy for puppet run was added only in 0.5 (current git
>> >> develop branch).
>> >>
>> >> 0.5 in general, would require a puppet proxy to operate, and
>> would not
>> >> use any puppet commands directly via foreman (puppetca,
>> puppetrun and
>> >> any manifest importing).
>> >>
>> >> Ohad
>> >>
>> >
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "Foreman users" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msg/foreman-users/-/LsqIblwgoakJ.
>> To post to this group, send email to foreman-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> foreman-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/foreman-users?hl=en.
>
[root@puppet foreman]# tail -f /var/log/foreman-proxy/proxy.log
D, [2012-04-10T11:36:59.399366 #12213] DEBUG – : Executing
/usr/bin/sudo -S /usr/sbin/puppetca --list --all
E, [2012-04-10T11:37:00.495539 #12213] ERROR – : Failed to list
certificates: Unable to find CA inventory file at
/var/lib/puppet/ssl/ca/inventory.txt
D, [2012-04-10T11:48:00.781854 #12213] DEBUG – : Found puppetca at
/usr/sbin/puppetca
D, [2012-04-10T11:48:00.782011 #12213] DEBUG – : Found sudo at
/usr/bin/sudo
D, [2012-04-10T11:48:00.782080 #12213] DEBUG – : Executing
/usr/bin/sudo -S /usr/sbin/puppetca --list --all
E, [2012-04-10T11:48:01.871253 #12213] ERROR – : Failed to list
certificates: Unable to find CA inventory file at
/var/lib/puppet/ssl/ca/inventory.txt
D, [2012-04-10T11:49:59.656295 #12213] DEBUG – : Found puppetca at
/usr/sbin/puppetca
D, [2012-04-10T11:49:59.656465 #12213] DEBUG – : Found sudo at
/usr/bin/sudo
D, [2012-04-10T11:49:59.656533 #12213] DEBUG – : Executing
/usr/bin/sudo -S /usr/sbin/puppetca --list --all
E, [2012-04-10T11:50:00.733571 #12213] ERROR – : Failed to list
certificates: Unable to find CA inventory file at
/var/lib/puppet/ssl/ca/inventory.txt
[root@puppet foreman]# stat /var/lib/puppet/ssl/ca/inventory.txt
File: `/var/lib/puppet/ssl/ca/inventory.txt'
Size: 398 Blocks: 8 IO Block: 4096 regular file
Device: fd00h/64768d Inode: 9480 Links: 1
Access: (0644/-rw-r–r--) Uid: ( 52/ puppet) Gid: ( 52/ puppet)
Access: 2012-04-10 11:38:20.350270180 -0500
Modify: 2012-04-10 11:16:54.309270118 -0500
Change: 2012-04-10 11:16:54.309270118 -0500
[root@puppet foreman]# getent group | grep puppet
puppet:x:52:foreman,foreman-proxy
[root@puppet foreman]# sudo -u foreman-proxy /usr/bin/sudo -S
/usr/sbin/puppetca --list --all
Check the permissions on the inventory.txt file.
I think you have to add the proxy / foreman to the puppet group so it can access the inventory.txt file.
Corey Osman
corey@logicminds.biz
Green IT and Datacenter Automation Specialist
···
On Apr 10, 2012, at 10:05 AM, Arthur Ramsey wrote:
[root@puppet foreman]# tail -f /var/log/foreman-proxy/proxy.log
D, [2012-04-10T11:36:59.399366 #12213] DEBUG – : Executing /usr/bin/sudo -S /usr/sbin/puppetca --list --all
E, [2012-04-10T11:37:00.495539 #12213] ERROR – : Failed to list certificates: Unable to find CA inventory file at /var/lib/puppet/ssl/ca/inventory.txt
D, [2012-04-10T11:48:00.781854 #12213] DEBUG – : Found puppetca at /usr/sbin/puppetca
D, [2012-04-10T11:48:00.782011 #12213] DEBUG – : Found sudo at /usr/bin/sudo
D, [2012-04-10T11:48:00.782080 #12213] DEBUG – : Executing /usr/bin/sudo -S /usr/sbin/puppetca --list --all
E, [2012-04-10T11:48:01.871253 #12213] ERROR – : Failed to list certificates: Unable to find CA inventory file at /var/lib/puppet/ssl/ca/inventory.txt
D, [2012-04-10T11:49:59.656295 #12213] DEBUG – : Found puppetca at /usr/sbin/puppetca
D, [2012-04-10T11:49:59.656465 #12213] DEBUG – : Found sudo at /usr/bin/sudo
D, [2012-04-10T11:49:59.656533 #12213] DEBUG – : Executing /usr/bin/sudo -S /usr/sbin/puppetca --list --all
E, [2012-04-10T11:50:00.733571 #12213] ERROR – : Failed to list certificates: Unable to find CA inventory file at /var/lib/puppet/ssl/ca/inventory.txt
[root@puppet foreman]# stat /var/lib/puppet/ssl/ca/inventory.txt
File: `/var/lib/puppet/ssl/ca/inventory.txt’
Size: 398 Blocks: 8 IO Block: 4096 regular file
Device: fd00h/64768d Inode: 9480 Links: 1
Access: (0644/-rw-r–r--) Uid: ( 52/ puppet) Gid: ( 52/ puppet)
Access: 2012-04-10 11:38:20.350270180 -0500
Modify: 2012-04-10 11:16:54.309270118 -0500
Change: 2012-04-10 11:16:54.309270118 -0500
[root@puppet foreman]# getent group | grep puppet
puppet:x:52:foreman,foreman-proxy
[root@puppet foreman]# sudo -u foreman-proxy /usr/bin/sudo -S /usr/sbin/puppetca --list --all
–
You received this message because you are subscribed to the Google Groups “Foreman users” group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/foreman-users?hl=en.
What version of puppet are you running?
Try running the proxy as root (debugging purposes only) and see if that cures it.
I think the proxy user may not have full permissions to this file. The permissions also get reset by puppet so it's important to add it to the puppet group. Remove your puppetca binary if using 2.6+.
···
Sent from my iPhone
On Apr 10, 2012, at 10:05 AM, Arthur Ramsey arthurramsey19@gmail.com wrote:
[root@puppet foreman]# tail -f /var/log/foreman-proxy/proxy.log
D, [2012-04-10T11:36:59.399366 #12213] DEBUG – : Executing /usr/bin/sudo -S /usr/sbin/puppetca --list --all
E, [2012-04-10T11:37:00.495539 #12213] ERROR – : Failed to list certificates: Unable to find CA inventory file at /var/lib/puppet/ssl/ca/inventory.txt
D, [2012-04-10T11:48:00.781854 #12213] DEBUG – : Found puppetca at /usr/sbin/puppetca
D, [2012-04-10T11:48:00.782011 #12213] DEBUG – : Found sudo at /usr/bin/sudo
D, [2012-04-10T11:48:00.782080 #12213] DEBUG – : Executing /usr/bin/sudo -S /usr/sbin/puppetca --list --all
E, [2012-04-10T11:48:01.871253 #12213] ERROR – : Failed to list certificates: Unable to find CA inventory file at /var/lib/puppet/ssl/ca/inventory.txt
D, [2012-04-10T11:49:59.656295 #12213] DEBUG – : Found puppetca at /usr/sbin/puppetca
D, [2012-04-10T11:49:59.656465 #12213] DEBUG – : Found sudo at /usr/bin/sudo
D, [2012-04-10T11:49:59.656533 #12213] DEBUG – : Executing /usr/bin/sudo -S /usr/sbin/puppetca --list --all
E, [2012-04-10T11:50:00.733571 #12213] ERROR – : Failed to list certificates: Unable to find CA inventory file at /var/lib/puppet/ssl/ca/inventory.txt
[root@puppet foreman]# stat /var/lib/puppet/ssl/ca/inventory.txt
File: `/var/lib/puppet/ssl/ca/inventory.txt’
Size: 398 Blocks: 8 IO Block: 4096 regular file
Device: fd00h/64768d Inode: 9480 Links: 1
Access: (0644/-rw-r–r--) Uid: ( 52/ puppet) Gid: ( 52/ puppet)
Access: 2012-04-10 11:38:20.350270180 -0500
Modify: 2012-04-10 11:16:54.309270118 -0500
Change: 2012-04-10 11:16:54.309270118 -0500
[root@puppet foreman]# getent group | grep puppet
puppet:x:52:foreman,foreman-proxy
[root@puppet foreman]# sudo -u foreman-proxy /usr/bin/sudo -S /usr/sbin/puppetca --list --all
–
You received this message because you are subscribed to the Google Groups “Foreman users” group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/foreman-users?hl=en.
I included the results of a state on my inventory.txt file and verified
that foreman-proxy is a member of the puppet group. Double check the
results of my commands below. Maybe I did miss something.
Regards,
Arthur
···
On 04/11/2012 12:25 AM, Corey Osman wrote:
> Check the permissions on the inventory.txt file.
>
> I think you have to add the proxy / foreman to the puppet group so it
> can access the inventory.txt file.
>
>
> Corey Osman
> corey@logicminds.biz
>
> Green IT and Datacenter Automation Specialist
>
>
>
>
> On Apr 10, 2012, at 10:05 AM, Arthur Ramsey wrote:
>
>> [root@puppet foreman]# tail -f /var/log/foreman-proxy/proxy.log
>> D, [2012-04-10T11:36:59.399366 #12213] DEBUG -- : Executing
>> /usr/bin/sudo -S /usr/sbin/puppetca --list --all
>> E, [2012-04-10T11:37:00.495539 #12213] ERROR -- : Failed to list
>> certificates: Unable to find CA inventory file at
>> /var/lib/puppet/ssl/ca/inventory.txt
>> D, [2012-04-10T11:48:00.781854 #12213] DEBUG -- : Found puppetca at
>> /usr/sbin/puppetca
>> D, [2012-04-10T11:48:00.782011 #12213] DEBUG -- : Found sudo at
>> /usr/bin/sudo
>> D, [2012-04-10T11:48:00.782080 #12213] DEBUG -- : Executing
>> /usr/bin/sudo -S /usr/sbin/puppetca --list --all
>> E, [2012-04-10T11:48:01.871253 #12213] ERROR -- : Failed to list
>> certificates: Unable to find CA inventory file at
>> /var/lib/puppet/ssl/ca/inventory.txt
>> D, [2012-04-10T11:49:59.656295 #12213] DEBUG -- : Found puppetca at
>> /usr/sbin/puppetca
>> D, [2012-04-10T11:49:59.656465 #12213] DEBUG -- : Found sudo at
>> /usr/bin/sudo
>> D, [2012-04-10T11:49:59.656533 #12213] DEBUG -- : Executing
>> /usr/bin/sudo -S /usr/sbin/puppetca --list --all
>> E, [2012-04-10T11:50:00.733571 #12213] ERROR -- : Failed to list
>> certificates: Unable to find CA inventory file at
>> /var/lib/puppet/ssl/ca/inventory.txt
>>
>> [root@puppet foreman]# stat /var/lib/puppet/ssl/ca/inventory.txt
>> File: `/var/lib/puppet/ssl/ca/inventory.txt'
>> Size: 398 Blocks: 8 IO Block: 4096 regular file
>> Device: fd00h/64768d Inode: 9480 Links: 1
>> Access: (0644/-rw-r--r--) Uid: ( 52/ puppet) Gid: ( 52/ puppet)
>> Access: 2012-04-10 11:38:20.350270180 -0500
>> Modify: 2012-04-10 11:16:54.309270118 -0500
>> Change: 2012-04-10 11:16:54.309270118 -0500
>>
>> [root@puppet foreman]# getent group | grep puppet
>> puppet:x:52:foreman,foreman-proxy
>>
>> [root@puppet foreman]# sudo -u foreman-proxy /usr/bin/sudo -S
>> /usr/sbin/puppetca --list --all
>> + ns1.int.mediture.com (REMOVED)
>> + puppet.int.mediture.com (REMOVED)
>> (REMOVED)
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "Foreman users" group.
>> To post to this group, send email to foreman-users@googlegroups.com
>> .
>> To unsubscribe from this group, send email to
>> foreman-users+unsubscribe@googlegroups.com
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/foreman-users?hl=en.
>>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Foreman users" group.
> To post to this group, send email to foreman-users@googlegroups.com.
> To unsubscribe from this group, send email to
> foreman-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/foreman-users?hl=en.
