Hello!
I am having an issue triggering puppet runs via the Foreman web interface.
When I click the "Run puppet" button, I receive the ["failed to execute
puppetrun: 500 Internal Server Error"] message.
However, I can trigger Puppet runs successfully via the command line on the
Foreman server / Puppet master, like so:
$ sudo -u foreman-proxy /usr/bin/puppet kick <hostname.domain>
The following lines are present in '/etc/sudoers' on the server:
[root@puppetmaster ~]# cat /etc/sudoers.d/200_foreman-proxy
Defaults:foreman-proxy !requiretty
foreman-proxy ALL = NOPASSWD: /usr/bin/puppet cert *
foreman-proxy ALL = NOPASSWD: /usr/bin/puppet kick *
foreman-proxy ALL = NOPASSWD: /usr/bin/mco puppet runonce *
The following is present in '/etc/puppet/auth.conf' on the client:
path /run
auth any
method save
allow *
Puppet is at ver. 2.6.18-3, and Foreman ver. 1.2.1-1.
I believe this feature worked fine prior to the Foreman 1.2.1-1 upgrade.
Any insight or assistance is appreciated!
– Adam
Can you provide your /var/log/foreman-proxy/proxy.log? Ensure log_level
is set to DEBUG in the proxy settings file first, as it should print the
command it's using etc.
···
On 16/08/13 13:46, J. Adam Craig wrote:
> Hello!
>
> I am having an issue triggering puppet runs via the Foreman web
> interface. When I click the "Run puppet" button, I receive the ["failed
> to execute puppetrun: 500 Internal Server Error"] message.
–
Dominic Cleal
Red Hat Engineering
Dominic –
I am seeing the following in '/var/log/foreman-proxy/proxy.log':
W, [2013-08-16T08:59:05.269481 #2569] WARN – : Non-null exit code when
executing '/usr/bin/sudo/usr/sbin/puppetrun–host<hostname.domain>'
E, [2013-08-16T08:59:05.275439 #2569] ERROR – : Failed puppet run: Check
Log files
DEBUG option was set in '/usr/share/foreman-proxy/config/settings.yml'
prior to the attempt. To my untrained eye, it would appear as though
foreman-proxy is failing to pass spaces in the command.
Thanks,
– Adam
···
______________________
*J. Adam Craig*
UNIX Operating Systems Analyst
VCU Computer Center
804.828.4886
“Don’t be a phishing victim – VCU and other reputable organizations will
never use email to request that you reply with your password, social
security number or confidential personal information. For more detauls,
visit http://infosecurity.vcu.edu/phishing.html”
On Fri, Aug 16, 2013 at 8:52 AM, Dominic Cleal dcleal@redhat.com wrote:
On 16/08/13 13:46, J. Adam Craig wrote:
Hello!
I am having an issue triggering puppet runs via the Foreman web
interface. When I click the “Run puppet” button, I receive the [“failed
to execute puppetrun: 500 Internal Server Error”] message.
Can you provide your /var/log/foreman-proxy/proxy.log? Ensure log_level
is set to DEBUG in the proxy settings file first, as it should print the
command it’s using etc.
–
Dominic Cleal
Red Hat Engineering
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
Don't worry, the lack of spaces is just a confusing logging bug. We
could really do with fixing that, as it's not helpful.
The proxy is running "/usr/sbin/puppetrun" rather than "/usr/bin/puppet
kick", so if you update your sudoers rules to permit this (and
"puppetca" rather than "puppet cert") then it should work. Also note
the bin/sbin difference.
We use this on all pre-Puppet 3 versions as it's easier to determine
that it exists than whether the "puppet" command is the pre-2.6 "puppet"
or not.
···
--
Dominic Cleal
Red Hat Engineering
On 16/08/13 14:04, J. Adam Craig wrote:
Dominic –
I am seeing the following in ‘/var/log/foreman-proxy/proxy.log’:
W, [2013-08-16T08:59:05.269481 #2569] WARN -- : Non-null exit code
when executing '/usr/bin/sudo/usr/sbin/puppetrun--host<hostname.domain>'
E, [2013-08-16T08:59:05.275439 #2569] ERROR -- : Failed puppet run:
Check Log files
DEBUG option was set in '/usr/share/foreman-proxy/config/settings.yml’
prior to the attempt. To my untrained eye, it would appear as though
foreman-proxy is failing to pass spaces in the command.
Thanks,
– Adam
J. Adam Craig
UNIX Operating Systems Analyst
VCU Computer Center
804.828.4886
“Don’t be a phishing victim – VCU and other reputable organizations
will never use email to request that you reply with your password,
social security number or confidential personal information. For more
detauls, visit http://infosecurity.vcu.edu/phishing.html”
On Fri, Aug 16, 2013 at 8:52 AM, Dominic Cleal <dcleal@redhat.com > mailto:dcleal@redhat.com> wrote:
On 16/08/13 13:46, J. Adam Craig wrote:
> Hello!
>
> I am having an issue triggering puppet runs via the Foreman web
> interface. When I click the "Run puppet" button, I receive the
["failed
> to execute puppetrun: 500 Internal Server Error"] message.
Can you provide your /var/log/foreman-proxy/proxy.log? Ensure log_level
is set to DEBUG in the proxy settings file first, as it should print the
command it's using etc.
--
Dominic Cleal
Red Hat Engineering
--
You received this message because you are subscribed to the Google
Groups "Foreman users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to foreman-users+unsubscribe@googlegroups.com
<mailto:foreman-users%2Bunsubscribe@googlegroups.com>.
To post to this group, send email to foreman-users@googlegroups.com
<mailto:foreman-users@googlegroups.com>.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
That did the trick, Dominic! Thanks for the excellent support, as always.
– Adam
···
______________________
*J. Adam Craig*
UNIX Operating Systems Analyst
VCU Computer Center
804.828.4886
“Don’t be a phishing victim – VCU and other reputable organizations will
never use email to request that you reply with your password, social
security number or confidential personal information. For more detauls,
visit http://infosecurity.vcu.edu/phishing.html”
On Fri, Aug 16, 2013 at 9:23 AM, Dominic Cleal dcleal@redhat.com wrote:
Don’t worry, the lack of spaces is just a confusing logging bug. We
could really do with fixing that, as it’s not helpful.
The proxy is running “/usr/sbin/puppetrun” rather than “/usr/bin/puppet
kick”, so if you update your sudoers rules to permit this (and
"puppetca" rather than “puppet cert”) then it should work. Also note
the bin/sbin difference.
We use this on all pre-Puppet 3 versions as it’s easier to determine
that it exists than whether the “puppet” command is the pre-2.6 "puppet"
or not.
–
Dominic Cleal
Red Hat Engineering
On 16/08/13 14:04, J. Adam Craig wrote:
Dominic –
I am seeing the following in ‘/var/log/foreman-proxy/proxy.log’:
W, [2013-08-16T08:59:05.269481 #2569] WARN -- : Non-null exit code
when executing
‘/usr/bin/sudo/usr/sbin/puppetrun–host<hostname.domain>’
E, [2013-08-16T08:59:05.275439 #2569] ERROR -- : Failed puppet run:
Check Log files
DEBUG option was set in '/usr/share/foreman-proxy/config/settings.yml’
prior to the attempt. To my untrained eye, it would appear as though
foreman-proxy is failing to pass spaces in the command.
Thanks,
– Adam
J. Adam Craig
UNIX Operating Systems Analyst
VCU Computer Center
804.828.4886
“Don’t be a phishing victim – VCU and other reputable organizations
will never use email to request that you reply with your password,
social security number or confidential personal information. For more
detauls, visit http://infosecurity.vcu.edu/phishing.html”
On Fri, Aug 16, 2013 at 8:52 AM, Dominic Cleal <dcleal@redhat.com > > mailto:dcleal@redhat.com> wrote:
On 16/08/13 13:46, J. Adam Craig wrote:
> Hello!
>
> I am having an issue triggering puppet runs via the Foreman web
> interface. When I click the "Run puppet" button, I receive the
["failed
> to execute puppetrun: 500 Internal Server Error"] message.
Can you provide your /var/log/foreman-proxy/proxy.log? Ensure
log_level
is set to DEBUG in the proxy settings file first, as it should print
the
command it's using etc.
--
Dominic Cleal
Red Hat Engineering
--
You received this message because you are subscribed to the Google
Groups "Foreman users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to foreman-users+unsubscribe@googlegroups.com
<mailto:foreman-users%2Bunsubscribe@googlegroups.com>.
To post to this group, send email to foreman-users@googlegroups.com
<mailto:foreman-users@googlegroups.com>.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
