After running 'rake katello:reset' on a development server (vagrant up centos7-devel), I am unable to run puppet agent -t
$ sudo puppet agent -t
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 400 on SERVER: Failed to find katello.example.com via exec: Execution of '/etc/puppet/node.rb katello.example.com' returned 1:
Info: Retrieving pluginfacts
Info: Retrieving plugin
Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use --nocheck to suppress the warning.
Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use --nocheck to suppress the warning.
Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use --nocheck to suppress the warning.
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed when searching for node katello.example.com: Failed to find katello.example.com via exec: Execution of '/etc/puppet/node.rb katello.example.com' returned 1:
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Up until a few weeks ago (hard to say specifically) the puppet agent -t would run fine after a reset.
Is there a foreman-installer command I should run after a reset? Or perhaps the vagrant user needs permissions? Or… I don't know!
···
On Thu, Mar 03, 2016 at 05:02:51PM -0500, Tom McKay wrote:
>
> After running 'rake katello:reset' on a development server (vagrant up centos7-devel), I am unable to run puppet agent -t
>
> $ sudo puppet agent -t
> Warning: Unable to fetch my node definition, but the agent run will continue:
> Warning: Error 400 on SERVER: Failed to find katello.example.com via exec: Execution of '/etc/puppet/node.rb katello.example.com' returned 1:
> Info: Retrieving pluginfacts
> Info: Retrieving plugin
> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use --nocheck to suppress the warning.
> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use --nocheck to suppress the warning.
> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use --nocheck to suppress the warning.
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed when searching for node katello.example.com: Failed to find katello.example.com via exec: Execution of '/etc/puppet/node.rb katello.example.com' returned 1:
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
>
> Up until a few weeks ago (hard to say specifically) the puppet agent -t would run fine after a reset.
>
> Is there a foreman-installer command I should run after a reset? Or perhaps the vagrant user needs permissions? Or... I don't know!
$ sudo /etc/puppet/node.rb katello.example.com
Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
···
----- Original Message -----
> On Thu, Mar 03, 2016 at 05:02:51PM -0500, Tom McKay wrote:
> >
> > After running 'rake katello:reset' on a development server (vagrant up
> > centos7-devel), I am unable to run puppet agent -t
> >
> > $ sudo puppet agent -t
> > Warning: Unable to fetch my node definition, but the agent run will
> > continue:
> > Warning: Error 400 on SERVER: Failed to find katello.example.com via exec:
> > Execution of '/etc/puppet/node.rb katello.example.com' returned 1:
> > Info: Retrieving pluginfacts
> > Info: Retrieving plugin
> > Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use
> > --nocheck to suppress the warning.
> > Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use
> > --nocheck to suppress the warning.
> > Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use
> > --nocheck to suppress the warning.
> > Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
> > Failed when searching for node katello.example.com: Failed to find
> > katello.example.com via exec: Execution of '/etc/puppet/node.rb
> > katello.example.com' returned 1:
> > Warning: Not using cache on failed catalog
> > Error: Could not retrieve catalog; skipping run
> >
> > Up until a few weeks ago (hard to say specifically) the puppet agent -t
> > would run fine after a reset.
> >
> > Is there a foreman-installer command I should run after a reset? Or perhaps
> > the vagrant user needs permissions? Or... I don't know!
>
> Can you show the output of manually running:
>
> /etc/puppet/node.rb katello.example.com
>
and restart apache. This crane configuration affects other vhosts it
seems. Ehelms was working on a fix, but i'm not sure about the status
of that or if there is currently a PR open.
-Justin
···
On 03/03/2016 06:04 PM, Tom McKay wrote:
>
> ----- Original Message -----
>> On Thu, Mar 03, 2016 at 05:02:51PM -0500, Tom McKay wrote:
>>> After running 'rake katello:reset' on a development server (vagrant up
>>> centos7-devel), I am unable to run puppet agent -t
>>>
>>> $ sudo puppet agent -t
>>> Warning: Unable to fetch my node definition, but the agent run will
>>> continue:
>>> Warning: Error 400 on SERVER: Failed to find katello.example.com via exec:
>>> Execution of '/etc/puppet/node.rb katello.example.com' returned 1:
>>> Info: Retrieving pluginfacts
>>> Info: Retrieving plugin
>>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use
>>> --nocheck to suppress the warning.
>>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use
>>> --nocheck to suppress the warning.
>>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use
>>> --nocheck to suppress the warning.
>>> Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
>>> Failed when searching for node katello.example.com: Failed to find
>>> katello.example.com via exec: Execution of '/etc/puppet/node.rb
>>> katello.example.com' returned 1:
>>> Warning: Not using cache on failed catalog
>>> Error: Could not retrieve catalog; skipping run
>>>
>>> Up until a few weeks ago (hard to say specifically) the puppet agent -t
>>> would run fine after a reset.
>>>
>>> Is there a foreman-installer command I should run after a reset? Or perhaps
>>> the vagrant user needs permissions? Or... I don't know!
>> Can you show the output of manually running:
>>
>> /etc/puppet/node.rb katello.example.com
>>
>
> $ sudo /etc/puppet/node.rb katello.example.com
> Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
>
···
----- Original Message -----
> On 03/03/2016 06:04 PM, Tom McKay wrote:
> >
> > ----- Original Message -----
> >> On Thu, Mar 03, 2016 at 05:02:51PM -0500, Tom McKay wrote:
> >>> After running 'rake katello:reset' on a development server (vagrant up
> >>> centos7-devel), I am unable to run puppet agent -t
> >>>
> >>> $ sudo puppet agent -t
> >>> Warning: Unable to fetch my node definition, but the agent run will
> >>> continue:
> >>> Warning: Error 400 on SERVER: Failed to find katello.example.com via
> >>> exec:
> >>> Execution of '/etc/puppet/node.rb katello.example.com' returned 1:
> >>> Info: Retrieving pluginfacts
> >>> Info: Retrieving plugin
> >>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match.
> >>> Use
> >>> --nocheck to suppress the warning.
> >>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match.
> >>> Use
> >>> --nocheck to suppress the warning.
> >>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match.
> >>> Use
> >>> --nocheck to suppress the warning.
> >>> Error: Could not retrieve catalog from remote server: Error 400 on
> >>> SERVER:
> >>> Failed when searching for node katello.example.com: Failed to find
> >>> katello.example.com via exec: Execution of '/etc/puppet/node.rb
> >>> katello.example.com' returned 1:
> >>> Warning: Not using cache on failed catalog
> >>> Error: Could not retrieve catalog; skipping run
> >>>
> >>> Up until a few weeks ago (hard to say specifically) the puppet agent -t
> >>> would run fine after a reset.
> >>>
> >>> Is there a foreman-installer command I should run after a reset? Or
> >>> perhaps
> >>> the vagrant user needs permissions? Or... I don't know!
> >> Can you show the output of manually running:
> >>
> >> /etc/puppet/node.rb katello.example.com
> >>
> >
> > $ sudo /etc/puppet/node.rb katello.example.com
> > Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=SSLv3
> > read server certificate B: certificate verify failed
> >
> You might checking your http config, there's a current dev installer bug
> where crane is configured improperly on a dev install.
>
> in change these lines
>
> SSLCertificateFile "/etc/pki/tls/certs/localhost.crt"
> SSLCertificateKeyFile "/etc/pki/tls/private/localhost.key"
>
>
> to
>
> SSLCertificateFile "/etc/pki/katello/certs/katello-default-ca.crt"
> SSLCertificateKeyFile "/etc/pki/katello/private/katello-default-ca.key"
>
> and restart apache. This crane configuration affects other vhosts it
> seems. Ehelms was working on a fix, but i'm not sure about the status
> of that or if there is currently a PR open.
>
> -Justin
>
>
>
The change missing was in /etc/httpd/conf.d/03-crane.conf
puppet agent -t success
···
----- Original Message -----
>
>
> ----- Original Message -----
> > On 03/03/2016 06:04 PM, Tom McKay wrote:
> > >
> > > ----- Original Message -----
> > >> On Thu, Mar 03, 2016 at 05:02:51PM -0500, Tom McKay wrote:
> > >>> After running 'rake katello:reset' on a development server (vagrant up
> > >>> centos7-devel), I am unable to run puppet agent -t
> > >>>
> > >>> $ sudo puppet agent -t
> > >>> Warning: Unable to fetch my node definition, but the agent run will
> > >>> continue:
> > >>> Warning: Error 400 on SERVER: Failed to find katello.example.com via
> > >>> exec:
> > >>> Execution of '/etc/puppet/node.rb katello.example.com' returned 1:
> > >>> Info: Retrieving pluginfacts
> > >>> Info: Retrieving plugin
> > >>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match.
> > >>> Use
> > >>> --nocheck to suppress the warning.
> > >>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match.
> > >>> Use
> > >>> --nocheck to suppress the warning.
> > >>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match.
> > >>> Use
> > >>> --nocheck to suppress the warning.
> > >>> Error: Could not retrieve catalog from remote server: Error 400 on
> > >>> SERVER:
> > >>> Failed when searching for node katello.example.com: Failed to find
> > >>> katello.example.com via exec: Execution of '/etc/puppet/node.rb
> > >>> katello.example.com' returned 1:
> > >>> Warning: Not using cache on failed catalog
> > >>> Error: Could not retrieve catalog; skipping run
> > >>>
> > >>> Up until a few weeks ago (hard to say specifically) the puppet agent -t
> > >>> would run fine after a reset.
> > >>>
> > >>> Is there a foreman-installer command I should run after a reset? Or
> > >>> perhaps
> > >>> the vagrant user needs permissions? Or... I don't know!
> > >> Can you show the output of manually running:
> > >>
> > >> /etc/puppet/node.rb katello.example.com
> > >>
> > >
> > > $ sudo /etc/puppet/node.rb katello.example.com
> > > Could not send facts to Foreman: SSL_connect returned=1 errno=0
> > > state=SSLv3
> > > read server certificate B: certificate verify failed
> > >
> > You might checking your http config, there's a current dev installer bug
> > where crane is configured improperly on a dev install.
> >
> > in change these lines
> >
> > SSLCertificateFile "/etc/pki/tls/certs/localhost.crt"
> > SSLCertificateKeyFile "/etc/pki/tls/private/localhost.key"
> >
> >
> > to
> >
> > SSLCertificateFile "/etc/pki/katello/certs/katello-default-ca.crt"
> > SSLCertificateKeyFile "/etc/pki/katello/private/katello-default-ca.key"
> >
> > and restart apache. This crane configuration affects other vhosts it
> > seems. Ehelms was working on a fix, but i'm not sure about the status
> > of that or if there is currently a PR open.
> >
> > -Justin
> >
> >
> >
>
> Below is already in /etc/httpd/conf.d/05-katello-ssl.conf. Should there be
> something in 05-katello.conf?
>
> ## SSL directives
> SSLEngine on
> SSLCertificateFile "/etc/pki/katello/certs/katello-default-ca.crt"
> SSLCertificateKeyFile "/etc/pki/katello/private/katello-default-ca.key"
> SSLCACertificatePath "/etc/pki/tls/certs"
> SSLCACertificateFile "/etc/pki/katello/certs/katello-default-ca.crt"
> SSLVerifyClient optional
> SSLVerifyDepth 3
> SSLOptions +StdEnvVars
>