Puppet help after running rake katello:reset on a dev server

After running 'rake katello:reset' on a development server (vagrant up centos7-devel), I am unable to run puppet agent -t

$ sudo puppet agent -t
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 400 on SERVER: Failed to find katello.example.com via exec: Execution of '/etc/puppet/node.rb katello.example.com' returned 1:
Info: Retrieving pluginfacts
Info: Retrieving plugin
Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use --nocheck to suppress the warning.
Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use --nocheck to suppress the warning.
Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use --nocheck to suppress the warning.
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed when searching for node katello.example.com: Failed to find katello.example.com via exec: Execution of '/etc/puppet/node.rb katello.example.com' returned 1:
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

Up until a few weeks ago (hard to say specifically) the puppet agent -t would run fine after a reset.

Is there a foreman-installer command I should run after a reset? Or perhaps the vagrant user needs permissions? Or… I don't know!

··· --

@thomasmckay

Can you show the output of manually running:

/etc/puppet/node.rb katello.example.com

··· On Thu, Mar 03, 2016 at 05:02:51PM -0500, Tom McKay wrote: > > After running 'rake katello:reset' on a development server (vagrant up centos7-devel), I am unable to run puppet agent -t > > $ sudo puppet agent -t > Warning: Unable to fetch my node definition, but the agent run will continue: > Warning: Error 400 on SERVER: Failed to find katello.example.com via exec: Execution of '/etc/puppet/node.rb katello.example.com' returned 1: > Info: Retrieving pluginfacts > Info: Retrieving plugin > Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use --nocheck to suppress the warning. > Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use --nocheck to suppress the warning. > Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use --nocheck to suppress the warning. > Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed when searching for node katello.example.com: Failed to find katello.example.com via exec: Execution of '/etc/puppet/node.rb katello.example.com' returned 1: > Warning: Not using cache on failed catalog > Error: Could not retrieve catalog; skipping run > > Up until a few weeks ago (hard to say specifically) the puppet agent -t would run fine after a reset. > > Is there a foreman-installer command I should run after a reset? Or perhaps the vagrant user needs permissions? Or... I don't know!

$ sudo /etc/puppet/node.rb katello.example.com
Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

··· ----- Original Message ----- > On Thu, Mar 03, 2016 at 05:02:51PM -0500, Tom McKay wrote: > > > > After running 'rake katello:reset' on a development server (vagrant up > > centos7-devel), I am unable to run puppet agent -t > > > > $ sudo puppet agent -t > > Warning: Unable to fetch my node definition, but the agent run will > > continue: > > Warning: Error 400 on SERVER: Failed to find katello.example.com via exec: > > Execution of '/etc/puppet/node.rb katello.example.com' returned 1: > > Info: Retrieving pluginfacts > > Info: Retrieving plugin > > Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use > > --nocheck to suppress the warning. > > Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use > > --nocheck to suppress the warning. > > Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use > > --nocheck to suppress the warning. > > Error: Could not retrieve catalog from remote server: Error 400 on SERVER: > > Failed when searching for node katello.example.com: Failed to find > > katello.example.com via exec: Execution of '/etc/puppet/node.rb > > katello.example.com' returned 1: > > Warning: Not using cache on failed catalog > > Error: Could not retrieve catalog; skipping run > > > > Up until a few weeks ago (hard to say specifically) the puppet agent -t > > would run fine after a reset. > > > > Is there a foreman-installer command I should run after a reset? Or perhaps > > the vagrant user needs permissions? Or... I don't know! > > Can you show the output of manually running: > > /etc/puppet/node.rb katello.example.com >

You might checking your http config, there's a current dev installer bug
where crane is configured improperly on a dev install.

in change these lines

SSLCertificateFile "/etc/pki/tls/certs/localhost.crt"
SSLCertificateKeyFile "/etc/pki/tls/private/localhost.key"

to

SSLCertificateFile "/etc/pki/katello/certs/katello-default-ca.crt"
SSLCertificateKeyFile "/etc/pki/katello/private/katello-default-ca.key"

and restart apache. This crane configuration affects other vhosts it
seems. Ehelms was working on a fix, but i'm not sure about the status
of that or if there is currently a PR open.

-Justin

··· On 03/03/2016 06:04 PM, Tom McKay wrote: > > ----- Original Message ----- >> On Thu, Mar 03, 2016 at 05:02:51PM -0500, Tom McKay wrote: >>> After running 'rake katello:reset' on a development server (vagrant up >>> centos7-devel), I am unable to run puppet agent -t >>> >>> $ sudo puppet agent -t >>> Warning: Unable to fetch my node definition, but the agent run will >>> continue: >>> Warning: Error 400 on SERVER: Failed to find katello.example.com via exec: >>> Execution of '/etc/puppet/node.rb katello.example.com' returned 1: >>> Info: Retrieving pluginfacts >>> Info: Retrieving plugin >>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use >>> --nocheck to suppress the warning. >>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use >>> --nocheck to suppress the warning. >>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. Use >>> --nocheck to suppress the warning. >>> Error: Could not retrieve catalog from remote server: Error 400 on SERVER: >>> Failed when searching for node katello.example.com: Failed to find >>> katello.example.com via exec: Execution of '/etc/puppet/node.rb >>> katello.example.com' returned 1: >>> Warning: Not using cache on failed catalog >>> Error: Could not retrieve catalog; skipping run >>> >>> Up until a few weeks ago (hard to say specifically) the puppet agent -t >>> would run fine after a reset. >>> >>> Is there a foreman-installer command I should run after a reset? Or perhaps >>> the vagrant user needs permissions? Or... I don't know! >> Can you show the output of manually running: >> >> /etc/puppet/node.rb katello.example.com >> > > $ sudo /etc/puppet/node.rb katello.example.com > Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed >

Below is already in /etc/httpd/conf.d/05-katello-ssl.conf. Should there be something in 05-katello.conf?

SSL directives

SSLEngine on
SSLCertificateFile "/etc/pki/katello/certs/katello-default-ca.crt"
SSLCertificateKeyFile "/etc/pki/katello/private/katello-default-ca.key"
SSLCACertificatePath "/etc/pki/tls/certs"
SSLCACertificateFile "/etc/pki/katello/certs/katello-default-ca.crt"
SSLVerifyClient optional
SSLVerifyDepth 3
SSLOptions +StdEnvVars

··· ----- Original Message ----- > On 03/03/2016 06:04 PM, Tom McKay wrote: > > > > ----- Original Message ----- > >> On Thu, Mar 03, 2016 at 05:02:51PM -0500, Tom McKay wrote: > >>> After running 'rake katello:reset' on a development server (vagrant up > >>> centos7-devel), I am unable to run puppet agent -t > >>> > >>> $ sudo puppet agent -t > >>> Warning: Unable to fetch my node definition, but the agent run will > >>> continue: > >>> Warning: Error 400 on SERVER: Failed to find katello.example.com via > >>> exec: > >>> Execution of '/etc/puppet/node.rb katello.example.com' returned 1: > >>> Info: Retrieving pluginfacts > >>> Info: Retrieving plugin > >>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. > >>> Use > >>> --nocheck to suppress the warning. > >>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. > >>> Use > >>> --nocheck to suppress the warning. > >>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. > >>> Use > >>> --nocheck to suppress the warning. > >>> Error: Could not retrieve catalog from remote server: Error 400 on > >>> SERVER: > >>> Failed when searching for node katello.example.com: Failed to find > >>> katello.example.com via exec: Execution of '/etc/puppet/node.rb > >>> katello.example.com' returned 1: > >>> Warning: Not using cache on failed catalog > >>> Error: Could not retrieve catalog; skipping run > >>> > >>> Up until a few weeks ago (hard to say specifically) the puppet agent -t > >>> would run fine after a reset. > >>> > >>> Is there a foreman-installer command I should run after a reset? Or > >>> perhaps > >>> the vagrant user needs permissions? Or... I don't know! > >> Can you show the output of manually running: > >> > >> /etc/puppet/node.rb katello.example.com > >> > > > > $ sudo /etc/puppet/node.rb katello.example.com > > Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=SSLv3 > > read server certificate B: certificate verify failed > > > You might checking your http config, there's a current dev installer bug > where crane is configured improperly on a dev install. > > in change these lines > > SSLCertificateFile "/etc/pki/tls/certs/localhost.crt" > SSLCertificateKeyFile "/etc/pki/tls/private/localhost.key" > > > to > > SSLCertificateFile "/etc/pki/katello/certs/katello-default-ca.crt" > SSLCertificateKeyFile "/etc/pki/katello/private/katello-default-ca.key" > > and restart apache. This crane configuration affects other vhosts it > seems. Ehelms was working on a fix, but i'm not sure about the status > of that or if there is currently a PR open. > > -Justin > > >

https://github.com/Katello/katello-installer/pull/305

The change missing was in /etc/httpd/conf.d/03-crane.conf

puppet agent -t success

··· ----- Original Message ----- > > > ----- Original Message ----- > > On 03/03/2016 06:04 PM, Tom McKay wrote: > > > > > > ----- Original Message ----- > > >> On Thu, Mar 03, 2016 at 05:02:51PM -0500, Tom McKay wrote: > > >>> After running 'rake katello:reset' on a development server (vagrant up > > >>> centos7-devel), I am unable to run puppet agent -t > > >>> > > >>> $ sudo puppet agent -t > > >>> Warning: Unable to fetch my node definition, but the agent run will > > >>> continue: > > >>> Warning: Error 400 on SERVER: Failed to find katello.example.com via > > >>> exec: > > >>> Execution of '/etc/puppet/node.rb katello.example.com' returned 1: > > >>> Info: Retrieving pluginfacts > > >>> Info: Retrieving plugin > > >>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. > > >>> Use > > >>> --nocheck to suppress the warning. > > >>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. > > >>> Use > > >>> --nocheck to suppress the warning. > > >>> Warning: nmcli (1.0.6) and NetworkManager (1.0.0) versions don't match. > > >>> Use > > >>> --nocheck to suppress the warning. > > >>> Error: Could not retrieve catalog from remote server: Error 400 on > > >>> SERVER: > > >>> Failed when searching for node katello.example.com: Failed to find > > >>> katello.example.com via exec: Execution of '/etc/puppet/node.rb > > >>> katello.example.com' returned 1: > > >>> Warning: Not using cache on failed catalog > > >>> Error: Could not retrieve catalog; skipping run > > >>> > > >>> Up until a few weeks ago (hard to say specifically) the puppet agent -t > > >>> would run fine after a reset. > > >>> > > >>> Is there a foreman-installer command I should run after a reset? Or > > >>> perhaps > > >>> the vagrant user needs permissions? Or... I don't know! > > >> Can you show the output of manually running: > > >> > > >> /etc/puppet/node.rb katello.example.com > > >> > > > > > > $ sudo /etc/puppet/node.rb katello.example.com > > > Could not send facts to Foreman: SSL_connect returned=1 errno=0 > > > state=SSLv3 > > > read server certificate B: certificate verify failed > > > > > You might checking your http config, there's a current dev installer bug > > where crane is configured improperly on a dev install. > > > > in change these lines > > > > SSLCertificateFile "/etc/pki/tls/certs/localhost.crt" > > SSLCertificateKeyFile "/etc/pki/tls/private/localhost.key" > > > > > > to > > > > SSLCertificateFile "/etc/pki/katello/certs/katello-default-ca.crt" > > SSLCertificateKeyFile "/etc/pki/katello/private/katello-default-ca.key" > > > > and restart apache. This crane configuration affects other vhosts it > > seems. Ehelms was working on a fix, but i'm not sure about the status > > of that or if there is currently a PR open. > > > > -Justin > > > > > > > > Below is already in /etc/httpd/conf.d/05-katello-ssl.conf. Should there be > something in 05-katello.conf? > > ## SSL directives > SSLEngine on > SSLCertificateFile "/etc/pki/katello/certs/katello-default-ca.crt" > SSLCertificateKeyFile "/etc/pki/katello/private/katello-default-ca.key" > SSLCACertificatePath "/etc/pki/tls/certs" > SSLCACertificateFile "/etc/pki/katello/certs/katello-default-ca.crt" > SSLVerifyClient optional > SSLVerifyDepth 3 > SSLOptions +StdEnvVars >