Hi,
I'm currently trying out the latest RC release from the
yum.theforeman.org development repository on CentOS 6. I'm running
into some issues getting puppetca management set up.
Currently if I click on 'Certificates' in the Smart Proxies page (the
proxy is on the same server as foreman), I get this error:
406 Not Acceptable
proxy.log (debug logging) shows this:
D, [2012-07-10T20:00:24.262606 #11668] DEBUG – : Found puppetca at /
usr/sbin/puppetca
D, [2012-07-10T20:00:24.403306 #11668] DEBUG – : Found sudo at /usr/
bin/sudo
D, [2012-07-10T20:00:24.409663 #11668] DEBUG – : Executing /usr/bin/
sudo -S /usr/sbin/puppetca --list --all
W, [2012-07-10T20:00:26.086581 #11668] WARN – : Failed to run
puppetca:
E, [2012-07-10T20:00:26.184872 #11668] ERROR – : Failed to list
certificates: Execution of puppetca failed, check log files
Here is how I've set it up and a few other details/things I've tried:
- Running Puppet 2.7.17. Rolled back to an earlier version (2.7.14),
same error
- /etc/puppet/autosign.conf owned by foreman-proxy. Tested via
interface, Foreman can read/write this file
- Foreman proxy settings.yaml edited as per
Settingsyml - Smart Proxy - Foreman - plus
sudoers lines added
- Tested execution of puppetca with this command: sudo -u foreman-
proxy -S /usr/sbin/puppetca list --all. Works fine
- Tried running smartproxy as root instead of via init script, same
error
- SELinux is disabled
Not sure what else to try at this point, but I'm not sure if this is
an issue with the latest RC, or an issue with my server. As far as I
can see I've set it up correctly. Any help would be greatly
appreciated.
Hi,
what does /var/log/secure and /var/log/messages saying?
regards flo
···
2012/7/10 Andy Taylor
Hi,
I’m currently trying out the latest RC release from the
yum.theforeman.org development repository on CentOS 6. I’m running
into some issues getting puppetca management set up.
Currently if I click on ‘Certificates’ in the Smart Proxies page (the
proxy is on the same server as foreman), I get this error:
406 Not Acceptable
proxy.log (debug logging) shows this:
D, [2012-07-10T20:00:24.262606 #11668] DEBUG – : Found puppetca at /
usr/sbin/puppetca
D, [2012-07-10T20:00:24.403306 #11668] DEBUG – : Found sudo at /usr/
bin/sudo
D, [2012-07-10T20:00:24.409663 #11668] DEBUG – : Executing /usr/bin/
sudo -S /usr/sbin/puppetca --list --all
W, [2012-07-10T20:00:26.086581 #11668] WARN – : Failed to run
puppetca:
E, [2012-07-10T20:00:26.184872 #11668] ERROR – : Failed to list
certificates: Execution of puppetca failed, check log files
Here is how I’ve set it up and a few other details/things I’ve tried:
- Running Puppet 2.7.17. Rolled back to an earlier version (2.7.14),
same error
- /etc/puppet/autosign.conf owned by foreman-proxy. Tested via
interface, Foreman can read/write this file
- Foreman proxy settings.yaml edited as per
Settingsyml - Smart Proxy - Foreman - plus
sudoers lines added
- Tested execution of puppetca with this command: sudo -u foreman-
proxy -S /usr/sbin/puppetca list --all. Works fine
- Tried running smartproxy as root instead of via init script, same
error
- SELinux is disabled
Not sure what else to try at this point, but I’m not sure if this is
an issue with the latest RC, or an issue with my server. As far as I
can see I’ve set it up correctly. Any help would be greatly
appreciated.
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
Thanks Flo - didn't think to look there…!
This was coming up in /var/log/secure:
sudo: pam_unix(sudo:auth): conversation failed
sudo: pam_unix(sudo:auth): auth could not identify password for
[foreman-proxy]
sudo: foreman-proxy : 3 incorrect password attempts ; TTY=unknown ; PWD=/ ;
USER=root ; COMMAND=/usr/sbin/puppetca --list --all
This was due to me using the sudoers lines as listed here:
http://theforeman.org/projects/smart-proxy/wiki/Settingsyml
So I switched to an alteration of the ones suggested in this ticket in
Redmine: Bug #1014: sudoers file does not support puppet 2.6+ for puppetca and puppetrun - Smart Proxy - Foreman
foreman ALL = NOPASSWD: /usr/sbin/puppetca, /usr/bin/puppet
Defaults:foreman !requiretty
foreman ALL = NOPASSWD: /usr/sbin/puppetrun, /usr/bin/puppet
foreman-proxy ALL = NOPASSWD: /usr/sbin/puppetca, /usr/bin/puppet
Defaults:foreman-proxy !requiretty
(puppet binary paths updated for CentOS)
That fixed it. Should the documentation perhaps be updated to match? I can
do it tomorrow, time permitting (and if my Redmine account lets me)
Thanks!
Andy
···
On Tuesday, July 10, 2012 8:43:54 PM UTC+1, Florian Koch wrote:
>
> Hi,
>
> what does /var/log/secure and /var/log/messages saying?
>
>
> regards flo
>
> 2012/7/10 Andy Taylor
>
>> Hi,
>>
>> I'm currently trying out the latest RC release from the
>> yum.theforeman.org development repository on CentOS 6. I'm running
>> into some issues getting puppetca management set up.
>>
>> Currently if I click on 'Certificates' in the Smart Proxies page (the
>> proxy is on the same server as foreman), I get this error:
>>
>> 406 Not Acceptable
>>
>> proxy.log (debug logging) shows this:
>>
>> D, [2012-07-10T20:00:24.262606 #11668] DEBUG -- : Found puppetca at /
>> usr/sbin/puppetca
>> D, [2012-07-10T20:00:24.403306 #11668] DEBUG -- : Found sudo at /usr/
>> bin/sudo
>> D, [2012-07-10T20:00:24.409663 #11668] DEBUG -- : Executing /usr/bin/
>> sudo -S /usr/sbin/puppetca --list --all
>> W, [2012-07-10T20:00:26.086581 #11668] WARN -- : Failed to run
>> puppetca:
>> E, [2012-07-10T20:00:26.184872 #11668] ERROR -- : Failed to list
>> certificates: Execution of puppetca failed, check log files
>>
>> Here is how I've set it up and a few other details/things I've tried:
>>
>> - Running Puppet 2.7.17. Rolled back to an earlier version (2.7.14),
>> same error
>> - /etc/puppet/autosign.conf owned by foreman-proxy. Tested via
>> interface, Foreman can read/write this file
>> - Foreman proxy settings.yaml edited as per
>> http://theforeman.org/projects/smart-proxy/wiki/Settingsyml - plus
>> sudoers lines added
>> - Tested execution of puppetca with this command: sudo -u foreman-
>> proxy -S /usr/sbin/puppetca list --all. Works fine
>> - Tried running smartproxy as root instead of via init script, same
>> error
>> - SELinux is disabled
>>
>> Not sure what else to try at this point, but I'm not sure if this is
>> an issue with the latest RC, or an issue with my server. As far as I
>> can see I've set it up correctly. Any help would be greatly
>> appreciated.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Foreman users" group.
>> To post to this group, send email to foreman-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> foreman-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/foreman-users?hl=en.
>>
>>
>
