Puppetrun failed


  1. Foreman unable to run the puppet agent on client and shows that host status in RED.
    When run puppet agent on client manually then foreman start shows the status in green.
  2. puppetrun button is not working from the forman web portal for the individual clients and
    throwing error as below:

failed to execute puppetrun: ERF12-4252 [ProxyAPI::ProxyException]: Unable to execute Puppet run ([RestClient::InternalServerError]: 500 Internal Server Error) for proxy https://noida-puppet.cadence.com:8443/puppet ""

I have followed the instruction from foreman manual under section 4.3.6 but doesn’t helped.

Expected outcome: Puppet agent should run itself on all hosts configured in foreman and keep its status green. Puppetrun button should work from foreman webportal

Foreman and Proxy versions: foreman 1.20 (central foreman server configured with central puppet CA for all external masters)
puppetserver version: 5.3.6 (external puppet master)
puppet version : 5.5.8

Foreman and Proxy plugin versions: foreman 1.20

Other relevant data:

Configuration done on External puppet masters:


cat /etc/foreman-proxy/settings.d/puppet.yml | grep -v "^#"
:enabled: https
:use_provider: puppet_proxy_mcollective
:puppet_version: 5.5.8


cat  /etc/puppetlabs/puppet/auth.conf      (add below content)

path /puppet/v3/environments
method find
allow *

path /puppet/v3/environment_classes
method find
allow *

path /puppet/v3/resource_type
method search
allow *


 cat /etc/sudoers | grep foreman
Defaults:foreman-proxy !requiretty
foreman-proxy ALL = NOPASSWD: /opt/puppetlabs/bin/mco puppet runonce *


On Client server :


In /etc/puppetlabs/puppet/auth.conf

# added to enable puppetrun
 path /run
 auth any
 method save
 allow *


cat /etc/puppetlabs/puppet/puppet.conf | grep listen
    listen = true


Proxy logs on puppet master:

tailf /var/log/foreman-proxy/proxy.log
2018-12-03T08:10:27  [D] accept: ::ffff:
2018-12-03T08:10:27  [D] Rack::Handler::WEBrick is invoked.
2018-12-03T08:10:27 7b28c0a0 [I] Started POST /run
2018-12-03T08:10:27 7b28c0a0 [D] verifying remote client ::ffff: against trusted_hosts ["foreman.example.com", "frm-server04.cadence.com", "noida-puppet.cadence.com"]
2018-12-03T08:10:27 7b28c0a0 [D] about to execute: ["/usr/bin/sudo", "-Hu", "root", "/opt/puppetlabs/bin/mco", "puppet", "runonce", "-I", "frm-test.cadence.com"]
2018-12-03T08:10:28 7b28c0a0 [W] Non-null exit code when executing '["/usr/bin/sudo", "-Hu", "root", "/opt/puppetlabs/bin/mco", "puppet", "runonce", "-I", "frm-test.cadence.com"]'
2018-12-03T08:10:28 7b28c0a0 [E] Failed puppet run: Check Log files
2018-12-03T08:10:28 7b28c0a0 [D] Failed puppet run: Check Log files
2018-12-03T08:10:28 7b28c0a0 [I] Finished POST /run with 500 (682.63 ms)
2018-12-03T08:10:28  [D] close: ::ffff:

tailf /var/log/messages on puppet master

Dec  3 08:12:42 noida-puppet smart-proxy: sudo: ldap_sasl_bind_s(): Can't contact LDAP server
Dec  3 08:12:42 noida-puppet sudo: foreman-proxy : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/opt/puppetlabs/bin/mco puppet runonce -I frm-test.cadence.com
Dec  3 08:12:42 noida-puppet smart-proxy: frm-server04.cadence.com - - [03/Dec/2018:08:12:42 IST] "POST /puppet/run HTTP/1.1" 500 34
Dec  3 08:12:42 noida-puppet smart-proxy: - -> /puppet/run

I am using local file for sudoers in nsswitch.conf.

cat /etc/nsswitch.conf| grep sudo
sudoers:    files ldap


Any help will be highly appreciated

You configured it to use mcollective, did you also setup mcollective? It is also deprected by Puppet (the company).

I prefer to use Remote Execution instead of the Puppet Run Button because it provides more flexibility.