Problem:
- Foreman unable to run the puppet agent on client and shows that host status in RED.
When run puppet agent on client manually then foreman start shows the status in green. - puppetrun button is not working from the forman web portal for the individual clients and
throwing error as below:
failed to execute puppetrun: ERF12-4252 [ProxyAPI::ProxyException]: Unable to execute Puppet run ([RestClient::InternalServerError]: 500 Internal Server Error) for proxy https://noida-puppet.cadence.com:8443/puppet ""
I have followed the instruction from foreman manual under section 4.3.6 but doesn’t helped.
Expected outcome: Puppet agent should run itself on all hosts configured in foreman and keep its status green. Puppetrun button should work from foreman webportal
Foreman and Proxy versions: foreman 1.20 (central foreman server configured with central puppet CA for all external masters)
puppetserver version: 5.3.6 (external puppet master)
puppet version : 5.5.8
Foreman and Proxy plugin versions: foreman 1.20
Other relevant data:
Configuration done on External puppet masters:
===========================================
cat /etc/foreman-proxy/settings.d/puppet.yml | grep -v "^#"
---
:enabled: https
:use_provider: puppet_proxy_mcollective
:puppet_version: 5.5.8
============================================
cat /etc/puppetlabs/puppet/auth.conf (add below content)
path /puppet/v3/environments
method find
allow *
path /puppet/v3/environment_classes
method find
allow *
path /puppet/v3/resource_type
method search
allow *
===========================================
cat /etc/sudoers | grep foreman
Defaults:foreman-proxy !requiretty
foreman-proxy ALL = NOPASSWD: /opt/puppetlabs/bin/mco puppet runonce *
===========================================
On Client server :
========================================
In /etc/puppetlabs/puppet/auth.conf
# added to enable puppetrun
path /run
auth any
method save
allow *
=========================================
cat /etc/puppetlabs/puppet/puppet.conf | grep listen
listen = true
=========================================
Proxy logs on puppet master:
tailf /var/log/foreman-proxy/proxy.log
2018-12-03T08:10:27 [D] accept: ::ffff:10.254.15.25:40626
2018-12-03T08:10:27 [D] Rack::Handler::WEBrick is invoked.
2018-12-03T08:10:27 7b28c0a0 [I] Started POST /run
2018-12-03T08:10:27 7b28c0a0 [D] verifying remote client ::ffff:10.254.15.25 against trusted_hosts ["foreman.example.com", "frm-server04.cadence.com", "noida-puppet.cadence.com"]
2018-12-03T08:10:27 7b28c0a0 [D] about to execute: ["/usr/bin/sudo", "-Hu", "root", "/opt/puppetlabs/bin/mco", "puppet", "runonce", "-I", "frm-test.cadence.com"]
2018-12-03T08:10:28 7b28c0a0 [W] Non-null exit code when executing '["/usr/bin/sudo", "-Hu", "root", "/opt/puppetlabs/bin/mco", "puppet", "runonce", "-I", "frm-test.cadence.com"]'
2018-12-03T08:10:28 7b28c0a0 [E] Failed puppet run: Check Log files
2018-12-03T08:10:28 7b28c0a0 [D] Failed puppet run: Check Log files
2018-12-03T08:10:28 7b28c0a0 [I] Finished POST /run with 500 (682.63 ms)
2018-12-03T08:10:28 [D] close: ::ffff:10.254.15.25:40626
===================================================
tailf /var/log/messages on puppet master
Dec 3 08:12:42 noida-puppet smart-proxy: sudo: ldap_sasl_bind_s(): Can't contact LDAP server
Dec 3 08:12:42 noida-puppet sudo: foreman-proxy : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/opt/puppetlabs/bin/mco puppet runonce -I frm-test.cadence.com
Dec 3 08:12:42 noida-puppet smart-proxy: frm-server04.cadence.com - - [03/Dec/2018:08:12:42 IST] "POST /puppet/run HTTP/1.1" 500 34
Dec 3 08:12:42 noida-puppet smart-proxy: - -> /puppet/run
========================================
I am using local file for sudoers in nsswitch.conf.
cat /etc/nsswitch.conf| grep sudo
sudoers: files ldap
========================================
Any help will be highly appreciated