Hello,
*I'm having issues with puppetrun and puppetssh *(:puppet_provider:
puppetssh)
Attached foreman debug file.
Env:
OS: redhat
RELEASE: CentOS release 6.6 (Final)
FOREMAN: 1.7.1
RUBY: ruby 1.8.7 (2013-06-27 patchlevel 374) [x86_64-linux]
PUPPET: 3.7.3
Selinux is disabled on all machines and on foreman.
Configured: /etc/foreman-proxy/settings.d/puppet.yml to use puppetssh
I can run remote commands from foreman to the client without any issues
(passwordless ssh Key authentications works) with user root.
When i run Puppetrun from foreman UI it shows that it run successfully:
And i can see that at the /var/log/foreman-proxy/proxy.log file:
192.168.249.91 - - [20/Jan/2015 11:55:02] "POST /run HTTP/1.1" 200 - 0.0038
however it's not running… it fails… and puppet agent is not running on
the client.
Here is the /var/log/messages on the client:
Jan 20 11:02:30 stg-web2 tag_audit_log: type=CRYPTO_KEY_USER
msg=audit(1421751743.419:25456): user pid=30298 uid=0 auid=4294967295
ses=4294967295 msg='op=destroy kind=server
fp=b3:06:c8:b1:ec:3e:c6:68:a7:41:fb:3c:97:c4:75:1d direction=? spid=30298
suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.249.91 terminal=?
res=success'
Jan 20 11:02:30 stg-web2 tag_audit_log: type=CRYPTO_KEY_USER
msg=audit(1421751743.419:25457): user pid=30298 uid=0 auid=4294967295
ses=4294967295 msg='op=destroy kind=server
fp=e0:bf:2d:e5:79:f5:3e:f8:c2:ab:2c:3d:09:33:91:d3 direction=? spid=30298
suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.249.91 terminal=?
res=success'
Jan 20 11:02:30 stg-web2 tag_audit_log: type=CRYPTO_SESSION
msg=audit(1421751743.421:25458): user pid=30297 uid=0 auid=4294967295
ses=4294967295 msg='op=start direction=from-client cipher=aes128-ctr
ksize=128 spid=30298 suid=74 rport=34565 laddr=192.168.249.178 lport=22
exe="/usr/sbin/sshd" hostname=? addr=192.168.249.91 terminal=? res=success'
Jan 20 11:02:30 stg-web2 tag_audit_log: type=CRYPTO_SESSION
msg=audit(1421751743.422:25459): user pid=30297 uid=0 auid=4294967295
ses=4294967295 msg='op=start direction=from-server cipher=aes128-ctr
ksize=128 spid=30298 suid=74 rport=34565 laddr=192.168.249.178 lport=22
exe="/usr/sbin/sshd" hostname=? addr=192.168.249.91 terminal=? res=success'
Jan 20 11:02:30 stg-web2 tag_audit_log: type=CRYPTO_KEY_USER
msg=audit(1421751743.466:25460): user pid=30297 uid=0 auid=4294967295
ses=4294967295 msg='op=destroy kind=session fp=? direction=both spid=30298
suid=74 rport=34565 laddr=192.168.249.178 lport=22 exe="/usr/sbin/sshd"
hostname=? addr=192.168.249.91 terminal=? res=success'
Jan 20 11:02:30 stg-web2 tag_audit_log: type=CRYPTO_KEY_USER
msg=audit(1421751743.466:25461): user pid=30297 uid=0 auid=4294967295
ses=4294967295 msg='op=destroy kind=server
fp=b3:06:c8:b1:ec:3e:c6:68:a7:41:fb:3c:97:c4:75:1d direction=? spid=30297
suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.249.91 terminal=?
res=success'
Jan 20 11:02:30 stg-web2 tag_audit_log: type=CRYPTO_KEY_USER
msg=audit(1421751743.466:25462): user pid=30297 uid=0 auid=4294967295
ses=4294967295 msg='op=destroy kind=server
fp=e0:bf:2d:e5:79:f5:3e:f8:c2:ab:2c:3d:09:33:91:d3 direction=? spid=30297
suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.249.91 terminal=?
res=success'
Jan 20 11:02:30 stg-web2 tag_audit_log: type=USER_LOGIN
msg=audit(1421751743.466:25463): user pid=30297 uid=0 auid=4294967295
ses=4294967295 msg='op=login acct=28756E6B6E6F776E207573657229
exe="/usr/sbin/sshd" hostname=? addr=192.168.249.91 terminal=ssh res=
failed'
Here is the /etc/foreman-proxy/settings.d/puppet.yml:
···
--- # Puppet management :enabled: true :puppet_conf: /etc/puppet/puppet.conf # valid providers: # puppetrun (for puppetrun/kick, deprecated in Puppet 3) # mcollective (uses mco puppet) # puppetssh (run puppet over ssh) # salt (uses salt puppet.run) # customrun (calls a custom command with args) :puppet_provider: puppetsshcustomrun command details
Set :customrun_cmd to the full path of the script you want to run,
instead of /bin/false
#:customrun_cmd: /bin/false
Set :customrun_args to any args you want to pass to your custom script.
The hostname of the
system to run against will be appended after the custom commands.
#:customrun_args: -ay -f -s
whether to use sudo before the ssh command
:puppetssh_sudo: false
the command which will be sent to the host
:puppetssh_command: /usr/bin/puppet agent --onetime --no-usecacheonfailure
wait for the command to finish (and capture exit code), or detach process
and return 0
Note: enabling this option causes the Foreman web UI to be blocked when
executing puppetrun,
with timeout from the Browser and/or Foreman’s REST client after 60
seconds.
:puppetssh_wait: false
With which user should the proxy connect
:puppetssh_user: root
:puppetssh_keyfile: /etc/foreman-proxy/id_rsa
Which user to invoke sudo as to run puppet commands
#:puppet_user: root
URL of the puppet master itself for API requests
:puppet_url: https://foreman.hosts-app.com:8140
SSL certificates used to access the puppet master API
:puppet_ssl_ca: /var/lib/puppet/ssl/certs/ca.pem
:puppet_ssl_cert: /var/lib/puppet/ssl/certs/foreman.hosts-app.com.pem
:puppet_ssl_key: /var/lib/puppet/ssl/private_keys/foreman.hosts-app.com.pem
Override use of Puppet’s API to list environments, by default it will use
only if
environmentpath is given in puppet.conf, else will look for environments
in puppet.conf
#:puppet_use_environment_api: true
What as i missing here ?
as mentioned above, If SELINUX is disabled
[root@foreman ~]# sestatus
SELinux status: disabled
And on the clients:
[root@stg-web2 ~]# sestatus
SELinux status: disabled
[root@stg-web2 ~]#
Why Would “ssh terminal” fails with root user ?