Remote Execution Failed-Foreman

KvotheRCD · January 18, 2023, 9:56am

Problem:

Hi, I’m having trouble running the remote execution plugin. For the configuration I have used this command: sudo foreman-installer --enable-foreman-proxy --enable-foreman-plugin-remote-execution --enable-foreman-proxy-plugin-remote-execution-script --enable-foreman-plugin-ansible --enable-foreman-proxy-plugin-ansible --enable-foreman-plugin-setup

I have verified that in the created hosts there is a public key of the foreman-proxy and I have added the key of the Master Node in which foreman is running.

When I try to do a simple command to check that it works, this is the output:
** 1: Error initializing command: RuntimeError - Could not establish connection to remote host using any available authentication method, tried password, publickey
2: Exit status: EXCEPTION**

The Schedule Remote Job has been tried to be done by user and by rsa key, but none with success.

Expected outcome:
The remote execution plugin works
Foreman and Proxy versions:
Foreman → 3.4.1
Foreman and Proxy plugin versions:
foreman_remote_execution → 8.0.0
Distribution and version:
Rocky Linux 8.7
Other relevant data:

Also from a Master Node terminal I can connect via ssh without any problem. With the user foreman-proxy it simply asks me for the password.

KvotheRCD · January 31, 2023, 11:50am

Can someone help me?

aruzicka · February 7, 2023, 11:07am

Almost surely, the keys that are actually used are not in the right places. That’s all the error says and all that we can guess from what you told us. If you bump log level to debug in /etc/foreman-proxy/settings.yaml you should get the exact commands that foreman-proxy is trying to execute in /var/log/foream-proxy/proxy.log. You can take those and follow along

gvde · February 7, 2023, 12:28pm

Look inside the file /etc/foreman-proxy/settings.d/remote_execution_ssh.yml .

# cat /etc/foreman-proxy/settings.d/remote_execution_ssh.yml 
---
:enabled: https
:ssh_identity_key_file: /var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy
:local_working_dir: /var/tmp
:remote_working_dir: /var/tmp
:kerberos_auth: false

:cockpit_integration: true

# Whether to run remote execution jobs asynchronously
:mode: ssh

Note the identity key file configuration. Now run

# sudo -u foreman-proxy ssh -i /var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy root@client.example.com date

(assuming you log in as root…)

This command must work. If it doesn’t, you have to fix it. Run ssh with option -v and also check in /var/log/secure on the client.

KvotheRCD · February 9, 2023, 10:52am

Thanks for the reply. This command works for me to access via ssh from a terminal, but I still have the problem that if I try to do a Schedule Remote Job from the graphical interface of foreman I get the error:

1: Error initializing command: RuntimeError - Could not establish connection to remote host using any available authentication method, tried publickey
2: Exit status: EXCEPTION

gvde · February 9, 2023, 11:14am

It‘s so much easier to verify if you post the exact command and the output.

As pointed out before the secure log should contain something about the failed attempts…

KvotheRCD · February 9, 2023, 11:21am

Of course, here I attach the foreman-proxy log, and screenshots of what I’ve done:

foreman-proxy.log (19.5 KB)

KvotheRCD · February 9, 2023, 11:28am

Also, when I run the command " sudo -u foreman-proxy ssh -i /var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy root@192.168.0.101 " I have to do it with IP, if I try it with fqdn it doesn’t find the client . Example: " sudo -u foreman-proxy ssh -i /var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy root@node1.dec.udc.es ", the error is: ssh: Could not resolve hostname node1.dec.udc.es: Name or service not known
I don’t know if this can affect the ssh error.

areyus · February 9, 2023, 11:36am

That is most likely the source of your problem. You might have DNS issues. If DNS is generally not working in your environment, you can change Foreman’s behaviour to connect via IP. In the WebUI, got to Administer → Settings → Remote execution, there change “connect by IP” from “no” to “yes”.
If DNS should be working in your environment, you will have to take a look into why Foreman cannot resolve the (or maybe any?) hostnames via DNS.

gvde · February 9, 2023, 11:38am

The command uses the fqdn and it must work. Do you have additional foreman proxies? Is “montoxo” your foreman server?

And again: you really have to check the secure log in your client. It contains the reason why the connection gets rejected…

KvotheRCD · February 9, 2023, 11:40am

Yes, thank you very much, this was the problem, the problem is that the DNS is not working well, and I don’t know why.

KvotheRCD · February 9, 2023, 11:41am

Yes, “montoxo” is the foreman server, the problem is in the DNS as it appears in the Post above. Thank you so much.