On Tuesday 16 of September 2014 14:15:02 John Hazen wrote:

Still having this issue, but have some more info:

In the proxy.log, I see:

10.164.249.10 - - [16/Sep/2014 12:41:47] “DELETE
/mac7446a0f47784.cloud-admin.sv2.247-inc.net HTTP/1.1” 200 - 1.2164
10.164.249.10 - - [16/Sep/2014 12:41:47] “POST
/autosign/mac7446a0f47784.cloud-admin.sv2.247-inc.net HTTP/1.1” 200 -
0.0010
10.164.249.10 - - [16/Sep/2014 12:53:23] “GET /serverName HTTP/1.1” 200 30
0.0020
10.164.249.10 - - [16/Sep/2014 12:53:23] “GET
/10.164.249.0/74:46:a0:f4:77:84 HTTP/1.1” 200 196 0.0502
10.164.249.10 - - [16/Sep/2014 12:53:24] “GET /10.164.249.0/10.164.249.43
HTTP/1.1” 200 196 0.0379
10.164.249.10 - - [16/Sep/2014 12:53:24] “POST /syslinux/74:46:a0:f4:77:84
HTTP/1.1” 200 - 0.0023
10.164.249.10 - - [16/Sep/2014 12:53:24] “DELETE
/autosign/mac7446a0f47784.cloud-admin.sv2.247-inc.net HTTP/1.1” 200 - 0.0010

And, I looked at /etc/puppet/autosign.conf, and the entry is there between
the POST and the DELETE. I’m not sure what is issuing the DELETE, but it
looks as if it’s in response to the "Informing Foreman that we are built"
wget from the kickstart default template.

After adding a ‘-v’ to the puppet agent run in the kickstart POST section,
it looks like the autosign stuff is working, and the first error is:

Info: Retrieving pluginfacts

Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional
resources using ‘eval_generate’: Error 400 on SERVER: Not authorized to
call search on /file_metadata/pluginfacts with {:ignore=>[".svn", “CVS”,
".git"], :recurse=>true, :links=>“manage”, :checksum_type=>“md5”}

So, I guess I’m back to looking for permissions issues with puppet…

On Tuesday, September 16, 2014 11:47:11 AM UTC-7, John Hazen wrote:

I’m doing a simple deployment, and the controller fails:

Actions::Staypuft::Host::WaitUntilHostReady

with:

Staypuft::Exception: ERF42-8963 [Staypuft::Exception]: Latest Puppet Run
Contains Failures for Host: 106

When I do a “puppet agent --test”, I get:

puppet agent --test

Notice: Using less secure serialization of reports and query parameters
for compatibility
Notice: with older puppet master. To remove this notice, please upgrade
your master(s)
Notice: to Puppet 3.3 or newer.
Notice: See http://links.puppetlabs.com/deprecate_yaml_on_network for
more information.
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional
resources using ‘eval_generate’: Error 400 on SERVER: Not authorized to
call search on /file_metadata/pluginfacts with {:ignore=>[".svn", “CVS”,
".git"], :recurse=>true, :links=>“manage”, :checksum_type=>“md5”}
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not
retrieve file metadata for puppet://
fuel02.cloud-admin.sv2.example.com/pluginfacts: Error 400 on SERVER: Not
authorized to call find on /file_metadata/pluginfacts with
{:source_permissions=>“use”, :links=>“manage”}
Wrapped exception:
Error 400 on SERVER: Not authorized to call find on
/file_metadata/pluginfacts with {:source_permissions=>“use”,

:links=>“manage”}

Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
Invalid parameter config_hash at
/etc/puppet/environments/production/modules/quickstack/manifests/db/mysql.
pp:113 on node mac7446a0f47784.cloud-admin.sv2.example.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

After googling, it seems like this should be a permissions issue, but
anything I’ve tried to fix it hasn’t made a difference. I’m wondering if
it may be an autosign thing.

/etc/puppet/autosign.conf is empty

/etc/puppet/auth.conf has:
path /file
allow *

/etc/puppet/fileserver.conf is empty (has many lines, but they’re all
commented out)

Anybody run into this before? What else would I look at to try to debug
the autosigner? Are the autosign credentials time-limited? (I’ve been
debugging on this host for a couple days, so maybe it expired?)

Any help is appreciated. I’m a puppet newb, but trying to learn it and
foreman at the same time.

-John

Hello John,

I think you hit the same issue that Ignacio reported. See thread with name
"Puppet Fail on CentOS" [1]. I don’t think it’s related to autosign, which
is
used only for initial agent registration. Once the host is built, autosign
record is deleted.

Unfortunately we don’t know the cause of issue yet.

[1] https://groups.google.com/forum/#!topic/foreman-users/5iNAr821DXs

–
Marek

On Tuesday 16 of September 2014 14:15:02 John Hazen wrote:

Still having this issue, but have some more info:

In the proxy.log, I see:

10.164.249.10 - - [16/Sep/2014 12:41:47] “DELETE
/mac7446a0f47784.cloud-admin.sv2.247-inc.net HTTP/1.1” 200 - 1.2164
10.164.249.10 - - [16/Sep/2014 12:41:47] “POST
/autosign/mac7446a0f47784.cloud-admin.sv2.247-inc.net HTTP/1.1” 200 -
0.0010
10.164.249.10 - - [16/Sep/2014 12:53:23] “GET /serverName HTTP/1.1” 200
30
0.0020
10.164.249.10 - - [16/Sep/2014 12:53:23] “GET
/10.164.249.0/74:46:a0:f4:77:84 HTTP/1.1” 200 196 0.0502
10.164.249.10 - - [16/Sep/2014 12:53:24] “GET /
10.164.249.0/10.164.249.43
HTTP/1.1” 200 196 0.0379
10.164.249.10 - - [16/Sep/2014 12:53:24] “POST
/syslinux/74:46:a0:f4:77:84
HTTP/1.1” 200 - 0.0023
10.164.249.10 - - [16/Sep/2014 12:53:24] “DELETE
/autosign/mac7446a0f47784.cloud-admin.sv2.247-inc.net HTTP/1.1” 200 -
0.0010

And, I looked at /etc/puppet/autosign.conf, and the entry is there
between
the POST and the DELETE. I’m not sure what is issuing the DELETE, but it
looks as if it’s in response to the "Informing Foreman that we are built"
wget from the kickstart default template.

After adding a ‘-v’ to the puppet agent run in the kickstart POST
section,
it looks like the autosign stuff is working, and the first error is:

Info: Retrieving pluginfacts

Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional
resources using ‘eval_generate’: Error 400 on SERVER: Not authorized to
call search on /file_metadata/pluginfacts with {:ignore=>[".svn",
“CVS”,

“.git”], :recurse=>true, :links=>“manage”, :checksum_type=>“md5”}

So, I guess I’m back to looking for permissions issues with puppet…

On Tuesday, September 16, 2014 11:47:11 AM UTC-7, John Hazen wrote:

I’m doing a simple deployment, and the controller fails:

Actions::Staypuft::Host::WaitUntilHostReady

with:

Staypuft::Exception: ERF42-8963 [Staypuft::Exception]: Latest Puppet
Run

Contains Failures for Host: 106

When I do a “puppet agent --test”, I get:

puppet agent --test

Notice: Using less secure serialization of reports and query parameters
for compatibility
Notice: with older puppet master. To remove this notice, please upgrade
your master(s)
Notice: to Puppet 3.3 or newer.
Notice: See http://links.puppetlabs.com/deprecate_yaml_on_network for
more information.
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional
resources using ‘eval_generate’: Error 400 on SERVER: Not authorized to
call search on /file_metadata/pluginfacts with {:ignore=>[".svn",
“CVS”,

“.git”], :recurse=>true, :links=>“manage”, :checksum_type=>“md5”}
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not
retrieve file metadata for puppet://
fuel02.cloud-admin.sv2.example.com/pluginfacts: Error 400 on SERVER:
Not

authorized to call find on /file_metadata/pluginfacts with
{:source_permissions=>“use”, :links=>“manage”}
Wrapped exception:
Error 400 on SERVER: Not authorized to call find on
/file_metadata/pluginfacts with {:source_permissions=>“use”,

:links=>“manage”}

Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER:

Invalid parameter config_hash at

/etc/puppet/environments/production/modules/quickstack/manifests/db/mysql.

pp:113 on node mac7446a0f47784.cloud-admin.sv2.example.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

After googling, it seems like this should be a permissions issue, but
anything I’ve tried to fix it hasn’t made a difference. I’m wondering
if

it may be an autosign thing.

/etc/puppet/autosign.conf is empty

/etc/puppet/auth.conf has:
path /file
allow *

/etc/puppet/fileserver.conf is empty (has many lines, but they’re all
commented out)

Anybody run into this before? What else would I look at to try to
debug

the autosigner? Are the autosign credentials time-limited? (I’ve been
debugging on this host for a couple days, so maybe it expired?)

Any help is appreciated. I’m a puppet newb, but trying to learn it and
foreman at the same time.

-John

–
You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/foreman-users/YQRlUgOp75E/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

On Thursday 18 of September 2014 09:39:31 John Hazen wrote:

Thanks, Marek.

I remembered that Ignacio had some kind of database problem, but was
focused on the first error in my own debugging.

I’m pretty sure that first error (400 on /file_metadata/pluginfacts) is due
to the puppet master (version 2.7.25) not understanding the plugin stuff.

I was thinking that staypuft-installer installed the old version of puppet,
but now I think that was probably installed by default on CentOS6.5. I’d
like to upgrade the puppet. If I upgrade, then re-run staypuft-installer,
should it do the right thing? Or, do I need to reinstall everything from
scratch?

Separately, I will talk with Ignacio about the database bit.

On Wed, Sep 17, 2014 at 11:04 PM, Marek Hulan mhulan@redhat.com wrote:

Hello John,

I think you hit the same issue that Ignacio reported. See thread with name
"Puppet Fail on CentOS" [1]. I don’t think it’s related to autosign, which
is
used only for initial agent registration. Once the host is built, autosign
record is deleted.

Unfortunately we don’t know the cause of issue yet.

[1] https://groups.google.com/forum/#!topic/foreman-users/5iNAr821DXs

–
Marek

On Tuesday 16 of September 2014 14:15:02 John Hazen wrote:

Still having this issue, but have some more info:

In the proxy.log, I see:

10.164.249.10 - - [16/Sep/2014 12:41:47] “DELETE
/mac7446a0f47784.cloud-admin.sv2.247-inc.net HTTP/1.1” 200 - 1.2164
10.164.249.10 - - [16/Sep/2014 12:41:47] “POST
/autosign/mac7446a0f47784.cloud-admin.sv2.247-inc.net HTTP/1.1” 200 -
0.0010
10.164.249.10 - - [16/Sep/2014 12:53:23] “GET /serverName HTTP/1.1” 200

30

0.0020
10.164.249.10 - - [16/Sep/2014 12:53:23] “GET
/10.164.249.0/74:46:a0:f4:77:84 HTTP/1.1” 200 196 0.0502
10.164.249.10 - - [16/Sep/2014 12:53:24] "GET /

10.164.249.0/10.164.249.43

HTTP/1.1" 200 196 0.0379
10.164.249.10 - - [16/Sep/2014 12:53:24] "POST

/syslinux/74:46:a0:f4:77:84

HTTP/1.1" 200 - 0.0023
10.164.249.10 - - [16/Sep/2014 12:53:24] “DELETE
/autosign/mac7446a0f47784.cloud-admin.sv2.247-inc.net HTTP/1.1” 200 -

0.0010

And, I looked at /etc/puppet/autosign.conf, and the entry is there

between

the POST and the DELETE. I’m not sure what is issuing the DELETE, but
it
looks as if it’s in response to the "Informing Foreman that we are
built"
wget from the kickstart default template.

After adding a ‘-v’ to the puppet agent run in the kickstart POST

section,

it looks like the autosign stuff is working, and the first error is:

Info: Retrieving pluginfacts

Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional
resources using ‘eval_generate’: Error 400 on SERVER: Not authorized
to
call search on /file_metadata/pluginfacts with {:ignore=>[".svn",

“CVS”,

“.git”], :recurse=>true, :links=>“manage”, :checksum_type=>“md5”}

So, I guess I’m back to looking for permissions issues with puppet…

On Tuesday, September 16, 2014 11:47:11 AM UTC-7, John Hazen wrote:

I’m doing a simple deployment, and the controller fails:

Actions::Staypuft::Host::WaitUntilHostReady

with:

Staypuft::Exception: ERF42-8963 [Staypuft::Exception]: Latest Puppet

Run

Contains Failures for Host: 106

When I do a “puppet agent --test”, I get:

puppet agent --test

Notice: Using less secure serialization of reports and query
parameters
for compatibility
Notice: with older puppet master. To remove this notice, please
upgrade
your master(s)
Notice: to Puppet 3.3 or newer.
Notice: See http://links.puppetlabs.com/deprecate_yaml_on_network for
more information.
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional
resources using ‘eval_generate’: Error 400 on SERVER: Not authorized
to
call search on /file_metadata/pluginfacts with {:ignore=>[".svn",

“CVS”,

“.git”], :recurse=>true, :links=>“manage”, :checksum_type=>“md5”}
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not
retrieve file metadata for puppet://

fuel02.cloud-admin.sv2.example.com/pluginfacts: Error 400 on SERVER:
Not

authorized to call find on /file_metadata/pluginfacts with
{:source_permissions=>“use”, :links=>“manage”}
Wrapped exception:
Error 400 on SERVER: Not authorized to call find on
/file_metadata/pluginfacts with {:source_permissions=>“use”,

:links=>“manage”}

Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 400 on

SERVER:

Invalid parameter config_hash at

/etc/puppet/environments/production/modules/quickstack/manifests/db/mysql.

pp:113 on node mac7446a0f47784.cloud-admin.sv2.example.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

After googling, it seems like this should be a permissions issue, but
anything I’ve tried to fix it hasn’t made a difference. I’m wondering

if

it may be an autosign thing.

/etc/puppet/autosign.conf is empty

/etc/puppet/auth.conf has:
path /file
allow *

/etc/puppet/fileserver.conf is empty (has many lines, but they’re all
commented out)

Anybody run into this before? What else would I look at to try to

debug

the autosigner? Are the autosign credentials time-limited? (I’ve
been
debugging on this host for a couple days, so maybe it expired?)

Any help is appreciated. I’m a puppet newb, but trying to learn it
and
foreman at the same time.

-John

–
You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/foreman-users/YQRlUgOp75E/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

–
Marek

On Monday 22 of September 2014 13:43:30 John Hazen wrote:

Hi Marek-

I tried upgrading puppet (and puppet-server) to 3.7, and it seemed to work.
When I re-ran staypuft-installer, I ran into a strange problem.

I get:

Not running provisioning configuration since installation encountered
errors, exit code was 1

Something went wrong! Check the log for ERROR-level output
But there are no ERROR-level items in the log. It looks like this is from
the post-install hook failing.

I’ve posted the full log here:
http://pastebin.com/TjR1H1St

Any thoughts?

-John

On Friday, September 19, 2014 2:08:01 AM UTC-7, Marek Hulan wrote:

Hello,

if you just install new version of puppet that works with
foreman-installer (I
think 2.7-3.7 are known to work, I’d recommend 3.6) then just re-running
staypuft-installer is the right thing.

Hope this helps, let us know about the result.

On Thursday 18 of September 2014 09:39:31 John Hazen wrote:

Thanks, Marek.

I remembered that Ignacio had some kind of database problem, but was
focused on the first error in my own debugging.

I’m pretty sure that first error (400 on /file_metadata/pluginfacts) is

due

to the puppet master (version 2.7.25) not understanding the plugin

stuff.

I was thinking that staypuft-installer installed the old version of

puppet,

but now I think that was probably installed by default on CentOS6.5.

I’d

like to upgrade the puppet. If I upgrade, then re-run

staypuft-installer,

should it do the right thing? Or, do I need to reinstall everything

from

scratch?

Separately, I will talk with Ignacio about the database bit.

On Wed, Sep 17, 2014 at 11:04 PM, Marek Hulan <mhu...@redhat.com > > > > <javascript:>> wrote:

Hello John,

I think you hit the same issue that Ignacio reported. See thread with

name

“Puppet Fail on CentOS” [1]. I don’t think it’s related to autosign,

which

is
used only for initial agent registration. Once the host is built,

autosign

record is deleted.

Unfortunately we don’t know the cause of issue yet.

[1] https://groups.google.com/forum/#!topic/foreman-users/5iNAr821DXs

Still having this issue, but have some more info:

In the proxy.log, I see:

10.164.249.10 - - [16/Sep/2014 12:41:47] “DELETE
/mac7446a0f47784.cloud-admin.sv2.247-inc.net HTTP/1.1” 200 - 1.2164
10.164.249.10 - - [16/Sep/2014 12:41:47] “POST
/autosign/mac7446a0f47784.cloud-admin.sv2.247-inc.net HTTP/1.1” 200

0.0010
10.164.249.10 - - [16/Sep/2014 12:53:23] “GET /serverName HTTP/1.1”

200

30

0.0020
10.164.249.10 - - [16/Sep/2014 12:53:23] “GET
/10.164.249.0/74:46:a0:f4:77:84 HTTP/1.1” 200 196 0.0502
10.164.249.10 - - [16/Sep/2014 12:53:24] "GET /

10.164.249.0/10.164.249.43

HTTP/1.1" 200 196 0.0379
10.164.249.10 - - [16/Sep/2014 12:53:24] "POST

/syslinux/74:46:a0:f4:77:84

HTTP/1.1" 200 - 0.0023
10.164.249.10 - - [16/Sep/2014 12:53:24] “DELETE
/autosign/mac7446a0f47784.cloud-admin.sv2.247-inc.net HTTP/1.1” 200

0.0010

And, I looked at /etc/puppet/autosign.conf, and the entry is there

between

the POST and the DELETE. I’m not sure what is issuing the DELETE,

but

it
looks as if it’s in response to the "Informing Foreman that we are
built"
wget from the kickstart default template.

After adding a ‘-v’ to the puppet agent run in the kickstart POST

section,

it looks like the autosign stuff is working, and the first error is:

Info: Retrieving pluginfacts

Error: /File[/var/lib/puppet/facts.d]: Failed to generate

additional

resources using ‘eval_generate’: Error 400 on SERVER: Not

authorized

to
call search on /file_metadata/pluginfacts with {:ignore=>[".svn",

“CVS”,

“.git”], :recurse=>true, :links=>“manage”, :checksum_type=>“md5”}

So, I guess I’m back to looking for permissions issues with

puppet…

On Tuesday, September 16, 2014 11:47:11 AM UTC-7, John Hazen wrote:

I’m doing a simple deployment, and the controller fails:

Actions::Staypuft::Host::WaitUntilHostReady

with:

Staypuft::Exception: ERF42-8963 [Staypuft::Exception]: Latest

Puppet

Run

Contains Failures for Host: 106

When I do a “puppet agent --test”, I get:

puppet agent --test

Notice: Using less secure serialization of reports and query
parameters
for compatibility
Notice: with older puppet master. To remove this notice, please
upgrade
your master(s)
Notice: to Puppet 3.3 or newer.
Notice: See http://links.puppetlabs.com/deprecate_yaml_on_network

for

more information.
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate

additional

resources using ‘eval_generate’: Error 400 on SERVER: Not

authorized

to
call search on /file_metadata/pluginfacts with {:ignore=>[".svn",

“CVS”,

“.git”], :recurse=>true, :links=>“manage”, :checksum_type=>“md5”}
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could

not

retrieve file metadata for puppet://

fuel02.cloud-admin.sv2.example.com/pluginfacts: Error 400 on

SERVER:

Not

authorized to call find on /file_metadata/pluginfacts with
{:source_permissions=>“use”, :links=>“manage”}
Wrapped exception:
Error 400 on SERVER: Not authorized to call find on
/file_metadata/pluginfacts with {:source_permissions=>“use”,

:links=>“manage”}

Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 400 on

SERVER:

Invalid parameter config_hash at

/etc/puppet/environments/production/modules/quickstack/manifests/db/mysql.

pp:113 on node mac7446a0f47784.cloud-admin.sv2.example.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

After googling, it seems like this should be a permissions issue,

but

anything I’ve tried to fix it hasn’t made a difference. I’m

wondering

if

it may be an autosign thing.

/etc/puppet/autosign.conf is empty

/etc/puppet/auth.conf has:
path /file
allow *

/etc/puppet/fileserver.conf is empty (has many lines, but they’re

all

commented out)

Anybody run into this before? What else would I look at to try to

debug

the autosigner? Are the autosign credentials time-limited? (I’ve
been
debugging on this host for a couple days, so maybe it expired?)

Any help is appreciated. I’m a puppet newb, but trying to learn

it

and
foreman at the same time.

-John

https://groups.google.com/d/topic/foreman-users/YQRlUgOp75E/unsubscribe.

To unsubscribe from this group and all its topics, send an email to
foreman-user...@googlegroups.com <javascript:>.
To post to this group, send email to forema...@googlegroups.com

<javascript:>.

Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

–
Marek

On Wednesday 24 of September 2014 16:48:10 Marek Hulan wrote:

This seems pretty strange. Could you also send STDOUT messages? I’d be
curious if you saw either

Not running provisioning configuration since …
or
Starting configuration…

If none of those two then it would indicate some installer files are
missing, so checking status of files using RPM could help.

–
Marek

On Monday 22 of September 2014 13:43:30 John Hazen wrote:

Hi Marek-

I tried upgrading puppet (and puppet-server) to 3.7, and it seemed to
work.

When I re-ran staypuft-installer, I ran into a strange problem.

I get:

Not running provisioning configuration since installation encountered
errors, exit code was 1

Something went wrong! Check the log for ERROR-level output

But there are no ERROR-level items in the log. It looks like this is from
the post-install hook failing.

I’ve posted the full log here:
http://pastebin.com/TjR1H1St

Any thoughts?

-John

On Friday, September 19, 2014 2:08:01 AM UTC-7, Marek Hulan wrote:

Hello,

if you just install new version of puppet that works with
foreman-installer (I
think 2.7-3.7 are known to work, I’d recommend 3.6) then just re-running
staypuft-installer is the right thing.

Hope this helps, let us know about the result.

On Thursday 18 of September 2014 09:39:31 John Hazen wrote:

Thanks, Marek.

I remembered that Ignacio had some kind of database problem, but was
focused on the first error in my own debugging.

I’m pretty sure that first error (400 on /file_metadata/pluginfacts)
is

due

to the puppet master (version 2.7.25) not understanding the plugin

stuff.

I was thinking that staypuft-installer installed the old version of

puppet,

but now I think that was probably installed by default on CentOS6.5.

I’d

like to upgrade the puppet. If I upgrade, then re-run

staypuft-installer,

should it do the right thing? Or, do I need to reinstall everything

from

scratch?

Separately, I will talk with Ignacio about the database bit.

On Wed, Sep 17, 2014 at 11:04 PM, Marek Hulan <mhu...@redhat.com > > > > > > <javascript:>> wrote:

Hello John,

I think you hit the same issue that Ignacio reported. See thread
with

name

“Puppet Fail on CentOS” [1]. I don’t think it’s related to autosign,

which

is
used only for initial agent registration. Once the host is built,

autosign

record is deleted.

Unfortunately we don’t know the cause of issue yet.

[1]
https://groups.google.com/forum/#!topic/foreman-users/5iNAr821DXs

Still having this issue, but have some more info:

In the proxy.log, I see:

10.164.249.10 - - [16/Sep/2014 12:41:47] “DELETE
/mac7446a0f47784.cloud-admin.sv2.247-inc.net HTTP/1.1” 200 -
1.2164
10.164.249.10 - - [16/Sep/2014 12:41:47] "POST
/autosign/mac7446a0f47784.cloud-admin.sv2.247-inc.net HTTP/1.1"
200

0.0010
10.164.249.10 - - [16/Sep/2014 12:53:23] “GET /serverName
HTTP/1.1”

200

30

0.0020
10.164.249.10 - - [16/Sep/2014 12:53:23] “GET
/10.164.249.0/74:46:a0:f4:77:84 HTTP/1.1” 200 196 0.0502
10.164.249.10 - - [16/Sep/2014 12:53:24] "GET /

10.164.249.0/10.164.249.43

HTTP/1.1" 200 196 0.0379
10.164.249.10 - - [16/Sep/2014 12:53:24] "POST

/syslinux/74:46:a0:f4:77:84

HTTP/1.1" 200 - 0.0023
10.164.249.10 - - [16/Sep/2014 12:53:24] "DELETE
/autosign/mac7446a0f47784.cloud-admin.sv2.247-inc.net HTTP/1.1"
200

0.0010

And, I looked at /etc/puppet/autosign.conf, and the entry is there

between

the POST and the DELETE. I’m not sure what is issuing the DELETE,

but

it
looks as if it’s in response to the "Informing Foreman that we are
built"
wget from the kickstart default template.

After adding a ‘-v’ to the puppet agent run in the kickstart POST

section,

it looks like the autosign stuff is working, and the first error
is:

Info: Retrieving pluginfacts

Error: /File[/var/lib/puppet/facts.d]: Failed to generate

additional

resources using ‘eval_generate’: Error 400 on SERVER: Not

authorized

to
call search on /file_metadata/pluginfacts with
{:ignore=>[".svn",

“CVS”,

“.git”], :recurse=>true, :links=>“manage”,
:checksum_type=>“md5”}

So, I guess I’m back to looking for permissions issues with

puppet…

On Tuesday, September 16, 2014 11:47:11 AM UTC-7, John Hazen wrote:

I’m doing a simple deployment, and the controller fails:

Actions::Staypuft::Host::WaitUntilHostReady

with:

Staypuft::Exception: ERF42-8963 [Staypuft::Exception]: Latest

Puppet

Run

Contains Failures for Host: 106

When I do a “puppet agent --test”, I get:

puppet agent --test

Notice: Using less secure serialization of reports and query
parameters
for compatibility
Notice: with older puppet master. To remove this notice, please
upgrade
your master(s)
Notice: to Puppet 3.3 or newer.
Notice: See
http://links.puppetlabs.com/deprecate_yaml_on_network

for

more information.
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate

additional

resources using ‘eval_generate’: Error 400 on SERVER: Not

authorized

to
call search on /file_metadata/pluginfacts with
{:ignore=>[".svn",

“CVS”,

“.git”], :recurse=>true, :links=>“manage”,
:checksum_type=>“md5”}
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could

not

retrieve file metadata for puppet://

fuel02.cloud-admin.sv2.example.com/pluginfacts: Error 400 on

SERVER:

Not

authorized to call find on /file_metadata/pluginfacts with
{:source_permissions=>“use”, :links=>“manage”}
Wrapped exception:
Error 400 on SERVER: Not authorized to call find on
/file_metadata/pluginfacts with {:source_permissions=>“use”,

:links=>“manage”}

Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 400
on

SERVER:

Invalid parameter config_hash at

/etc/puppet/environments/production/modules/quickstack/manifests/db/mysq
l.

pp:113 on node mac7446a0f47784.cloud-admin.sv2.example.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

After googling, it seems like this should be a permissions
issue,

but

anything I’ve tried to fix it hasn’t made a difference. I’m

wondering

if

it may be an autosign thing.

/etc/puppet/autosign.conf is empty

/etc/puppet/auth.conf has:
path /file
allow *

/etc/puppet/fileserver.conf is empty (has many lines, but
they’re

all

commented out)

Anybody run into this before? What else would I look at to try
to

debug

the autosigner? Are the autosign credentials time-limited?
(I’ve
been
debugging on this host for a couple days, so maybe it expired?)

Any help is appreciated. I’m a puppet newb, but trying to learn

it

and
foreman at the same time.

-John

https://groups.google.com/d/topic/foreman-users/YQRlUgOp75E/unsubscribe.

To unsubscribe from this group and all its topics, send an email to
foreman-user...@googlegroups.com <javascript:>.
To post to this group, send email to forema...@googlegroups.com

<javascript:>.

Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

–
Marek