Unable to import subnets

Support
1

Hi,
I have added new smart proxy to my foreman instance and seams like it was
successfully added to Foreman as a smart proxy though https (refresh
features works!).
The problem is that i can't import subnets, getting the following error:
Warning!

> ERF12-2600 [ProxyAPI::ProxyException]: Unable to retrieve DHCP subnets
> ([RestClient::BadRequest]: 400 Bad Request) for proxy
> https://foreman2-…:8443/dhcp
> <https://foreman2-tlv.lab.primarydata.com:8443/dhcp>
>

> After debugging and stuff i just feel lost, please help !
>

BTW,
systemctl status puppet.service on the agent prints the following errors:
(/File[/var/lib/puppet/facts.d]) Failed to generate additional resources
using 'eval_generate': Error 400 on SERVER: Not…ype=>"md5"}
puppet-agent[20059]: (/File[/var/lib/puppet/facts.d]) Could not evaluate:
Could not retrieve file metadata for puppet://forema1…ons=>"use"}
puppet-agent[20059]: (/File[/var/lib/puppet/facts.d]) Wrapped exception:
puppet-agent[20059]: (/File[/var/lib/puppet/facts.d]) Error 400 on SERVER:
Not authorized to call find on /file_metadata/pluginfacts with
{:l…ons=>"use"}
puppet-agent[20059]: (/File[/var/lib/puppet/lib]) Could not evaluate: Could
not retrieve information from environment production source(s)
pu…com/plugins
puppet-agent[20059]: Local environment: "production" doesn't match server
specified environment "none", restarting agent run with environment "none"
puppet-agent[20059]: Finished catalog run in 0.13 seconds

··· >
2

my puppet master version is 2.7.26 rhel 6.5
but my puppet (on the remote smart proxy) is 3.6.2 rhel 7

is it possible that this is the cause to the problem?

··· On Tuesday, March 10, 2015 at 11:09:56 PM UTC+2, Avi Tal wrote: > > Hi, > I have added new smart proxy to my foreman instance and seams like it was > successfully added to Foreman as a smart proxy though https (refresh > features works!). > The problem is that i can't import subnets, getting the following error: > Warning! > >> ERF12-2600 [ProxyAPI::ProxyException]: Unable to retrieve DHCP subnets >> ([RestClient::BadRequest]: 400 Bad Request) for proxy >> https://foreman2-...:8443/dhcp >> >> > > >> After debugging and stuff i just feel lost, please help ! >> > > BTW, > *systemctl status puppet.service* on the agent prints the following > errors: > (/File[/var/lib/puppet/facts.d]) Failed to generate additional resources > using 'eval_generate': Error 400 on SERVER: Not...ype=>"md5"} > puppet-agent[20059]: (/File[/var/lib/puppet/facts.d]) Could not evaluate: > Could not retrieve file metadata for puppet://forema1...ons=>"use"} > puppet-agent[20059]: (/File[/var/lib/puppet/facts.d]) Wrapped exception: > puppet-agent[20059]: (/File[/var/lib/puppet/facts.d]) Error 400 on SERVER: > Not authorized to call find on /file_metadata/pluginfacts with > {:l...ons=>"use"} > puppet-agent[20059]: (/File[/var/lib/puppet/lib]) Could not evaluate: > Could not retrieve information from environment production source(s) > pu...com/plugins > puppet-agent[20059]: Local environment: "production" doesn't match server > specified environment "none", restarting agent run with environment "none" > puppet-agent[20059]: Finished catalog run in 0.13 seconds > > >>
3

It's not a puppet issue - Foreman talks to the foreman-proxy over it's
own REST api. Can you check the logs on the smart proxy for the error?
Most likely it's just not able to find or read the dhcpd.conf file.

Greg

4

Following the smart-proxy settings for dhcp i see no issue with .conf or
.lease paths.
What about the puppet service errors displayed by systemctl?
Is it normal or at least doesn't support to influence the import subnets?

··· On Wednesday, March 11, 2015 at 1:14:09 PM UTC+2, Greg Sutcliffe wrote: > > It's not a puppet issue - Foreman talks to the foreman-proxy over it's > own REST api. Can you check the logs on the smart proxy for the error? > Most likely it's just not able to find or read the dhcpd.conf file. > > Greg >
5

It's nothing to do with the import issue you're seeing. Looks like the
puppet agent is trying to run in an environment that doesn't exist.

As for DHCP - please tail and provide the proxy logs (at debug level)
when trying to import, and we can help to spot any issues.

Greg

··· On 11 March 2015 at 18:03, Avi Tal wrote: > Following the smart-proxy settings for dhcp i see no issue with .conf or > .lease paths. > What about the puppet service errors displayed by systemctl? > Is it normal or at least doesn't support to influence the import subnets?
6

Setting the foreman-proxy debug level to DEBUG and restart foreman-proxy
service.
activating tail on /var/log/foreman-proxy/proxy.log (while importing
subnets)

tail -f /var/log/foreman-proxy/proxy.log

I, [2015-03-12T09:20:30.829887 #11834] INFO – : 'puppet' settings were
initialized with default values: :puppet_provider: puppetrun, :puppetdir:
/etc/puppet
I, [2015-03-12T09:20:31.121881 #11834] INFO – : 'realm' module is
disabled.
W, [2015-03-12T09:23:00.413497 #11928] WARN – : Couldn't find settings
file /etc/foreman-proxy/settings.d/foreman_proxy.yml. Using default
settings.
I, [2015-03-12T09:23:00.413626 #11928] INFO – : 'foreman_proxy' settings
were initialized with default values: :enabled: true
I, [2015-03-12T09:23:00.415412 #11928] INFO – : 'facts' module is
disabled.
I, [2015-03-12T09:23:00.417377 #11928] INFO – : 'templates' module is
disabled.
I, [2015-03-12T09:23:00.419356 #11928] INFO – : 'dhcp' settings were
initialized with default values: :dhcp_provider: isc
I, [2015-03-12T09:23:00.421147 #11928] INFO – : 'puppetca' module is
disabled.
I, [2015-03-12T09:23:00.421624 #11928] INFO – : 'puppet' settings were
initialized with default values: :puppet_provider: puppetrun, :puppetdir:
/etc/puppet
I, [2015-03-12T09:23:00.736385 #11928] INFO – : 'realm' module is
disabled.
E, [2015-03-12T09:24:39.182286 #11938] ERROR – : Unable to find the DHCP
configuration or lease files
172.29.100.100 - - [12/Mar/2015 09:24:39] "GET /dhcp HTTP/1.1" 400 52 0.0071

BTW, here is a full trace for the exception
ProxyAPI::ProxyException
ERF12-2600 [ProxyAPI::ProxyException]: Unable to retrieve DHCP subnets
([RestClient::BadRequest]: 400 Bad Request) for proxy
https://foreman…com:8443/dhcp
lib/proxy_api/dhcp.rb:14:in rescue in subnets&#39; lib/proxy_api/dhcp.rb:12:insubnets'
app/models/subnet.rb:181:in import&#39; app/controllers/subnets_controller.rb:62:inimport'
app/models/concerns/foreman/thread_session.rb:33:in clear_thread&#39; lib/middleware/catch_json_parse_errors.rb:9:incall'

··· On Thursday, March 12, 2015 at 2:19:35 AM UTC+2, Greg Sutcliffe wrote: > > On 11 March 2015 at 18:03, Avi Tal <avi...@gmail.com > > wrote: > > Following the smart-proxy settings for dhcp i see no issue with .conf or > > .lease paths. > > What about the puppet service errors displayed by systemctl? > > Is it normal or at least doesn't support to influence the import > subnets? > > It's nothing to do with the import issue you're seeing. Looks like the > puppet agent is trying to run in an environment that doesn't exist. > > As for DHCP - please tail and provide the proxy logs (at debug level) > when trying to import, and we can help to spot any issues. > > Greg >
7

Use su or sudfo to switch to foreman-proxy user on your smartproxy and try to cat dhcpd.conf and lease file. I wager a … that you'll get a permission denied.

Regards

Joop

··· On March 12, 2015 8:26:51 AM GMT+01:00, Avi Tal wrote: > >E, [2015-03-12T09:24:39.182286 #11938] ERROR -- : Unable to find the >DHCP >configuration or lease files >172.29.100.100 - - [12/Mar/2015 09:24:39] "GET /dhcp HTTP/1.1" 400 52 >0.0071 -- Sent from my Android tablet with K-9 Mail. Please excuse my brevity.
8

You are actually right!

vi /etc/passwd replace /bin/false with /bin/bash

su - foreman-proxy

Last login: Thu Mar 12 13:23:35 EET 2015 on pts/0
mkdir: cannot create directory '/usr/share/foreman-proxy/.cache':
Permission denied
ABRT has detected 2 problem(s). For more info run: abrt-cli list

$ cat /etc/dhcp/dhcpd.conf
cat: /etc/dhcp/dhcpd.conf: Permission denied

Running the same operation but on the puppet master i had a permissions to
read dhcpd.conf.

But when trying to compare 'ls -l' between the servers i see no difference
with the permissions or ownership.

The puppet master (foreman server) is centos 6.5 with foreman 1.7 and
puppet 2.7.27
$ cat /etc/sudoers.d/foreman-proxy
foreman-proxy ALL = NOPASSWD : /usr/sbin/puppetca *, /usr/sbin/puppetrun *
Defaults:foreman-proxy !requiretty

The remote smartproxy is centos7 with foreman-proxy-1.7.2-1.el7.noarch and
puppet 3.6.2

cat /etc/sudoers.d/foreman-proxy

foreman-proxy ALL = NOPASSWD : /usr/bin/puppet cert *, /usr/bin/puppet kick

··· * Defaults:foreman-proxy !requiretty

What seams to be the problem ?
Should i start chown each conf file to be owned by foreman-proxy group?

On Thu, Mar 12, 2015 at 10:11 AM Joop jvandewege@nieuwland.nl wrote:

On March 12, 2015 8:26:51 AM GMT+01:00, Avi Tal avi3tal@gmail.com wrote:

E, [2015-03-12T09:24:39.182286 #11938] ERROR – : Unable to find the
DHCP
configuration or lease files
172.29.100.100 - - [12/Mar/2015 09:24:39] “GET /dhcp HTTP/1.1” 400 52
0.0071
Use su or sudfo to switch to foreman-proxy user on your smartproxy and try
to cat dhcpd.conf and lease file. I wager a … that you’ll get a
permission denied.

Regards

Joop


Sent from my Android tablet with K-9 Mail. Please excuse my brevity.


You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit https://groups.google.com/d/
topic/foreman-users/q2NeIBFDH1k/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

9

I have fixed the permissions issues by adding foreman-proxy to the right
groups and set 755 on the dhcp dir.
so currently "runuser -l foreman-proxy -c 'cat /etc/dhcp/dhcpd.conf'" does
work!

but, still i get the same errors while "import subnets"
E, [2015-03-12T17:27:37.239619 #25541] ERROR – : Unable to find the DHCP
configuration or lease files
172.29.100.100 - - [12/Mar/2015 17:27:37] "GET /dhcp HTTP/1.1" 400 52 0.0007

Anything else that i must be missing?

··· On Thu, Mar 12, 2015 at 1:42 PM Avi Tal wrote:

You are actually right!

vi /etc/passwd replace /bin/false with /bin/bash

su - foreman-proxy

Last login: Thu Mar 12 13:23:35 EET 2015 on pts/0
mkdir: cannot create directory ‘/usr/share/foreman-proxy/.cache’:
Permission denied
ABRT has detected 2 problem(s). For more info run: abrt-cli list

$ cat /etc/dhcp/dhcpd.conf
cat: /etc/dhcp/dhcpd.conf: Permission denied

Running the same operation but on the puppet master i had a permissions to
read dhcpd.conf.

But when trying to compare ‘ls -l’ between the servers i see no difference
with the permissions or ownership.

The puppet master (foreman server) is centos 6.5 with foreman 1.7 and
puppet 2.7.27
$ cat /etc/sudoers.d/foreman-proxy
foreman-proxy ALL = NOPASSWD : /usr/sbin/puppetca *, /usr/sbin/puppetrun *
Defaults:foreman-proxy !requiretty

The remote smartproxy is centos7 with foreman-proxy-1.7.2-1.el7.noarch and
puppet 3.6.2

cat /etc/sudoers.d/foreman-proxy

foreman-proxy ALL = NOPASSWD : /usr/bin/puppet cert *, /usr/bin/puppet
kick *
Defaults:foreman-proxy !requiretty

What seams to be the problem ?
Should i start chown each conf file to be owned by foreman-proxy group?

On Thu, Mar 12, 2015 at 10:11 AM Joop jvandewege@nieuwland.nl wrote:

On March 12, 2015 8:26:51 AM GMT+01:00, Avi Tal avi3tal@gmail.com >> wrote:

E, [2015-03-12T09:24:39.182286 #11938] ERROR – : Unable to find the
DHCP
configuration or lease files
172.29.100.100 - - [12/Mar/2015 09:24:39] “GET /dhcp HTTP/1.1” 400 52
0.0071
Use su or sudfo to switch to foreman-proxy user on your smartproxy and
try to cat dhcpd.conf and lease file. I wager a … that you’ll get a
permission denied.

Regards

Joop


Sent from my Android tablet with K-9 Mail. Please excuse my brevity.


You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit https://groups.google.com/d/to
pic/foreman-users/q2NeIBFDH1k/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

10

Finally I have found the problem
It was in my conf file :frowning: only a break and a cup of tea helped to exit the
crazy loop :wink:

Sorry for the miss understanding and thanks for the responsiveness.

··· On Thu, Mar 12, 2015 at 5:28 PM Avi Tal wrote:

I have fixed the permissions issues by adding foreman-proxy to the right
groups and set 755 on the dhcp dir.
so currently “runuser -l foreman-proxy -c ‘cat /etc/dhcp/dhcpd.conf’” does
work!

but, still i get the same errors while "import subnets"
E, [2015-03-12T17:27:37.239619 #25541] ERROR – : Unable to find the DHCP
configuration or lease files
172.29.100.100 - - [12/Mar/2015 17:27:37] “GET /dhcp HTTP/1.1” 400 52
0.0007

Anything else that i must be missing?

On Thu, Mar 12, 2015 at 1:42 PM Avi Tal avi3tal@gmail.com wrote:

You are actually right!

vi /etc/passwd replace /bin/false with /bin/bash

su - foreman-proxy

Last login: Thu Mar 12 13:23:35 EET 2015 on pts/0
mkdir: cannot create directory ‘/usr/share/foreman-proxy/.cache’:
Permission denied
ABRT has detected 2 problem(s). For more info run: abrt-cli list

$ cat /etc/dhcp/dhcpd.conf
cat: /etc/dhcp/dhcpd.conf: Permission denied

Running the same operation but on the puppet master i had a permissions
to read dhcpd.conf.

But when trying to compare ‘ls -l’ between the servers i see no
difference with the permissions or ownership.

The puppet master (foreman server) is centos 6.5 with foreman 1.7 and
puppet 2.7.27
$ cat /etc/sudoers.d/foreman-proxy
foreman-proxy ALL = NOPASSWD : /usr/sbin/puppetca *, /usr/sbin/puppetrun *
Defaults:foreman-proxy !requiretty

The remote smartproxy is centos7 with foreman-proxy-1.7.2-1.el7.noarch
and puppet 3.6.2

cat /etc/sudoers.d/foreman-proxy

foreman-proxy ALL = NOPASSWD : /usr/bin/puppet cert *, /usr/bin/puppet
kick *
Defaults:foreman-proxy !requiretty

What seams to be the problem ?
Should i start chown each conf file to be owned by foreman-proxy group?

On Thu, Mar 12, 2015 at 10:11 AM Joop jvandewege@nieuwland.nl wrote:

On March 12, 2015 8:26:51 AM GMT+01:00, Avi Tal avi3tal@gmail.com >>> wrote:

E, [2015-03-12T09:24:39.182286 #11938] ERROR – : Unable to find the
DHCP
configuration or lease files
172.29.100.100 - - [12/Mar/2015 09:24:39] “GET /dhcp HTTP/1.1” 400 52
0.0071
Use su or sudfo to switch to foreman-proxy user on your smartproxy and
try to cat dhcpd.conf and lease file. I wager a … that you’ll get a
permission denied.

Regards

Joop


Sent from my Android tablet with K-9 Mail. Please excuse my brevity.


You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit https://groups.google.com/d/to
pic/foreman-users/q2NeIBFDH1k/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.