Wrong environments detected on import

Hi,

One or two weeks ago i updated my installation from 1.6 to 1.10 and
yesterday to 1.10.1 (CentOS 6). It's a single server with only two
environments and few classes which only change very rarely. Therefore i
didn't have to import new or changed classes very often. After i have
installed OpenSCAP yesterday i recognized that, if i try to import the new
puppet class, it wants to delete all environments (except production) and
all classes from the production environment.

I have checked my configuration many time and it looks correct to me.
If i lookup my environments using curl
https://<host>:8443/puppet/environments i only get back the production
environment. And curl https://<host>:8443/puppet/environments/production
shows {"paths":["/etc/puppet/modules"],"name":"production"}, which seems to
be wrong. Both environments are located within /etc/puppet/environments.

environmentpath in puppet.conf is correctly set: environmentpath = /etc
/puppet/environments
(Another problem i recognized is that i have two identical [main] sections
after running foreman-installer, even if i completely emptied the file
before)

"server_directory_environments" is set to true too. (I attached the whole
answers file, only replaced all hostnames and secrets).

Spent some hours yesterday and today, but don't get what's wrong with my
config/answer file.

Thanks a lot,
Urs

foreman-installer-answers.yaml (9.87 KB)

puppet.conf (2.42 KB)

Could you also provide the contents of
/etc/foreman-proxy/settings.d/puppet.yml, and say which version of
Puppet's installed on the master?

The log from the proxy (/var/log/foreman-proxy/proxy.log) during import
with debug log level set would probably be useful too:
http://theforeman.org/manuals/1.10/index.html#Smartproxydebugging

Hi Dominic,

Attached the two files. It cannot find the environments and falls back to
its defaults.

Puppet version: puppet-3.8.5-1.el6.noarch

Also checked the permissions again:

Directory (/etc/puppet and all directories(755)/files(644) below):

drwxr-xr-x. 6 puppet puppet 4096 Jan 21 16:31 environments

Proxy is member of the puppet group:

puppet:x:52:foreman,foreman-proxy

/etc/puppet/environments/production/manifests/ (or development) does not
contain any files (correct?)

No SELinux AVC messages, but disabled SELinux for testing just in case
there are some hidden denials. Also tried to do a restorecon -R on foremans
and puppets directories within /etc yesterday.

Regards,

Urs

proxy-debug.log (3.2 KB)

puppet.yml (2.14 KB)

The proxy log suggests that the smart proxy is trying to read the
environments as "config" environments - that is, the old method of
having a [production] section etc. in the puppet.conf. Because you
don't have these in puppet.conf, it's using the /etc/puppet/modules
default, which is wrong.

If you're running Puppet 3.8.5 then it should be preferring to list
environments by the Puppet API rather than the config file, so it might
be there's a mix of versions installed or the smart proxy isn't 1.10.
Double check those.

You can override this detected behaviour by setting
":puppet_use_environment_api: true" in puppet.yml, but it does suggest
one of the issues above may be present.

Hi Dominic,

Versions are all up to date:

> foreman-1.10.1-1.el6.noarch
> foreman-debug-1.10.1-1.el6.noarch
> foreman-installer-1.10.1-1.el6.noarch
> foreman-mysql2-1.10.1-1.el6.noarch
> foreman-proxy-1.10.1-1.el6.noarch
> foreman-release-1.10.1-1.el6.noarch
> foreman-release-scl-1-1.el6.x86_64
> foreman-selinux-1.10.1-1.el6.noarch
> rubygem-foreman_api-0.1.11-3.el6.noarch
> tfm-rubygem-foreman_openscap-0.4.3-2.fm1_10.el6.noarch

But the suggested option was set to "empty" in my answers file, so it may
gets evaluated as false. Now set it to true an re-run the installer, and
now it works fine again.

Thanks a lot,
Urs