Bug #20321
closed
Cannot use foreman-rake import:puppet_classes on Foreman 1.15.1/Katello 3.4.2
Description
Foreman 1.15.1 installed on RHEL 7.3 Server. Complete list of Foreman packages (from About page): https://gist.github.com/mac-reid/9a6aa5e2c514f7031c18c8b97108cf91
The smart proxy is installed on the same system with the following features: Pulp, TFTP, Puppet, Puppet CA, Logs, Dynflow, Openscap, and SSH
Plugins are:
foreman-tasks 0.9.2 foreman_docker 3.1.0 foreman_openscap 1.3.1 katello 3.4.2
I am trying to get the foreman-rake import:puppet_classes action working at the command line. Importing puppet classes works from the web interface and also in the web interface, there is a smart proxy with Puppet enabled.
With debug logging enabled in ~foreman/settings.yaml, this is the error output I get:
[root@foreman ~]# foreman-rake puppet:import:puppet_classes --trace ** Invoke puppet:import:puppet_classes (first_time) ** Invoke environment (first_time) ** Execute environment ** Execute puppet:import:puppet_classes ERROR: We did not find at least one configured Smart Proxy with the Puppet feature [root@foreman ~]# foreman-tail ==> /var/log/messages <== Jul 17 09:38:55 foreman su: (to foreman) root on pts/0 ==> /var/log/foreman/production.log <== 2017-07-17 09:39:05 [foreman-tasks/dynflow] [I] start terminating throttle_limiter... 2017-07-17 09:39:05 [foreman-tasks/dynflow] [I] start terminating client dispatcher... 2017-07-17 09:39:05 [foreman-tasks/dynflow] [I] stop listening for new events... 2017-07-17 09:39:05 [foreman-tasks/dynflow] [I] start terminating clock...
After setting the sql logger to debug, this the output to /var/log/foreman/production.log:
https://gist.githubusercontent.com/mac-reid/599bb1ff496e7366b63a19361666dbee
Updated by Anonymous almost 7 years ago
- Project changed from Smart Proxy to Foreman
Updated by Mac Reid almost 7 years ago
The list of installed Foreman packages is actually available here: https://gist.github.com/mac-reid/e4f9ac92a86e9006afa1fdc4ff9b077d
Updated by Marek Hulán almost 7 years ago
Double check the proxy is assigned to the right organization and has puppet feature. If you don't see the feature, try refreshing the proxy.
Updated by Mac Reid almost 7 years ago
The smart proxy is assigned to the only org, has the Puppet feature, and shows as active in the web interface.
Updated by Marek Hulán almost 7 years ago
- Category set to Organizations and Locations
- Assignee set to Marek Hulán
- translation missing: en.field_release set to 276
From the production.log with SQL queries (thanks for providing it), this query likely causes it
SELECT COUNT(*) FROM "smart_proxies" INNER JOIN "features_smart_proxies" ON "features_smart_proxies"."smart_proxy_id" = "smart_proxies"."id" INNER JOIN "features" ON "features"."id" = "features_smart_proxies"."feature_id" WHERE (1=0) AND "features"."name" = 'Puppet'
The 1=0 is usually being added when the user does not have enough permissions or the taxonomies do not match. I believe it's caused by #16982 which was introduced in 1.15. The rake task needs to run under the internal anonymous admin so it can load resources from specific organizations. The fix should be trivial, would you be interested in testing it?
I'm marking as 1.15.3 blocker.
Updated by Marek Hulán almost 7 years ago
- Related to Bug #16982: CVE-2016-7078 - User with no organizations or locations can see all resources added
Updated by Arne Anka almost 7 years ago
- Category deleted (
Organizations and Locations) - Assignee deleted (
Marek Hulán) - translation missing: en.field_release deleted (
276)
Mac Reid wrote:
The smart proxy is assigned to the only org, has the Puppet feature, and shows as active in the web interface.
I can confirm this bug in Foreman 1.15.2/Katello 3.4.3 running on a freshly installed centos 7.3 + updated packages. In my production setup I run Foreman 1.14.3/Katello 3.3.2 on centos 7.3 + updated packages and it's working there without any problems.
I compared the sql debugging between my setups and suspect this sql statement is problematic. Running this in the database doesn't return anything.SELECT COUNT(*) FROM "smart_proxies" INNER JOIN "features_smart_proxies" ON "features_smart_proxies"."smart_proxy_id" = "smart_proxies"."id" INNER JOIN "features" ON "features"."id" = "features_smart_proxies"."feature_id" WHERE (1=0) AND "features"."name" = 'Puppet'
This is from my working production system.SELECT COUNT(*) FROM "smart_proxies" INNER JOIN "features_smart_proxies" ON "features_smart_proxies"."smart_proxy_id" = "smart_proxies"."id" INNER JOIN "features" ON "features"."id" = "features_smart_proxies"."feature_id" WHERE "features"."name" = 'Puppet'
The problem should be related to this part....WHERE (1=0) AND...
Hope this helps!
Updated by Arne Anka almost 7 years ago
Arne Anka wrote:
Mac Reid wrote:
The smart proxy is assigned to the only org, has the Puppet feature, and shows as active in the web interface.
I can confirm this bug in Foreman 1.15.2/Katello 3.4.3 running on a freshly installed centos 7.3 + updated packages. In my production setup I run Foreman 1.14.3/Katello 3.3.2 on centos 7.3 + updated packages and it's working there without any problems.
I compared the sql debugging between my setups and suspect this sql statement is problematic. Running this in the database doesn't return anything.
SELECT COUNT(*) FROM "smart_proxies" INNER JOIN "features_smart_proxies" ON "features_smart_proxies"."smart_proxy_id" = "smart_proxies"."id" INNER JOIN "features" ON "features"."id" = "features_smart_proxies"."feature_id" WHERE (1=0) AND "features"."name" = 'Puppet'This is from my working production system.
SELECT COUNT(*) FROM "smart_proxies" INNER JOIN "features_smart_proxies" ON "features_smart_proxies"."smart_proxy_id" = "smart_proxies"."id" INNER JOIN "features" ON "features"."id" = "features_smart_proxies"."feature_id" WHERE "features"."name" = 'Puppet'The problem should be related to this part.
...WHERE (1=0) AND...Hope this helps!
Ohh to late...
Updated by Mac Reid almost 7 years ago
- Category set to Organizations and Locations
- Assignee set to Marek Hulán
- translation missing: en.field_release set to 276
Sure, I can test the fix.
Updated by Marek Hulán almost 7 years ago
I've sent a PR at https://github.com/theforeman/foreman/pull/4681 please try to apply that (you can just download the new version of puppet.rake. Please let us know whether it fixes the issue for you.
Updated by Mac Reid almost 7 years ago
Running `foreman-rake puppet:import:puppet_classes` works as expected.
Not sure if this is expected, but running `foreman-rake import:puppet_classes` fails.
mv /usr/share/foreman/lib/tasks/puppet.rake ~ curl https://raw.githubusercontent.com/ares/foreman/3287b167d508715519a772b92a11e8904f504548/lib/tasks/puppet.rake -o /usr/share/foreman/lib/tasks/puppet.rake touch ~foreman/tmp/restart.txt; sleep 20 foreman-rake import:puppet_classes --trace rake aborted! Don't know how to build task 'import:puppet_classes' /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/task_manager.rb:62:in `[]' /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:149:in `invoke_task' /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:106:in `block (2 levels) in top_level' /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:106:in `each' /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:106:in `block in top_level' /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:115:in `run_with_threads' /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:100:in `top_level' /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:78:in `block in run' /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:176:in `standard_exception_handling' /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:75:in `run' /opt/rh/rh-ruby22/root/usr/bin/rake:33:in `<main>'
Updated by The Foreman Bot almost 7 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/4681 added
Updated by Anonymous over 6 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 466a6982a9b3479002ea5aecc1613def98dae777.