Foreman » Smart Proxy

Just wanted to say that I just came upon this. I switched Puppet to use directory environments and Foreman proxy started throwing these:

Unable to get classes from Puppet for production ([RestClient::NotAcceptable]: 406 Not Acceptable

E, [2014-05-21T11:07:20.501618 #8861] ERROR -- : Failed to show puppet classes: no 'environments' in {:current_environment=>#<Puppet::Node::Environment:0x7f2195e40eb8 @manifest="/", @name=:"*root*", @modulepath=[], @watching=true, @config_version=nil>, :root_environment=>#<Puppet::Node::Environment:0x7f2195e40eb8 @manifest="/", @name=:"*root*", @modulepath=[], @watching=true, @config_version=nil>} at top of []

As a workaround, I re-entered the environment sections ([production], [testing], etc) in puppet.conf. Puppet ignores them due to environmentpath being set and Foreman is able to import again.

I'm seeing the exact same issue!

Please let me know if you need anything.

For anybody wanting to test this on 1.5, here's a rebased patch - please back up your proxy config before using, it's new! This queries Puppet's v2.0 API on localhost to fetch the list of environments, and defaults to the usual hostname and certificate locations, so hopefully it'll work out of the box for most people - unusual setups may need to change settings.yml, see the example.

https://github.com/domcleal/smart-proxy/compare/theforeman:1.5-stable...4699-environmentpath-15.patch

Dominic Cleal wrote:

For anybody wanting to test this on 1.5, here's a rebased patch - please back up your proxy config before using, it's new! This queries Puppet's v2.0 API on localhost to fetch the list of environments, and defaults to the usual hostname and certificate locations, so hopefully it'll work out of the box for most people - unusual setups may need to change settings.yml, see the example.

https://github.com/domcleal/smart-proxy/compare/theforeman:1.5-stable...4699-environmentpath-15.patch

I applied this patch to our test puppet server, with foreman-proxy-1.5.1 & puppet-server-3.6.2 installed and environmentpath set to $confdir/environments, it appears to work perfectly. Tested by running "ruby193-rake RAILS_ENV=production puppet:import:puppet_classes" on the Foreman server. Thanks!

Works here. No changes in settings.yml were necessary

I used this patch on a RHEL6.5, x86_64, puppet-3.6.1, foreman-proxy-1.5.1, foreman-1.5.1, all Packages installed via rpm.

Besides complaining that the tests could not be patched - of course, as they are not in the rpm - the patch could be applied on the files in /usr/share/foreman-proxy and worked! Thank you!

Thanks for fixing this.
I'm not familiar with the Foreman release cycle, so apologies in advance if the following question has an obvious answer:
When can we expect to find this patch in an RPM release?

Thanks!

Dominic Cleal wrote:

For anybody wanting to test this on 1.5, here's a rebased patch - please back up your proxy config before using, it's new! This queries Puppet's v2.0 API on localhost to fetch the list of environments, and defaults to the usual hostname and certificate locations, so hopefully it'll work out of the box for most people - unusual setups may need to change settings.yml, see the example.

https://github.com/domcleal/smart-proxy/compare/theforeman:1.5-stable...4699-environmentpath-15.patch

The patch worked fine for me: Ubuntu 12.04.04 LTS, x86_64, Puppet 3.6.2, Foreman 1.5.1 (upgraded from 1.5.0)

cd /usr/share/foreman-proxy
curl https://github.com/domcleal/smart-proxy/compare/theforeman:1.5-stable...4699-environmentpath-15.patch | patch -p1

It gives an error about patching files in tests/ but it can be ignored...
I can import Puppet modules and environments now.

1. Enable Directory Environemnts
   environmentpath = $confdir/environments
   basemodulepath = $confdir/modules:/usr/share/puppet/modules

-------- /etc/puppet.conf --------

Thank you very much!

Well - not that fast...

After patch Foreman understands the directory environments, but now I having troubles importing Puppet modules into it.
It's working somehow strange - sometimes it allows to import newly installed classes and sometimes not

roo@host: puppet module install puppetlabs-inifile
<succesfully installed..>

roo@host: puppet module list

/etc/puppet/modules
├── puppetlabs-inifile (v1.1.0)
└── puppetlabs-motd (v1.1.0)

Go to Confugure>> Puppet classes>> [Import from <hostanme> button]

Green pop-up message [No changes to your environments detected]

However I've managed to import the motd module a few minutes ago exactly the same way!

Elisiano Petrini wrote:

Thanks for fixing this.
I'm not familiar with the Foreman release cycle, so apologies in advance if the following question has an obvious answer:
When can we expect to find this patch in an RPM release?

I'm hoping to include it in Foreman 1.5.2 within a few weeks. Once somebody's reviewed it, then it'll also be available in our nightly RPMs.

Evgeny Vasilchenko wrote:

Well - not that fast...

After patch Foreman understands the directory environments, but now I having troubles importing Puppet modules into it.
It's working somehow strange - sometimes it allows to import newly installed classes and sometimes not

roo@host: puppet module install puppetlabs-inifile
<succesfully installed..>

The inifile module doesn't contain any classes (no manifests/ directory), so there's nothing for Foreman to import - it's transparent to Foreman, so you can immediately start using it.

Hi - I have applied the patch and now I am getting this error:-

E, [2014-07-11T10:50:32.833458 #7140] ERROR -- : Failed to list puppet environments: hostname was not match with the server certificate

Although I suspect it is due to the fact that I am using an HA pair of PuppetMasters I have a Virtual Name/IP cert in the Puppet certs I am getting this trying to import via the smart proxy:-

The Puppet SSL cert shows:-
 /usr/bin/openssl x509 -in /etc/puppet/ssl/certs/puppet3.<domain>.pem -text -noout | egrep "Subject:|DNS" 
        Subject: CN=puppet3.<domain>
                DNS:puppet3.<domain>, DNS:vrdevpup003, DNS:vrdevpup003<domain>, DNS:vrdevpup004, DNS:vrdevpup004<domain>

I have tried but the virtual name, and the actual name of the host in these settings.yml entries:
:puppet_url:
:puppet_ssl_ca:
:puppet_ssl_cert:
:puppet_ssl_key:

Setting puppet_url should do the trick, but it has to be a full URL, not a hostname: :puppet_url: https://puppet3.domain:8140

It did thanks thought I had tried that and many other options besides. And then rather embarrasingly I left a typo in the :puppet_url field... Sigh.

On the plus side the patch works fine for the directory environments.

Sorry.

No worries, I'm very glad somebody with a non-standard SSL setup has tried it too, thanks for the feedback!