Support #10506
closedERF12-2749 error when trying to get puppet classes
Description
I am running a foreman/katello host behind a squid proxy, I get a ERF12-2749 error when I either try to import puppet classes by clicking the "Import from <fqdn>" button on the "Puppet Classes" page or when I try to publish a content view. The warning/error I get is (sanitized):
Warning!
ERF12-2749 [ProxyAPI::ProxyException]: Unable to get environments from Puppet ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy https://www.example.com:9090/puppet
Full trace:
ProxyAPI::ProxyException
ERF12-2749 [ProxyAPI::ProxyException]: Unable to get environments from Puppet ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy https://www.example.com:9090/puppet
lib/proxy_api/puppet.rb:11:in `rescue in environments'
lib/proxy_api/puppet.rb:9:in `environments'
app/services/puppet_class_importer.rb:131:in `actual_environments'
app/services/puppet_class_importer.rb:23:in `changes'
app/controllers/concerns/foreman/controller/environments.rb:11:in `import_environments'
app/controllers/concerns/application_shared.rb:13:in `set_timezone'
app/models/concerns/foreman/thread_session.rb:32:in `clear_thread'
lib/middleware/catch_json_parse_errors.rb:9:in `call'
I have setup a different host outside the proxy and everything seems to work there. This tells me that somehow the requests are going to the squid proxy, please advise how to address this issue.
Updated by Dominic Cleal almost 9 years ago
Please check /var/log/foreman-proxy/proxy.log for the reason behind the 406 response.
Updated by Sameer Syed almost 9 years ago
Dominic Cleal wrote:
Please check /var/log/foreman-proxy/proxy.log for the reason behind the 406 response.
I had already checked that, I should have provided the error from that too. I see the following error in the proxy.log:
E, [2015-05-14T21:26:22.908210 #20720] ERROR -- : Failed to list puppet environments: Cannot find puppet_ssl_ca file /var/lib/puppet/ssl/certs/ca.pem
xx.xx.xx.xx - - [14/May/2015 21:26:22] "GET /environments HTTP/1.1" 406 99 0.0985
Updated by Sameer Syed almost 9 years ago
Sameer Syed wrote:
Dominic Cleal wrote:
Please check /var/log/foreman-proxy/proxy.log for the reason behind the 406 response.
I had already checked that, I should have provided the error from that too. I see the following error in the proxy.log:
E, [2015-05-14T21:26:22.908210 #20720] ERROR -- : Failed to list puppet environments: Cannot find puppet_ssl_ca file /var/lib/puppet/ssl/certs/ca.pem
xx.xx.xx.xx - - [14/May/2015 21:26:22] "GET /environments HTTP/1.1" 406 99 0.0985
ll /var/lib/puppet/ssl/certs/ca.pemrw-r--r- 1 puppet puppet 2.0K May 13 07:50 /var/lib/puppet/ssl/certs/ca.pem
Updated by Dominic Cleal almost 9 years ago
- Status changed from New to Feedback
Can you also add: ls -ld /var/lib /var/lib/puppet /var/lib/puppet/ssl
It's likely one of the parent directories has a restrictive permission when it should permit group +x.
Updated by Sameer Syed almost 9 years ago
Dominic Cleal wrote:
Can you also add:
ls -ld /var/lib /var/lib/puppet /var/lib/puppet/ssl
It's likely one of the parent directories has a restrictive permission when it should permit group +x.
Verified that the permissions on all dir have group +x:
namei m /var/lib/puppet/ssl/certs puppet
f: /var/lib/puppet/ssl/certs
dr-xr-xr-x /
drwxr-xr-x var
drwxr-xr-x lib
drwxr-x--
drwxrwx--x ssl
drwxr-xr-x certs
[18:16]:ls ld /var/lib /var/lib/puppet /var/lib/puppet/ssl 17 puppet puppet 4096 May 13 08:21 /var/lib/puppet/
drwxr-xr-x. 41 root root 4096 May 13 07:47 /var/lib/
drwxr-x--
drwxrwx--x 8 puppet puppet 4096 May 13 07:50 /var/lib/puppet/ssl/
and selinux is disabled:
[18:16]:sestatus
SELinux status: disabled
Updated by Dominic Cleal almost 9 years ago
Is foreman-proxy in the puppet group? (usermod -aG puppet foreman-proxy)
Also try "sudo -u foreman-proxy cat /var/lib/puppet/ssl/certs/ca.pem"
Updated by Sameer Syed almost 9 years ago
Dominic Cleal wrote:
Is foreman-proxy in the puppet group? (usermod -aG puppet foreman-proxy)
Also try "sudo -u foreman-proxy cat /var/lib/puppet/ssl/certs/ca.pem"
Thank you Dominic, that has resolved my issue. The puppet user in on a central auth system in my environment, which was preventing proper creation of users and group locally.
Updated by Anonymous almost 7 years ago
- Status changed from Feedback to Resolved