Project

General

Profile

Actions

Bug #10678

closed

Foreman-proxy throws [RestClient::NotAcceptable]: 406 Not Acceptable upon server restart

Added by Claude Durocher over 9 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Puppet
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

I upgraded recently from Foreman 1.8.0 to 1.8.1 and from Puppet 3.7 to Puppet 3.8.1 (on Ubuntu 14.04). When I restart the server, I get the following error when trying to display certificates in the webui:

ERF12-5356 [ProxyAPI::ProxyException]: Impossible d'obtenir les certificats PuppetCA ([RestClient::NotAcceptable]: 406 Not Acceptable) pour le proxy https://puppet.cptaq.local:8443/puppet/ca

Here's the log of foreman-proxy:

I, [2015-05-29T13:00:28.212261 #1054]  INFO -- : Running scan_directory on test: /usr/share/puppet/modules
10.17.80.5 - - [29/May/2015 13:00:28] "GET /puppet/environments/test/classes HTTP/1.1" 200 92433 4.7505
D, [2015-05-29T13:04:14.858340 #1054] DEBUG -- : verifying remote client 10.17.80.5 against trusted_hosts ["puppet.cptaq.local"]
D, [2015-05-29T13:04:14.859141 #1054] DEBUG -- : Found puppetca at /usr/bin/puppet
D, [2015-05-29T13:04:14.859232 #1054] DEBUG -- : Found sudo at /usr/bin/sudo
D, [2015-05-29T13:04:14.859277 #1054] DEBUG -- : Executing /usr/bin/sudo -S /usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --list --all
W, [2015-05-29T13:04:15.276960 #1054]  WARN -- : Failed to run puppetca:
E, [2015-05-29T13:04:15.278112 #1054] ERROR -- : Failed to list certificates: Execution of puppetca failed, check log files
10.17.80.5 - - [29/May/2015 13:04:15] "GET /puppet/ca HTTP/1.1" 406 74 0.4209
D, [2015-05-29T13:04:15.472967 #1054] DEBUG -- : verifying remote client 10.17.80.5 against trusted_hosts ["puppet.cptaq.local"]
D, [2015-05-29T13:04:15.473276 #1054] DEBUG -- : Found puppetca at /usr/bin/puppet
D, [2015-05-29T13:04:15.473382 #1054] DEBUG -- : Found sudo at /usr/bin/sudo
D, [2015-05-29T13:04:15.473421 #1054] DEBUG -- : Executing /usr/bin/sudo -S /usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --list --all
W, [2015-05-29T13:04:15.837424 #1054]  WARN -- : Failed to run puppetca:
E, [2015-05-29T13:04:15.838496 #1054] ERROR -- : Failed to list certificates: Execution of puppetca failed, check log files

If I simply restart the foreman-proxy service, everything works fine. Here's the log:

10.17.80.5 - - [29/May/2015 13:04:15] "GET /puppet/ca HTTP/1.1" 406 74 0.3663
W, [2015-05-29T13:06:11.993819 #8093]  WARN -- : Couldn't find settings file /etc/foreman-proxy/settings.d/foreman_proxy.yml. Using default settings.
I, [2015-05-29T13:06:11.993979 #8093]  INFO -- : 'foreman_proxy' settings were initialized with default values: :enabled: true
I, [2015-05-29T13:06:11.997012 #8093]  INFO -- : 'facts' module is disabled.
I, [2015-05-29T13:06:11.997477 #8093]  INFO -- : 'dns' module is disabled.
I, [2015-05-29T13:06:11.997749 #8093]  INFO -- : 'templates' module is disabled.
I, [2015-05-29T13:06:12.001059 #8093]  INFO -- : 'dhcp' module is disabled.
I, [2015-05-29T13:06:12.328149 #8093]  INFO -- : 'puppet' settings were initialized with default values: :cache_location: /usr/share/foreman-proxy/cache, :puppet_provider: puppetrun, :puppetdir: /etc/puppet, :salt_puppetrun_cmd: puppet.run, :use_cache: true
I, [2015-05-29T13:06:12.330752 #8093]  INFO -- : 'bmc' module is disabled.
I, [2015-05-29T13:06:12.331117 #8093]  INFO -- : 'realm' module is disabled.
D, [2015-05-29T13:06:16.287769 #8098] DEBUG -- : verifying remote client 10.17.80.5 against trusted_hosts ["puppet.cptaq.local"]
D, [2015-05-29T13:06:16.290139 #8098] DEBUG -- : Found puppetca at /usr/bin/puppet
D, [2015-05-29T13:06:16.290256 #8098] DEBUG -- : Found sudo at /usr/bin/sudo
D, [2015-05-29T13:06:16.290314 #8098] DEBUG -- : Executing /usr/bin/sudo -S /usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --list --all
10.17.80.5 - - [29/May/2015 13:06:17] "GET /puppet/ca HTTP/1.1" 200 3908 1.0886

sudoers file:

root@puppet:/etc/puppet/environments/production/modules# cat /etc/sudoers.d/foreman-proxy
foreman-proxy ALL = (root) NOPASSWD : /usr/bin/puppet cert *
foreman-proxy ALL = (root) NOPASSWD : /usr/bin/puppet kick *
Defaults:foreman-proxy !requiretty
Actions #1

Updated by Dominic Cleal over 9 years ago

  • Description updated (diff)
  • Category set to Puppet

Just a guess, but what command precisely are you using to restart foreman-proxy?

Does it break if you run "service foreman-proxy restart"?

Actions #2

Updated by Claude Durocher over 9 years ago

The proxy works fine after issuing "service foreman-proxy restart"

Actions #3

Updated by Claude Durocher over 9 years ago

I've been able to work around the issue by adding this to crontab :

@reboot service foreman-proxy restart

But that doesn't explain why I have trouble starting the proxy at boot time...

Actions #4

Updated by Евгений Ковальчук over 8 years ago

Confirm on 1.11.1

Actions #5

Updated by Anonymous over 8 years ago

Anything in puppet logs by any chance?

Actions #6

Updated by Anonymous almost 8 years ago

  • Status changed from New to Need more information
Actions #7

Updated by Anonymous over 7 years ago

  • Status changed from Need more information to Resolved

no reaction, closing.

Actions

Also available in: Atom PDF