Actions
Bug #11281
closedsudo output under proxy is lacking some detail
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Puppet
Target version:
-
Description
I had an issue with the smart proxy on a puppetca server.
I had to strace the proxy in the end to find out that it was due to sudo requiring a tty.
Unfortunately, even with the foreman-proxy running with DEBUG logging, it did not report the actual error.
D, [2015-08-03T16:31:35.067366 #47518] DEBUG -- : verifying remote client 192.168.1.1 against trusted_hosts ["foreman.local"] D, [2015-08-03T16:31:35.076693 #47518] DEBUG -- : Found puppetca at /usr/bin/puppet D, [2015-08-03T16:31:35.077481 #47518] DEBUG -- : Found sudo at /usr/bin/sudo D, [2015-08-03T16:31:35.077948 #47518] DEBUG -- : Executing /usr/bin/sudo -S /usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --list --all W, [2015-08-03T16:31:35.129065 #47518] WARN -- : Failed to run puppetca: E, [2015-08-03T16:31:35.129611 #47518] ERROR -- : Failed to list certificates: Execution of puppetca failed, check log files
The gem found from strace:
[pid 47530] write(2, "sorry, you must have a tty to run sudo", 38) = 38
The fix:
in /etc/sudoers or /etc/sudoers.d/foreman:
foreman-proxy ALL = NOPASSWD: /usr/bin/puppet cert *
Defaults:foreman-proxy !requiretty
In my view, the proxy should log the output "sorry, you must have a tty to run sudo" to prevent users from having to delve into strace.
Updated by Dominic Cleal over 9 years ago
- Project changed from Foreman to Smart Proxy
- Description updated (diff)
- Category set to Puppet
Updated by Ewoud Kohl van Wijngaarden over 3 years ago
- Status changed from New to Rejected
In #30429 all Puppetrun functionality was removed.
Actions