Project

General

Profile

Actions
Copy link

Bug #17629

closed

Puppet Upgrade from 3 - 4

Added by Sven Vogel about 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Documentation
Target version:
Katello Backlog
Difficulty:
trivial
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Hi,

i upgrade puppet with foreman-installer --upgrade-puppet from 3 to 4. CentOS 7.2

the following problems occur.

D, [2016-12-11T17:22:43.597917 #29422] DEBUG -- : Executing /usr/bin/sudo -S /opt/puppetlabs/bin/puppet cert --ssldir /etc/puppetlabs/puppet/ssl --list --all
W, [2016-12-11T17:22:43.623701 #29422] WARN -- : Failed to run puppetca:
E, [2016-12-11T17:22:43.624100 #29422] ERROR -- : Failed to list certificates: Execution of puppetca failed, check log files
D, [2016-12-11T17:22:43.624154 #29422] DEBUG -- : Failed to list certificates: Execution of puppetca failed, check log files
I, [2016-12-11T17:22:43.625078 #29422] INFO -- : 192.168.85.32 - - [11/Dec/2016:17:22:43 +0100] "GET /puppet/ca HTTP/1.1" 406 74 0.0284

my sudeors file looks like
visudo
  1. Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
  1. includedir /etc/sudoers.d

visudo -f /etc/sudoers.d/foreman-proxy
foreman-proxy ALL = (root) NOPASSWD : /opt/puppetlabs/bin/puppet cert *
foreman-proxy ALL = (root) NOPASSWD : /opt/puppetlabs/bin/puppet kick *
Defaults:foreman-proxy !requiretty

these dont work so i moved for testing the "visudo -f /etc/sudoers.d/foreman-proxy" directly into the /etc/sudoers file. i think there is a problem with sudoers file and order... thats a other problem which needs to be checked.

after that i tried su - foreman-proxy and run line command again.

/usr/bin/sudo -S /opt/puppetlabs/bin/puppet cert --ssldir /etc/puppetlabs/puppet/ssl --list --all

now i get

+ "katello01.example.local" (SHA256) 66:A2:85:39:B7:1A:62:8C:92:44:6E:03:F4:45:FA:B8:95:B5:59:F4:6B:5F:71:26:C7:4D:83:52:C4:DD:87:E8 (alt names: "DNS:katello01.example.local", "DNS:puppet", "DNS:puppet.example.local")
+ "test01.example.local" (SHA256) 7E:CC:4A:68:18:B8:85:E8:4E:EC:97:DC:47:0F:4D:7C:BE:77:9C:31:CB:24:0C:18:45:F9:CB:DD:F9:23:07:A9
+ "test02.example.local" (SHA256) EA:F6:B4:EF:23:95:CF:3A:BE:DE:75:82:BA:6C:7E:5D:43:C8:56:03:5F:79:D0:48:7E:E8:04:7D:ED:C7:53:C3
+ "test03.example.local" (SHA256) BE:16:E5:FE:1B:EC:30:02:68:9C:94:9D:6E:17:AD:FE:6F:64:78:21:4B:D8:14:1B:AB:BC:38:04:D1:46:BD:AB

BUT

error seems the same. picture.

i checked the smart proxy https://192.168.85.32l:9090/puppet/ca and get the error "could not read client cert from environment"

maybe there are a correlation.

when i restart the smart proxy in debug mode thats my startup parameter.

[root@katello01 code]# D, [2016-12-11T17:35:42.080440 #30122] DEBUG -- : 'pulp' settings: 'enabled': https, 'mongodb_dir': /var/lib/mongodb (default), 'pulp_content_dir': /var/lib/pulp/content (default), 'pulp_dir': /var/lib/pulp (default), 'pulp_url': https://katello01.example.local/pulp, 'puppet_content_dir': /etc/puppetlabs/code/environments
D, [2016-12-11T17:35:42.085155 #30122] DEBUG -- : 'dynflow' settings: 'core_url': https://katello01.example.local:8008, 'database': /var/lib/foreman-proxy/dynflow/dynflow.sqlite, 'enabled': https
D, [2016-12-11T17:35:42.089031 #30122] DEBUG -- : 'ssh' settings: 'enabled': https, 'local_working_dir': /var/tmp (default), 'remote_working_dir': /var/tmp (default), 'ssh_identity_key_file': /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy, 'ssh_user': root (default)
D, [2016-12-11T17:35:42.103614 #30122] DEBUG -- : 'dns' settings: 'dns_ttl': 86400 (default), 'enabled': https, 'use_provider': dns_nsupdate (default)
D, [2016-12-11T17:35:42.107660 #30122] DEBUG -- : 'tftp' settings: 'enabled': https, 'tftp_servername': 192.168.85.32, 'tftproot': /var/lib/tftpboot (default)
D, [2016-12-11T17:35:42.114433 #30122] DEBUG -- : 'dhcp' settings: 'enabled': https, 'server': 127.0.0.1 (default), 'subnets': [] (default), 'use_provider': dhcp_isc (default)
D, [2016-12-11T17:35:42.118180 #30122] DEBUG -- : 'puppetca' settings: 'enabled': https, 'puppetdir': /etc/puppetlabs/puppet, 'ssldir': /etc/puppetlabs/puppet/ssl
D, [2016-12-11T17:35:42.124272 #30122] DEBUG -- : 'puppet' settings: 'enabled': https, 'puppet_version': 4.8.1, 'use_provider': [:puppet_proxy_puppet_api]
D, [2016-12-11T17:35:42.125871 #30122] DEBUG -- : Providers ['dns_nsupdate'] are going to be configured for 'dns'
D, [2016-12-11T17:35:42.126054 #30122] DEBUG -- : Providers ['dhcp_isc'] are going to be configured for 'dhcp'
D, [2016-12-11T17:35:42.126168 #30122] DEBUG -- : Providers ['puppet_proxy_puppet_api'] are going to be configured for 'puppet'
D, [2016-12-11T17:35:42.130651 #30122] DEBUG -- : 'dns_nsupdate' settings: 'dns_key': /etc/rndc.key, 'dns_server': 127.0.0.1, 'dns_ttl': 86400, 'use_provider': dns_nsupdate
D, [2016-12-11T17:35:42.166876 #30122] DEBUG -- : 'dhcp_isc' settings: 'config': /etc/dhcp/dhcpd.conf (default), 'leases': /var/lib/dhcpd/dhcpd.leases (default), 'leases_file_observer': inotify_leases_file_observer, 'omapi_port': 7911, 'server': 127.0.0.1, 'subnets': [], 'use_provider': dhcp_isc
D, [2016-12-11T17:35:42.175322 #30122] DEBUG -- : 'puppet_proxy_puppet_api' settings: 'classes_retriever': apiv3, 'environments_retriever': apiv3, 'puppet_ssl_ca': /etc/puppetlabs/puppet/ssl/certs/ca.pem, 'puppet_ssl_cert': /etc/puppetlabs/puppet/ssl/certs/katello01.example.local.pem, 'puppet_ssl_key': /etc/puppetlabs/puppet/ssl/private_keys/katello01.example.local.pem, 'puppet_url': https://katello01.example.local:8140, 'puppet_version': 4.8.1, 'use_provider': [:puppet_proxy_puppet_api]
I, [2016-12-11T17:35:42.176736 #30122] INFO -- : Successfully initialized 'pulp'
I, [2016-12-11T17:35:42.178597 #30122] INFO -- : Successfully initialized 'dynflow'
I, [2016-12-11T17:35:42.181500 #30122] INFO -- : Successfully initialized 'ssh'
I, [2016-12-11T17:35:42.181765 #30122] INFO -- : Successfully initialized 'foreman_proxy'
I, [2016-12-11T17:35:42.181913 #30122] INFO -- : Successfully initialized 'dns_nsupdate'
I, [2016-12-11T17:35:42.182019 #30122] INFO -- : Successfully initialized 'dns'
I, [2016-12-11T17:35:42.182109 #30122] INFO -- : Successfully initialized 'tftp'
D, [2016-12-11T17:35:42.206426 #30122] DEBUG -- : Added a subnet: 192.168.85.0
D, [2016-12-11T17:35:42.208209 #30122] DEBUG -- : Added a reservation: 192.168.85.14:00:19:99:bc:04:e6:kvm02.example.local
D, [2016-12-11T17:35:42.208378 #30122] DEBUG -- : Added a reservation: 192.168.85.13:00:19:99:cb:c2:e2:kvm01.example.local
D, [2016-12-11T17:35:42.208503 #30122] DEBUG -- : Added a reservation: 192.168.85.15:00:19:99:c5:0b:83:kvm03.example.local
I, [2016-12-11T17:35:42.208764 #30122] INFO -- : Successfully initialized 'dhcp_isc'
I, [2016-12-11T17:35:42.208897 #30122] INFO -- : Successfully initialized 'dhcp'
I, [2016-12-11T17:35:42.209459 #30122] INFO -- : Successfully initialized 'puppetca'
I, [2016-12-11T17:35:42.209636 #30122] INFO -- : Successfully initialized 'puppet_proxy_puppet_api'
I, [2016-12-11T17:35:42.209752 #30122] INFO -- : Successfully initialized 'puppet'
I, [2016-12-11T17:35:42.243380 #30122] INFO -- : WEBrick 1.3.1
I, [2016-12-11T17:35:42.243661 #30122] INFO -- : ruby 2.0.0 (2014-11-13) [x86_64-linux]
D, [2016-12-11T17:35:42.244102 #30122] DEBUG -- : TCPServer.new(0.0.0.0, 9090)
D, [2016-12-11T17:35:42.244301 #30122] DEBUG -- : TCPServer.new(::, 9090)
W, [2016-12-11T17:35:42.244482 #30122] WARN -- : TCPServer Error: Address already in use - bind(2)
I, [2016-12-11T17:35:42.245666 #30122] INFO -- :

is there anybody who can help?

thanks

Sven

Files

error_puppet_ca.PNG View error_puppet_ca.PNG 13.7 KB Sven Vogel, 12/11/2016 11:32 AM
Actions
Copy link

Also available in: Atom PDF