Project

General

Profile

Bug #29649

The system does not seem to be IPA-enrolled

Added by Han Boetes 2 months ago. Updated 12 days ago.

Status:
Closed
Priority:
Low
Category:
Foreman modules
Target version:

Description

Running the installer after the upgrade like I always do:

env TMP= TMPDIR= foreman-installer \
    -v \
    --foreman-proxy-log-level=DEBUG \
    --enable-foreman-plugin-remote-execution \
    --enable-foreman-proxy-plugin-remote-execution-ssh \
    --enable-foreman-plugin-dhcp-browser \
    --enable-foreman-plugin-remote-execution \
    --enable-foreman-proxy-plugin-remote-execution-ssh \
    --foreman-ipa-authentication=true \
    --foreman-pam-service=foreman \
    --foreman-http-keytab=/etc/http.keytab \
    --no-enable-foreman-cli-ansible \
    --no-enable-foreman-plugin-ansible \
    --no-enable-foreman-proxy-plugin-ansible

After the upgrade to 2.0 I get

Evaluation Error: Error while evaluating a Function Call, theforeman: The system does not seem to be IPA-enrolled (file: /usr/share/foreman-installer/modules/foreman/manifests/config.pp, line: 101, column: 9) on node

Which reads:

unless 'ipa' in $facts and 'default_server' in $facts['ipa'] and 'default_realm' in $facts['ipa'] {

So it tests the output of facter ipa. If I do that manually I get no output. digging a bit further this is the code in question: /etc/puppetlabs/code/modules/ipaclient/lib/facter/ipa_facts.rb

The important part would be:

if File.exist?('/etc/sssd/sssd.conf') && sssd = File.readlines('/etc/sssd/sssd.conf')                                                                                         
  sssd.each do |line|                                                                                                                                                         
    case line                                                                                                                                                                 
      when /^ipa_domain/                                                                                                                                                      
        Facter.add("ipa_domain") do                                                                                                                                           
              has_weight 100                                                                                                                                                  
          setcode do                                                                                                                                                          
            line.split("=")[1].strip                                                                                                                                          
          end                                                                                                                                                                 
        end                                                                                                                                                                   
      when /^ipa_server/                                                                                                                                                      
        Facter.add("ipa_server") do                                                                                                                                           
              has_weight 100                                                                                                                                                  
          setcode do                                                                                                                                                          
            line.split("=")[1].strip                                                                                                                                          
          end                                                                                                                                                                 
        end                                                                                                                                                                   
      when /^auth_provider/                                                                                                                                                   
        Facter.add("ipa_enrolled") do                                                                                                                                         

Odd because:

root@theforeman ~ # ag '(ipa_domain|ipa_server|auth_provider)' /etc/sssd/sssd.conf |sed -e 's|mycompany.com|example.com|g'
auth_provider = ipa
ipa_domain = example.com
ipa_server = _srv_, gandalf.example.com, olorin.example.com, mithrandir.example.com
ipa_server_mode = false

Seems like I'm barking up the wrong tree, this must be a puppet problem. But please leave it for the moment because other may run into this problem as well.

Associated revisions

Revision 631f4a6a (diff)
Added by Ewoud Kohl van Wijngaarden about 2 months ago

Fixes #29649 - Prefix ipa and sssd facts with foreman_

This prevents a collision with the ipa fact from the ipa module.

History

#1 Updated by Han Boetes 2 months ago

I reported the issue with puppet: https://tickets.puppetlabs.com/browse/FACT-2588

#2 Updated by Han Boetes 2 months ago

  • Description updated (diff)

#3 Updated by Han Boetes 2 months ago

The ipa_facts file comes from https://github.com/joshuabaird/puppet-ipaclient/blob/master/lib/facter/ipa_facts.rb and contrary to my previous assumption is not a part of puppet but a custom module I happen to have installed.

I tried moving the module out of the way but facter ipa keeps returning empty. Am I missing something here? Where is the right ipa facter that I don't have?

#4 Updated by Ewoud Kohl van Wijngaarden 2 months ago

I was playing with https://github.com/theforeman/puppet-foreman/pull/801 but don't have an IPA env myself so find it hard to verify. Could you check it out and see if it fixes it for you?

#5 Updated by Han Boetes 2 months ago

I run into this error after applying your patch.

[ INFO 2020-04-29T20:25:33 verbose]  Facter: loading custom facts from /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb.                                      
[ERROR 2020-04-29T20:25:33 verbose]  Facter: error while resolving custom facts in /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb: expected chunk name to be
a Symbol                                                                                                                                                                     
[ERROR 2020-04-29T20:25:33 verbose] backtrace:                                                                                                                               
[ERROR 2020-04-29T20:25:33 verbose] /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb:10:in `chunk'                                                            
[ERROR 2020-04-29T20:25:33 verbose] /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb:10:in `block (2 levels) in <top (required)>'                             
[ERROR 2020-04-29T20:25:33 verbose] /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb:9:in `each'                                                              
[ERROR 2020-04-29T20:25:33 verbose] /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb:9:in `block in <top (required)>'                                         
[ERROR 2020-04-29T20:25:33 verbose] /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb:5:in `instance_eval'                                                     
[ERROR 2020-04-29T20:25:33 verbose] /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb:5:in `add'                                                               
[ERROR 2020-04-29T20:25:33 verbose] /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb:5:in `<top (required)>'                                                  
[ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/facts/facter.rb:35:in `to_hash'                                            
[ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/facts/facter.rb:35:in `find'
[ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/indirection.rb:198:in `find'
[ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/node.rb:135:in `fact_merge'
[ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/node/plain.rb:18:in `find'
[ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/indirection.rb:198:in `find'
[ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:215:in `main'
[ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:174:in `run_command'
[ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:375:in `block in run'
[ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:690:in `exit_on_fail'
[ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:375:in `run'
[ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:139:in `run'
[ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:77:in `execute'
[ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/bin/puppet:5:in `<main>'

#6 Updated by The Foreman Bot about 2 months ago

  • Assignee set to Ewoud Kohl van Wijngaarden
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/puppet-foreman/pull/839 added

#7 Updated by Ewoud Kohl van Wijngaarden about 2 months ago

  • Triaged changed from No to Yes
  • Target version set to 2.1.0
  • Category set to Foreman modules
  • Fixed in Releases deleted (1.24.3)

#8 Updated by The Foreman Bot about 2 months ago

  • Fixed in Releases 2.2.0 added

#9 Updated by Ewoud Kohl van Wijngaarden about 2 months ago

  • Status changed from Ready For Testing to Closed

#10 Updated by Ewoud Kohl van Wijngaarden about 2 months ago

  • Fixed in Releases 2.1.0 added
  • Fixed in Releases deleted (2.2.0)

#11 Updated by Tomer Brisker about 1 month ago

  • Target version changed from 2.1.0 to 2.0.1

#12 Updated by The Foreman Bot about 1 month ago

  • Pull request https://github.com/theforeman/puppet-foreman/pull/848 added

#13 Updated by Tomer Brisker 27 days ago

  • Fixed in Releases 2.0.1 added

#14 Updated by Han Boetes 17 days ago

Nope, not fixed.

[ERROR 2020-06-18T22:10:51 verbose]  Evaluation Error: Error while evaluating a Function Call, theforeman: The system does not seem to be IPA-enrolled (file: /usr/share/foreman-installer/modules/foreman/manifests/config.pp, line: 101, column: 9) on node theforeman.example.com

#15 Updated by Ewoud Kohl van Wijngaarden 12 days ago

Which version of foreman-installer is installed?

#16 Updated by Han Boetes 12 days ago

Hallo Ewoud,

thanks for your time and effort.

I followed the instructions https://theforeman.org/manuals/2.0/index.html#3.6Upgrade
So the version provided by: yum upgrade https://yum.theforeman.org/releases/2.0/el7/x86_64/foreman-release.rpm
2.0.1 I assume. I can't be entirely sure, since I restored the previous version with a snapshot.

With kind regards,
Han

Also available in: Atom PDF