Bug #5492: katello-deploy devel - /etc/puppet permissions are incorrect - Katello - Foreman

Actions

Copy link

Bug #5492

closed

katello-deploy devel - /etc/puppet permissions are incorrect

Added by Brad Buckingham almost 10 years ago. Updated almost 6 years ago.

Status:

Resolved

Priority:

High

Assignee:

Category:

Installer

Target version:

Katello 2.0

Difficulty:

Triaged:

Yes

Bugzilla link:

Pull request:

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

/etc/puppet needs to have ownership/permissions to allow a user in the 'puppet' group (e.g. foreman-proxy) to write to it.

Initial permissions:
[root@fortello foreman-proxy]# ls -l /etc/|grep puppet
drwxr-xr-x 6 root root 4096 Apr 23 07:59 puppet

Below is a scenario and some logs when the above permissions are set:
Scenario: Attempt to provision a host using foreman_bootdisk via virt-manager.

(foreman and proxy logs below)

virt-manager console shows:
---------------------------
'Unable to dlownload the kickstart file. Please modify....

foreman log:
------------
Processing by UnattendedController#iPXE as HTML
Parameters: {"mac"=>"52:54:00:b1:8b:c3"}
Host::Managed Load (0.7ms) SELECT "hosts".* FROM "hosts" WHERE "hosts"."type" IN ('Host::Managed') AND (lower(mac) IN ('52:54:00:b1:8b:c3')) LIMIT 1
Operatingsystem Load (0.2ms) SELECT "operatingsystems".* FROM "operatingsystems" WHERE "operatingsystems"."id" = 1 ORDER BY operatingsystems.name LIMIT 1
Found testhost5.example.com
Architecture Load (0.1ms) SELECT "architectures".* FROM "architectures" WHERE "architectures"."id" = 1 LIMIT 1
ConfigTemplate Load (1.8ms) SELECT "config_templates".* FROM "config_templates" INNER JOIN "config_templates_operatingsystems" ON "config_templates_operatingsystems"."config_template_id" = "config_templates"."id" INNER JOIN "operatingsystems" ON "operatingsystems"."id" = "config_templates_operatingsystems"."operatingsystem_id" INNER JOIN "template_kinds" ON "template_kinds"."id" = "config_templates"."template_kind_id" INNER JOIN "template_combinations" ON "template_combinations"."config_template_id" = "config_templates"."id" INNER JOIN "hostgroups" ON "hostgroups"."id" = "template_combinations"."hostgroup_id" INNER JOIN "template_combinations" "template_combinations_config_templates_join" ON "template_combinations_config_templates_join"."config_template_id" = "config_templates"."id" INNER JOIN "environments" ON "environments"."id" = "template_combinations_config_templates_join"."environment_id" WHERE "operatingsystems"."id" = 1 AND "template_kinds"."name" = 'iPXE' AND "hostgroups"."id" = 5 AND "environments"."id" = 3 ORDER BY config_templates.name LIMIT 1
ConfigTemplate Load (0.7ms) SELECT "config_templates".* FROM "config_templates" INNER JOIN "config_templates_operatingsystems" ON "config_templates_operatingsystems"."config_template_id" = "config_templates"."id" INNER JOIN "operatingsystems" ON "operatingsystems"."id" = "config_templates_operatingsystems"."operatingsystem_id" INNER JOIN "template_kinds" ON "template_kinds"."id" = "config_templates"."template_kind_id" INNER JOIN "template_combinations" ON "template_combinations"."config_template_id" = "config_templates"."id" INNER JOIN "hostgroups" ON "hostgroups"."id" = "template_combinations"."hostgroup_id" WHERE "operatingsystems"."id" = 1 AND "template_kinds"."name" = 'iPXE' AND "hostgroups"."id" = 5 ORDER BY config_templates.name LIMIT 1
ConfigTemplate Load (0.5ms) SELECT "config_templates".* FROM "config_templates" INNER JOIN "config_templates_operatingsystems" ON "config_templates_operatingsystems"."config_template_id" = "config_templates"."id" INNER JOIN "operatingsystems" ON "operatingsystems"."id" = "config_templates_operatingsystems"."operatingsystem_id" INNER JOIN "template_kinds" ON "template_kinds"."id" = "config_templates"."template_kind_id" INNER JOIN "template_combinations" ON "template_combinations"."config_template_id" = "config_templates"."id" INNER JOIN "environments" ON "environments"."id" = "template_combinations"."environment_id" WHERE "operatingsystems"."id" = 1 AND "template_kinds"."name" = 'iPXE' AND "environments"."id" = 3 ORDER BY config_templates.name LIMIT 1
ConfigTemplate Load (0.5ms) SELECT "config_templates".* FROM "config_templates" INNER JOIN "config_templates_operatingsystems" ON "config_templates_operatingsystems"."config_template_id" = "config_templates"."id" INNER JOIN "operatingsystems" ON "operatingsystems"."id" = "config_templates_operatingsystems"."operatingsystem_id" INNER JOIN "template_kinds" ON "template_kinds"."id" = "config_templates"."template_kind_id" INNER JOIN "os_default_templates" ON "os_default_templates"."config_template_id" = "config_templates"."id" WHERE "operatingsystems"."id" = 1 AND "template_kinds"."name" = 'iPXE' AND "os_default_templates"."operatingsystem_id" = 1 ORDER BY config_templates.name LIMIT 1
rendering DB template Kickstart default iPXE - iPXE
Token Load (0.2ms) SELECT "tokens".* FROM "tokens" WHERE "tokens"."host_id" = 5 LIMIT 1
Medium Load (0.2ms) SELECT "media".* FROM "media" WHERE "media"."id" = 8 ORDER BY media.name LIMIT 1
Rendered inline template (3.9ms)
Completed 200 OK in 16.5ms (Views: 4.3ms | ActiveRecord: 4.8ms)
Processing by UnattendedController#provision as /*
Parameters: {"token"=>"0eb5f46b-2403-43b3-aa32-537a69db8385", "static"=>"yes"}
Host::Managed Load (0.5ms) SELECT hosts. FROM "hosts" INNER JOIN "tokens" ON "tokens"."host_id" = "hosts"."id" WHERE "hosts"."type" IN ('Host::Managed') AND "tokens"."value" = '0eb5f46b-2403-43b3-aa32-537a69db8385' AND (expires >= '2014-04-23 14:00:08') LIMIT 1
Operatingsystem Load (0.2ms) SELECT "operatingsystems".* FROM "operatingsystems" WHERE "operatingsystems"."id" = 1 ORDER BY operatingsystems.name LIMIT 1
Found testhost5.example.com
SmartProxy Load (0.1ms) SELECT "smart_proxies".* FROM "smart_proxies" WHERE "smart_proxies"."id" = 2 ORDER BY smart_proxies.name LIMIT 1
Remove puppet certificate for testhost5.example.com
Adding autosign entry for testhost5.example.com
Completed 500 Internal Server Error in 474.4ms

ProxyAPI::ProxyException (ERF12-0104 [ProxyAPI::ProxyException]: Unable to set PuppetCA autosign for testhost5.example.com ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy http://fortello.devel:9090/puppet/ca):
lib/proxy_api/puppetca.rb:17:in `rescue in set_autosign'
lib/proxy_api/puppetca.rb:15:in `set_autosign'
app/models/concerns/orchestration/puppetca.rb:32:in `setAutosign'
app/models/host/managed.rb:247:in `handle_ca'
app/controllers/unattended_controller.rb:161:in `handle_ca'
app/models/concerns/foreman/thread_session.rb:33:in `clear_thread'
lib/middleware/catch_json_parse_errors.rb:9:in `call'

Rendered /usr/local/rvm/gems/ruby-1.9.3-p194@fortello/gems/actionpack-3.2.17/lib/action_dispatch/middleware/templates/rescues/_trace.erb (0.6ms)
  Rendered /usr/local/rvm/gems/ruby-1.9.3-p194@fortello/gems/actionpack-3.2.17/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb (0.7ms)
  Rendered /usr/local/rvm/gems/ruby-1.9.3-p194@fortello/gems/actionpack-3.2.17/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb within rescues/layout (5.7ms)

proxy.log:
----------
D, [2014-04-23T10:00:08.651231 #13508] DEBUG -- : Found puppetca at /usr/bin/puppet
D, [2014-04-23T10:00:08.651344 #13508] DEBUG -- : Found sudo at /usr/bin/sudo
D, [2014-04-23T10:00:08.651402 #13508] DEBUG -- : Executing /usr/bin/sudo S /usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --clean testhost5.example.com
I, [2014-04-23T10:00:09.108134 #13508] INFO - : Attempt to remove nonexistant client certificate for testhost5.example.com
E, [2014-04-23T10:00:09.108365 #13508] ERROR -- : Attempt to remove nonexistant client certificate for testhost5.example.com
E, [2014-04-23T10:00:09.112058 #13508] ERROR -- : Failed to enable autosign for testhost5.example.com: Permission denied - /etc/puppet/autosign.conf