Bug #5677

Delete Host Failing

Added by Mike McRill about 4 years ago. Updated 4 days ago.

Status:Closed
Priority:Normal
Assignee:Dominic Cleal
Category:Puppet
Target version:1.5.1
Difficulty: Team Backlog:
Triaged: Fixed in Releases:
Bugzilla link:1107699 Found in Releases:
Pull request:

Description

Since update to 1.5.0-1, deleting host fails for all users (admin included). Here is the log from the web interface:

Here is the log from the production.log:
Delete PuppetCA certificates for test111.mydomain.com task failed with the following error: ERF12-7740 [ProxyAPI::ProxyException]: Unable to delete PuppetCA certificate for test111.mydomain.com ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy https://puppet.mydomain.com:8443/puppet/ca

W, [2014-05-12T09:47:16.233631 #28152] WARN -- : Failed to run puppetca: Error: Could not set 'directory' on ensure: Permission denied - /usr/share/foreman-proxy/.puppet
Error: Could not set 'directory' on ensure: Permission denied - /usr/share/foreman-proxy/.puppet
Wrapped exception:
Permission denied - /usr/share/foreman-proxy/.puppet
Error: /File[/usr/share/foreman-proxy/.puppet]/ensure: change from absent to directory failed: Could not set 'directory' on ensure: Permission denied - /usr/share/foreman-proxy/.puppet
Notice: /File[/usr/share/foreman-proxy/.puppet/var]: Dependency File[/usr/share/foreman-proxy/.puppet] has failures: true
Warning: /File[/usr/share/foreman-proxy/.puppet/var]: Skipping because of failed dependencies
Notice: /File[/usr/share/foreman-proxy/.puppet/var/log]: Dependency File[/usr/share/foreman-proxy/.puppet] has failures: true
Warning: /File[/usr/share/foreman-proxy/.puppet/var/log]: Skipping because of failed dependencies
Notice: /File[/usr/share/foreman-proxy/.puppet/var/lib]: Dependency File[/usr/share/foreman-proxy/.puppet] has failures: true
Warning: /File[/usr/share/foreman-proxy/.puppet/var/lib]: Skipping because of failed dependencies
Notice: /File[/usr/share/foreman-proxy/.puppet/var/state]: Dependency File[/usr/share/foreman-proxy/.puppet] has failures: true
Warning: /File[/usr/share/foreman-proxy/.puppet/var/state]: Skipping because of failed dependencies
Notice: /File[/usr/share/foreman-proxy/.puppet/var/facts.d]: Dependency File[/usr/share/foreman-proxy/.puppet] has failures: true
Warning: /File[/usr/share/foreman-proxy/.puppet/var/facts.d]: Skipping because of failed dependencies
Notice: /File[/usr/share/foreman-proxy/.puppet/var/run]: Dependency File[/usr/share/foreman-proxy/.puppet] has failures: true
Warning: /File[/usr/share/foreman-proxy/.puppet/var/run]: Skipping because of failed dependencies
Error: Got 1 failure(s) while initializing: File[/usr/share/foreman-proxy/.puppet]: change from absent to directory failed: Could not set 'directory' on ensure: Permission denied - /usr/share/foreman-proxy/.puppet

E, [2014-05-12T09:47:16.233999 #28152] ERROR -- : Failed to remove certificate(s) for testzzz.mydomain.com: Execution of puppetca failed, check log files

Associated revisions

Revision 79699411
Added by Dominic Cleal about 4 years ago

fixes #5677 - handle booleans from settings.yml as bools

History

#1 Updated by Dominic Cleal about 4 years ago

  • Project changed from Foreman to Smart Proxy
  • Category set to Puppet
  • Status changed from New to Feedback

Can you check that puppetca_use_sudo is enabled in settings.yml? This is required so the proxy can launch puppet as root and change the system-wide CA, it looks from your log that it's trying to execute as foreman-proxy only.

#2 Updated by Dominic Cleal about 4 years ago

To clarify, it should actually default to true, so I'd be interested to know if you have it set explicitly to any value.

#3 Updated by Mike McRill about 4 years ago

I am using sudo:

  1. enable PuppetCA management
    :puppetca: true
    :ssldir: /var/lib/puppet/ssl
    :puppetdir: /etc/puppet
    :puppetca_use_sudo: true
    :sudo_command: /usr/bin/sudo

#4 Updated by Dominic Cleal about 4 years ago

Could you try quoting the puppetca_use_sudo value, e.g.

:puppetca_use_sudo: "true" 

#5 Updated by Mike McRill about 4 years ago

Adding quotations resolved issue, thank you.

#6 Updated by Dominic Cleal about 4 years ago

  • Status changed from Feedback to Ready For Testing
  • Assignee set to Dominic Cleal
  • Target version set to 1.8.3
  • Legacy Backlogs Release (now unused) set to 16

#7 Updated by Dmitri Dolguikh about 4 years ago

  • Target version changed from 1.8.3 to 1.8.2

#8 Updated by Adam Behn about 4 years ago

I'm seeing this issue as well and adding the quotes did not resolve the issue in my case.

"Delete PuppetCA certificates for test.domain.com task failed with the following error: ERF12-7740 [ProxyAPI::ProxyException]: Unable to delete PuppetCA certificate for test.adc4gis.com ([RestClient::RequestTimeout]: Request Timeout) for proxy https://puppet.domain.com:8443/puppet/ca"

#9 Updated by Dominic Cleal about 4 years ago

Adam Behn wrote:

I'm seeing this issue as well and adding the quotes did not resolve the issue in my case.

"Delete PuppetCA certificates for test.domain.com task failed with the following error: ERF12-7740 [ProxyAPI::ProxyException]: Unable to delete PuppetCA certificate for test.adc4gis.com ([RestClient::RequestTimeout]: Request Timeout) for proxy https://puppet.domain.com:8443/puppet/ca"

It's likely a different issue. Please create a thread on foreman-users, call into #theforeman or raise a new bug with your proxy logs included too (:log_level: DEBUG would be good too).

#10 Updated by Lukas Zapletal about 4 years ago

  • Status changed from Ready For Testing to Resolved

#11 Updated by Dominic Cleal about 4 years ago

  • Status changed from Resolved to Closed
  • % Done changed from 0 to 100

#12 Updated by Bryan Kearney about 4 years ago

  • Bugzilla link set to https://bugzilla.redhat.com/show_bug.cgi?id=1107699

Also available in: Atom PDF