Bug #7099
closedImport from Foreman-Proxy failed
Description
Import from Foreman-Proxy failed.
I have installed the following software packages on a Ubuntu 12.04 LTS 64bit:
ii foreman 1.5.1-1 Systems management web interface
ii foreman-mysql 1.2.2+ubuntu1 metapackage providing MySQL dependencies for Foreman
ii foreman-proxy 1.5.1-1 RESTful proxies for DNS, DHCP, TFTP, and Puppet
ii foreman-sqlite3 1.5.1-1 metapackage providing sqlite dependencies for Foreman
ii puppet 3.6.0-1puppetlabs1 Centralized configuration management - agent startup and compatibility scripts
ii puppet-common 3.6.0-1puppetlabs1 Centralized configuration management
ii puppetmaster-common 3.6.0-1puppetlabs1 Puppet master common scripts
ii puppetmaster-passenger 3.6.0-1puppetlabs1 Centralised configuration management - master setup to run under mod passenger
puppet.conf:
[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates pluginsync=true report=true reports=log, foreman [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY external_nodes = /etc/puppet/external_node.rb node_terminus = exec modulepath = etc/puppet/environments/$environment/modules
/var/log/foreman-proxy/foreman-proxy.log:
I, [2014-08-15T09:54:17.106751 #2320] INFO -- : Initializing from Puppet config file: /etc/puppet/puppet.conf
W, [2014-08-15T09:54:17.122250 #2320] WARN -- : No environments found - falling back to defaults (production - /etc/puppet/modules)
I, [2014-08-15T09:54:17.237796 #2320] INFO -- : Initializing from Puppet config file: /etc/puppet/puppet.conf
W, [2014-08-15T09:54:17.249576 #2320] WARN -- : No environments found - falling back to defaults (production - /etc/puppet/modules)
I, [2014-08-15T09:54:17.249694 #2320] INFO -- : Initializing from Puppet config file: /etc/puppet/puppet.conf
I, [2014-08-15T09:54:17.285022 #2320] INFO -- : Initializing from Puppet config file: /etc/puppet/puppet.conf
Please help!
Files
Updated by Dominic Cleal about 10 years ago
- Description updated (diff)
- Category set to Puppet
Puzzling, it looks like the proxy isn't picking up the "modulepath" setting from puppet.conf (note, it's also missing a leading "/").
What might be more reliable is to use Puppet's new directory environments feature, as you're on a recent version of Puppet. https://docs.puppetlabs.com/puppet/latest/reference/environments.html has more information about it, but to use it, do the following:
1. update foreman-proxy to 1.5.2, update Puppet to 3.6.2
2. remove modulepath from puppet.conf, set "environmentpath = /etc/puppet/environments"
3. ensure /etc/puppet/auth.conf has the section listed on ERF12-2749
Updated by Sebastian Wehnl about 10 years ago
Thanks for your feedback.
I have still the same problem:
ii foreman 1.5.2-1 Systems management web interface
ii foreman-mysql 1.2.2+ubuntu1 metapackage providing MySQL dependencies for Foreman
ii foreman-proxy 1.5.2-1 RESTful proxies for DNS, DHCP, TFTP, and Puppet
ii foreman-sqlite3 1.5.2-1 metapackage providing sqlite dependencies for Foreman
ii puppet 3.6.2-1puppetlabs1 Centralized configuration management - agent startup and compatibility scripts
ii puppet-common 3.6.2-1puppetlabs1 Centralized configuration management
ii puppetmaster-common 3.6.2-1puppetlabs1 Puppet master common scripts
ii puppetmaster-passenger 3.6.2-1puppetlabs1 Centralised configuration management - master setup to run under mod passenger
puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
pluginsync=true
report=true
reports=log, foreman
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
external_nodes = /etc/puppet/external_node.rb
node_terminus = exec
environmentpath = /etc/puppet/environments
foreman-proxy.log shows the same messages as before.
Thanks
Updated by Dominic Cleal about 10 years ago
Could you add your /etc/foreman-proxy/settings.yml file? Maybe it's not reading puppet.conf correctly at all.
Updated by Sebastian Wehnl about 10 years ago
Please find the "etc/foreman-proxy/settings.yml file attached:
---
# SSL Setup
# if enabled, all communication would be verified via SSL
# NOTE that both certificates need to be signed by the same CA in order for this to work
# see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information
#:ssl_certificate: ssl/certs/$HOSTNAME.pem
#:ssl_ca_file: ssl/certs/ca.pem
#:ssl_private_key: ssl/private_keys/$HOSTNAME.key
# the hosts which the proxy accepts connections from
# commenting the following lines would mean every verified SSL connection allowed
:trusted_hosts:
#- foreman.prod.domain
#- foreman.dev.domain
# enable the daemon to run in the background
:daemon: true
:daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
# port used by the proxy
:port: 8443
# Enable TFTP management
:tftp: false
#:tftproot: /var/lib/tftpboot
# Defines the TFTP Servername to use, overrides the name in the subnet declaration
#:tftp_servername: tftp.domain.com
# Enable DNS management
:dns: false
#:dns_key: /etc/rndc.key
# use this setting if you are managing a dns server which is not localhost though this proxy
#:dns_server: dns.domain.com
# Enable DHCP management
:dhcp: false
# The vendor can be either isc or native_ms
:dhcp_vendor: isc
# dhcp_subnets is a Native MS implementation setting. It restricts the subnets queried to a
# subset, so as to reduce the query time.
#:dhcp_subnets: [192.168.205.0/255.255.255.128, 192.168.205.128/255.255.255.128]
# Settings for Ubuntu ISC
#:dhcp_config: /etc/dhcp3/dhcpd.conf
#:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
# Settings for Redhat ISC
#:dhcp_config: /etc/dhcpd.conf
#:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
#:dhcp_key_name: secret_key_name
#:dhcp_key_secret: secret_key
# enable PuppetCA management
:puppetca: false
#:ssldir: /var/lib/puppet/ssl
#:puppetdir: /etc/puppet
# enable Puppet management
:puppet: true
:puppet_conf: /etc/puppet/puppet.conf
# Where our proxy log files are stored
# filename or STDOUT
:log_file: /var/log/foreman-proxy/foreman-proxy.log
# valid options are
# WARN, DEBUG, Error, FATAL, INFO, UNKNOWN
:log_level: INFO
Updated by Dominic Cleal about 10 years ago
Looks fine, assuming the puppet.conf you pasted was from /etc/puppet/puppet.conf. I can't tell why it's not seeing entries in puppet.conf.
You could try adding this to /etc/foreman-proxy/settings.yml to force it to ignore the contents of puppet.conf, then restart foreman-proxy:
:puppet_use_environment_api: true
Updated by Sebastian Wehnl about 10 years ago
- File import_error.jpg import_error.jpg added
After adding this parameter, a new error occurred (see Attachment)
In /var/log/foreman-proxy/foreman-proxy.log I found this output:
I, [2014-08-15T12:39:54.587751 #3852] INFO -- : Initializing from Puppet config file: /etc/puppet/puppet.conf
I, [2014-08-15T12:39:54.622377 #3852] INFO -- : Initializing from Puppet config file: /etc/puppet/puppet.conf
E, [2014-08-15T12:39:54.697254 #3852] ERROR -- : Failed to list puppet environments: Cannot find puppet_ssl_ca file /var/lib/puppet/ssl/certs/ca.pem
The ca.pem file exists on my system.
Updated by Sebastian Wehnl about 10 years ago
lease find also my auth.conf attached.
Updated by Dominic Cleal about 10 years ago
Check permissions on the file, and its parent directories. Also check that foreman-proxy is in the 'puppet' group (restart foreman-proxy after changing).
Updated by Sebastian Wehnl about 10 years ago
Thanks :-)
Import from Environment works again :-)
Updated by Dominic Cleal about 10 years ago
- Status changed from New to Resolved
I'm glad to hear it!