Support #8296
closedsmart_proxy not starting -foreman
Added by Biswajit Banerjee about 10 years ago. Updated over 7 years ago.
Description
Foreman installation(1.6.1) went smooth but found out later smart_proxy is stopped. Getting below error while starting it and also if I try to
add classes from my puppetmaster to foreman.Any pointer will be helpfull as new to foreman.
/etc/init.d/foreman-proxy start
Starting Foreman Proxy on 4567 using WEBrick
/usr/share/foreman-proxy/bin/../lib/sinatra-patch.rb:22:in `run!': private method `gsub' called for false:FalseClass (NoMethodError)
from /usr/share/foreman-proxy/bin/smart-proxy:44
Error while importing classes from puppet master
Warning!
ERF12-2749 [ProxyAPI::ProxyException]: Unable to get environments from Puppet ([Errno::ECONNREFUSED]: Connection refused - connect(2)) for proxy https://omething.localdomain:8443/puppet
_
Please note :Disable firewall for testing but no luck!
Updated by Dominic Cleal about 10 years ago
- Project changed from Foreman to Smart Proxy
- Status changed from New to Feedback
Can you pastebin your /etc/foreman-proxy/settings.yml and settings.d/*.yml files? Sounds like there's some configuration that's breaking it.
Updated by Biswajit Banerjee about 10 years ago
Please find below...
# cat settings.yml --- ### File managed with puppet ### ## Module: 'foreman_proxy' :settings_directory: /etc/foreman-proxy/settings.d # SSL Setup # if enabled, all communication would be verfied via SSL # NOTE that both certificates need to be signed by the same CA in order for this to work # see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information :ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem :ssl_certificate: /var/lib/puppet/ssl/certs/cfadmin.localdomain.pem :ssl_private_key: /var/lib/puppet/ssl/private_keys/cfadmin.localdomain.pem # the hosts which the proxy accepts connections from # commenting the following lines would mean every verified SSL connection allowed :trusted_hosts: - cfadmin.localdomain # by default smart_proxy runs in the foreground. To enable running as a daemon, uncomment 'daemon' setting :daemon: true # Only used when 'daemon' is set to true. # Uncomment and modify if you want to change the default pid file '/var/run/foreman-proxy/foreman-proxy.pid' #:daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid # HTTP ports configuration # http is disabled by default. To enable, uncomment 'http_port' setting # https is enabled if certificate, CA certificate, and private key are present in locations specifed by # ssl_certificate, ssl_ca_file, and ssl_private_key correspondingly # default values for https_port is 8443 #:http_port: 8000 :https_port: 8443 # shared options for virsh DNS/DHCP provider :virsh_network: default # Where our proxy log files are stored # filename or STDOUT :log_file: /var/log/foreman-proxy/proxy.log # valid options are # WARN, DEBUG, Error, Fatal, INFO, UNKNOWN #:log_level: DEBUG
________________________
:/etc/foreman-proxy/settings.d# pwd /etc/foreman-proxy/settings.d root@cfadmin:/etc/foreman-proxy/settings.d# ls bmc.yml dhcp.yml puppetca.yml realm.yml chef.yml dns.yml puppet.yml tftp.yml # cat puppet.yml --- # Puppet management :enabled: true :puppet_conf: /etc/puppet/puppet.conf # valid providers: # puppetrun (for puppetrun/kick, deprecated in Puppet 3) # mcollective (uses mco puppet) # puppetssh (run puppet over ssh) # salt (uses salt puppet.run) # customrun (calls a custom command with args) #:puppet_provider: puppetrun # customrun command details # Set :customrun_cmd to the full path of the script you want to run, instead of /bin/false :customrun_cmd: /bin/false # Set :customrun_args to any args you want to pass to your custom script. The hostname of the # system to run against will be appended after the custom commands. :customrun_args: -ay -f -s # whether to use sudo before the ssh command :puppetssh_sudo: false # the command which will be sent to the host :puppetssh_command: /usr/bin/puppet agent --onetime --no-usecacheonfailure # With which user should the proxy connect #:puppetssh_user: root #:puppetssh_keyfile: /etc/foreman-proxy/id_rsa # Which user to invoke sudo as to run puppet commands #:puppet_user: root # URL of the puppet master itself for API requests :puppet_url: https://cfadmin.localdomain:8140 # SSL certificates used to access the puppet master API :puppet_ssl_ca: /var/lib/puppet/ssl/certs/ca.pem :puppet_ssl_cert: /var/lib/puppet/ssl/certs/cfadmin.localdomain.pem :puppet_ssl_key: /var/lib/puppet/ssl/private_keys/cfadmin.localdomain.pem # Override use of Puppet's API to list environments, by default it will use only if # environmentpath is given in puppet.conf, else will look for environments in puppet.conf #:puppet_use_environment_api: true
cat puppetca.yml --- # PuppetCA management :enabled: true :ssldir: /var/lib/puppet/ssl :puppetdir: /etc/puppet # cat dns.yml --- # DNS management :enabled: false # valid providers: # dnscmd (Microsoft Windows native implementation) # nsupdate # nsupdate_gss (for GSS-TSIG support) # virsh (simple implementation for libvirt) :dns_provider: nsupdate :dns_key: /etc/bind/rndc.key # use this setting if you are managing a dns server which is not localhost though this proxy :dns_server: 127.0.0.1 # use this setting if you want to override default TTL setting (86400) :dns_ttl: 86400 # use dns_tsig_* for GSS-TSIG updates using Kerberos. Required for Windows MS DNS with # Secure Dynamic Updates, or BIND as used in FreeIPA. Set dns_provider to nsupdate_gss. #:dns_tsig_keytab: /usr/share/foreman-proxy/dns.keytab #:dns_tsig_principal: DNS/host.example.com@EXAMPLE.COM
__________
Updated by Dominic Cleal about 10 years ago
Could you double check which version of foreman-proxy is installed? I think you have a 1.5.x version of the package, but the config files are set up for version 1.6.x. Use dpkg -l/rpm -q to check, and upgrade it to 1.6 if possible.
Updated by Biswajit Banerjee about 10 years ago
I am not getting the error while start the foreman-proxy but the issue to import classes from my localdomain still failing.
__________
Warning!
ERF12-2749 [ProxyAPI::ProxyException]: Unable to get environments from Puppet ([Errno::ECONNREFUSED]: Connection refused - connect(2)) for proxy https://cfadmin.localdomain:8443/puppet
______________________________
updated settings.yml _____________________ --- #replace default location of "settings.d" :settings_directory: /etc/foreman-proxy/settings.d # SSL Setup # If enabled, all communication would be verified via SSL # NOTE that both certificates need to be signed by the same CA in order for this to work #see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information :ssl_certificate: /var/lib/puppet/ssl/certs/cfadmin.localdomain.pem :ssl_ca_file:/var: /lib/puppet/ssl/certs/ca.pem :ssl_private_key: /var/lib/puppet/ssl/private_keys/cfadmin.localdomain.pem # Hosts which the proxy accepts connections from # commenting the following lines would mean every verified SSL connection allowed #:trusted_hosts: #- foreman.prod.domain - cfadmin.localdomain #:foreman_url: http://cfadmin.localdomain:3000 # by default smart_proxy runs in the foreground. To enable running as a daemon, uncomment 'daemon' setting :daemon: true # Only used when 'daemon' is set to true. # Uncomment and modify if you want to change the default pid file '/var/run/foreman-proxy/foreman-proxy.pid' :daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid # HTTP ports configuration # http is disabled by default. To enable, uncomment 'http_port' setting #:http_port: 8000 # https is enabled if certificate, CA certificate, and private key are present in locations specifed by # ssl_certificate, ssl_ca_file, and ssl_private_key correspondingly # default values for https_port is 8443 :https_port: 8443 # Shared options for virsh DNS/DHCP provider :virsh_network: default # Log configuration # Uncomment and modify if you want to change the location of the log file or use STDOUT :log_file: /var/log/foreman-proxy/proxy.log # Uncomment and modify if you want to change the log level # WARN, DEBUG, ERROR, FATAL, INFO, UNKNOWN :log_level: ERROR
Updated by Dominic Cleal about 10 years ago
Can you check /var/log/foreman-proxy/proxy.log to see if anything is logged?
If not, run sudo -u foreman-proxy /usr/share/foreman-proxy/bin/smart-proxy directly and see if it prints an error.
Updated by Biswajit Banerjee about 10 years ago
I am not getting the error while start the foreman-proxy but the issue to import classes from my localdomain still failing.
__
Warning!
ERF12-2749 [ProxyAPI::ProxyException]: Unable to get environments from Puppet ([Errno::ECONNREFUSED]: Connection refused - connect(2)) for proxy https://cfadmin.localdomain:8443/puppet
______________________
updated settings.yml
_____________
--- #replace default location of "settings.d" :settings_directory: /etc/foreman-proxy/settings.d # SSL Setup # If enabled, all communication would be verified via SSL # NOTE that both certificates need to be signed by the same CA in order for this to work #see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information :ssl_certificate: /var/lib/puppet/ssl/certs/cfadmin.localdomain.pem :ssl_ca_file:/var: /lib/puppet/ssl/certs/ca.pem :ssl_private_key: /var/lib/puppet/ssl/private_keys/cfadmin.localdomain.pem # Hosts which the proxy accepts connections from # commenting the following lines would mean every verified SSL connection allowed #:trusted_hosts: #- foreman.prod.domain - cfadmin.localdomain #:foreman_url: http://cfadmin.localdomain:3000 # by default smart_proxy runs in the foreground. To enable running as a daemon, uncomment 'daemon' setting :daemon: true # Only used when 'daemon' is set to true. # Uncomment and modify if you want to change the default pid file '/var/run/foreman-proxy/foreman-proxy.pid' :daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid # HTTP ports configuration # http is disabled by default. To enable, uncomment 'http_port' setting #:http_port: 8000 # https is enabled if certificate, CA certificate, and private key are present in locations specifed by # ssl_certificate, ssl_ca_file, and ssl_private_key correspondingly # default values for https_port is 8443 :https_port: 8443 # Shared options for virsh DNS/DHCP provider :virsh_network: default # Log configuration # Uncomment and modify if you want to change the location of the log file or use STDOUT :log_file: /var/log/foreman-proxy/proxy.log # Uncomment and modify if you want to change the log level # WARN, DEBUG, ERROR, FATAL, INFO, UNKNOWN :log_level: ERROR root@cfadmin:/etc/foreman-proxy# sudo -u foreman-proxy /usr/share/foreman-proxy/bin/smart-proxy root@cfadmin:/etc/foreman-proxy#
<<It did not return anything>> , so configuration is OK ?
Adding to that I am not seeing any foreman-proxy process, perhaps not started at all but not throwing any error while starting.
root@cfadmin:~# ps -eaf | grep foreman-proxy | grep -v grep
root@cfadmin:~#
Updated by Dominic Cleal about 10 years ago
Yeah, the problem is that the process isn't starting which causes the error in Foreman. Now the proxy is the right version I think the settings are broadly correct.
Please try setting :daemon to false in the settings.yml, and then run the sudo smart-proxy command again. It may show us the error message then. Be sure to change daemon back to true once we're finished.
Updated by Biswajit Banerjee about 10 years ago
root@cfadmin:/etc/foreman-proxy# /etc/init.d/foreman-proxy start
foreman-proxy: :daemon is false in /etc/foreman-proxy/settings.yml; not starting service
root@cfadmin:/etc/foreman-proxy# sudo -u foreman-proxy /usr/share/foreman-proxy/bin/smart-proxy
(did not print any again)
again that error repeated.
E, [2014-11-06T15:50:50.223561 #10726] ERROR -- : Both http and https are disabled, unable to start.