Project

General

Profile

Bug #11201

Updated by Dominic Cleal over 9 years ago

I've run foreman-debug and uploaded the file: /tmp/foreman-debug-fBc8y.tar.xz 

       OS: debian 
   RELEASE: 7.8 
   FOREMAN: 1.8.2 
      RUBY: ruby 1.9.3p194 (2012-04-20 revision 35410) [x86_64-linux] 
    PUPPET: 3.8.1 


 I have the following problem with permissions: 
 A user may view all facts of a host in the webinterface he is also able to get the information for the host via a curl call. 

 <pre> 
 curl -k -u USER -H "Accept: version=2,application/json" https://foreman.rack.zone/api/hosts/798 
 </pre> 


 But when the user runs 
 hammer host info --name <servername> 
 he recieves 'Forbidden - server refused to process the request' 




 Here is the output of the hammer call with -d 

 I've deleted some details. 
 Its also strange the clients actually has the information but returns a forbidden. 

 THANKS! 


 <pre> 
 



 hammer -d -u USER -s foreman --name vs125 
 [ INFO 2015-07-23 17:46:12 Init] Initialization of Hammer CLI (0.2.0) has started... 
 [DEBUG 2015-07-23 17:46:12 Init] Running at ruby 2.1.5-p273 
 [ INFO 2015-07-23 17:46:12 Init] Configuration from the file /etc/hammer/cli_config.yml has been loaded 
 [ INFO 2015-07-23 17:46:12 Init] Configuration from the file /etc/hammer/cli.modules.d/foreman.yml has been loaded 
 [ INFO 2015-07-23 17:46:12 Init] Configuration from the file /home/aoehler/.hammer/cli.modules.d/foreman.yml has been loaded 
 [ WARN 2015-07-23 17:46:13 Modules] Veraltete Konfiguration von Modulen entdeckt. Prüfen Sie den Abschnitt zum Thema Konfiguration im Benutzerhandbuch 
 [DEBUG 2015-07-23 17:46:13 Connection] Registered: foreman 
 [DEBUG 2015-07-23 17:46:13 API] Global headers: { 
         :content_type => "application/json", 
               :accept => "application/json;version=2", 
     "Accept-Language" => "de" 
 } 
 [ INFO 2015-07-23 17:46:13 Modules] Extension module hammer_cli_foreman (0.2.0) loaded 
 [ INFO 2015-07-23 17:46:13 Modules] Extension module hammer_cli_foreman (0.2.0) loaded 
 [DEBUG 2015-07-23 17:46:13 Init] Using locale 'de' 
 [DEBUG 2015-07-23 17:46:13 Init] 'mo' files for locale domain 'hammer-cli' loaded from '/usr/share/locale' 
 [DEBUG 2015-07-23 17:46:13 Init] 'mo' files for locale domain 'hammer-cli-foreman' loaded from '/usr/share/locale' 
 [ INFO 2015-07-23 17:46:13 HammerCLI::MainCommand] Called with options: {"option_debug"=>true, "option_username"=>"USER", "option_server"=>"foreman"} 
 [ INFO 2015-07-23 17:46:13 HammerCLIForeman::Host] Called with options: {} 
 [ INFO 2015-07-23 17:46:13 HammerCLIForeman::Host::InfoCommand] Called with options: {"option_name"=>"vs125"} 
 [ INFO 2015-07-23 17:46:13 API] GET /api/hosts 
 [DEBUG 2015-07-23 17:46:13 API] Params: { 
     :search => "name = \"vs125\"" 
 } 
 [DEBUG 2015-07-23 17:46:13 API] Headers: { 
     :params => { 
         :search => "name = \"vs125\"" 
     } 
 } 
 [Foreman]-Passwort für user:  
 [DEBUG 2015-07-23 17:46:20 API] Response: { 
        "total" => 31, 
     "subtotal" => 1, 
         "page" => 1, 
     "per_page" => 20, 
       "search" => "name = \"vs125\"", 
         "sort" => { 
            "by" => nil, 
         "order" => nil 
     }, 
      "results" => [ 
         [0] { 
                                "ip" => "10.1.160.60", 
                    "environment_id" => 2, 
                  "environment_name" => "development", 
                       "last_report" => nil, 
                               "mac" => "52:54:00:d2:6d:21", 
                          "realm_id" => nil, 
                        "realm_name" => nil, 
                            "sp_mac" => nil, 
                             "sp_ip" => nil, 
                           "sp_name" => nil, 
                         "domain_id" => 9, 
                       "domain_name" => "unstable", 
                   "architecture_id" => 1, 
                 "architecture_name" => "x86_64", 
                "operatingsystem_id" => 5, 
              "operatingsystem_name" => "Debian Wheezy (INSTALL!)", 
                         "subnet_id" => 10, 
                       "subnet_name" => "Subnet", 
                      "sp_subnet_id" => nil, 
                         "ptable_id" => 9, 
                       "ptable_name" => "Preseed custom LVM all_root", 
                         "medium_id" => 7, 
                       "medium_name" => "BY Debian Mirror", 
                             "build" => false, 
                           "comment" => "", 
                              "disk" => "", 
                      "installed_at" => "2015-07-23T09:01:29Z", 
                          "model_id" => nil, 
                        "model_name" => nil, 
                      "hostgroup_id" => 16, 
                    "hostgroup_name" => "Team Product", 
                          "owner_id" => 5, 
                        "owner_type" => "Usergroup", 
                           "enabled" => true, 
                "puppet_ca_proxy_id" => nil, 
                           "managed" => true, 
                         "use_image" => nil, 
                        "image_file" => "", 
                              "uuid" => "5d0cdc37-ec9b-e4c3-0c16-f0b6aa2aa1ec", 
               "compute_resource_id" => 51, 
             "compute_resource_name" => "cr-3-73", 
                "compute_profile_id" => 2, 
              "compute_profile_name" => "S", 
                      "capabilities" => [ 
                 [0] "build", 
                 [1] "image" 
             ], 
                  "provision_method" => "build", 
                   "puppet_proxy_id" => nil, 
                          "certname" => "vs125", 
                          "image_id" => nil, 
                        "image_name" => nil, 
                        "created_at" => "2015-07-23T08:48:46Z", 
                        "updated_at" => "2015-07-23T14:50:21Z", 
                      "last_compile" => nil, 
                   "last_freshcheck" => nil, 
                            "serial" => nil, 
                    "source_file_id" => nil, 
                     "puppet_status" => 0, 
                   "organization_id" => 25, 
                 "organization_name" => "Developer", 
                       "location_id" => 18, 
                     "location_name" => "UNSTABLE", 
                              "name" => "vs125", 
                                "id" => 22125 
         } 
     ] 
 } 
 [DEBUG 2015-07-23 17:46:20 API] Response headers: { 
                    :date => "Thu, 23 Jul 2015 15:46:17 GMT", 
                  :server => "Apache/2.2.22 (Debian)", 
            :x_powered_by => "Phusion Passenger (mod_rails/mod_rack) 3.0.13", 
         :foreman_version => "1.8.2", 
     :foreman_api_version => "2", 
         :apipie_checksum => "e3bfd0c4952c158d0555df77379f5010", 
         :x_ua_compatible => "IE=Edge,chrome=1", 
                    :etag => "\"b71e23a8376524b48769d23b545e3c93\"", 
           :cache_control => "must-revalidate, private, max-age=0", 
            :x_request_id => "d845316b408235c1b2e8739f3f30f11a", 
               :x_runtime => "3.169905", 
            :x_rack_cache => "miss", 
              :set_cookie => [ 
         [0] "request_method=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT" 
     ], 
                  :status => "200", 
          :content_length => "1741", 
              :connection => "close", 
            :content_type => "application/json; charset=utf-8" 
 } 
 [ INFO 2015-07-23 17:46:20 API] GET /api/hosts/22125 
 [DEBUG 2015-07-23 17:46:20 API] Params: {} 
 [DEBUG 2015-07-23 17:46:20 API] Headers: { 
     :params => {} 
 } 
 [DEBUG 2015-07-23 17:46:23 API] Response: { 
                        "ip" => "10.1.160.60", 
            "environment_id" => 2, 
          "environment_name" => "development", 
               "last_report" => nil, 
                       "mac" => "52:54:00:d2:6d:21", 
                  "realm_id" => nil, 
                "realm_name" => nil, 
                    "sp_mac" => nil, 
                     "sp_ip" => nil, 
                   "sp_name" => nil, 
                 "domain_id" => 9, 
               "domain_name" => "unstable", 
           "architecture_id" => 1, 
         "architecture_name" => "x86_64", 
        "operatingsystem_id" => 5, 
      "operatingsystem_name" => "Debian Wheezy (INSTALL!)", 
                 "subnet_id" => 10, 
               "subnet_name" => "DC", 
              "sp_subnet_id" => nil, 
                 "ptable_id" => 9, 
               "ptable_name" => "Preseed custom LVM all_root", 
                 "medium_id" => 7, 
               "medium_name" => "BY Debian Mirror", 
                     "build" => false, 
                   "comment" => "", 
                      "disk" => "", 
              "installed_at" => "2015-07-23T09:01:29Z", 
                  "model_id" => nil, 
                "model_name" => nil, 
              "hostgroup_id" => 16, 
            "hostgroup_name" => "Product", 
                  "owner_id" => 5, 
                "owner_type" => "Usergroup", 
                   "enabled" => true, 
        "puppet_ca_proxy_id" => nil, 
                   "managed" => true, 
                 "use_image" => nil, 
                "image_file" => "", 
                      "uuid" => "5d0cdc37-ec9b-e4c3-0c16-f0b6aa2aa1ec", 
       "compute_resource_id" => 51, 
     "compute_resource_name" => "unstable73", 
        "compute_profile_id" => 2, 
      "compute_profile_name" => "S", 
              "capabilities" => [ 
         [0] "build", 
         [1] "image" 
     ], 
          "provision_method" => "build", 
           "puppet_proxy_id" => nil, 
                  "certname" => "vs125", 
                  "image_id" => nil, 
                "image_name" => nil, 
                "created_at" => "2015-07-23T08:48:46Z", 
                "updated_at" => "2015-07-23T14:50:21Z", 
              "last_compile" => nil, 
           "last_freshcheck" => nil, 
                    "serial" => nil, 
            "source_file_id" => nil, 
             "puppet_status" => 0, 
           "organization_id" => 25, 
         "organization_name" => "Developer", 
               "location_id" => 18, 
             "location_name" => "ALL/DC/IPC3/UNSTABLE", 
                      "name" => "vs125", 
                        "id" => 22125, 
                "parameters" => [], 
                "interfaces" => [ 
         [0] { 
                     "id" => 43685, 
                   "name" => "vs125", 
                     "ip" => "10.1.160.60", 
                    "mac" => "52:54:00:d2:6d:21", 
             "identifier" => "", 
                "primary" => true, 
              "provision" => true, 
                   "type" => "interface" 
         }, 
         [1] { 
                     "id" => 43686, 
                   "name" => "", 
                     "ip" => nil, 
                    "mac" => "52:54:00:85:36:82", 
             "identifier" => "", 
                "primary" => false, 
              "provision" => false, 
                   "type" => "interface" 
         } 
     ], 
             "puppetclasses" => [], 
             "config_groups" => [], 
         "all_puppetclasses" => [] 
 } 
 [DEBUG 2015-07-23 17:46:23 API] Response headers: { 
                    :date => "Thu, 23 Jul 2015 15:46:20 GMT", 
                  :server => "Apache/2.2.22 (Debian)", 
            :x_powered_by => "Phusion Passenger (mod_rails/mod_rack) 3.0.13", 
         :foreman_version => "1.8.2", 
     :foreman_api_version => "2", 
         :apipie_checksum => "e3bfd0c4952c158d0555df77379f5010", 
         :x_ua_compatible => "IE=Edge,chrome=1", 
                    :etag => "\"1fd03aa7ae5d66544cf80820d3275b69\"", 
           :cache_control => "must-revalidate, private, max-age=0", 
            :x_request_id => "f175345ed869d89e4afac0862a11c787", 
               :x_runtime => "2.788702", 
            :x_rack_cache => "miss", 
              :set_cookie => [ 
         [0] "request_method=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT" 
     ], 
                  :status => "200", 
          :content_length => "1935", 
              :connection => "close", 
            :content_type => "application/json; charset=utf-8" 
 } 
 [ INFO 2015-07-23 17:46:23 API] GET /api/hosts/22125/parameters 
 [DEBUG 2015-07-23 17:46:23 API] Params: {} 
 [DEBUG 2015-07-23 17:46:23 API] Headers: { 
     :params => {} 
 } 
 [DEBUG 2015-07-23 17:46:25 API] 403 Forbidden 
 { 
     "error" => { 
         "message" => "Zugang verweigert", 
         "details" => nil 
     } 
 } 
 [ERROR 2015-07-23 17:46:25 Exception] Abgelehnt - Server verweigert die Verarbeitung der Anfrage 
 Abgelehnt - Server verweigert die Verarbeitung der Anfrage 
 [ERROR 2015-07-23 17:46:25 Exception]  

 RestClient::Forbidden (403 Forbidden): 
     /usr/lib/ruby/vendor_ruby/restclient/abstract_response.rb:74:in `return!' 
     /usr/lib/ruby/vendor_ruby/restclient/request.rb:230:in `process_result' 
     /usr/lib/ruby/vendor_ruby/restclient/request.rb:178:in `block in transmit' 
     /usr/lib/ruby/2.1.0/net/http.rb:853:in `start' 
     /usr/lib/ruby/vendor_ruby/restclient/request.rb:172:in `transmit' 
     /usr/lib/ruby/vendor_ruby/restclient/request.rb:64:in `execute' 
     /usr/lib/ruby/vendor_ruby/restclient/request.rb:33:in `execute' 
     /usr/lib/ruby/vendor_ruby/restclient/resource.rb:51:in `get' 
     /usr/lib/ruby/vendor_ruby/apipie_bindings/api.rb:280:in `call_client' 
     /usr/lib/ruby/vendor_ruby/apipie_bindings/api.rb:211:in `http_call' 
     /usr/lib/ruby/vendor_ruby/apipie_bindings/api.rb:161:in `call' 
     /usr/lib/ruby/vendor_ruby/apipie_bindings/resource.rb:14:in `call' 
     /usr/lib/ruby/vendor_ruby/hammer_cli_foreman/host.rb:194:in `get_parameters' 
     /usr/lib/ruby/vendor_ruby/hammer_cli_foreman/host.rb:188:in `extend_data' 
     /usr/lib/ruby/vendor_ruby/hammer_cli_foreman/commands.rb:376:in `send_request' 
     /usr/lib/ruby/vendor_ruby/hammer_cli/apipie/command.rb:34:in `execute' 
     /usr/lib/ruby/vendor_ruby/clamp/command.rb:68:in `run' 
     /usr/lib/ruby/vendor_ruby/hammer_cli/abstract.rb:23:in `run' 
     /usr/lib/ruby/vendor_ruby/clamp/subcommand/execution.rb:11:in `execute' 
     /usr/lib/ruby/vendor_ruby/clamp/command.rb:68:in `run' 
     /usr/lib/ruby/vendor_ruby/hammer_cli/abstract.rb:23:in `run' 
     /usr/lib/ruby/vendor_ruby/clamp/subcommand/execution.rb:11:in `execute' 
     /usr/lib/ruby/vendor_ruby/clamp/command.rb:68:in `run' 
     /usr/lib/ruby/vendor_ruby/hammer_cli/abstract.rb:23:in `run' 
     /usr/lib/ruby/vendor_ruby/clamp/command.rb:126:in `run' 
     /usr/bin/hammer:108:in `<main>' 
 </pre> 

Back