Bug #11281
Updated by Dominic Cleal over 9 years ago
I had an issue with the smart proxy on a puppetca server. I had to strace the proxy in the end to find out that it was due to sudo requiring a tty. Unfortunately, even with the foreman-proxy running with DEBUG logging, it did not report the actual error. <pre> D, [2015-08-03T16:31:35.067366 #47518] DEBUG -- : verifying remote client 192.168.1.1 against trusted_hosts ["foreman.local"] D, [2015-08-03T16:31:35.076693 #47518] DEBUG -- : Found puppetca at /usr/bin/puppet D, [2015-08-03T16:31:35.077481 #47518] DEBUG -- : Found sudo at /usr/bin/sudo D, [2015-08-03T16:31:35.077948 #47518] DEBUG -- : Executing /usr/bin/sudo -S /usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --list --all W, [2015-08-03T16:31:35.129065 #47518] WARN -- : Failed to run puppetca: E, [2015-08-03T16:31:35.129611 #47518] ERROR -- : Failed to list certificates: Execution of puppetca failed, check log files </pre> The gem found from strace: [pid 47530] write(2, "sorry, you must have a tty to run sudo", 38) = 38 The fix: in /etc/sudoers or /etc/sudoers.d/foreman: foreman-proxy ALL = NOPASSWD: /usr/bin/puppet cert * Defaults:foreman-proxy !requiretty In my view, the proxy should log the output "sorry, you must have a tty to run sudo" to prevent users from having to delve into strace.