FOUND IT!
It was a comedy of errors. The perms on the node.rb script were wrong (not
sure how they got that way, but...) and not only that there was some
residual configuration issues from an experiment I did two weeks ago that
was pointing to the hostname pocforman.<domain> instead of the FQDN of the
Foreman host which caused a mismatch on the cert names.
Once I got those two things corrected (found out through running the remote
server in debug mode) it all started to work correctly.
on to the next thing... I'm working towards a demo of the
infrastructure second week in March. Will be the "go/no go" for putting
this in production.
On Tue Feb 24 2015 at 10:41:57 AM David Schmitt <da...@dasz.at> wrote:
> On 2015-02-24 16:09, Peter Berghold wrote:
> > What it looks like to me is going on is the YML file for the host ends
> > up on the Remote Master (which I can verify by looking for it) and the
> > node.rb is running on the Grand Master. Since the YML files isn't on the
> > Grand Master the lookup (of course) fails. So the real question is can
> > we make the YML file go to the Grand Master.
> >
> > To that end I played with a couple of settings
> >
> > Here is a partial dump of what I have in the puppet.conf file for the
> > Remote Master:
> >
> > [master]
> > storeconfigs = true
> > storeconfigs_backend = puppetdb
> > inventory_server =<Grand Master FQDN>
> > autosign = $confdir/autosign.conf { mode = 664 }
> > reports = foreman
> > external_nodes = /etc/puppet/node.rb
> > node_terminus = exec
> >
> > I found a reference to an inventory server in the Puppet docs but that
> > seems to have had no effect on the problem. What I'm wondering about is
> > the "external_node" and "node_terminus" settings. Are those correct for
> > what I'm trying to do or should that be something else?
>
> Those are correct and will cause this process to locally (on the master)
> execute the node.rb to receive ENC information.
>
> Please re-test whether running node.rb on the master having the right
> YML file still fails.
>
>
> Regards, David
>
>
> > On Tue Feb 24 2015 at 9:04:45 AM David Schmitt <da...@dasz.at
> > <mailto:da...@dasz.at>> wrote:
> >
> > Hi Peter,
> >
> > you might be running into
> > http://projects.theforeman.__org/issues/5925
> > <http://projects.theforeman.org/issues/5925> .
> >
> > I'm wondering whether subsequent runs work.
> >
> > Also, the node.rb will run on the remote client's puppet master, so,
> > probably your "Remote Master". Since the default node.rb from foreman
> > requires this yaml file, it'll not work on your "Grand Master" unless
> > the agent has tried to contact that one too.
> >
> >
> > Regards, David
> >
> > On 2015-02-24 14:45, Peter Berghold wrote:
> > > Using crude ascii art, here is what I have set up so far in my
> lab..
> > >
> > > [Foreman/Puppet Grand Master] <--
> > foreman-proxy here
> > > ^
> > > |
> > > V
> > > [Puppet Remote Master] <-- foreman-proxy
> > > running here.
> > > ^
> > > |
> > > V
> > > [Simulated Remote Client]
> > >
> > > The Foreman/Puppet Grand Master seem to be working swimmingly so
> far.
> > > The Remote Master is getting its directions from the Grand
> > Master. So
> > > far so good.
> > >
> > > Add the client and things start getting sideways. When I run the
> > Puppet
> > > agent on the remote client I get an error such that:
> > >
> > > Error: Could not retrieve catalog from remote server: Error 400 on
> > > SERVER: Failed when searching for node FQDN: Failed to find FQDN
> via
> > > exec: Execution of '/etc/puppet/node.rb FQDN' returned 1:
> > > Warning: Not using cache on failed catalog
> > > Error: Could not retrieve catalog; skipping run
> > >
> > > I went over to the Grand Master and ran the /etc/puppet/node.rb
> > from the
> > > command line and it complains that it cannot find the yaml file
> > in its
> > > proper place. OK so I went over to the remote master and sure
> > enough it
> > > was there.
> > >
> > > Needless to say Foreman has no idea the host is there.
> > >
> > > What's the right electric acid Kool Aid foo to make this work
> > > correctly? It would seem the YAML file needs to be on the Grand
> > Master
> > > and not the remote master... or does it? Is there a way the
> > > foreman-proxy can help here?
> >
> >
> >
> > >
> > > --
> > >
> > > Peter L. Berghold salty.cowd...@gmail.com
> > <mailto:salty.cowd...@gmail.com> <mailto:Salty.Cowdawg@gmail.__com
> > <mailto:salty.cowd...@gmail.com>>
> > >
> > > h <http://blog.berghold.net>ttp:__//science-fiction.berghold.net
> > <http://science-fiction.berghold.net>
> > > <http://science-fiction.__berghold.net
> > <http://science-fiction.berghold.net>>
> > >
> > > --
> > > You received this message because you are subscribed to the Google
> > > Groups "Puppet Users" group.
> > > To unsubscribe from this group and stop receiving emails from it,
> > send
> > > an email to puppet-users+unsubscribe@__googlegroups.com
> > <mailto:puppet-users%2bunsubscr...@googlegroups.com>
> > > <mailto:puppet-users+__unsubscr...@googlegroups.com
> > <mailto:puppet-users%2bunsubscr...@googlegroups.com>>.
> > > To view this discussion on the web visit
> > >
> > https://groups.google.com/d/__msgid/puppet-users/__
> CAArvnv2Hnia87teGgq8Wt%__3DpzSJOvUTgesHH1F7mkvFy1WTsGFA__%40mail.gmail.com
> > <https://groups.google.com/d/msgid/puppet-users/
> CAArvnv2Hnia87teGgq8Wt%3DpzSJOvUTgesHH1F7mkvFy1WTsGFA%40mail.gmail.com>
> > >
> > <https://groups.google.com/d/__msgid/puppet-users/__
> CAArvnv2Hnia87teGgq8Wt%__3DpzSJOvUTgesHH1F7mkvFy1WTsGFA
> __%40mail.gmail.com?utm_medium=__email&utm_source=footer
> > <https://groups.google.com/d/msgid/puppet-users/
> CAArvnv2Hnia87teGgq8Wt%3DpzSJOvUTgesHH1F7mkvFy1WTsGFA
> %40mail.gmail.com?utm_medium=email&utm_source=footer>>.
> > > For more options, visit https://groups.google.com/d/__optout
> > <https://groups.google.com/d/optout>.
> >
> >
> > --
> > * Always looking for people I can help with awesome projects *
> > Twitter: @dev_el_ops G+: https://plus.google.com/+__DavidSchmitt
> > <https://plus.google.com/+DavidSchmitt>
> > Blog: http://club.black.co.at/log/
> > LinkedIn: http://at.linkedin.com/in/__davidschmitt
> > <http://at.linkedin.com/in/davidschmitt>
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it,
> > send an email to puppet-users+unsubscribe@__googlegroups.com
> > <mailto:puppet-users%2bunsubscr...@googlegroups.com>.
> > To view this discussion on the web visit
> > https://groups.google.com/d/__msgid/puppet-users/54EC84DD.__
> 8090400%40dasz.at
> > <https://groups.google.com/d/msgid/puppet-users/54EC84DD.
> 8090400%40dasz.at>.
> > For more options, visit https://groups.google.com/d/__optout
> > <https://groups.google.com/d/optout>.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> > an email to puppet-users+unsubscr...@googlegroups.com
> > <mailto:puppet-users+unsubscr...@googlegroups.com>.
> > To view this discussion on the web visit
> > https://groups.google.com/d/msgid/puppet-users/CAArvnv0pgT7XvZQktxxVMb-
> SMNP53AA4eQQ0bz5_DPkmL6GU7Q%40mail.gmail.com
> > <https://groups.google.com/d/msgid/puppet-users/CAArvnv0pgT7XvZQktxxVMb-
> SMNP53AA4eQQ0bz5_DPkmL6GU7Q%40mail.gmail.com?utm_medium=
> email&utm_source=footer>.
> > For more options, visit https://groups.google.com/d/optout.
>
>
> --
> * Always looking for people I can help with awesome projects *
> Twitter: @dev_el_ops G+: https://plus.google.com/+DavidSchmitt
> Blog: http://club.black.co.at/log/
> LinkedIn: http://at.linkedin.com/in/davidschmitt
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/54EC9BAE.9060205%40dasz.at.
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAArvnv3%2BrLZSgy%2BL214goCNHOcfE5G%2BPM%2BsEyDmXvf%3D4ZAvdYQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
