I have installed foreman (v1.9.0) on a RHEL 7.1 VM as per the official documentation.
My current environment consists of:
Foreman is configured as the ENC which will service 9 environments (inc production). A smart proxy has been configured in foreman for the foreman/puppetmaster.
There were no issues on the agents in generating the CSR and getting it signed by the puppet master.
When I run the puppet agent on a remote machine with the command
puppet agent --no-daemonize --server <FQDN> --trace
I get the following errors
Warning: Unable to fetch my node definition, but the agent will continue:
Warning: Error 400 on SERVER: Failed to find < agent FQDN> via exec: Execution of '/etc/puppet/node.rb < agent FQDN>' returned 1:
Running the referenced command on the puppet master
sudo -u puppet /etc/puppet/node.rb <agent FQDN>
Returns the error:
Error retrieving node < agent FQDN> Net::HTTPNotFound
Check Foreman's /var/log/foreman/production.log for more information.
Researching this error on the web "Foreman with puppet node.rb error 404 Not Found" provides the standard response of the puppet master is not aware (DNS, /etc/hosts) of the agent. In my case this is not the issue as running the same node.rb command against the puppetmaster returns the same error. A simple ping test confirms that DNS is correctly setup.
There are no logs generated in /var/log/foreman/production.log (inc debug) when this fails, although there is a http 404 error generated in /var/log/httpd/foreman-ssl_access_ssl.log
< IP> - - [30/Sep/2015:15:13:29 +1000] GET /node/< agent FQDN>?format=yml HTTP/1.1" 404 48 "-" "Ruby"
node.rb references foreman.yaml which is correct in relation to the listed entries I can confirm like:
It is also the default file generated by the install process with no changes.
The agents are in foreman, but to achieve that once I configured puppet.conf and generated/signed the agent certs I ran the command
puppet agent -t <puppet master FQDN>
the agents were not imported into foreman until I manually ran the command
foreman-rake puppet:import:hosts_and_facts
calling one of the hosts in foreman and then clicking on 'YAML' shows correct information for each agent.
I have even pulled the information out of the certificates using openssl to confirm that they are correct.
UPDATE:
I have run the command
curl -k https://< Puppet Master FQDN>/foreman
This returns the output
<html><body>You are being <a href="https://< Puppet Master FQDN>/foreman/users/login">redirected</a>.</body></html>
This generates the log entry in ~/foreman/production.log
2015-10-01 10:04:57 [app] [I] | | Starged GET "/foreman/" for < PUPPET MASTER IP> at 2015-10-01 10:04:57 +1000 2015-10-01 10:04:57 [app] [I] Processing by DashboardController#index as / 2015-10-01 10:04:57 [app] [I]Redirected to https://< PUPPET MASTER>/foreman/users/login 2015-10-01 10:04:57 [app] [I] Filter chain halted as :require_login rendered or redirected 2015-10-01 10:04:57 [app] [I]Completed 302 Found in 7ms (Active Record: 0.6ms)
While in ~/httpd/foreman-ssl_access_ssl.log I get this
< PUPPET MASTER IP> - - [01/Oct/2015:10:05:26 +1000] "GET /foreman/ HTTP/1.1" 302 129 "-" "curl/7.29.0"
Other relevant log entries in the same log would be
< PUPPET MASTER IP> - - [01/Oct/2015:09:53:28 +1000] "POST /api/hosts/facts /HTTP/1.1" 404 27 "-" "Ruby"
< PUPPET MASTER IP> - - [01/Oct/2015:09:53:28 +1000] "GET /node/< PUPPET MASTER>?format=yml HTTP/1.1" 404 52 "-" "Ruby"
So the question to ask is what can I do to the Puppet/Foreman HTTP config to resolve the 404 errors
It looks like the ENC script is requesting paths at the root of the web server (/api) while Foreman itself is hosted at a sub-URI (/foreman/). It should be hitting /foreman/api/hosts/facts, /foreman/node/ etc, which is why Apache's returning a 404, but Foreman isn't seeing and logging the request.
You can change the URL that node.rb uses in /etc/puppet/foreman.yaml, via the :url: setting. Add the /foreman suffix here.
Alternatively if you used the Foreman installer then you could re-run it with --puppet-server-foreman-url=https://example.com/foreman which should do the same thing.