Support #11780
closed
Failed to list puppet environments: Failed to query Puppet find environments API (400): The environment must be purely alphanumeric, not 'v2.0'
Description
I am getting the following error:
ERROR -- : Failed to list puppet environments: Failed to query Puppet find environments API (400): The environment must be purely alphanumeric, not 'v2.0'
The reason for the error is described in:
http://projects.theforeman.org/projects/foreman/wiki/ERF12-2749
Resolution Suggested: Ensure you have foreman-proxy 1.5.2 or higher when using Puppet 3.6+ and directory environments ("environmentpath" setting).
Topology of my environment
--- Puppet Master with Foreman on IP1
Puppet 3.7.5, foreman-1.8.2-1.el6.noarch, ruby 1.9.3p551 (2014-11-13 revision 48407) [x86_64-linux]--- Puppet Master with Foreman Proxy on IP2 which connects to IP1
Puppet 3.7.5, foreman-proxy-1.7.5-1.el6.noarch and ruby 1.9.3p551 (2014-11-13 revision 48407) [x86_64-linux]Both puppet masters are configured to have directory environment path the same way. I am able to import classes from IP1 where foreman also resides. But not from IP2 where only foreman-proxy is installed.
I am able to see IP2 registered to IP1.
Trying to import puppet classes from IP2 from foreman sitting on IP1 is throwing the above error.
Command tried from IP1 to list puppet environments of IP2: (This is to replicate the error I am getting in foreman from CLI)
curl -vs \
--key /var/lib/puppet/ssl/private_keys/ip2.dns.com.pem \
--cacert /var/lib/puppet/ssl/certs/ca.pem \
--cert /var/lib/puppet/ssl/certs/ip2-dns.com.pem \
https://ip2-dns.com:8443/puppet/environmentsError reported in ip2 proxy logs:
[root@ip2 httpd]# tail f /var/log/foreman-proxy/proxy.log
E, [2015-09-10T14:52:10.201506 #24275] ERROR - : Failed to list puppet environments: Failed to query Puppet find environments API (400): The environment must be purely alphanumeric, not 'v2.0'
ip1 - - [10/Sep/2015 14:52:10] "GET /environments HTTP/1.1" 406 143 1.8941
E, [2015-09-10T14:53:33.477247 #24275] ERROR -- : Failed to list puppet environments: Failed to query Puppet find environments API (400): The environment must be purely alphanumeric, not 'v2.0'
ip1 - - [10/Sep/2015 14:53:33] "GET /environments HTTP/1.1" 406 143 0.5582
E, [2015-09-10T14:56:59.390056 #24275] ERROR -- : Failed to list puppet environments: Failed to query Puppet find environments API (400): The environment must be purely alphanumeric, not 'v2.0'
ip1 - - [10/Sep/2015 14:56:59] "GET /environments HTTP/1.1" 406 143 0.5364
E, [2015-09-10T14:57:11.816250 #24275] ERROR -- : Failed to list puppet environments: Failed to query Puppet find environments API (400): The environment must be purely alphanumeric, not 'v2.0'
ip1 - - [10/Sep/2015 14:57:11] "GET /environments HTTP/1.1" 406 143 0.5434
E, [2015-09-11T09:18:12.636880 #24275] ERROR -- : Failed to list puppet environments: Failed to query Puppet find environments API (400): The environment must be purely alphanumeric, not 'v2.0'
ip1 - - [11/Sep/2015 09:18:12] "GET /environments HTTP/1.1" 406 143 0.5595Error While Importing classes in foreman:
Warning!
ERF12-2749 [ProxyAPI::ProxyException]: Unable to get environments from Puppet ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy https://devci2-puppet.vzbi.com:8443/puppetIf you feel this is an error with Foreman itself, please open a new issue with Foreman ticketing system, You would probably need to attach the Full trace and relevant log entries.ProxyAPI::ProxyException
ERF12-2749 [ProxyAPI::ProxyException]: Unable to get environments from Puppet ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy https://devci2-puppet.vzbi.com:8443/puppet
lib/proxy_api/puppet.rb:11:in `rescue in environments'
lib/proxy_api/puppet.rb:9:in `environments'
app/services/puppet_class_importer.rb:131:in `actual_environments'
app/services/puppet_class_importer.rb:23:in `changes'
app/controllers/concerns/foreman/controller/environments.rb:11:in `import_environments'
app/controllers/concerns/application_shared.rb:13:in `set_timezone'
app/models/concerns/foreman/thread_session.rb:32:in `clear_thread'
lib/middleware/catch_json_parse_errors.rb:9:in `call'
Updated by Dominic Cleal over 8 years ago
- Status changed from New to Feedback
I think it's most likely that your Puppet master isn't actually running Puppet 3.7.5. Perhaps it's been upgraded and hasn't been restarted (httpd/apache2?) or there are multiple Puppet installations (e.g. package and a gem) and it's loading the wrong one.
Running this should be equivalent to the query that the smart proxy is making to the Puppet master:
curl -vs \
--key /var/lib/puppet/ssl/private_keys/ip2.dns.com.pem \
--cacert /var/lib/puppet/ssl/certs/ca.pem \
--cert /var/lib/puppet/ssl/certs/ip2-dns.com.pem \
https://ip2-dns.com:8140/v2.0/environments
The error from the master is very much indicative of a pre-3.5 version of Puppet.
Updated by ganesan gurumurthy over 8 years ago
Thanks Dominic. That was too quick :) ...
You where spot on. Puppet master has both package and gem. Gem is 3.7.5 which is what I was checking. But the package was 2.7.x. I am getting it corrected. Will keep you posted.
Thanks very much for the support.
Updated by ganesan gurumurthy over 8 years ago
I have installed 3.8.2 puppet package.
Without directory environment, the curl is returning "[production]" in the json response. But once I set directory environment, the json response is blank ([]).
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
environmentpath = /etc/puppet/environments
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
Updated by ganesan gurumurthy over 8 years ago
Seems the puppet.conf pasted earlier has been messed up. Pasting it again.
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
environmentpath = /etc/puppet/environments
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
Updated by Dominic Cleal over 8 years ago
The curl response from the smart proxy, not Puppet, right?
Do you have any classes under /etc/puppet/environments? What's the full path?
Also be sure to restart the master (httpd/apache2) when changing puppet.conf.
Updated by ganesan gurumurthy over 8 years ago
1) Yes the curl response is from smart proxy
2) yes, I have classes under /etc/puppet/environments.
/etc/puppet/environments/production/modules/common/manifests/*.pp
I have other modules aswell. This is just a representation
3) Yes I do service httpd restart every time I change /etc/puppet/puppet.conf
puppet.conf has master section aswell.
[master]
autosign = $confdir/autosign.conf { mode = 664 }
reports = foreman
external_nodes = /etc/puppet/node.rb
node_terminus = exec
ca = false
ssldir = /var/lib/puppet/ssl
certname = ip2.dns.com
parser = current
strict_variables = false
Updated by Dominic Cleal over 8 years ago
What does the curl query in comment 1 return? That should list the search paths for the production environment.
It's also worth running "puppet parser validate" against the manifest .pp, and also attach/paste /var/log/foreman-proxy/proxy.log.
Updated by ganesan gurumurthy over 8 years ago
[root@devci-puppet environments]# curl -vs --key /var/lib/puppet/ssl/private_keys/ip2.dns.com.pem --cacert /var/lib/puppet/ssl/certs/ca.pem --cert /var/lib/puppet/ssl/certs/ip2.dns.com.pem https://ip2.dns.com:8443/puppet/environments | more
- About to connect() to ip2.dns.com port 8443 (#0)
- Trying 10.1.107.170... connected
- Connected to ip2.dns.com (10.1.107.170) port 8443 (#0)
- Initializing NSS with certpath: sql:/etc/pki/nssdb
- CAfile: /var/lib/puppet/ssl/certs/ca.pem
CApath: none - NSS: client certificate from file
- subject: CN=ip2.dns.com
- start date: Sep 09 09:19:35 2015 GMT
- expire date: Sep 08 09:19:35 2020 GMT
- common name: ip2.dns.com
- issuer: CN=Puppet CA: devci-puppet.be.vzbi.com
- SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- Server certificate:
- subject: CN=ip2.dns.com
- start date: Sep 09 09:19:35 2015 GMT
- expire date: Sep 08 09:19:35 2020 GMT
- common name: ip2.dns.com
- issuer: CN=Puppet CA: devci-puppet.be.vzbi.com
< HTTP/1.1 200 OKGET /puppet/environments HTTP/1.1
User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Host: ip2.dns.com:8443
Accept: */*
< Content-Type: application/json
< Connection: Keep-Alive
< Server: WEBrick/1.3.1 (Ruby/1.8.7/2013-06-27) OpenSSL/1.0.1e
< Date: Fri, 11 Sep 2015 10:49:24 GMT
< Content-Length: 2
< { [data not shown]
- Connection #0 to host ip2.dns.com left intact
- Closing connection #0
[]
puppet parser validate *.pp run on all pps in the modules under production environment
forman-proxy log (The error in one of the request is due to typo in my curl command)
10.1.107.122 - - [11/Sep/2015 09:48:33] "GET /environments HTTP/1.1" 406 20258 0.7068
10.1.107.122 - - [11/Sep/2015 09:55:12] "GET /environments HTTP/1.1" 200 2 3.7220
10.1.107.122 - - [11/Sep/2015 09:55:59] "GET /environments HTTP/1.1" 200 2 0.5409
10.1.107.122 - - [11/Sep/2015 09:56:00] "GET /environments HTTP/1.1" 200 2 0.5296
10.1.107.122 - - [11/Sep/2015 09:56:06] "GET /environments HTTP/1.1" 200 2 0.5430
10.1.107.122 - - [11/Sep/2015 09:56:57] "GET /environments HTTP/1.1" 200 2 0.5345
10.1.107.122 - - [11/Sep/2015 09:57:09] "GET /environments HTTP/1.1" 200 2 0.5474
10.1.107.122 - - [11/Sep/2015 09:58:55] "GET /environments HTTP/1.1" 200 2 1.8316
10.1.107.122 - - [11/Sep/2015 09:59:09] "GET /environments HTTP/1.1" 200 2 0.5336
10.1.107.122 - - [11/Sep/2015 10:00:32] "GET /environments HTTP/1.1" 200 2 1.5141
10.1.107.122 - - [11/Sep/2015 10:00:47] "GET /features HTTP/1.1" 200 10 0.0013
10.1.107.122 - - [11/Sep/2015 10:00:48] "GET /features HTTP/1.1" 200 10 0.0013
10.1.107.122 - - [11/Sep/2015 10:00:59] "GET /environments HTTP/1.1" 200 2 0.5573
10.1.107.122 - - [11/Sep/2015 10:01:47] "GET /environments HTTP/1.1" 200 2 0.5421
10.1.107.122 - - [11/Sep/2015 10:05:29] "GET /environments HTTP/1.1" 200 2 2.5047
10.1.107.122 - - [11/Sep/2015 10:06:02] "GET /environments HTTP/1.1" 200 2 0.5382
10.1.107.122 - - [11/Sep/2015 10:06:09] "GET /environments HTTP/1.1" 200 2 0.5304
10.1.107.122 - - [11/Sep/2015 10:08:30] "GET /environments HTTP/1.1" 200 2 1.9273
E, [2015-09-11T10:08:57.922104 #24275] ERROR -- : Untrusted client ip2 attempted to access /environments. Check :trusted_hosts: in settings.yml
10.1.107.170 - - [11/Sep/2015 10:08:57] "GET /environments HTTP/1.1" 403 103 0.0014
10.1.107.122 - - [11/Sep/2015 10:11:10] "GET /environments HTTP/1.1" 200 2 2.0873
10.1.107.122 - - [11/Sep/2015 10:21:05] "GET /environments HTTP/1.1" 200 14 0.0213
10.1.107.122 - - [11/Sep/2015 10:28:31] "GET /environments HTTP/1.1" 200 2 1.9521
10.1.107.122 - - [11/Sep/2015 10:28:34] "GET /environments HTTP/1.1" 200 2 0.5426
10.1.107.122 - - [11/Sep/2015 10:33:43] "GET /environments HTTP/1.1" 200 2 1.9459
10.1.107.122 - - [11/Sep/2015 10:34:33] "GET /environments HTTP/1.1" 200 2 1.4982
10.1.107.122 - - [11/Sep/2015 10:35:12] "GET /environments HTTP/1.1" 200 2 0.2692
10.1.107.122 - - [11/Sep/2015 10:35:18] "GET /environments HTTP/1.1" 200 2 0.5655
10.1.107.122 - - [11/Sep/2015 10:40:34] "GET /environments HTTP/1.1" 200 2 1.9590
10.1.107.122 - - [11/Sep/2015 10:49:24] "GET /environments HTTP/1.1" 200 2 2.3929
Updated by Dominic Cleal over 8 years ago
ganesan gurumurthy wrote:
curl output:
[root@devci-puppet environments]# curl -vs --key /var/lib/puppet/ssl/private_keys/ip2.dns.com.pem --cacert /var/lib/puppet/ssl/certs/ca.pem --cert /var/lib/puppet/ssl/certs/ip2.dns.com.pem https://ip2.dns.com:8443/puppet/environments | more
Sorry, not that one - the one against the Puppet master on port 8140, see http://projects.theforeman.org/issues/11780#note-1
Updated by ganesan gurumurthy over 8 years ago
{"environments":{},"search_paths":["file:///var/lib/puppet/.puppet/puppet.conf"]}
Updated by Dominic Cleal over 8 years ago
If the master's running under Passenger, the config.ru file is probably out of date - it changed between Puppet 2 and 3. The reference there to /var/lib/puppet suggests it's reading the wrong config. It should have a lot more info about the environments and paths.
See the info at http://projects.theforeman.org/projects/foreman/wiki/FAQ#Upgrade-puppet-from-v2-to-v3-gotchas and our installer's template at https://github.com/theforeman/puppet-puppet/blob/master/templates/server/config.ru.erb.
Updated by ganesan gurumurthy over 8 years ago
Thanks Dominic. I will try to get the installation issue corrected. This seems to be an issue with the way I have setup things.
You can considered this ticket closed. I will get back if I need any other support.
Really appreciate the complete support I got here from you.
Updated by Dominic Cleal over 8 years ago
- Status changed from Feedback to Resolved
No problem, I'm glad it helped.
Updated by ganesan gurumurthy over 8 years ago
got it working :)
{"environments":{"development":{"settings":{"manifest":"/etc/puppet/environments/development/manifests","config_version":"","modulepath":["/etc/puppet/environments/development/modules","/etc/puppet/environments/common","/etc/puppet/modules","/usr/share/puppet/modules"],"environment_timeout":0}},"production":{"settings":{"manifest":"/etc/puppet/environments/production/manifests","config_version":"","modulepath":["/etc/puppet/environments/production/modules","/etc/puppet/environments/common","/etc/puppet/modules","/usr/share/puppet/modules"],"environment_timeout":0}},"example_env":{"settings":{"manifest":"/etc/puppet/environments/example_env/manifests","config_version":"","modulepath":["/etc/puppet/environments/example_env/modules","/etc/puppet/environments/common","/etc/puppet/modules","/usr/share/puppet/modules"],"environment_timeout":0}},"common":{"settings":{"manifest":"/etc/puppet/environments/common/manifests","config_version":"","modulepath":["/etc/puppet/environments/common/modules","/etc/puppet/environ* Closing connection #0
ments/common","/etc/puppet/modules","/usr/share/puppet/modules"],"environment_timeout":0}}},"search_paths":["file:///etc/puppet/environments","data:text/plain,internal"]}