Bug #29649
closed
The system does not seem to be IPA-enrolled
Description
Running the installer after the upgrade like I always do:
env TMP= TMPDIR= foreman-installer \
-v \
--foreman-proxy-log-level=DEBUG \
--enable-foreman-plugin-remote-execution \
--enable-foreman-proxy-plugin-remote-execution-ssh \
--enable-foreman-plugin-dhcp-browser \
--enable-foreman-plugin-remote-execution \
--enable-foreman-proxy-plugin-remote-execution-ssh \
--foreman-ipa-authentication=true \
--foreman-pam-service=foreman \
--foreman-http-keytab=/etc/http.keytab \
--no-enable-foreman-cli-ansible \
--no-enable-foreman-plugin-ansible \
--no-enable-foreman-proxy-plugin-ansible
After the upgrade to 2.0 I get
Evaluation Error: Error while evaluating a Function Call, theforeman: The system does not seem to be IPA-enrolled (file: /usr/share/foreman-installer/modules/foreman/manifests/config.pp, line: 101, column: 9) on node
Which reads:
unless 'ipa' in $facts and 'default_server' in $facts['ipa'] and 'default_realm' in $facts['ipa'] {
So it tests the output of facter ipa. If I do that manually I get no output. digging a bit further this is the code in question: /etc/puppetlabs/code/modules/ipaclient/lib/facter/ipa_facts.rb
The important part would be:
if File.exist?('/etc/sssd/sssd.conf') && sssd = File.readlines('/etc/sssd/sssd.conf')
sssd.each do |line|
case line
when /^ipa_domain/
Facter.add("ipa_domain") do
has_weight 100
setcode do
line.split("=")[1].strip
end
end
when /^ipa_server/
Facter.add("ipa_server") do
has_weight 100
setcode do
line.split("=")[1].strip
end
end
when /^auth_provider/
Facter.add("ipa_enrolled") do
Odd because:
root@theforeman ~ # ag '(ipa_domain|ipa_server|auth_provider)' /etc/sssd/sssd.conf |sed -e 's|mycompany.com|example.com|g' auth_provider = ipa ipa_domain = example.com ipa_server = _srv_, gandalf.example.com, olorin.example.com, mithrandir.example.com ipa_server_mode = false
Seems like I'm barking up the wrong tree, this must be a puppet problem. But please leave it for the moment because other may run into this problem as well.
Updated by Han Boetes about 4 years ago
I reported the issue with puppet: https://tickets.puppetlabs.com/browse/FACT-2588
Updated by Han Boetes about 4 years ago
The ipa_facts file comes from https://github.com/joshuabaird/puppet-ipaclient/blob/master/lib/facter/ipa_facts.rb and contrary to my previous assumption is not a part of puppet but a custom module I happen to have installed.
I tried moving the module out of the way but facter ipa keeps returning empty. Am I missing something here? Where is the right ipa facter that I don't have?
Updated by Ewoud Kohl van Wijngaarden about 4 years ago
I was playing with https://github.com/theforeman/puppet-foreman/pull/801 but don't have an IPA env myself so find it hard to verify. Could you check it out and see if it fixes it for you?
Updated by Han Boetes about 4 years ago
I run into this error after applying your patch.
[ INFO 2020-04-29T20:25:33 verbose] Facter: loading custom facts from /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb. [ERROR 2020-04-29T20:25:33 verbose] Facter: error while resolving custom facts in /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb: expected chunk name to be a Symbol [ERROR 2020-04-29T20:25:33 verbose] backtrace: [ERROR 2020-04-29T20:25:33 verbose] /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb:10:in `chunk' [ERROR 2020-04-29T20:25:33 verbose] /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb:10:in `block (2 levels) in <top (required)>' [ERROR 2020-04-29T20:25:33 verbose] /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb:9:in `each' [ERROR 2020-04-29T20:25:33 verbose] /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb:9:in `block in <top (required)>' [ERROR 2020-04-29T20:25:33 verbose] /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb:5:in `instance_eval' [ERROR 2020-04-29T20:25:33 verbose] /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb:5:in `add' [ERROR 2020-04-29T20:25:33 verbose] /usr/share/foreman-installer/modules/foreman/lib/facter/sssd.rb:5:in `<top (required)>' [ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/facts/facter.rb:35:in `to_hash' [ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/facts/facter.rb:35:in `find' [ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/indirection.rb:198:in `find' [ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/node.rb:135:in `fact_merge' [ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/node/plain.rb:18:in `find' [ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/indirection.rb:198:in `find' [ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:215:in `main' [ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:174:in `run_command' [ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:375:in `block in run' [ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:690:in `exit_on_fail' [ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:375:in `run' [ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:139:in `run' [ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:77:in `execute' [ERROR 2020-04-29T20:25:33 verbose] /opt/puppetlabs/puppet/bin/puppet:5:in `<main>'
Updated by The Foreman Bot about 4 years ago
- Status changed from New to Ready For Testing
- Assignee set to Ewoud Kohl van Wijngaarden
- Pull request https://github.com/theforeman/puppet-foreman/pull/839 added
Updated by Ewoud Kohl van Wijngaarden about 4 years ago
- Category set to Foreman modules
- Target version set to 2.1.0
- Triaged changed from No to Yes
- Fixed in Releases deleted (
1.24.3)
Updated by Ewoud Kohl van Wijngaarden about 4 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset puppet-foreman|631f4a6a4dbdff3580592ab28771b34d6b52bfb0.
Updated by Ewoud Kohl van Wijngaarden about 4 years ago
- Fixed in Releases 2.1.0 added
- Fixed in Releases deleted (
2.2.0)
Updated by Tomer Brisker almost 4 years ago
- Target version changed from 2.1.0 to 2.0.1
Updated by The Foreman Bot almost 4 years ago
- Pull request https://github.com/theforeman/puppet-foreman/pull/848 added
Updated by Han Boetes almost 4 years ago
Nope, not fixed.
[ERROR 2020-06-18T22:10:51 verbose] Evaluation Error: Error while evaluating a Function Call, theforeman: The system does not seem to be IPA-enrolled (file: /usr/share/foreman-installer/modules/foreman/manifests/config.pp, line: 101, column: 9) on node theforeman.example.com
Updated by Ewoud Kohl van Wijngaarden almost 4 years ago
Which version of foreman-installer is installed?
Updated by Han Boetes almost 4 years ago
Hallo Ewoud,
thanks for your time and effort.
I followed the instructions https://theforeman.org/manuals/2.0/index.html#3.6Upgrade
So the version provided by: yum upgrade https://yum.theforeman.org/releases/2.0/el7/x86_64/foreman-release.rpm
2.0.1 I assume. I can't be entirely sure, since I restored the previous version with a snapshot.
With kind regards,
Han
Updated by Han Boetes almost 4 years ago
# rpm -q foreman-installer foreman-installer-2.0.1-1.el7.noarch
Updated by Han Boetes almost 4 years ago
After reading the code a bit and looking what was actually requested I hacked around a bit and came up with this:
Of course that's rather ugly. The domain is used instead of the realm. But it works. The realm can be found in /etc/ipa/default.conf, the domain can be found in /etc/sssd/sssd.conf
It's a bunch of arbitrary checks since there quite some overlap between those two files and lots values are not obligate. I really can't tell how well this config would work elsewhere.
I never edited /etc/ipa/default.conf and I mildly edited /etc/sssd/sssd.conf, using freeipa without sssd is not possible. I would focus on getting info from sssd.conf
# cat sssd.rb
require_relative 'util/sssd'
if defined? Facter::Util::Sssd
# == Fact: foreman_sssd
Facter.add(:foreman_ipa, :type => :aggregate) do
{
:default_server => 'target[.=~regexp("domain/.*")][1]/ipa_server',
:default_realm => 'target[.="sssd"]/domains'
}.each do |key, path|
chunk(key) do
val = Facter::Util::Sssd.sssd_value(path)
{key => val} if val
end
end
end
# == Fact: foreman_ipa
Facter.add(:foreman_sssd, :type => :aggregate) do
{
:services => 'target[.="sssd"]/services',
:ldap_user_extra_attrs => 'target[.=~regexp("domain/.*")][1]/ldap_user_extra_attrs',
:allowed_uids => 'target[.="ifp"]/allowed_uids',
:user_attributes => 'target[.="ifp"]/user_attributes',
}.each do |key, path|
chunk(key) do
val = Facter::Util::Sssd.sssd_value(path)
{key => val} if val
end
end
end
end
Updated by Ewoud Kohl van Wijngaarden almost 4 years ago
- Status changed from Closed to New
- Target version changed from 2.0.1 to 2.1.2
From reports, this hasn't been solved so reopening.
Updated by Tomer Brisker over 3 years ago
- Target version changed from 2.1.2 to 2.1.3
Updated by Han Boetes over 3 years ago
The file I just proposed works, but it's not exactly pretty. I have no idea how to make it pretty or how you guys would like to see it. I'm available for testing or reworking the proposed code.
Please communicate with me! Or simply apply the code and see what happens.
Updated by Ewoud Kohl van Wijngaarden over 3 years ago
A patch to https://github.com/theforeman/puppet-foreman is easier for us. You also get proper credit.
Updated by Han Boetes over 3 years ago
Updated by Tomer Brisker over 3 years ago
- Target version changed from 2.1.3 to 2.2.0
pushing off 2.1.3 since we are starting to make the release and this won't be merged in time.
Updated by Han Boetes over 3 years ago
No worries, this is more complicated to do right than initially estimated.
"we thought that we had the answers, it was the questions we had wrong"
Updated by Tomer Brisker over 3 years ago
- Target version deleted (
2.2.0)
Unsetting target version for now until we have a working solution.
Updated by The Foreman Bot about 3 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/puppet-foreman/pull/935 added
Updated by The Foreman Bot almost 3 years ago
- Pull request https://github.com/theforeman/puppet-foreman/pull/888 added
Updated by Ewoud Kohl van Wijngaarden almost 3 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset puppet-foreman|eaefa6f0b41d03350a7635e765ede62d342df4ea.
Updated by The Foreman Bot almost 3 years ago
- Pull request https://github.com/theforeman/puppet-foreman/pull/960 added
Updated by Ewoud Kohl van Wijngaarden almost 3 years ago
- Pull request deleted (
https://github.com/theforeman/puppet-foreman/pull/960)