Support #6877
closed
ERF12-5356 [ProxyAPI::ProxyException]: Unable to get PuppetCA certificates ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy
Description
This is a new install of Foreman on a clean Ubuntu 14.04 VM. Everything was going fine and 7 hosts had been added (Ubuntu 10.04, Ubuntu 12.04, Ubuntu 14.04 and Mac OSX 10.9). Then after a certificate was requested from a Windows host (installed using latest Puppet agent installer), this error was thrown when checking the certificate in Foreman to sign it. However, checking the cert list in Puppet showed the new Windows server certificate request and it could be signed. The host then showed up fine in the Foreman Hosts list, but the certificates screen still throws the error. Screenshots attached.
ProxyAPI::ProxyException
ERF12-5356 [ProxyAPI::ProxyException]: Unable to get PuppetCA certificates ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy https://serveraname.domain.com:8443/puppet/ca
lib/proxy_api/puppetca.rb:47:in `rescue in all'
lib/proxy_api/puppetca.rb:45:in `all'
app/services/smart_proxies/puppet_ca.rb:21:in `all'
app/services/smart_proxies/puppet_ca.rb:36:in `find_by_state'
app/controllers/puppetca_controller.rb:8:in `index'
app/models/concerns/foreman/thread_session.rb:33:in `clear_thread'
lib/middleware/catch_json_parse_errors.rb:9:in `call'
Files
Updated by Dominic Cleal almost 10 years ago
Please can you provide the contents of your proxy log file, typically /var/log/foreman-proxy/proxy.log. Also run through ERF12-5356 and the linked page ERF12-7740.
Updated by Brad Heaton almost 10 years ago
- File proxy.log proxy.log added
- File foreman-proxy sudoers file permissions.png foreman-proxy sudoers file permissions.png added
- File foreman-proxy sudoers contents.png foreman-proxy sudoers contents.png added
Here is the proxy log. It shows the following errors, but I'm not sure what log to check. I couldn't find anything that seemed related.
Failed to run puppetca:
Failed to list certificates: Execution of puppetca failed, check log
Checked the permissions on /etc/sudoers.d/foreman-proxy and they seem fine (see attached screenshot) and the contents of this file seem to be correct.
It is just strange that this error suddenly occurred when nothing changed on the Puppet Master/Foreman as far as I'm aware.
Updated by Dominic Cleal almost 10 years ago
Can you try running "/usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --list --all" as root? It should just list all of the certificates on your Puppet installation.
Updated by Brad Heaton almost 10 years ago
Yes, running that shows all of our certificates on Puppet.
I have found that trying to run 'sudo puppet agent --test' results in the following error on all hosts now:
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: "\xC3" on US-ASCII
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://puppet/pluginfacts: Error 400 on SERVER: "\xC3" on US-ASCII
Wrapped exception:
Error 400 on SERVER: "\xC3" on US-ASCII
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: "\xC3" on US-ASCII
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://puppet/plugins: Error 400 on SERVER: "\xC3" on US-ASCII
Wrapped exception:
Error 400 on SERVER: "\xC3" on US-ASCII
I have found the following bugs that appear to be related to this (http://projects.puppetlabs.com/issues/20522 and http://projects.puppetlabs.com/issues/20897). I have tried adding the line below as suggested in one ticket to config.ru, but this made no difference.
Encoding.default_external = Encoding::UTF_8 Encoding.default_internal = Encoding::UTF_8
Now, the very odd thing is that ALL of this occurred after doing one thing - installing Puppet on a Windows Server 2008 R2 host, which triggered a certificate request to the Puppet server. All of this occurred after that event.
Updated by Brad Heaton almost 10 years ago
I have been able to work around the problem with UTF_8 encoding by applying the workarounds suggested at https://tickets.puppetlabs.com/browse/PUP-1386 and restarting the Puppet master server.
However, I still have the same 'Unable to get PuppetCA certificates' problem remaining as originally indicated.
Updated by Anonymous