In the vRO client, when you run the Add a Puppet Enterprise Master workflow, it fails with a runtime exception.
Error messages and logs
In the vRO client, when you run the Add a Puppet Enterprise Master workflow, you get either of the following messages:
Unable to create a vCO endpoint of type 'Puppet'. Reason: 'Failed to add Master. Exception: (RuntimeException: Failed to get Facter fact) (Workflow:Add a Puppet Enterprise Master / Add a Puppet Enterprise Master (item1)#7)'
Unable to create a vCO endpoint of type 'Puppet'. Reason: 'Failed to add Master. Exception: (JSchException: Auth cancel) (Workflow:Add a Puppet Enterprise Master / Add a Puppet Enterprise Master (item1)#7)'
Version and installation information
PE version: 2016.4.x to 2018.1.x
The issue occurs because requirements for the plug-in are not met. The user for the workflow cannot complete the facter command needed to get the current PE version and add the master. Classification for the plug-in must also be correct for the workflow to succeed.
To add the master, the
vro-plugin-user user must:
- Be able to SSH into the master from the vRO client.
- Be either using
rootor be able to run Puppet commands without entering a password for sudo.
Check that the user meets the requirements: SSH into the master with the
vro-plugin-usercredentials and run the following command:
sudo /opt/puppetlabs/bin/facter -p pe_server_versionWhen the command runs successfully, the output is your version of PE, for example,
If you are unable to SSH into the master with the
vro-plugin-usercredentials, confirm that classification is correct.
Ensure that the
vro_plugin_userclasses are classified for the master. If you see any errors, fix them.
In the console, navigate to Classification > All Nodes. Under All Nodes, if the Autosign and vRO Plugin User and sshd config node group is not present, install the Puppet vRO Starter Content.
In the Rules tab, ensure the master is pinned to the Autosign and vRO Plugin User and sshd config node group.
In the Classes tab, ensure that the
autosign_exampleclasses are present.
puppet agent -ton the master.
SSH into the master as the
vro-plugin-userand run the facter command again:
sudo /opt/puppetlabs/bin/facter -p pe_server_version
Troubleshooting OS issues
If you are not able to run the command successfully, use the following troubleshooting sections to fix OS issues.
Unable to SSH into the master
If you are unable to SSH in to the master after completing the steps above, check the following items on the master.
Ensure that the SSH configuration allows password authenticated logins. In
/etc/ssh/sshd_configcheck that the following lines are present:
PermitRootLogin yes PasswordAuthentication yes ChallengeResponseAuthentication no
Ensure that the
vro_plugin_useris allowed to SSH into the master. Open
/etc/ssh/sshd_configand check for configuration issues. Commonly, the
AllowUserssetting is enabled but does not contain the
Ensure that the
/etc/ssh/sshd_confighas been read by restarting the
If you have an issue using SSH after fixing these items above, work with your OS vendor to troubleshoot the issue.
Unable to run sudo commands without entering a password
If you are unable to run sudo commands with the
vro-plugin-user without entering a password after completing the steps above, check the following items on the master.
Ensure the file
/etc/sudoers.d/vro-plugin-userexists and contains entries with
vro-plugin-user ALL = (root) NOPASSWD: /opt/puppetlabs/bin/facter -p puppetversion
If it does not, check the Puppet catalog for items that modify the sudoers file.
/etc/sudoers, ensure that
Ensure that no other configuration options prevent the
vro-plugin-userfrom using sudo without a password. Check sudo access for
vro-plugin-userby logging in and running
$ sudo -l Matching Defaults entries for vro-plugin-user on this host: !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin, !requiretty User vro-plugin-user may run the following commands on this host: (root) NOPASSWD: /opt/puppetlabs/bin/puppet node purge * (root) NOPASSWD: !/opt/puppetlabs/bin/puppet node purge *[[\:blank\:]]* (root) NOPASSWD: /opt/puppetlabs/bin/puppet config print * (root) NOPASSWD: !/opt/puppetlabs/bin/puppet config print *[[\:blank\:]]* (root) NOPASSWD: /opt/puppetlabs/bin/facter -p puppetversion (root) NOPASSWD: /opt/puppetlabs/bin/facter -p pe_server_version (root) NOPASSWD: /opt/puppetlabs/bin/puppet agent -t (root) NOPASSWD: /opt/puppetlabs/bin/puppet agent --test --color\=false --detailed-exitcodes (root) NOPASSWD: /bin/kill -HUP * (root) NOPASSWD: !/bin/kill -HUP *[[\:blank\:]]* (root) NOPASSWD: !/opt/puppetlabs/bin/puppet node purge pe-201734-master.puppetdebug.vlan (root) NOPASSWD: !/opt/puppetlabs/bin/puppet node purge pe-internal-mcollective-servers (root) NOPASSWD: !/opt/puppetlabs/bin/puppet node purge pe-internal-peadmin-mcollective-client (root) NOPASSWD: /opt/puppetlabs/bin/puppet resource service puppet ensure\=stopped (root) NOPASSWD: /opt/puppetlabs/bin/puppet resource service puppet ensure\=running enable\=true (root) NOPASSWD: /bin/cp /etc/puppetlabs/puppet/ssl/ca/ca_crl.pem /etc/puppetlabs/puppet/ssl/crl.pem
If the sudo issue persists after checking these items, work with your OS vendor to troubleshoot the issue.