In the vRO client, when you run the Add a Puppet Enterprise Master workflow, it fails with a runtime exception.
Error messages and logs
In the vRO client, when you run the Add a Puppet Enterprise Master workflow, you get either of the following messages:
Unable to create a vCO endpoint of type 'Puppet'. Reason: 'Failed to add Master. Exception: (RuntimeException: Failed to get Facter fact) (Workflow:Add a Puppet Enterprise Master / Add a Puppet Enterprise Master (item1)#7)'
Unable to create a vCO endpoint of type 'Puppet'. Reason: 'Failed to add Master. Exception: (JSchException: Auth cancel) (Workflow:Add a Puppet Enterprise Master / Add a Puppet Enterprise Master (item1)#7)'
Version and installation information
PE version: 2016.4.x to 2018.1.x
Solution
The issue occurs because requirements for the plug-in are not met. The user for the workflow cannot complete the facter command needed to get the current PE version and add the master. Classification for the plug-in must also be correct for the workflow to succeed.
Learn more about vRO configuration.
To add the master, the vro-plugin-user
user must:
- Be able to SSH into the master from the vRO client.
- Be either using
root
or be able to run Puppet commands without entering a password for sudo.
-
Check that the user meets the requirements: SSH into the master with the
vro-plugin-user
credentials and run the following command:sudo /opt/puppetlabs/bin/facter -p pe_server_version
When the command runs successfully, the output is your version of PE, for example,2017.3.2
. -
If you are unable to SSH into the master with the
vro-plugin-user
credentials, confirm that classification is correct.Ensure that the
vro_plugin_sshd
andvro_plugin_user
classes are classified for the master. If you see any errors, fix them.-
In the console, navigate to Classification > All Nodes. Under All Nodes, if the Autosign and vRO Plugin User and sshd config node group is not present, install the Puppet vRO Starter Content.
-
In the Rules tab, ensure the master is pinned to the Autosign and vRO Plugin User and sshd config node group.
-
In the Classes tab, ensure that the
vro_plugin_sshd
,vro_plugin_user
, andautosign_example
classes are present.
-
-
Run
puppet agent -t
on the master. -
SSH into the master as the
vro-plugin-user
and run the facter command again:sudo /opt/puppetlabs/bin/facter -p pe_server_version
Troubleshooting OS issues
If you are not able to run the command successfully, use the following troubleshooting sections to fix OS issues.
Unable to SSH into the master
If you are unable to SSH in to the master after completing the steps above, check the following items on the master.
-
Ensure that the SSH configuration allows password authenticated logins. In
/etc/ssh/sshd_config
check that the following lines are present:PermitRootLogin yes PasswordAuthentication yes ChallengeResponseAuthentication no
-
Ensure that the
vro_plugin_user
is allowed to SSH into the master. Open/etc/ssh/sshd_config
and check for configuration issues. Commonly, theAllowUsers
setting is enabled but does not contain thevro-plugin-user
. -
Ensure that the
/etc/ssh/sshd_config
has been read by restarting thessh
service.
If you have an issue using SSH after fixing these items above, work with your OS vendor to troubleshoot the issue.
Unable to run sudo commands without entering a password
If you are unable to run sudo commands with the vro-plugin-user
without entering a password after completing the steps above, check the following items on the master.
-
Ensure the file
/etc/sudoers.d/vro-plugin-user
exists and contains entries withNOPASSWD
in them.For example:
vro-plugin-user ALL = (root) NOPASSWD: /opt/puppetlabs/bin/facter -p puppetversion
If it does not, check the Puppet catalog for items that modify the sudoers file.
-
In
/etc/sudoers
, ensure that/etc/sudoers.d/
is included. -
Ensure that no other configuration options prevent the
vro-plugin-user
from using sudo without a password. Check sudo access forvro-plugin-user
by logging in and runningsudo -l
.For example:
$ sudo -l Matching Defaults entries for vro-plugin-user on this host: !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin, !requiretty User vro-plugin-user may run the following commands on this host: (root) NOPASSWD: /opt/puppetlabs/bin/puppet node purge * (root) NOPASSWD: !/opt/puppetlabs/bin/puppet node purge *[[\:blank\:]]* (root) NOPASSWD: /opt/puppetlabs/bin/puppet config print * (root) NOPASSWD: !/opt/puppetlabs/bin/puppet config print *[[\:blank\:]]* (root) NOPASSWD: /opt/puppetlabs/bin/facter -p puppetversion (root) NOPASSWD: /opt/puppetlabs/bin/facter -p pe_server_version (root) NOPASSWD: /opt/puppetlabs/bin/puppet agent -t (root) NOPASSWD: /opt/puppetlabs/bin/puppet agent --test --color\=false --detailed-exitcodes (root) NOPASSWD: /bin/kill -HUP * (root) NOPASSWD: !/bin/kill -HUP *[[\:blank\:]]* (root) NOPASSWD: !/opt/puppetlabs/bin/puppet node purge pe-201734-master.puppetdebug.vlan (root) NOPASSWD: !/opt/puppetlabs/bin/puppet node purge pe-internal-mcollective-servers (root) NOPASSWD: !/opt/puppetlabs/bin/puppet node purge pe-internal-peadmin-mcollective-client (root) NOPASSWD: /opt/puppetlabs/bin/puppet resource service puppet ensure\=stopped (root) NOPASSWD: /opt/puppetlabs/bin/puppet resource service puppet ensure\=running enable\=true (root) NOPASSWD: /bin/cp /etc/puppetlabs/puppet/ssl/ca/ca_crl.pem /etc/puppetlabs/puppet/ssl/crl.pem
If the sudo issue persists after checking these items, work with your OS vendor to troubleshoot the issue.
Comments
0 comments
Please sign in to leave a comment.