Hi, I think I might have tracked this down to a limit of around 1024 classes in the import. If I remove a bunch of modules (any it seems) and bring it to under 1024 then the import (via rake task or UI) it works. If I move some more modules in past 1024 it throws the:-
ERF12-4115 [ProxyAPI::ProxyException]: Unable to get classes from Puppet for dev ([RestClient::ServiceUnavailable]: 503 Service Unavailable) for proxy https://vrdevpms001.iggroup.local:8443/puppet This is on 1.14.0 BTW. Thanks Paul On Wednesday, 25 January 2017 12:40:40 UTC, Paul Seymour wrote: > > Hello, > > Trying to setup a Puppet v4 system (behind a proxy so hand crafting it for > now) as a POC before moving from v3. > > I have the PostGres/PuppetDB/Foreman on one server, and the Puppet > Server/CA on another with foreman-proxy. I have setup the smart proxy as we > did on v3 with the > upgrade steps as mentioned and I have created the smart proxy to it and > configured it to send facts/reports and all these are coming in fine. > > Now I want to start using the ENC setup and import from the puppet server > etc and I get errors about reading environments. > > On the proxy status page I get a tick, I can read the PuppetCA information > I can see the reports but I cannot read the environments/classes. > > Failure: ERF50-5345 [Foreman::WrappedException]: Unable to connect > ([ProxyAPI::ProxyException]: ERF12-4115 [ProxyAPI::ProxyException]: Unable > to get classes from Puppet for dev ([Rest...) > > Enabling DEBUG on the proxy log doesn't give a lot away. It certainly > doesn't seem permission related (foreman-proxy is in the puppet group). But > getting 503's. > > D, [2017-01-25T12:20:46.100097 ] DEBUG -- : Found puppetca at > /opt/puppetlabs/bin/puppet > D, [2017-01-25T12:20:46.100211 ] DEBUG -- : Found sudo at /usr/bin/sudo > D, [2017-01-25T12:20:46.100267 ] DEBUG -- : Executing /usr/bin/sudo -S > /opt/puppetlabs/bin/puppet cert --ssldir /etc/puppetlabs/puppet/ssl --list > --all > I, [2017-01-25T12:20:51.110234 ] INFO -- : <IP> - - [25/Jan/2017:12:20:51 > +0000] "GET /puppet/ca HTTP/1.1" 200 563 5.5168 > > D, [2017-01-25T12:20:51.121114 ] DEBUG -- : close: <IP>:33374 > I, [2017-01-25T12:20:51.420277 ] INFO -- : <IP> - - [25/Jan/2017:12:20:51 > +0000] "GET /puppet/ca HTTP/1.1" 200 563 5.8772 > > D, [2017-01-25T12:20:51.427916 ] DEBUG -- : close: <IP>:33370 > I, [2017-01-25T12:20:51.793828 ] INFO -- : <IP> - - [25/Jan/2017:12:20:51 > +0000] "GET /puppet/ca HTTP/1.1" 200 563 5.6942 > > D, [2017-01-25T12:20:51.856961 ] DEBUG -- : close: <IP>:33382 > E, [2017-01-25T12:21:00.976187 ] ERROR -- : Puppet is taking too long to > respond, please try again later. > D, [2017-01-25T12:21:00.976527 ] DEBUG -- : Puppet is taking too long to > respond, please try again later. > I, [2017-01-25T12:21:00.976981 ] INFO -- : <IP> - - [25/Jan/2017:12:21:00 > +0000] "GET /puppet/environments/dev/classes HTTP/1.1" 503 61 15.0253 > > D, [2017-01-25T12:21:00.983614 ] DEBUG -- : close: <IP>:33380 > > I have this in the auth.conf > { > match-request: { > path: "/puppet/v3/environments" > type: path > method: get > } > allow: "*" > sort-order: 500 > name: "puppetlabs environments" > }, > { > match-request: { > path: "/puppet/v3/resource_type" > type: path > method: [get, post] > } > allow: "*" > sort-order: 500 > name: "puppetlabs resource type" > }, > { > match-request: { > path: "/puppet/v3/environment_classes" > type: path > method: get > } > allow: "*" > sort-order: 500 > name: "puppetlabs environment classes" > }, > > the puppetserver access log shows a 200 > <IP> - [25/Jan/2017:12:37:40 +0000] "GET > /puppet/v3/environment_classes?environment=dev HTTP/1.1" 200 609657 "-" > "Ruby" 22363 > > Any ideas ? > > Thanks > Paul > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
