[uyuni-users] Salt-Client: Problems on Uyuni-WebUI
Hi, I'm trying to register a SLES server as Salt client using the WebUI of a new Uyuni installation, version 2020.01. First I had some trouble with the configuration at the client. Seems that the user that I configured at the client needs a NOPASSWD: entry in the client's sudoers file. After correcting this issue it was possible to proceed with registration process. A short while after pressing the "Bootstrap"-button I received a message at WebUI: "Cannot read/write '/var/lib/salt/.ssh/known_hosts'. Please check permissions." It seems that the WebUI is using the UID tomcat that has no rights on this file which is owned by UID salt. I played around with changing file mode and group memberships but without any success. Any idea? Regards, Tobias. -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
Normally... All you need to do is to - create activation keys for your distribution you want to use (e.g. SLES15-SP1 or SLES12-SP5) - copy the system "bootstrap.sh" (/srv/www/htdocs/pub/bootstrap" file and modify it to include the activation key (near end of file) you want to use (or do it with some further logic to construct it, what I do). I have mine named "register.sh". - run something like "curl -skS http://<your server fqdn>/pub/register.sh | /bin/bash" This should start registering your client. You then need to accept the request via WebUI under "Salt" -> "Keys" Robert sent from my mobile device -------- Originale Nachricht -------- Von: Tobias Crefeld <tclx@klekih-petra.de> Gesendet: Sat Mar 21 18:41:46 GMT+01:00 2020 An: uyuni-users@opensuse.org Betreff: [uyuni-users] Salt-Client: Problems on Uyuni-WebUI Hi, I'm trying to register a SLES server as Salt client using the WebUI of a new Uyuni installation, version 2020.01. First I had some trouble with the configuration at the client. Seems that the user that I configured at the client needs a NOPASSWD: entry in the client's sudoers file. After correcting this issue it was possible to proceed with registration process. A short while after pressing the "Bootstrap"-button I received a message at WebUI: "Cannot read/write '/var/lib/salt/.ssh/known_hosts'. Please check permissions." It seems that the WebUI is using the UID tomcat that has no rights on this file which is owned by UID salt. I played around with changing file mode and group memberships but without any success. Any idea? Regards, Tobias. -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
On Sun, 22 Mar 2020 15:08:52 +0100 Robert Paschedag <robert.paschedag@web.de> wrote:
- create activation keys for your distribution you want to use (e.g. SLES15-SP1 or SLES12-SP5) - copy the system "bootstrap.sh" (/srv/www/htdocs/pub/bootstrap" file and modify it to include the activation key (near end of file) you want to use (or do it with some further logic to construct it, what I do). I have mine named "register.sh".
- run something like "curl -skS http://<your server fqdn>/pub/register.sh | /bin/bash"
Thanks for this advice! Creating activation keys was no problem. The rest of the procedure as you describe it, differs from the client configuration guide. It seems that its idea is that "bootstrapping" is done completely by WebUI: https://www.uyuni-project.org/uyuni-docs/uyuni/client-configuration/registra... I will check if your "manual" procedure works on my Uyuni installation. Regards, Tobias. -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
On 2020-03-23 08:40, Tobias Crefeld wrote:
The rest of the procedure as you describe it, differs from the client configuration guide. It seems that its idea is that "bootstrapping" is done completely by WebUI:
https://www.uyuni-project.org/uyuni-docs/uyuni/client-configuration/registra...
I will check if your "manual" procedure works on my Uyuni installation.
It now will work both ways. Find the basic procedure here: https://www.uyuni-project.org/uyuni-docs/uyuni/client-configuration/registra... It's similar to the curl proposal, but with plain ssh. -- Karl Eichwalder -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
On Mon, 23 Mar 2020 09:22:59 +0100 "Karl.Eichwalder@suse.com" <ke@suse.de> wrote:
It now will work both ways. Find the basic procedure here:
https://www.uyuni-project.org/uyuni-docs/uyuni/client-configuration/registra...
It's similar to the curl proposal, but with plain ssh.
I tried this guide but first I received a "unknown error" (or something similar) and then I received error messages about tomcat, sudo and password. So my last action was to put tomcat into the sudoers-File with a ALL-NOPASSWD rule and afterwards there was no more error message but a reply that I should restart Uyuni which I did. I'll check tomorrow if the rest of the bootstrap process works now. Otherwise I will return to Robert's advice. BTW: Due to security reason I doubt that it's a good idea to give tomcat root rights via sudo. Regards, Tobias. -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
On 2020-03-23 21:32, Tobias Crefeld wrote:
BTW: Due to security reason I doubt that it's a good idea to give tomcat root rights via sudo.
I'd not fiddle with changing permissions. I'd install root's public ssh key on the client and then run the bootstrap as root without entering a password. I hope I understand what your plans are. Maybe, there are special requirements at your site. -- Karl Eichwalder -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
Hi Karl, maybe there is a misunderstanding: I guess you refer to the chapter "Connect Clients" at the client configuration guide but actually I haven't reached the stage to do something on the client. The error already happened during the generation of the bootstrap script with the WebUI following the link to chapter of the client configuration guide that you provided. Seems that this procedure uses a sudo to create the bootstrap script. Meanwhile I found the reasons for my troubles with both bootstrapping procedures: After installation of opensuse I installed our default sudoers file, which didn't contain the includedir-statement for /etc/sudoers.d/ . Unfortunately this directory contains the sudoers settings for spacewalk... ;) So finally "Register Clients with the Web UI" was successful. Actually there still is an issue with a message "Cannot read/write '/var/lib/salt/.ssh/known_hosts'. Please check permissions.". I created this file manually and afterwards klicking "+Bootstrap" was successful. For now it will be fine to add each new host key "manually". Thanks for your efforts! Regards, Tobias. -----Ursprüngliche Nachricht----- Von: Karl.Eichwalder@suse.com [mailto:ke@suse.de] Gesendet: Dienstag, 24. März 2020 07:25 On 2020-03-23 21:32, Tobias Crefeld wrote:
BTW: Due to security reason I doubt that it's a good idea to give tomcat root rights via sudo.
I'd not fiddle with changing permissions. I'd install root's public ssh key on the client and then run the bootstrap as root without entering a password. I hope I understand what your plans are. Maybe, there are special requirements at your site.
On Tue, 24 Mar 2020 14:54:43 +0000 "Crefeld, Tobias LKV Bayern e.V." <Tobias.Crefeld@lkv.bayern.de> wrote:
So finally "Register Clients with the Web UI" was successful. Actually there still is an issue with a message "Cannot read/write '/var/lib/salt/.ssh/known_hosts'. Please check permissions.". I created this file manually and afterwards klicking "+Bootstrap" was successful. For now it will be fine to add each new host key "manually".
Muss ich mal die Inge machen: For whatever reason this error didn't reappear during registration of the second (SLES) client. Regards, Tobias. -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
On 2020-03-24 21:09, Tobias Crefeld wrote:
So finally "Register Clients with the Web UI" was successful. Actually there still is an issue with a message "Cannot read/write '/var/lib/salt/.ssh/known_hosts'. Please check permissions.". I created this file manually and afterwards klicking "+Bootstrap" was successful. For now it will be fine to add each new host key "manually".
For whatever reason this error didn't reappear during registration of the second (SLES) client.
If the error occurs again, you could open an issue on github: . https://github.com/uyuni-project/uyuni/issues . Then click the "New issue" button. -- Karl Eichwalder -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
participants (4)
-
Crefeld, Tobias LKV Bayern e.V. -
Karl.Eichwalder@suse.com -
Robert Paschedag -
Tobias Crefeld