search

uyuni-project / uyuni

Source code for Uyuni
https://www.uyuni-project.org/
GNU General Public License v2.0
431 stars 180 forks source link

Bootstrap in DMZ not possible (SLES15SP5) #8871

Open Uyunifier opened 4 months ago

Uyunifier commented 4 months ago

Problem description

Hi there. i have an Server (SLES15SP5) within an DMZ. The DMZ can't communicate with the Uyuni Server, cause its in another internal Network. The Uyuniserver itself can connect via SSH only to the DMZ-Server. Root Access via root user is locked. there is an seperate user. The user has an sudoers entry: The DMZ Server has an Host entry to resolv the hostanem of the uyuniserver to 127.0.0.1

myuser ALL=NOPASSWD: /usr/bin/python, /usr/bin/python2, /usr/bin/python3, /var/tmp/venv-salt-minion/bin/python

When i not want to Bootstrap this Server via SSH only with anActivation Key, set to SSH-Tunnel, the following error appears:

/var/log/rhn/rhn_web_ui.log 2024-06-05 10:26:37,048 [ajp-nio-127.0.0.1-8009-exec-6] ERROR com.suse.manager.webui.controllers.bootstrap.AbstractMinionBootstrapper - Error during bootstrap: An error has occurred during salt execution: unable to parse json

When i now change the line in nano /usr/share/susemanager/salt/ssh_bootstrap/init.sls from: {%- set home = salt'user.info'['home'] %} to: {%- set home = '/home/myuser' %} The Server Bootstraps with green message in web but dont appear in Server lsit. Another error can be seen in log:

2024-06-05 10:28:01,781 [ajp-nio-127.0.0.1-8009-exec-7] ERROR com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction - Aborting: needed grains are not found for minion: dmz-server

How to fix or workarround that? Thx much.

Steps to reproduce

  1. Setup a DMZ Server
  2. Network only SSH from Uyuni to DMZ possible. DMZ cant connect somewhere
  3. Bootstrap the DMZ Server ...

Uyuni version

Information for package Uyuni-Server-release:
---------------------------------------------
Repository     : uyuni-server-stable
Name           : Uyuni-Server-release
Version        : 2024.05-230900.217.1.uyuni3
Arch           : x86_64
Vendor         : obs://build.opensuse.org/systemsmanagement:Uyuni
Support Level  : Level 3
Installed Size : 1.4 KiB
Installed      : Yes
Status         : up-to-date
Source package : Uyuni-Server-release-2024.05-230900.217.1.uyuni3.src
Summary        : Uyuni Server
Description    : 
    Uyuni lets you efficiently manage physical, virtual,
    and cloud-based Linux systems. It provides automated and cost-effective
    configuration and software management, asset management, and system
    provisioning.

Uyuni proxy version (if used)

No response

Useful logs

No response

Additional information

No response

avshiliaev commented 3 months ago

Hey @Uyunifier thanks for the report. Just to double-check, the home dir is set set rather the following way in the init.sls: {%- set home = salt['user.info'](mgr_sudo_user)['home'] %}. Then you can ensure that the mgr_sudo_user variable is correctly set to myuser in your bootstrap configuration.

As usual, verify that there are no firewall rules blocking the SSH and the DMZ server's /etc/hosts file has the correct entry for the Uyuni server.