Bug 2170013

Summary: Puppet Run via Remote execution using non-root user fails with error "puppet: command not found"
Product: Red Hat Satellite Reporter: Omkar <onerleka>
Component: PuppetAssignee: satellite6-bugs <satellite6-bugs>
Status: NEW --- QA Contact: Satellite QE Team <sat-qe-bz-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.12.1CC: aruzicka, kkinge, nalfassi, saydas
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Omkar 2023-02-15 11:34:48 UTC
Description of problem:

While trying to do a puppet run via REX using non-root user on Satellite 6.12 fails with below error

1:/var/tmp/foreman-ssh-cmd-98727ed0-6d73-492f-a0b0-375e1997bcd6/script: line 1: puppet: command not found
2:Exit status: 127

Version-Release number of selected component (if applicable):

Satellite 6.12.1
Puppet 7

How reproducible: 
Easily Reproducible

Steps to Reproduce:
1. Install Satellite 6.12.1
2. Enable puppet on Satellite server.
3. Configure a Puppet client & create 'rexuser'
4. Set effective user to 'rexuser' for Puppet client for remote execution.
5. Invocate the Remote execution from Satellite WebUI as below
  Job category : Puppet
  Job template : Puppet Run Once - Script Default

Actual results:
Puppet run fails with error "puppet: command not found"

Expected results:
Puppet Run should work fine

Additional info:

Comment 1 Sayan Das 2023-02-15 12:18:27 UTC
If I am correct, 

* The issue happened with the non-root user as The PATH env var of the Non-Root user would not have the /opt/puppetlabs/bin and if I am not wrong when satellite SSH to rexuser and sudo to root, It will inherit the PATH var from rexuser 

* So that is why, "puppet: command not found"

* For root user i.e. ( SSH User = root ) it works fine as , The PATH env var of root will have the puppetlabs binary path in it. 


Looking at the code:

https://github.com/theforeman/foreman_remote_execution/blob/master/app/views/templates/script/puppet_run_once.erb


And we export the PATH variable to include the full path of puppet on for Debian only.

<% if @host.operatingsystem.family == 'Debian' -%>
export PATH=/opt/puppetlabs/bin:$PATH
<% end -%>
puppet agent --onetime --no-usecacheonfailure --no-daemonize <%= input("puppet_options") %>


I expect "/etc/profile.d/puppet-agent.sh" to be loaded in OS env when REX stuff happens ( as mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=1527627#c7 ). But perhaps that is not happening for non-root users and due to the same , The easiest way to solve this would be to have the "export PATH" applied for redhat based systems  as well, in the job template. 

( we can simply remove the if clause i guess or add a new one for RedHat )

Comment 2 Adam Ruzicka 2023-02-16 09:52:33 UTC
Could be. There is also a quite high chance that it behaves differently depending on which effective user method you use and whether you use ssh or pull. Hardcoding an extension of PATH would be the easy way out.

Also in the meantime, the customer can fix this for themselves by cloning the template, making the changes in the clone and then assigning that template to puppet_run_host feature.

Comment 3 Sayan Das 2023-02-16 10:00:09 UTC
True. The customer had mentioned that the Ansible-based Puppet run works fine ( even via non-root ssh user ). 

I will ask the engineer the verify with 

* SSH 
* Pull
* Ansible 

And then share the observations here ( via non-root user as SSH user )


About,
~~
Also in the meantime, the customer can fix this for themselves by cloning the template, making the changes in the clone and then assigning that template to puppet_run_host feature.
~~

I believe the end-user is aware of it but he would like to have it fixed via Default Templates only.

Comment 4 Omkar 2023-02-16 11:37:46 UTC
Hi, 

I have done the below tests using "default templates" while "effective_user_method" is sudo.

=========================================================================================================================
Job Category 	        Job Template	                         User	               Error 	              Success
=========================================================================================================================
Puppet	          Puppet Run Once – Script Default	       rexuser	     puppet: command not found	         No
Puppet	          Puppet Run Once – Script Default	         root	              No Error	                 Yes
-------------------------------------------------------------------------------------------------------------------------				
Ansible Puppet	  Puppet Run Once – Ansible Default	       rexuser	  [Errno 2] No such file or directory	 No
Ansible Puppet	  Puppet Run Once – Ansible Default	          root	              No Error	                 Yes
-------------------------------------------------------------------------------------------------------------------------				
Ansible Commands  Run Comman – Ansible Default                 rexuser	    /bin/sh: puppet: command not found	 No
                  (Command # puppet agent -tv)
	
Ansible Commands  Run Comman – Ansible Default                   root	               No Error	                 Yes
                  (Command # puppet agent -tv)	
-------------------------------------------------------------------------------------------------------------------------