PuppetThreeWorkarounds

This page details the various fixes for making Foreman work with Puppet 3. If your issue is not listed, please open a bug report on the issue tracker, and detail appropriate workarounds (with link to the bug number) here.

Status

Currently Foreman 1.1 (release candidate) works reliably with Puppet 3. Ensure you update both the Foreman UI and the Smart Proxy.

If you hit any other issues, please let us know on the bug tracker, IRC, or the mailing lists.

Release notes

This should be seamless for most users, but due to changes in how settings are loaded in Puppet 3 there have been a few changes.

sudoers

Foreman installer has been updated, but for other users, ensure sudo rules allow access to /usr/bin/puppet cert * now instead of /usr/sbin/puppetca and /usr/bin/puppet kick * instead of /usr/sbin/puppetrun.

unable to get [:hostcert, :localcacert, :hostprivkey, :storeconfigs] Puppet setting

Instead of calling Puppet as a library (which got more complex with 3.x), Foreman 1.1 calls puppet master --configprint ... to fetch config values. There are two problems with this:

  1. Multiple puppet binaries in $PATH - check that you don't have the puppet gem installed if you're using an RPM or deb, this can interfere. Debug has been improved in 1.1 RC4.
  2. puppet.conf may not be /etc/puppet/puppet.conf, particularly for PE users. Foreman now has to set --config or --confdir in order to make Puppet read the correct config as it doesn't run as root. Ensure that :puppetconfdir is set correctly in config/settings.yaml to either the config directory or puppet.conf itself.

Fixed issues

The develop branch contains fixes for the following issues:

  • uninitialized constant HostObserver (#1872)
  • could not find value for $confdir (Puppet::Settings::InterpolationError) (#1915)
  • report processing seems to work but the summaries are all zero (#1872)
  • cannot view certificates that are present on the proxy
  • cannot import classes, "Attempting to initialize global default settings more than once!" (#1915, #1950)
  • proxy :puppet_conf setting required (#1983)
  • :puppetconfdir setting required (#1994)
  • $vardir interpolation problems (#1994)

Remaining issues

Proxy complains of autosign permissions issues

The current version of Puppet ignores the file permissions settings in puppet.conf. In other words, this doesn't work:

[master]
autosign = /etc/puppet/autosign.conf { mode = 664 }

However, for the moment, it's so broken that puppet will not fix the ownership of the file, so you can run this instead:

chown foreman-proxy:puppet /etc/puppet/autosign.conf

Alternatively, you could try moving it to the [main] section of the puppet.conf, which also seems to fix the problem.

Logged with patch as Puppet issue #17371, will be fixed in Puppet 3.1.0.

#2065: sudoers needs configuring for puppet kick

The Foreman installer needs to configure sudoers for puppet kick instead of puppetrun. See Puppetrun for example configuration.

#2085: proxy not importing first module

When importing classes or environments, the proxy scans through all the modules in the module search path in puppet.conf. With Puppet 3, it isn't initialising correctly and so ignores the first module found - subsequent modules are found. If this is the only module, it won't discover the environment at all.

#1997: facts not importing (unconfirmed)

Issue #1997 reports MySQL errors while importing facts, e.g.

Started POST "/fact_values/create" for xxxxxxxx at Wed Dec 05 16:01:05 +0800 2012
Processing by FactValuesController#create as
Parameters: {"facts"=>"[FILTERED]"}
Failed to import facts: Mysql2::Error: Column 'name' cannot be null: ...