This page is deprecated

Overview

Foreman can execute puppetrun on selected hosts
currently foreman will execute puppetrun locally (e.g. from the machine which runs foreman), however it is planned to be able to select from which host puppetrun will be executed.

Note: from Puppet 3 this command is now "puppet kick", but for consistency with old versions, this document will refer to it as "puppetrun".

Requirements

on your clients

in your puppet.conf make sure you have

listen = true

and in your namespaceauth.conf (NOTE: puppet > 2.7 does not read this file anymore but requires it to be present (http://projects.puppetlabs.com/issues/4388) so it can be left empty)

[puppetrunner]
    allow <yourforemanfqdn>

NOTE: in puppet 2.6 and greater, you will also need in your /etc/puppet/auth.conf (above the deny all at the end of the file)

path /run
auth any
method save
allow <yourforemanfqdn>

additionally, if you are behind a firewall, you would need to open tcp port 8139 to the client.

on your foreman server

in foreman settings (More --> Settings), make sure you have puppetrun enabled.

enable sudo for the foreman-proxy user since puppetrun is executed by the foreman-proxy user (puppetrun needs to be able to access your puppet certificates) - e.g:

Defaults:foreman-proxy !requiretty
foreman-proxy ALL = NOPASSWD: /usr/sbin/puppetrun

If you are using Puppet 3.0 or higher, the puppetrun binary has been removed and so the Smart Proxy will use puppet kick. The sudoers entry should be:

Defaults:foreman-proxy !requiretty
foreman-proxy ALL = NOPASSWD: /usr/bin/puppet kick *

Usage

In your host list, you will see a new option "Run", just click on it :)