Bug #16241
closed
Puppet group configured on 'foreman' user without 'puppet' module selected
Description
Running the foreman-installer with only foreman/foreman-cli selected, it will display the following message on the foreman user (missing puppet group);
Main Config Menu
1. [✓] Configure foreman
2. [✓] Configure foreman_cli
3. [✗] Configure foreman_proxy
4. [✗] Configure puppet
5. [✗] Configure foreman_plugin_ansible
6. [✗] Configure foreman_plugin_bootdisk
7. [✗] Configure foreman_plugin_chef
8. [✗] Configure foreman_plugin_cockpit
9. [✗] Configure foreman_plugin_default_hostgroup
10. [✗] Configure foreman_plugin_dhcp_browser
11. [✗] Configure foreman_plugin_digitalocean
12. [✗] Configure foreman_plugin_discovery
13. [✗] Configure foreman_plugin_docker
14. [✗] Configure foreman_plugin_hooks
15. [✗] Configure foreman_plugin_memcache
16. [✗] Configure foreman_plugin_openscap
17. [✗] Configure foreman_plugin_puppetdb
18. [✗] Configure foreman_plugin_remote_execution
19. [✗] Configure foreman_plugin_salt
20. [✓] Configure foreman_plugin_setup
21. [✗] Configure foreman_plugin_tasks
22. [✗] Configure foreman_plugin_templates
23. [✗] Configure foreman_compute_ec2
24. [✗] Configure foreman_compute_gce
25. [✗] Configure foreman_compute_libvirt
26. [✗] Configure foreman_compute_openstack
27. [✗] Configure foreman_compute_ovirt
28. [✗] Configure foreman_compute_rackspace
29. [✗] Configure foreman_compute_vmware
30. [✗] Configure foreman_proxy_plugin_abrt
31. [✗] Configure foreman_proxy_plugin_chef
32. [✗] Configure foreman_proxy_plugin_discovery
33. [✗] Configure foreman_proxy_plugin_dns_powerdns
34. [✗] Configure foreman_proxy_plugin_dynflow
35. [✗] Configure foreman_proxy_plugin_openscap
36. [✗] Configure foreman_proxy_plugin_pulp
37. [✗] Configure foreman_proxy_plugin_remote_execution_ssh
38. [✗] Configure foreman_proxy_plugin_salt
39. Display current config
40. Save and run
41. Cancel run without Saving
Choose an option from the menu... 40
Could not set groups on user[foreman]: Execution of '/usr/sbin/usermod -G puppet foreman' returned 6: usermod: group 'puppet' does not exist
/Stage[main]/Foreman::Config/User[foreman]/groups: change from to puppet failed: Could not set groups on user[foreman]: Execution of '/usr/sbin/usermod -G puppet foreman' returned 6: usermod: group 'puppet' does not exist
Installing Done [100%] [...........................................................................................................]
Something went wrong! Check the log for ERROR-level output
* Foreman is running at https://foreman.public.domain
Initial credentials are admin / dppj5DFRMiXBaWjr
* Foreman Proxy is running at https://foreman.public.domain:8443
* Puppetmaster is running at port 8140
The full log is at /var/log/foreman-installer/foreman.log
As I didn't select any puppet stuff, it doesn't need these rights on this server and should not add the puppet group to the foreman user.
Running on;
CentOS Linux release 7.2.1511 (Core)
puppet-agent-1.5.2-1.el7.x86_64
Updated by Dominic Cleal over 8 years ago
- Category set to Foreman modules
- Status changed from New to Feedback
You will need to set --foreman-user-groups to an empty array (=EMPTY_ARRAY) or to a more appropriate supplementary group instead of 'puppet'. It's usually required for access to certificate files.
Updated by Stefan Heijmans over 8 years ago
The workaround works
foreman-installer -i --foreman-user-groups EMPTY_ARRAY
But the end-user should not specify this himself.
I didn't instruct the foreman-install to install any puppet stuff, so it should know not to add the puppet group to the foreman-user-groups.
Updated by Dominic Cleal over 8 years ago
- Subject changed from Foreman 1.12.1, foreman-installer message on puppet group with only foreman/foreman-cli selected to Puppet group configured on 'foreman' user without 'puppet' module selected
- Status changed from Feedback to New
Defaults of the 'foreman' module require Puppet throughout, disabling the module isn't currently equivalent to specifying an installation without Puppet.
Updated by Dominic Cleal over 8 years ago
- Related to Bug #16319: Install foreman-proxy gives errror on foreman-proxy user with no puppet installed. added
Updated by Ewoud Kohl van Wijngaarden almost 6 years ago
- Related to Bug #26330: Foreman Proxy module is unconditionally assigned to the puppet group added
Updated by Ewoud Kohl van Wijngaarden almost 6 years ago
- Status changed from New to Closed
In the katello scenario we default to an empty array now since that by default already uses different certs. Foreman still defaults to puppet so the default still makes sense.
Updated by Ewoud Kohl van Wijngaarden almost 6 years ago
- Has duplicate Bug #25685: foreman-installer missing puppet group added