Project

General

Profile

Actions

Bug #36207

open

Host Group Puppet Settings are not inherited

Added by Lioh Moeller about 1 year ago. Updated 12 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

When registering a client using the Global Registration template (Hosts / Register new Host), Puppet Settings from the Host Group are not inherited.

There has been a similar issue: https://projects.theforeman.org/issues/32457 but on a fresh installation of Foreman / Katello 3.5/4.7 it still exists.

Steps to reproduce:

1. Fresh installation of Foreman / Katello
2. Create a Host Group and define Environment / Puppet Proxy / Puppet CA Proxy (attached Screenshot fm1.png)
3. Make sure a Host object for the client you want to register does not exist yet. Otherwise, remove it using Hosts / All Hosts, Select Host / Select Action / Delete Host
4. Verify there is no existing SSL Cert for the specific client available on the Puppetserver. Otherwise, delete it on the Foreman Server using: puppetserver ca clean --certname fqdn
5. Remove any existing puppet installation and configuration from the Client you want to register or start with a fresh client: dnf remove puppet, rm -rf /opt/puppetlabs, rm -rf /etc/puppetlabs
6. Set the Global Variable force-puppet to true: Configure / Global Parameters / Create Parameter / Name: force-puppet, Parameter Type: boolean, Value: true (attached screenshot fm2.png)
7. Create a Global Registration Template: Hosts / Register Host. Set Host Group to the previously created one, choose Operating System and Activation Key. Activate Force in Advanced Parameters if the Client has been previously registered. (attached screenshot fm3.png)
8. Use the curl command to register the Client. Instead of piping to bash, use | bash -x for verbose output
9. During registration, the rendered Linux host_init_config default Provisioning template is called using another curl call. You can run this curl again to verify the rendered template and notice that puppet_server, puppet_ca_server and host_puppet_environment are not set, because they are not inherited from the host group.

Example from rendered template:


if [ -f /usr/bin/dnf ]; then
  dnf -y install puppet-agent
else
  yum -t -y install puppet-agent
fi

cat > /etc/puppetlabs/puppet/puppet.conf << EOF
[main]

[agent]
pluginsync      = true
report          = true
certname        = fqdn

EOF

As you can see, host_puppet_ca_server, host_puppet_server and host_puppet_environment are not rendered and the resulting puppet.conf does not work.

Some additional notes:

force-puppet has to be set as the host group parameter host_puppet_server.present is not read correctly. skip-puppet-setup is not set in the environment.

from: Linux host_init_config default

<% if !host_param_true?('skip-puppet-setup') && (host_puppet_server.present? || host_param_true?('force-puppet')) -%>

correctly renderd puppet.conf would look like this:

[main]

[agent]
pluginsync      = true
report          = true
ca_server       = foreman.domain.tld
certname        = fqdn
server          = foreman.domain.tld
environment     = psa_production
EOF

The attached rendered template and the above config has been sanitized. Foreman server has been replaced with foreman.domain.tld and the client with fqdn.


Files

fm1.png View fm1.png 93.2 KB Host Group Settings Lioh Moeller, 03/20/2023 09:59 AM
fm2.png View fm2.png 28.6 KB force-puppet because otherwise puppet snippet is not run Lioh Moeller, 03/20/2023 09:59 AM
fm3.png View fm3.png 98.4 KB Global Registration Template Creation Lioh Moeller, 03/20/2023 09:59 AM
rendered_Linux host_init_config default_during_install_sanitized.txt rendered_Linux host_init_config default_during_install_sanitized.txt 2.57 KB rendered template Lioh Moeller, 03/20/2023 10:00 AM

Related issues 1 (0 open1 closed)

Related to Foreman - Bug #32457: Normally Inherited fields are not inherited upon host registrationClosedActions
Actions #1

Updated by Lioh Moeller about 1 year ago

  • Related to Bug #32457: Normally Inherited fields are not inherited upon host registration added
Actions #2

Updated by Lioh Moeller about 1 year ago

Installation of Katello / Foreman has been done using the following Parameters:

foreman-installer --scenario katello \
--foreman-initial-organization "Library" \
--foreman-initial-location "Zurich" \
--foreman-initial-admin-username admin \
--foreman-initial-admin-password Ochaiw7eelu2 \
--enable-foreman-plugin-remote-execution \
--enable-foreman-proxy-plugin-remote-execution-script \
--enable-foreman-plugin-ansible \
--enable-foreman-proxy-plugin-ansible \
--enable-foreman-plugin-rh-cloud \
--enable-foreman-plugin-puppet \
--enable-foreman-cli-puppet \
--foreman-proxy-puppet true \
--foreman-proxy-puppetca true \
--foreman-proxy-content-puppet true \
--enable-puppet \
--puppet-server true \
--puppet-server-foreman-ssl-ca /etc/pki/katello/puppet/puppet_client_ca.crt \
--puppet-server-foreman-ssl-cert /etc/pki/katello/puppet/puppet_client.crt \
--puppet-server-foreman-ssl-key /etc/pki/katello/puppet/puppet_client.key
Actions #3

Updated by Lioh Moeller 12 months ago

enable-puppet7=true is set as a Global Parameter

Actions

Also available in: Atom PDF