Bug #36207
openHost Group Puppet Settings are not inherited
Description
When registering a client using the Global Registration template (Hosts / Register new Host), Puppet Settings from the Host Group are not inherited.
There has been a similar issue: https://projects.theforeman.org/issues/32457 but on a fresh installation of Foreman / Katello 3.5/4.7 it still exists.
Steps to reproduce:
1. Fresh installation of Foreman / Katello
2. Create a Host Group and define Environment / Puppet Proxy / Puppet CA Proxy (attached Screenshot fm1.png)
3. Make sure a Host object for the client you want to register does not exist yet. Otherwise, remove it using Hosts / All Hosts, Select Host / Select Action / Delete Host
4. Verify there is no existing SSL Cert for the specific client available on the Puppetserver. Otherwise, delete it on the Foreman Server using: puppetserver ca clean --certname fqdn
5. Remove any existing puppet installation and configuration from the Client you want to register or start with a fresh client: dnf remove puppet, rm -rf /opt/puppetlabs, rm -rf /etc/puppetlabs
6. Set the Global Variable force-puppet to true: Configure / Global Parameters / Create Parameter / Name: force-puppet, Parameter Type: boolean, Value: true (attached screenshot fm2.png)
7. Create a Global Registration Template: Hosts / Register Host. Set Host Group to the previously created one, choose Operating System and Activation Key. Activate Force in Advanced Parameters if the Client has been previously registered. (attached screenshot fm3.png)
8. Use the curl command to register the Client. Instead of piping to bash, use | bash -x for verbose output
9. During registration, the rendered Linux host_init_config default Provisioning template is called using another curl call. You can run this curl again to verify the rendered template and notice that puppet_server, puppet_ca_server and host_puppet_environment are not set, because they are not inherited from the host group.
Example from rendered template:
if [ -f /usr/bin/dnf ]; then
dnf -y install puppet-agent
else
yum -t -y install puppet-agent
fi
cat > /etc/puppetlabs/puppet/puppet.conf << EOF
[main]
[agent]
pluginsync = true
report = true
certname = fqdn
EOF
As you can see, host_puppet_ca_server, host_puppet_server and host_puppet_environment are not rendered and the resulting puppet.conf does not work.
Some additional notes:
force-puppet has to be set as the host group parameter host_puppet_server.present is not read correctly. skip-puppet-setup is not set in the environment.
from: Linux host_init_config default
<% if !host_param_true?('skip-puppet-setup') && (host_puppet_server.present? || host_param_true?('force-puppet')) -%>
correctly renderd puppet.conf would look like this:
[main]
[agent]
pluginsync = true
report = true
ca_server = foreman.domain.tld
certname = fqdn
server = foreman.domain.tld
environment = psa_production
EOF
The attached rendered template and the above config has been sanitized. Foreman server has been replaced with foreman.domain.tld and the client with fqdn.
Files
Updated by Lioh Moeller over 1 year ago
- Related to Bug #32457: Normally Inherited fields are not inherited upon host registration added
Updated by Lioh Moeller over 1 year ago
Installation of Katello / Foreman has been done using the following Parameters:
foreman-installer --scenario katello \
--foreman-initial-organization "Library" \
--foreman-initial-location "Zurich" \
--foreman-initial-admin-username admin \
--foreman-initial-admin-password Ochaiw7eelu2 \
--enable-foreman-plugin-remote-execution \
--enable-foreman-proxy-plugin-remote-execution-script \
--enable-foreman-plugin-ansible \
--enable-foreman-proxy-plugin-ansible \
--enable-foreman-plugin-rh-cloud \
--enable-foreman-plugin-puppet \
--enable-foreman-cli-puppet \
--foreman-proxy-puppet true \
--foreman-proxy-puppetca true \
--foreman-proxy-content-puppet true \
--enable-puppet \
--puppet-server true \
--puppet-server-foreman-ssl-ca /etc/pki/katello/puppet/puppet_client_ca.crt \
--puppet-server-foreman-ssl-cert /etc/pki/katello/puppet/puppet_client.crt \
--puppet-server-foreman-ssl-key /etc/pki/katello/puppet/puppet_client.key
Updated by Lioh Moeller over 1 year ago
enable-puppet7=true is set as a Global Parameter