Hello, I have a fresh new Foreman 1.15/Katelo 3.4 installation.
I try to get a smart-proxy working with the puppet master feature, with the puppet CA on the main Foreman server. Problem 1 : when I try to install the smart proxy with the procedure from https://theforeman.org/manuals/1.15/#3.2.3InstallationScenarios section 'Standalone Puppet master', I can't get my smart proxy to communicate with the main server. I get some SSL certs verification failed. So I try the procedure from https://theforeman.org/plugins/katello/3.4/installation/smart_proxy.html, as I have Katello installed. The command I'm using is : foreman-installer \ --scenario foreman-proxy-content\ --foreman-proxy-content-parent-fqdn "$MAINSRV"\ --foreman-proxy-register-in-foreman "true"\ --foreman-proxy-foreman-base-url "https://$MAINSRV"\ --foreman-proxy-trusted-hosts "$MAINSRV"\ --foreman-proxy-trusted-hosts "$CAPSULE"\ --foreman-proxy-oauth-consumer-key "$OCK"\ --foreman-proxy-oauth-consumer-secret "$OCS"\ --foreman-proxy-content-pulp-oauth-secret "$POS"\ --foreman-proxy-content-certs-tar "/root/${CAPSULE}-certs.tar"\ --foreman-proxy-puppetca "false" \ --foreman-proxy-puppet "true" \ --foreman-proxy-tftp "false" \ --foreman-proxy-logs "false" \ --foreman-proxy-templates "false" \ --puppet-server-foreman-url "https://$MAINSRV"; I also provided the keys for the puppet master, from the doc "https://theforeman.org/manuals/1.15/#3.2.3InstallationScenarios";, section 'SSL certificate authority setup' Those keys are not in the certs.tar and if I don't provide them the installer on the smart proxy recreates a puppet CA, I think. Problem 2: during the installation of the packages, I get : Installing : foreman-installer-katello-3.4.2-1.el7.noarch 48/48 warning: %posttrans(foreman-installer-katello-3.4.2-1.el7.noarch) scriptlet failed, exit status 26 Non-fatal POSTTRANS scriptlet failure in rpm package foreman-installer-katello-3.4.2-1.el7.noarch Problem 3 : when I run the command 'foreman-installer', during the first run I get : '/usr/bin/pulp-gen-ca-certificate' returned 1 instead of one of [0] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/errors.rb:106:in `fail' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/exec.rb:164:in `sync' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:236:in `sync' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:134:in `sync_if_needed' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:88:in `block in perform_changes' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:87:in `each' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:87:in `perform_changes' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:21:in `evaluate' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:230:in `apply' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:246:in `eval_resource' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:in `call' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:in `block (2 levels) in evaluate' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:387:in `block in thinmark' /opt/puppetlabs/puppet/lib/ruby/2.1.0/benchmark.rb:294:in `realtime' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:386:in `thinmark' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:in `block in evaluate' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:118:in `traverse' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:154:in `evaluate' /usr/share/gems/gems/kafo-2.0.0/modules/kafo_configure/lib/puppet/parser/functions/add_progress.rb:30:in `evaluate_with_trigger' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:222:in `block in apply' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:155:in `with_destination' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/report.rb:142:in `as_logging_destination' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:221:in `apply' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:171:in `block in apply_catalog' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:224:in `block in benchmark' /opt/puppetlabs/puppet/lib/ruby/2.1.0/benchmark.rb:294:in `realtime' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:223:in `benchmark' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:170:in `apply_catalog' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:343:in `run_internal' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:221:in `block in run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in `override' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:306:in `override' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:195:in `run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:350:in `apply_catalog' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:274:in `block in main' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in `override' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:306:in `override' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:225:in `main' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:170:in `run_command' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:358:in `block in run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:542:in `exit_on_fail' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:358:in `run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:132:in `run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:72:in `execute' /opt/puppetlabs/puppet/bin/puppet:5:in `<main>' /Stage[main]/Pulp::Config/Exec[run pulp-gen-ca]/returns: change from notrun to 0 failed: '/usr/bin/pulp-gen-ca-certificate' returned 1 instead of one of [0] The second run doesn't throw any errors anymore. Problem 4 : I get ca = true in the section '[master]' of /etc/puppetlabs/puppet/puppet.conf though I used the option "--foreman-proxy-puppetca false' Puppet runs against the smart-proxy are failing. Problem 5 : on one of the smart proxies, I get a "Validation failed: Puppet ca proxy does not have the Puppet CA feature" when I try subscription-manager register --org "Default_Organization" I suspect that there is a remnant conf. on the main server due to a previous attempt at installing the smart proxy on which I forgot to disable the Puppet CA feature. But now I don't know how to get past it. Problem 6 : by using the 'foreman-install --scenario ... --foreman-proxy-content-certs-tar ...' command, the one that allows me to get a good communication between the main server and the smart proxies, I don't know how to unselect the pulp content feature. It seems to be mandatory with the scenario. So, how do you do it, or inactivate the pulp feature afterwards ? I'm very confused with the different doc sources : https://theforeman.org/plugins/katello/3.4/installation/smart_proxy.html https://theforeman.org/manuals/1.15/#3.2.3InstallationScenarios https://theforeman.org/manuals/1.15/index.html#4.3.1SmartProxyInstallation I can't find an example with a smart-proxy installation in a Katello context with the puppet master feature and a shared puppet CA. Please enlighten me. What am I doing wrong ? Regards, Louis Coilliot -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
