Dhcp/dns only foreman-proxy : group 'puppet' does not exist


Now I succeeded performing a all-in-one on a single dual nic server Foreman and it’s Smart Proxies, I’m trying to do the other way around :

I still want pxe, tfp, dhcp, dns managed by Foreman + to be able to run some Ansible playbooks or Puppet manifests on hosts once installed to further configure them. But I’d like to try the official single nic approach :

Reminder : my unattended hosts are on a private non-routed network

So I’m installing 3 components :

  1. one dual nic (one on a public routed network, one on a private non-routed subnet) server with foreman server only
  2. one server for pxe, tftp, dhcp,dns smart proxies (single nic on the private non-routed subnet)
  3. one server for puppet/puppet CA smart proxies (single nic on the private non-routed subnet)

[I first had to replicate locally foreman and puppet rpm mirrors and had to setup the repo manually to point to my repos].

Here are my concerns :

  • Am I right thinking, foreman-installer beeing basically just Puppet classes/modules, that it is run by a puppet-agent and that this puppet-agent needs to get its catalog from a puppet master : in my case, what would be the puppet-master : would it be the same puppet-server as the puppet smart-proxy in 3) or do I have to have a puppet master on each host I run the installer on ?

  • I did install 1) with :

foreman-installer --no-enable-foreman-proxy

and it worked

  • I then copied the cert and ca files from the foreman server to the other servers :

I don’t know if this makes any sense. Documentation says that obviouly a certificte is needed for the server <-> proxie communication but I didn’t see any details

  • I did install 2) with :
    --no-enable-foreman \
    --no-enable-foreman-cli \
    --no-enable-foreman-plugin-bootdisk \
    --no-enable-foreman-plugin-setup \
    --no-enable-puppet \
    --enable-foreman-proxy \
    --foreman-proxy-dhcp=true \
    --foreman-proxy-dhcp-managed=true \
    --foreman-proxy-dhcp-interface=eth0 \
    --foreman-proxy-dhcp-subnets="" \
    --foreman-proxy-dhcp-gateway="" \
    --foreman-proxy-dhcp-range="" \
    --foreman-proxy-tftp=true \
    --foreman-proxy-tftp-managed=true \
    --foreman-proxy-dns=true \
    --foreman-proxy-dns-managed=true \
    --foreman-proxy-dns-interface=eth0 \
    --foreman-proxy-dns-reverse=10.168.192.in-addr.arpa \
    --foreman-proxy-dns-forwarders="" \
    --foreman-proxy-dns-forwarders="" \
    --foreman-proxy-bmc=true \
    --foreman-proxy-foreman-base-url=https://foreman.dev.cluster.pasteur.fr \
    --foreman-proxy-trusted-hosts=foreman.dev.cluster.pasteur.fr \
    [+ oauth related arguments]

But it ended with the following error :

/Stage[main]/Foreman_proxy::Config/User[foreman-proxy]/groups: change from  to 'named,puppet' failed: Could not set groups on user[foreman-proxy]: Execution of '/sbin/usermod -G named,puppet foreman-proxy' returned 6: usermod: group 'puppet' does not exist

I saw similar issues but dating from 2016…

What did I do wrong ?