Now I succeeded performing a all-in-one on a single dual nic server Foreman and it’s Smart Proxies, I’m trying to do the other way around :
I still want pxe, tfp, dhcp, dns managed by Foreman + to be able to run some Ansible playbooks or Puppet manifests on hosts once installed to further configure them. But I’d like to try the official single nic approach :
Reminder : my unattended hosts are on a private non-routed network
So I’m installing 3 components :
- one dual nic (one on a public routed network, one on a private non-routed subnet) server with foreman server only
- one server for pxe, tftp, dhcp,dns smart proxies (single nic on the private non-routed subnet)
- one server for puppet/puppet CA smart proxies (single nic on the private non-routed subnet)
[I first had to replicate locally foreman and puppet rpm mirrors and had to setup the repo manually to point to my repos].
Here are my concerns :
Am I right thinking, foreman-installer beeing basically just Puppet classes/modules, that it is run by a puppet-agent and that this puppet-agent needs to get its catalog from a puppet master : in my case, what would be the puppet-master : would it be the same puppet-server as the puppet smart-proxy in 3) or do I have to have a puppet master on each host I run the installer on ?
I did install 1) with :
and it worked
- I then copied the cert and ca files from the foreman server to the other servers :
I don’t know if this makes any sense. Documentation says that obviouly a certificte is needed for the server <-> proxie communication but I didn’t see any details
- I did install 2) with :
--no-enable-foreman \ --no-enable-foreman-cli \ --no-enable-foreman-plugin-bootdisk \ --no-enable-foreman-plugin-setup \ --no-enable-puppet \ --enable-foreman-proxy \ --foreman-proxy-dhcp=true \ --foreman-proxy-dhcp-managed=true \ --foreman-proxy-dhcp-interface=eth0 \ --foreman-proxy-dhcp-subnets="192.168.10.0/24" \ --foreman-proxy-dhcp-gateway="192.168.10.10" \ --foreman-proxy-dhcp-range="192.168.10.200 192.168.10.210" \ --foreman-proxy-tftp=true \ --foreman-proxy-tftp-managed=true \ --foreman-proxy-dns=true \ --foreman-proxy-dns-managed=true \ --foreman-proxy-dns-interface=eth0 \ --foreman-proxy-dns-reverse=10.168.192.in-addr.arpa \ --foreman-proxy-dns-forwarders="18.104.22.168" \ --foreman-proxy-dns-forwarders="22.214.171.124" \ --foreman-proxy-bmc=true \ --foreman-proxy-foreman-base-url=https://foreman.dev.cluster.pasteur.fr \ --foreman-proxy-trusted-hosts=foreman.dev.cluster.pasteur.fr \ [+ oauth related arguments]
But it ended with the following error :
/Stage[main]/Foreman_proxy::Config/User[foreman-proxy]/groups: change from to 'named,puppet' failed: Could not set groups on user[foreman-proxy]: Execution of '/sbin/usermod -G named,puppet foreman-proxy' returned 6: usermod: group 'puppet' does not exist
I saw similar issues but dating from 2016…
What did I do wrong ?