New Foreman 1.23.0 server installs puppet server 6.x and new VMs puppet agent 3.6 which gives certificate chain error. Installing puppet agent 6.9 on the host fixes the cert error.
How do we get foreman to install the right puppet agent version?
Thanks
Assuming you’re doing kickstarts then I’d look for the parameters to enable the puppetlabs repo.
On some of our CentOS systems, installing the puppet package installs Puppet Agent 3.6. By default, Foreman installs the package provided by the OS. As ekohl says, the best solution is to enable the Puppetlabs repo.
On the Puppet Slack channels, some people are saying that the cert issue between Puppet Server 6.x and Puppet Agent 3.6 began recently.
The kickstart default template refers to version 5 and 6 so why is puppet agent 3 getting installed on new hosts?
kickstart default template
<% if puppet_enabled %>
<% if host_param_true?(‘enable-puppetlabs-repo’) || host_param_true?(‘enable-puppetlabs-puppet6-repo’) || host_param_true?(‘enable-puppetlabs-puppet5-repo’) -%>
<%= snippet ‘puppetlabs_repo’ %>
<% end -%>
<%= snippet ‘puppet_setup’ %>
<% end -%>
I believe that code will only activate if you set enable-puppetlabs-repo enable-puppetlabs-puppet6-repo or enable-puppetlabs-puppet5-repo to true, which you would normally do at a OS or Hostgroup level.
Otherwise, the code will skip the snippet ‘puppetlabs_repo’ section and proceed onto snippet ‘puppet_setup’.
Note that I had a similar issue with Ubuntu, which led to some downstream errors that were hard to figure out. See: Foreman vs. puppetlabs::puppet_agent: `he puppet_agent module does not support pre-Puppet 4 upgrades`
Hi
I set operating system parameter to enable-puppetlabs-puppet6-repo true and now puppet agent isnt getting installed at all
I tried this here
Probably because that’s in EPEL.
I tried the OS parameter of enable-puppetlabs-puppet6-repo true and failed to install - no error message found yet just no puppet agent
its not installing puppet agent 3 either so not an EPEL issue I dont think
Probably the known issue in 1.23:
I cant find the kickstart template to edit to add the fix in the the link above. None of the the kickstart templates have this. What template do we edit? - thanks from the link above its only one line to edit
repo_name = ‘puppetlabs-release’
repo_subdir = ‘’
elsif host_param_true?(‘enable-puppetlabs-puppet6-repo’)
repo_name = ‘puppetlabs-release-puppet6’
repo_name = ‘puppet6-release’
repo_subdir = ‘puppet6/’
elsif host_param_true?(‘enable-puppetlabs-puppet5-repo’)
repo_name = ‘puppet5-release’
It’s a snippet.
This the kickstart finish template complete puppet section - still not working no puppet agent installed.
any ideas anyone?
<% if puppet_enabled %>
<% if host_param_true?(‘enable-puppetlabs-repo’) || host_param_true?(‘enable-puppetlabs-puppet6-repo’) || host_param_true?(‘enable-puppetlabs-puppet5-repo’) -%>
<%= snippet ‘puppetlabs_repo’ %>
if host_param_true?(‘enable-puppetlabs-repo’)
repo_name = ‘puppetlabs-release’
repo_subdir = ‘’
elsif host_param_true?(‘enable-puppetlabs-puppet6-repo’)
repo_name = ‘puppet6-release’
repo_subdir = ‘puppet6/’
elsif host_param_true?(‘enable-puppetlabs-puppet5-repo’)
repo_name = ‘puppet5-release’
<% end -%>
<%= snippet ‘puppet_setup’ %>
<% end -%>
What are your host parameters during provisioning?
Host operating system parameters
enable-puppetlabs-puppet6-repo boolean true
Hi
Does the base centos repository need to have the puppet repo installed?
This is the correct current repo install for puppet-agent 6
rpm -Uvh https://yum.puppet.com/puppet6-release-el-7.noarch.rpm
I created an entire new template based on this and still no puppet agent install,
any ideas anyone?
Hi
It is very unclear how to make this change in the community default kickstart template
a little help please
What I am referring to specifically is the template has <% syntax and the patch doesnt