Foreman with existing Puppet

Problem:
We have an existing Puppet Master and want to install Foreman on a separate machine. We can get the classes but no nodes.

Expected outcome:
Get the nodes and reports in Foreman

Foreman and Proxy versions:
latest versions as of 06.06.2018(1.17)

You have to include the Foreman as ENC and Reporting into your existing Puppet server.

So it is basically installing the scripts and adjusting the configuration by setting.

[master]
reports = foreman
external_nodes = /etc/puppetlabs/puppet/node.rb
node_terminus = exec

It is the same like the Scenario “Standalone Puppet master” and “Foreman server without the Puppet master” in Foreman :: Manual

1 Like

So you mean I have to edit “/etc/puppetlabs/puppet/puppet.conf” on the puppetserver?
Where do I get the node.rb from?
Do I have to put the dns name in the reports field?

So you mean I have to edit “/etc/puppetlabs/puppet/puppet.conf” on the puppetserver?

Yes, it is required for the full integration.

Where do I get the node.rb from?

Configuration is explained in the Facts and the ENC chapter in Foreman :: Manual which includes download link, configuration of the script and integration in Puppet server.

Do I have to put the dns name in the reports field?

No, it is the report processor. Download link, configuration and integration are in the Puppet Reports chapter of Foreman :: Manual

1 Like

Thank you so far. Now I got the following error?

During the fact upload the server responded with: 403 Forbidden. Error is ignored and the execution continues.
{
  "error": {"message":"Access denied","details":"Missing one of the required permissions: upload_facts"}
}
./node.rb:383: warning: constant ::TimeoutError is deprecated

As you mentioned you can get the classes I assumed you have configured the Puppet server as Smart Proxy in Foreman. Is this assumption correct? If not you are required to add the host as “Trusted puppetmaster hosts” in Administer > Settings > Authentication.

Another potential problem could be certificates if you created a second Puppet CA during Foreman installation as Foreman uses the Certificate infrastructure of Puppet.

You should also look in the log on the Foreman server (/var/log/foreman/production.log), it should have some more details why access was denied.

1 Like

Thank you very much!
Now It is finally working :smiley:
I was missing out on the trusted part

You mean we need to first install foreman-proxy on the puppet server and introduce it to the central Foreman, then following your instruction on the 2nd comment here, right?

there’s not any [master] part in the puppet.conf file of the current version; Do you mean the [main] section?

Yes, the foreman-proxy allows the integration of the puppet server (and with current versions you also need the puppet plugin for Foreman as the support was moved from core to a plugin)

In current puppet versions the section was renamed to [server] if I remember correctly.

1 Like

Is it this package: rubygem-foreman_puppet on Centos/RockuLinux? After installing this package, the Foreman failed to run!

Yes, it is the right package, but better use the foreman-installer to install it as it will do all additional steps needed.