Problem: It’s not possible for me to install Foreman without puppetserver.
foreman-installer --puppet-server=false --puppet-server-ca=false --no-enable-puppet --foreman-proxy-manage-puppet-group=false --scenario katello
Expected outcome: Foreman without puppetserver or at least without puppetserver ca.
Foreman and Proxy versions: Foreman 1.16 + 1.17 . Katello 3.5 + 3.6 .
What can i do to install Foreman without puppetserver?
June 5, 2018, 6:06pm
I ran the command given on a nightly installation which means it should work on an upcoming Katello 3.7 release. Can you give more information on what issue you are running into when trying?
The command exits successfully.
My problem is that it installs puppetserver with puppetserver ca but it shouldn’t, shouldn’t it?
June 6, 2018, 8:12am
--foreman-proxy-content-puppet false. That pulls in
puppet::server as well. I’ve been thinking about how to improve this situation because it’s not ideal.
If i add this options to the command above the installer fails:
‘cpdb --create --schema-only --dbhost=localhost --dbport=5432 --database=candlepin --user=candlepin --password=UUgExy5neRtaiVLr7iD58yKZWbEHvJv9 >> /var/log/candlepin/cpdb.log 2>&1 && touch /var/lib/candlepin/cpdb_done’ returned 1 instead of one of 
It seems that it’s necessary to install ‘java-1.8.0-openjdk-headless’ (CentOS 7.5) which would be a dependency for puppetserver package:
Katello installs ‘java-1.7.0-openjdk-headless’.
With the new Java package version this command succeeds (without Puppet as desired):
foreman-installer --puppet-server=false --puppet-server-ca=false --no-enable-puppet --foreman-proxy-manage-puppet-group=false --foreman-proxy-content-puppet=false --foreman-proxy-puppet=false --foreman-proxy-puppetca=false --scenario katello
I’m not allow to attach files but the relevant part from the cpdb.log is i think:
########## ERROR ############
Error running command: liquibase --driver=org.postgresql.Driver --classpath=/usr/share/java/postgresql-jdbc.jar:/var/lib/tomcat/webapps/candlepin/WEB-INF/classes/ --changeLogFile=db/changelog/changelog-create.xml --url=jdbc:postgresql://localhost:5432/candlepin --username=candlepin --password=oZc2cQ552bU3Hfm6CbDzmmf97gVjuuFC --logLevel=severe migrate -Dcommunity=False
Status code: 65280
Command output: Liquibase update Failed: org/postgresql/Driver : Unsupported major.minor version 52.0
SEVERE 06.06.18 12:09:liquibase: org/postgresql/Driver : Unsupported major.minor version 52.0
java.lang.UnsupportedClassVersionError: org/postgresql/Driver : Unsupported major.minor version 52.0
June 7, 2018, 12:39pm
Interesting. We had some discussion about that and we did indeed realize that the 1.7.0 dependency in candlepin didn’t make sense because puppetserver pulled in 1.8.0 which was then used. Didn’t realize it was actually a hard dependency. Looks like we need to update our packaging. Bonus is that we save some space by getting rid of a dependency.
I don’t really understand why is this option (–foreman-proxy-content-puppet) is needed?
June 20, 2018, 9:53am
This is needed to choose whether to install the certificates for the puppet integration tools (node.rb, reporting). It is ugly and we need a better way to determine this but right now it is implemented in this way. I’m welcoming suggestions for a better place.
June 20, 2018, 10:04am
I have made an attempt to improve it a bit, please have a look:
January 21, 2019, 9:14am
FYI - Using the following command on a fresh Centos7 install…
sudo foreman-installer --puppet-server=false --puppet-server-ca=false --no-enable-puppet --foreman-proxy-manage-puppet-group=false --foreman-proxy-content-puppet=false --foreman-proxy-puppet=false --foreman-proxy-puppetca=false --scenario katello
Kept getting an error regarding ‘puppet’ group:
/Stage[main]/Foreman_proxy::Config/User[foreman-proxy]/groups: change from to puppet failed: Could not set groups on user[foreman-proxy]: Execution of '/sbin/usermod -G puppet foreman-proxy' returned 6: usermod: group 'puppet' does not e
After creating an empty group, it sailed away.
sudo groupadd puppet
January 21, 2019, 10:44am
What a coincidence; I looking at this just last week:
There’s also a default assumption in puppet-foreman but at least that one’s a parameter. When 1.21 RC1 is out I’ll try to smooth it out a bit more and get this in.
This should be default since Katello 3.9.0 (
Bug #18806: Duplicate declaration: /etc/foreman-proxy/ssl_key.pem - Katello - Foreman)