Foreman without puppetserver


Problem: It’s not possible for me to install Foreman without puppetserver.

foreman-installer --puppet-server=false --puppet-server-ca=false --no-enable-puppet --foreman-proxy-manage-puppet-group=false --scenario katello

Expected outcome: Foreman without puppetserver or at least without puppetserver ca.

Foreman and Proxy versions: Foreman 1.16 + 1.17 . Katello 3.5 + 3.6 .

What can i do to install Foreman without puppetserver?

I ran the command given on a nightly installation which means it should work on an upcoming Katello 3.7 release. Can you give more information on what issue you are running into when trying?

The command exits successfully.
My problem is that it installs puppetserver with puppetserver ca but it shouldn’t, shouldn’t it?

You forgot --foreman-proxy-content-puppet false. That pulls in puppet::server as well. I’ve been thinking about how to improve this situation because it’s not ideal.

1 Like

If i add this options to the command above the installer fails:

‘cpdb --create --schema-only --dbhost=localhost --dbport=5432 --database=candlepin --user=candlepin --password=UUgExy5neRtaiVLr7iD58yKZWbEHvJv9 >> /var/log/candlepin/cpdb.log 2>&1 && touch /var/lib/candlepin/cpdb_done’ returned 1 instead of one of [0]

It seems that it’s necessary to install ‘java-1.8.0-openjdk-headless’ (CentOS 7.5) which would be a dependency for puppetserver package:

Katello installs ‘java-1.7.0-openjdk-headless’.

With the new Java package version this command succeeds (without Puppet as desired):

foreman-installer --puppet-server=false --puppet-server-ca=false --no-enable-puppet --foreman-proxy-manage-puppet-group=false --foreman-proxy-content-puppet=false --foreman-proxy-puppet=false --foreman-proxy-puppetca=false --scenario katello

I’m not allow to attach files but the relevant part from the cpdb.log is i think:

########## ERROR ############
Error running command: liquibase --driver=org.postgresql.Driver --classpath=/usr/share/java/postgresql-jdbc.jar:/var/lib/tomcat/webapps/candlepin/WEB-INF/classes/ --changeLogFile=db/changelog/changelog-create.xml --url=jdbc:postgresql://localhost:5432/candlepin --username=candlepin --password=oZc2cQ552bU3Hfm6CbDzmmf97gVjuuFC --logLevel=severe migrate -Dcommunity=False
Status code: 65280
Command output: Liquibase update Failed: org/postgresql/Driver : Unsupported major.minor version 52.0
SEVERE 06.06.18 12:09:liquibase: org/postgresql/Driver : Unsupported major.minor version 52.0
java.lang.UnsupportedClassVersionError: org/postgresql/Driver : Unsupported major.minor version 52.0

Interesting. We had some discussion about that and we did indeed realize that the 1.7.0 dependency in candlepin didn’t make sense because puppetserver pulled in 1.8.0 which was then used. Didn’t realize it was actually a hard dependency. Looks like we need to update our packaging. Bonus is that we save some space by getting rid of a dependency.

I don’t really understand why is this option (–foreman-proxy-content-puppet) is needed?

This is needed to choose whether to install the certificates for the puppet integration tools (node.rb, reporting). It is ugly and we need a better way to determine this but right now it is implemented in this way. I’m welcoming suggestions for a better place.

I have made an attempt to improve it a bit, please have a look:

FYI - Using the following command on a fresh Centos7 install…

sudo foreman-installer --puppet-server=false --puppet-server-ca=false --no-enable-puppet --foreman-proxy-manage-puppet-group=false --foreman-proxy-content-puppet=false --foreman-proxy-puppet=false --foreman-proxy-puppetca=false --scenario katello

Kept getting an error regarding ‘puppet’ group:

/opt/puppetlabs/puppet/bin/puppet:5:in `<main>'
 /Stage[main]/Foreman_proxy::Config/User[foreman-proxy]/groups: change from  to puppet failed: Could not set groups on user[foreman-proxy]: Execution of '/sbin/usermod -G puppet foreman-proxy' returned 6: usermod: group 'puppet' does not e

After creating an empty group, it sailed away.

sudo groupadd puppet


What a coincidence; I looking at this just last week:

There’s also a default assumption in puppet-foreman but at least that one’s a parameter. When 1.21 RC1 is out I’ll try to smooth it out a bit more and get this in.

This should be default since Katello 3.9.0 (Bug #18806: Duplicate declaration: /etc/foreman-proxy/ssl_key.pem - Katello - Foreman)