Host went to OUT of Sync state in Foreman

I have installed puppet agent on client machine (ubuntu 14.04) and enabled auto-sign entry in master.
so host has been added to foreman successfully. after some time,host went to Out of Sync state in foreman. I checked the client hostname (FQDN) was not resolving from foreman server, so i have added an entry in /etc/hosts, then it got sorted out. Is there any option in foreman to collect facts using ip addr or mac addr instead hostname because in production almost 1000 clients have to its hard to add an entry everytime in /etc/hosts. Also how to know the reason when host went to out of sync?does it report the reason to foreman?

Just a quick thought … Did you enable the puppet service on the client?
systemctl enable puppet

Or perhaps:
puppet resource service puppet ensure=running enable=true


I do not know whether there is an option to switch catalogue reporting to something based on facts, but I highligh doubt it (afaik, facts are not part of the actual report and are reported seperately). Still, I am somewhat puzzled why DNS resolution on Foreman side should cause this problem. The FQDN is definetly part of the report and that should be enough for Foreman to work with.
For the latter question: The reson is not reported, because there is only one reason for a host to be marked as “out-of-sync”; the host has not sent puppet reports for a configurable amount of time (default 60 minutes iirc, can be configured in Foreman settings). Foreman can not know about the reason because that usually has to be analyzed on the client side.
The solution @jmrice6640 mentioned was also the first thing that came to my mind. Just to be sure, you should definetly check that your host is doing puppet agent runs on a regular basis.


@areyus, thanks for your reply, i have changed out of sync interval time to 35m, now it seems ok.
another thing is i need to get reported by puppet into foreman whenever any packages installed,removed,upgraded and also any changes like services get stopped or started in agent installed machine. How do i get it? Thanks in advance!!


great I could help :slight_smile:
Could you elaborate a bit more what you want to achieve? From what I understand, Puppet might not be the right tool for the job. Sounds more like you are actually looking for some sort of monitoring tool.

Hi @areyus,

I want to achieve to get control of all my ubuntu machines.
1)I want to do patch management, i have to receive an alert in foreman from client to update packages.
2)If any services got restarted,stopped. that should be in report which is sent by agent.
3)I need to restrict users to download and upgrade packages.

Also please justify, what are the reports can we see in foreman?

Would you help me out on this!!
Thanks in advance!!!

I’ll try to answer your questions to my best knowledge.

  1. To my knowlege (and from what I could find with a quick google search) there is currently no official way to do proper patch management for Debian based systems. The katello-agent seems to not be available as deb package.
  2. I am not even sure if there is a proper linux way to determin this after it has happened.
  3. I am not sure what you are talking about here. On the target systems themself, this should be pretty straight forward with sudo rules (apt install/update/upgrade require root permissions). On the Katello side, you could utilize custom roles with the permissions you need. You will have to do some testing here yourself though, since roles and permissions are not that well documented.

4 (reports) ) The reports you recive are puppet reports. See the puppet docs for further information on that toppic.

You could probably work around the limitations of 1) by writing a custom Puppet fact ( again, see Puppet’s docs on this for further information on this toppic. This fact could then be utilized in Foreman/Katello to generate a report on it. Here is a basic documentation on how to use these.

Regarding 2) it sounds like you want some kind of monitoring software. Foreman/Katello and Puppet are not intended as replacements for a monitoring software. Puppet can ensure that certain services are running or stopped, but neither of those tools is designed to monitor changes outside of their configured scope.

Since this does not match the toppic on this thread anymore, if you have more questions, you might want to create a new thread on this to generate attention for this specific toppic. Otherwise peaple who could potentially help with this might not look into this thread.

@areyus, thanks for your inputs, it really helped me to understand better.