Hosts out of sync and reporting problem after upgrade to Foreman 3.0.1 ? Katello 4.2.1


Hi, Last week I upgraded our Foreman 2.4.x / Katello 4.0 to version 3.0.1 / 4.2.1 (upgrade was done in 2 steps, first to 2.5.x / 4.1.x).

After this upgrade all hosts, as well the foreman-server himself, are markerd “out of sync”.
Also for all hosts, the “last report” has “5 days ago”.
For a new system that has been provisioned after the upgrade, “last report” is empty.

When I execute “puppet agent -t” on whatever host it works well (Applied catalog in 0.01 seconds).

In the log-file for the puppetserver I also see for each host “[puppetserver] Puppet Compiled catalog for < host-name > in environment production in 0.01 seconds”.

In the UI, the reporting data is of past Friday 2021-12-10, the date the upgrade was done:

However, the facts are well processed for the hosts.
Executing "/etc/puppetlabs/puppet/node.rb < host-name > manually on te foreman-server also works as expected

In the production.log I can see the facts are well processed, however, the config_reports ends in an error.

Anyone who can help me out to get this “out of sync” and “last report” fixed, because I can not find the right solution on the web?

Please let me know if additional info is required.

Thnx in advance.

Expected outcome:

All hosts be in sync and reporting works as expected.

Foreman and Proxy versions:

  • Foreman 3.0.1
  • Katello 4.2.1
  • Puppetserver 6.17.1

Foreman and Proxy plugin versions:

Foreman-proxy 3.0.1

Distribution and version:

CentOS 8.5

Other relevant data:

Some additional info …

foreman-maintain health check results in …

Running ForemanMaintain::Scenario::FilteredScenario
Check number of fact names in database:                               [OK]
Check for verifying syntax for ISP DHCP configurations:               [OK]
Check to verify no empty CA cert requests exist:                      [OK]
Check whether all services are running:                               [OK]
Check whether all services are running using the ping call:           [FAIL]
Couldn't connect to the server: undefined method `to_sym' for nil:NilClass
Continue with step [Restart applicable services]?, [y(yes), n(no)]

Restarting the applicable services does not work.

And ends with following when replying No:

Scenario [ForemanMaintain::Scenario::FilteredScenario] failed.

The following steps ended up in failing state:


Resolve the failed steps and rerun
the command. In case the failures are false positives,
use --whitelist="server-ping"

The problem is very likely that the name of the puppetserver does not match with a smart proxy and it is not configured in the settings as an additional one, which results in the 403 error status.

If you want the puppetserver to be fully integrated install and configure an additional smart proxy . If not just go to the settings and add it there to allow the report upload.

@Dirk ,

We do not have an additional smart-proxy, the foreman-proxy is only active on the foreman-server.

If not just go to the settings and add it there to allow the report upload.

Where can I find this setting or should I add it to?

Thnx for you feedback.

@Dirk ,

If you mention the puppet.conf for the agent on the hosts, it already contains “report = true”!

You can find the setting in Foreman under Administer > Settings on the tab Authentication as “Trusted hosts” which is described as following.

List of hostnames, IPv4, IPv6 addresses or subnets to be trusted in addition to Smart Proxies for access to fact/report importers and ENC output

This is what the error mentions and wants to guide you to, so you just need to add the puppetservers name from the error message here.

@Dirk ,

Thanks, this was the missing config. Reporting works again.


1 Like