I install foreman on Puppet Server which has 100 Hosts, what the best way to create those Hosts for foreman? Only via API ? because the certfiticates are already signed, so foreman doesnt show those Servers right ?
It depends on what you want to do with the hosts once you have them in Foreman. You could perhaps install Foreman on separate machine and just install the puppet enc script that would send facts for every hosts asking for the resource catalog. Foreman can create hosts based on such information automatically. See Foreman :: Manual for more details. Also this blog post can be interesting in your case. If you already have Foreman on the same machine, you could reconfigure it to use the existing Puppet certificates. The key is the enc script sends the data to Foreman, hosts should start appear then.
What Marek said, plus I recommend the default hostgroup plugin for directly upgrading the hosts to managed hosts and organizing them during import via Puppet report.
I’ll have a close look at blog post, because they dont allow me to install it on new machine! so bevore I make a mistake I have to know what I do.
In that case Foreman will read the Puppet Server certs and create for every one new host right ? but I have to enable the reports for the “old” hosts or I dont need that ?
Thank you so much for the helpful links and informations. @Dirk
I read in another article here, that if we install foreman on exsising puppet server, that the installer pretty much destroys any existing Puppet setup.
I depends on how you do and how much you changed on the puppet server, the thread you linked is quite old and I did it successfully but carefully in the past.
Other strategy working fine is having it on a separate machine which I typically recommend when scale up or high availability is already planned.
Or setup up foreman with a fresh puppet and move the systems.
Foreman does not care that much about client certificates of managed machines. It needs to trust puppet server callback though. The data flows like this:
host -----------> puppet server -----------> foreman
Therefore puppet server callback must trust Foreman’s SSL certificate and must use client certificate that Foreman trusts. The installer by default uses the same CA certificate, which is created by puppet CA.
thank you @Marek_Hulan , do I have to change anything when I run foreman-installer on Puppetserver ? for example to not override/delete my certifications ?
I wish I know, I think if the installer sees the file, it does not override it, but if possible, I’d test first (there’s noop mode which could help seeing what the installer would perform)