Install puppet plugin

Overlord · December 6, 2022, 1:05pm

Problem:
hello. When trying to deploy puppet modules with the command below

foreman-installer --foreman-proxy-puppet true \
--foreman-proxy-puppetca true \
--foreman-proxy-content-puppet true \
--enable-puppet \
--puppet-server true \
--puppet-server-foreman-ssl-ca /etc/pki/katello/puppet/puppet_client_ca.crt \
--puppet-server-foreman-ssl-cert /etc/pki/katello/puppet/puppet_client.crt \
--puppet-server-foreman-ssl-key /etc/pki/katello/puppet/puppet_client.key \
--puppet-server-foreman-url "https://host.domain.ru"

I get an error

2022-12-06 15:30:52 [NOTICE] [configure] 1750 configuration steps out of 1809 steps complete.
2022-12-06 15:30:56 [ERROR ] [configure] Proxy host.domain.ru has failed to load one or more features (Puppet), check /var/log/foreman-proxy/proxy.log for configuration errors
2022-12-06 15:30:56 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[host.domain.ru]/features: change from ["Logs", "Pulpcore"] to ["Logs", "Pulpcore", "Puppet", "Puppet CA"] failed: Proxy host.domain.ru has failed to load one or more features (Puppet), check /var/log/foreman-proxy/proxy.log for configuration errors
2022-12-06 15:30:57 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[host.domain.ru]: Failed to call refresh: Proxy host.domain.ru has failed to load one or more features (Puppet), check /var/log/foreman-proxy/proxy.log for configuration errors
2022-12-06 15:30:57 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[host.domain.ru]: Proxy host.domain.ru has failed to load one or more features (Puppet), check /var/log/foreman-proxy/proxy.log for configuration errors
2022-12-06 15:31:00 [NOTICE] [configure] System configuration has finished.

in proxy.log I see an enumeration of certificates, there are no errors. At the very bottom I see

2022-12-06T15:30:53  [I] WEBrick::HTTPServer#start: pid=13722 port=9090
2022-12-06T15:30:53  [I] Smart proxy has launched on 1 socket(s), waiting for requests
2022-12-06T15:30:55 dad0aa65 [I] Started GET /v2/features
2022-12-06T15:30:55 dad0aa65 [I] Finished GET /v2/features with 200 (390.86 ms)
2022-12-06T15:30:55 dad0aa65 [I] Started GET /v2/features
2022-12-06T15:30:56 dad0aa65 [I] Finished GET /v2/features with 200 (348.65 ms)
2022-12-06T15:30:56 86caf614 [I] Started GET /v2/features
2022-12-06T15:30:56 86caf614 [I] Finished GET /v2/features with 200 (351.38 ms)
2022-12-06T15:30:56 86caf614 [I] Started GET /v2/features
2022-12-06T15:30:57 86caf614 [I] Finished GET /v2/features with 200 (399.09 ms)

to be honest, only such an entry in one of the certificates is confusing in the log file

 X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment

if you look in /etc/pki/katello/puppet/, you can see there that the puppet certificate is signed by the same CA as the katello certificate (when installing the foreman server, I immediately configured https by issuing a self-signed certificate).

Expected outcome:
puppetserver its worked
Foreman and Proxy versions:
3.4
Foreman and Proxy plugin versions:
3.4.0
Distribution and version:
puppetserver7
Other relevant data:

Overlord · December 8, 2022, 8:10am

has no one encountered this?

amccrea · March 13, 2023, 8:31pm

Same exact error as me, can’t enable the Puppet feature (though everything else works), it says check the logs which have no info even on debug mode, with foreman 3.3 (because stuck on cos7). Been debugging this for days and still cannot find any answers to this -_-

amccrea · March 13, 2023, 9:30pm

OMG SOLVED IT!!!

You need to install tfm-rubygem-foreman_puppet from the foremans plugin repo, re-run puppet on your foreman server (so it will do a migration with this new plugin) and then re-run puppet on your puppetmaster.

Here’s how I debugged it:

Disabled every feature except puppet, then I get this slightly more helpful error message:

Error: /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[puppetserver.fqdn]/ensure: change from ‘absent’ to ‘present’ failed: Error making POST request to Foreman at https://foreman.fqdn/api/v2/smart_proxies: Features “puppet” in this proxy are not recognized by Foreman. If these features come from a Smart Proxy plugin, make sure Foreman has the plugin installed too. (corrective)

So I’m looking for a puppet smart proxy plugin…Found another post where they solved this by adding this to their foreman puppet manifest:

foreman::plugin { ‘puppet’:
version => ‘latest’,
}

which installs tfm-rubygem-foreman_puppet from Index of /plugins/3.3/el7/x86_64 or whatever os repo you’re using…it failed silently for me because we set puppet to skip_tags labeled puppet (for reasons).

This places nothing down in /etc/foreman/plugins, hence the confusion.
But once you have that plugin installed, restart foreman and then puppetmaster and then it worked. Hope this helps you @Overlord.

gvde · March 14, 2023, 5:01am

Something it not right here. You wrote in the beginning

which means you must be running on EL8 because 3.4 does not support EL7 anymore…

There is no tfm-rubygem-foreman_puppet in Index of /plugins/3.4/el8/x86_64 only rubygem-foreman_puppet.

So if you really have 3.4 and EL8 you should install rubygem-foreman_puppet. If you actually installed tfm-rubygem-foreman_puppet on 3.4 with EL8, that must be come out of the 3.3 EL7 repository, because that is the last which has it. But of course, you shouldn’t use any EL7 repo on EL8 anyway.

I suggest to check your version and repos, if you really have the correct ones…

amccrea · March 15, 2023, 6:35pm

Ah sorry, Indeed I am not using the same versions as Overlord, I am using foreman 3.3, because our fleet is still centos7.