Installation Advice

Hello,

I have an HA Puppet setup with 2 masters running via SRV records (synced CA
stuff), and PuppetDB with Postgres replication on behind Passenger etc.

We have been using the node classification with the good old <node>.pp file
setup matching with regex's.

Would anyone have any advice on how to "inject" Foreman into this
environment re-using the Postgres setup and potentially making it as HA as
the Puppet setup currently is ?

Thanks
Palu

Ok, let's start with the PuppetDB part -> irrelevant for the problem,
Foreman doesn't do anything to it, but add a trigger so that when you
remove a host in Foreman it'll deactivate the node in PuppetDB too.

http://theforeman.org/manuals/1.5/index.html#3.2.3InstallationScenarios

For the Puppet masters, you should be safe with "Setting up Foreman with
external Puppet masters", and add the Foreman node to the synced CA.

Alternatively you can install a "Foreman server without the Puppet master",
and later on install a smart-proxy in your 2 puppet masters and configure
Foreman to use these. This will allow you to import puppet classes from the
two puppet masters, trigger puppet runs with mcollective/ puppet kick, etc…

After you do that, you'll want to configure your puppet.conf and add the
Foreman reporter, and the ENC script to your Puppet masters so Foreman
gets reports for your hosts, there is some help about that here
Foreman :: Manual and here
Foreman :: Manual

Let us know if this is enough or join us at #theforeman channel on Freenode
IRC if you have questions when you're doing it.

>
> Ok, let's start with the PuppetDB part -> irrelevant for the problem,
> Foreman doesn't do anything to it, but add a trigger so that when you
> remove a host in Foreman it'll deactivate the node in PuppetDB too.
>
> Foreman :: Manual
>
> For the Puppet masters, you should be safe with "Setting up Foreman with
> external Puppet masters", and add the Foreman node to the synced CA.
>
> Alternatively you can install a "Foreman server without the Puppet
> master", and later on install a smart-proxy in your 2 puppet masters and
> configure Foreman to use these. This will allow you to import puppet
> classes from the two puppet masters, trigger puppet runs with mcollective/
> puppet kick, etc…
>
> After you do that, you'll want to configure your puppet.conf and add the
> Foreman reporter, and the ENC script to your Puppet masters so Foreman
> gets reports for your hosts, there is some help about that here
> Foreman :: Manual and here
> Foreman :: Manual
>
> Let us know if this is enough or join us at #theforeman channel on
> Freenode IRC if you have questions when you're doing it.
>
> Sorry no access to IRC from this bunker. Now setup and applied the
directory environments patch (I am on Puppet v3.6.2)

Now as I have a Virtual Name/IP cert in the Puppet certs I am getting this
trying to import via the smart proxy:-
"E, [2014-07-10T14:49:41.232867 #18782] ERROR – : Failed to list puppet
environments: hostname was not match with the server certificate"

The Puppet SSL cert shows:-
/usr/bin/openssl x509 -in /etc/puppet/ssl/certs/puppet3.<domain>.pem -text
-noout | egrep "Subject:|DNS"
DNS:puppet3.<domain>, DNS:vrdevpup003,
DNS:vrdevpup003<domain>, DNS:vrdevpup004, DNS:vrdevpup004<domain>

I have tried but the virtual name, and the actual name of the host in these
settings.yml entries:
:puppet_url:
:puppet_ssl_ca:
:puppet_ssl_cert:
:puppet_ssl_key:

Any ideas ?

Thanks