Installing Foreman/Katello purely using Puppet and Hiera

Problem: Is is possible to install Foreman/Katello just using the Foreman Puppet modules?

My current error:

Notice: /Stage[main]/Foreman::Register/Foreman_host[foreman-testutil.example.com]/ensure: created (corrective)
Error: Error making PUT request to Foreman at https://testutil.example.com/api/v2/instance_hosts/testutil.example.com: Response: 404 Not Found: The requested resource was not found in Foreman at testutil.example.com
Error: /Stage[main]/Foreman::Register/Foreman_instance_host[foreman-testutil.example.com]/ensure: change from 'absent' to 'present' failed: Error making PUT request to Foreman at https://testutil.example.com/api/v2/instance_hosts/testutil.example.com: Response: 404 Not Found: The requested resource was not found in Foreman at testutil.example.com

Here are the relevant parameters I have set in hiera, based on https://github.com/theforeman/foreman-installer/tree/develop/config:

---

foreman::cli: true
foreman::cli::discovery: true
foreman::cli::katello: true
foreman::cli::remote_execution: true
foreman::cli::tasks: true
foreman::cli::templates: true
foreman::cli::webhooks: true
foreman::compute::libvirt: true
foreman::plugin::bootdisk: true
foreman::plugin::column_view: true
foreman::plugin::default_hostgroup: true
foreman::plugin::discovery: true
foreman::plugin::expire_hosts: true
foreman::plugin::hooks: true
foreman::plugin::host_reports: true
foreman::plugin::monitoring: false
foreman::plugin::openscap: false
foreman::plugin::puppet: false
foreman::plugin::puppetdb: false
foreman::plugin::remote_execution: true
foreman::plugin::remote_execution::cockpit: true
foreman::plugin::setup: true
foreman::plugin::statistics: true
foreman::plugin::tasks: true
foreman::plugin::templates: true
foreman::plugin::virt_who_configure: true
foreman_proxy::plugin::dhcp::infoblox: false
foreman_proxy::plugin::dhcp::remote_isc: false
foreman_proxy::plugin::discovery: true
foreman_proxy::plugin::monitoring: false
foreman_proxy::plugin::reports: false
foreman_proxy::plugin::remote_execution::ssh: false
foreman_proxy::plugin::shellhooks: false
foreman_proxy_content: true
katello: true
puppet: false

localusers::groups:
  puppet:
    ensure: 'present'

repositories::repos:
  epel8:
    ensure: 'present'
    enabled: true
  foreman:
    ensure: 'present'
    enabled: true
    gpgcheck: false
    baseurl: "https://yum.theforeman.org/releases/3.0/el8/$basearch"
  foreman-katello:
    ensure: 'present'
    enabled: true
    gpgcheck: false
    baseurl: "https://yum.theforeman.org/katello/4.2/katello/el8/$basearch"
  foreman-plugins:
    ensure: 'present'
    enabled: true
    gpgcheck: false
    baseurl: "https://yum.theforeman.org/plugins/3.0/el8/$basearch"
  foreman-candlepin:
    ensure: 'present'
    enabled: true
    gpgcheck: false
    baseurl: "https://yum.theforeman.org/katello/4.2/candlepin/el8/$basearch"
  foreman-pulp:
    ensure: 'present'
    enabled: true
    gpgcheck: false
    baseurl: "https://yum.theforeman.org/pulpcore/3.14/el8/$basearch"
  foreman-client:
    ensure: 'absent'
    enabled: false
    gpgcheck: false
    baseurl: ""

apache::mod::prefork::serverlimit: 1024
apache::mod::prefork::maxclients: 1024
apache::mod::prefork::maxrequestsperchild: 4000

postgresql::globals::datadir: '/data01/postgres'
postgresql::globals::version: '12'
postgresql::globals::service_name: "postgresql-%{hiera('postgresql::globals::version')}"
postgresql::globals::initdb_path: "/usr/pgsql-%{hiera('postgresql::globals::version')}/bin/initdb"
postgresql::server:
  config_entries:
    max_connections: 1000
    shared_buffers: '8GB'
    effective_cache_size: '16GB'
    autovacuum_vacuum_cost_limit: 2000
    checkpoint_completion_target: 0.9
    work_mem: '4MB'
    log_line_prefix: '%t '
    log_min_duration_statement: 1000
    log_rotation_size: 200000

apache::mod::ssl::ssl_cipher: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
apache::mod::ssl::ssl_protocol:
  - 'ALL'
  - '-SSLv3'
  - '-TLSv1'
  - '-TLSv1.1'
apache::trace_enable: 'Off'

system_classes:
  - 'foreman'

system_packages:
  nodejs:
    ensure: '16'
    provider: 'dnfmodule'
  ruby:
    ensure: '2.7'
    provider: 'dnfmodule'
  foreman:
    ensure: 'installed'
  foreman-installer:
    ensure: 'installed'
  foreman-installer-katello:
    ensure: 'installed'
  ansible:
    ensure: 'installed'
  python3-pulpcore:
    ensure: 'installed'
  python3-pulp-container:
    ensure: 'installed'

After a lot of fighting with parameters, I’ve almost solved all the errors, and I do get a mostly working instance of Foreman running without having to directly run foreman-installer.

Other information/things I had to correct manually:

localusers::groups:
  puppet:
    ensure: 'present'

Was required because the modules don’t seem to be creating this group for me, despite requiring it?

postgresql::globals::version: '12'
postgresql::globals::service_name: "postgresql-%{hiera('postgresql::globals::version')}"
postgresql::globals::initdb_path: "/usr/pgsql-%{hiera('postgresql::globals::version')}/bin/initdb"

Had to override all of this because it was looking for “postgresql.service” and “/usr/bin/initdb” and error’ing out.

All of this running on AlmaLinux 8.5.

Any assistance in getting the remaining error resolved, and other tips for things I may have missed would be appreciated!

Cheers,
Alex

Does nobody have input on this? I’ve since tried to properly enable Katello and my situation is even worse off.