• scenario: I inherited the admin of a foreman installation, with stuff all documentation from its previous admin. I’m learning on my feet, slowly, as i go along so if anything that follows seems daft, or Foreman 101, that’s why.

Ive done a bit more reading and background and have ended up trying to just install on a nice fresh vanilla rhel8 build unregistered to redhat.

Problem:
Trying to install foreman on a brand spanking new RHEL8 system registered to redhat
following install instructions at Quickstart Guide for Foreman with Katello on RHEL/CentOS

The installation fails with

dnf module enable katello:el9 pulpcore:el9

Updating Subscription Management repositories.
Puppet 7 Repository el 9 - x86_64 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository ‘puppet7’:

• Curl error (56): Failure when receiving data from the peer for http://yum.puppet.com/puppet7/el/9/x86_64/repodata/repomd.xml [Recv failure: Connection reset by peer]
  Error: Failed to download metadata for repo ‘puppet7’: Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

Expected outcome:
successful completion of foreman installation as per those foreman install directions etc

Foreman and Proxy versions:
foreman-release-3.4.1-1.el8.noarch

Foreman and Proxy plugin versions:
Dont know how to ascertain that

Distribution and version:
Dont know how to ascertain that

Other relevant data:
N/A

all and any help, pointers, advice gratefully received, but merely saying “go away and read about it” doesnt solve my predicament ie the official install instructions don’t work.

I will get to this tomorrow, sorry for the delay.

Are you sure you’re reading the correct documentation for Foreman version 3.4? The dnf module command you posted refers to the “el9” as in RHEL 9 which is required from Foreman version 3.12, I believe? The document you linked that you followed doesn’t have the el9 mentioned anywhere. Please, double check that you’re on the correct version of the documentation in the top right corner of the page.

Good luck!

Note: Maybe you should consider upgrading to the latest supported version of Foreman with Katello. You can only upgrade one minor version at a time. No jumping over any of them or you can face major issues and broken installation. Pay attention to the jump from RHEL 8 to RHEL 9 at version 3.12. There is in-place upgrade guide available too.

Posted in the EL8 thread, I was able to get that package installed but did have some questions that may help with the debugging

I was able to pull down the package fine:

[root@foreman9 ~]# dnf install https://yum.puppet.com/puppet8-release-el-9.noarch.rpm
Updating Subscription Management repositories.
Foreman 3.14                                                                                                                4.1 MB/s | 1.5 MB     00:00
Foreman plugins 3.14                                                                                                        8.5 MB/s | 2.0 MB     00:00
Last metadata expiration check: 0:00:01 ago on Wed 04 Jun 2025 02:15:26 PM EDT.
puppet8-release-el-9.noarch.rpm                                                                                              31 kB/s | 9.3 kB     00:00
Dependencies resolved.
============================================================================================================================================================
 Package                                  Architecture                    Version                               Repository                             Size
============================================================================================================================================================
Installing:
 puppet8-release                          noarch                          1.0.0-10.el9                          @commandline                          9.3 k

Transaction Summary
============================================================================================================================================================
Install  1 Package

Are you using a proxy in between the Foreman install and the Puppet repo that could be causing an issue with SSL or a caching issue? Is the time correct on the system as well?

If you try to manually make the Puppet repo with the following contents in /etc/yum.repos.d/puppet. Repo

[puppet8]
name=Puppet 8 Repository el 9 - $basearch
baseurl=http://yum.puppet.com/puppet8/el/9/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppet8-release
enabled=1
gpgcheck=1

Does it work when you run yum clean all ; dnf repolist -v

sorry all - I got side-tracked / pulled away to another project. back on the horse now.

Ill follow up with some of your suggestions and help above later - many thanks.

OK. So - vanilla redhat 9 install.
suitable diskspace and memory configured.

Following “latest release” install on rhel9
https://www.theforeman.org/manuals/3.15/quickstart_guide.html

[yum.repos.d]# ls
epel-cisco-openh264.repo epel.repo epel-testing.repo redhat.repo

[yum.repos.d]# dnf -y install https://yum.puppet.com/puppet8-release-el-9.noarch.rpm

dnf -y install https://yum.puppet.com/puppet8-release-el-9.noarch.rpm

Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use “rhc” or “subscription-manager” to register.

Last metadata expiration check: 2:48:32 ago on Thu 26 Jun 2025 13:34:39 BST.
puppet8-release-el-9.noarch.rpm 60 kB/s | 9.3 kB 00:00
Dependencies resolved.
=======================================================================

• Package Architecture Version Repository Size*
  =======================================================================
  Installing:
• puppet8-release noarch 1.0.0-10.el9 @commandline 9.3 k*

Transaction Summary
=======================================================================
Install 1 Package

Total size: 9.3 k
Installed size: 3.3 k
Downloading Packages:
Running transaction check
Invalid tsflag in config file: repackage
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction

• Preparing : 1/1*
• Installing : puppet8-release-1.0.0-10.el9.noarch 1/1*
• Verifying : puppet8-release-1.0.0-10.el9.noarch 1/1*
  Installed products updated.

Installed:

• puppet8-release-1.0.0-10.el9.noarch*

Complete!

[/ yum.repos.d]# ls
epel-cisco-openh264.repo epel.repo epel-testing.repo puppet8-release.repo redhat.repo

[yum.repos.d]# cat puppet8-release.repo
[puppet8]
name=Puppet 8 Repository el 9 - $basearch
baseurl=http://yum.puppet.com/puppet8/el/9/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppet8-release
enabled=1
gpgcheck=1

BUT then…

[yum.repos.d]# dnf -y install https://yum.theforeman.org/releases/3.15/el9/x86_64/foreman-release.rpm

Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use “rhc” or “subscription-manager” to register.

Puppet 8 Repository el 9 - x86_64 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository ‘puppet8’:

• • Curl error (56): Failure when receiving data from the peer for http://yum.puppet.com/puppet8/el/9/x86_64/repodata/repomd.xml [Recv failure: Connection reset by peer]*
    Error: Failed to download metadata for repo ‘puppet8’: Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

sigh…

and as a test I can run curl http://yum.puppet.com/puppet8/el/9/x86_64/repodata/repomd.xml and it works fine.

double sigh

anyone any ideas?

cheers

Ian

and from an earlier suggestion (thanks cintrix84)

my puppet repo file is the same as suggested above, but trying “both” ie as installed and as copy and pasted above I get the same answer…

yum clean all ; dnf repolist -v

Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use “rhc” or “subscription-manager” to register.

16 files removed
Loaded plugins: builddep, changelog, config-manager, copr, debug, debuginfo-install, download, generate_completion_cache, groups-manager, needs-restarting, playground, product-id, repoclosure, repodiff, repograph, repomanage, reposync, subscription-manager, system-upgrade, uploadprofile
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use “rhc” or “subscription-manager” to register.

DNF version: 4.14.0
cachedir: /var/cache/dnf
Extra Packages for Enterprise Linux 9 - x86_64 17 MB/s | 20 MB 00:01
Extra Packages for Enterprise Linux 9 openh264 (From Cisco) - x86_64 2.2 kB/s | 2.5 kB 00:01
Puppet 8 Repository el 9 - x86_64 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository ‘puppet8’:

• • Curl error (56): Failure when receiving data from the peer for http://yum.puppet.com/puppet8/el/9/x86_64/repodata/repomd.xml [Recv failure: Connection reset by peer]*
    Error: Failed to download metadata for repo ‘puppet8’: Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

and I suppose a secondary question might be - has anybody actually successfully installed foreman on rhel recently ?

Please use preformatted text i.e. ``` for any shell output in the line before and after. Otherwise it’s really hard to read.

Can you please run curl and post the command and output:

# curl -v 'http://yum.puppet.com/puppet8/el/9/x86_64/repodata/repomd.xml' > /dev/null

as well as the dnf config:

# dnf config-manager --dump

curl -v ‘http://yum.puppet.com/puppet8/el/9/x86_64/repodata/repomd.xml’ > /dev/null

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0* Trying 18.244.164.90:80…

• Connected to yum.puppet.com (18.244.164.90) port 80 (#0)

GET /puppet8/el/9/x86_64/repodata/repomd.xml HTTP/1.1
Host: yum.puppet.com
User-Agent: curl/7.76.1
Accept: /

• Mark bundle as not supporting multiuse
  < HTTP/1.1 200 OK
  < Content-Type: application/octet-stream
  < Content-Length: 2626
  < Connection: keep-alive
  < Last-Modified: Wed, 09 Apr 2025 02:09:27 GMT
  < x-amz-version-id: b5yfG4VIazXs2nkbRtxORkxRHZ_vg2Wh
  < Server: AmazonS3
  < Date: Fri, 27 Jun 2025 13:50:44 GMT
  < Cache-Control: no-cache
  < ETag: “c2781519a42886712b633d06be5a58bc”
  < X-Cache: RefreshHit from cloudfront
  < Via: 1.1 04cb9a524a2f5b52f2abb84002971492.cloudfront.net (CloudFront)
  < X-Amz-Cf-Pop: LHR50-P8
  < Alt-Svc: h3=“:443”; ma=86400
  < X-Amz-Cf-Id: JExGNOJNZC6teSbjvl9jj_D3-b3IzNKWSY0wpEI8ZqndJ3LCmm_TjA==
  <
  { [2626 bytes data]
  100 2626 100 2626 0 0 6820 0 --:–:-- --:–:-- --:–:-- 6820
• Connection #0 to host yum.puppet.com left intact

I confess I dont know what you mean by using three back ticks but I’ll try it :
The dnf config-manager dump output is as follows

# dnf config-manager --dump
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.

=================================================================================================================== main ====================================================================================================================
[main]
allow_vendor_change = 1
assumeno = 0
assumeyes = 0
autocheck_running_kernel = 1
bandwidth = 0
best = 1
bugtracker_url = https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=dnf
cachedir = /var/cache/dnf
cacheonly = 0
check_config_file_age = 1
clean_requirements_on_remove = 1
color = auto
color_list_available_downgrade = magenta
color_list_available_install = bold,cyan
color_list_available_reinstall = bold,underline,green
color_list_available_upgrade = bold,blue
color_list_installed_extra = bold,red
color_list_installed_newer = bold,yellow
color_list_installed_older = yellow
color_list_installed_reinstall = cyan
color_search_match = bold,magenta
color_update_installed = red
color_update_local = green
color_update_remote = bold,green
config_file_path = /etc/dnf/dnf.conf
countme = 0
debug_solver = 0
debuglevel = 2
defaultyes = 0
deltarpm = 1
deltarpm_percentage = 75
disable_excludes =
diskspacecheck = 1
enabled = 1
enablegroups = 1
errorlevel = 3
exclude =
exclude_from_weak =
exclude_from_weak_autodetect = 1
excludepkgs =
exit_on_lock = 0
fastestmirror = 0
gpgcheck = 1
gpgkey_dns_verification = 0
group_package_types = mandatory, default, conditional
history_list_view = commands
history_record = 1
history_record_packages = dnf, rpm
ignorearch = 0
includepkgs =
install_weak_deps = 1
installonly_limit = 3
installonlypkgs = kernel, kernel-PAE, installonlypkg(kernel), installonlypkg(kernel-module), installonlypkg(vm), multiversion(kernel)
installroot = /
ip_resolve = whatever
keepcache = 0
localpkg_gpgcheck = 0
log_compress = 0
log_rotate = 4
log_size = 1048576
logdir = /var/log
logfilelevel = 9
max_downloads_per_mirror = 3
max_parallel_downloads = 3
metadata_expire = 172800
metadata_timer_sync = 10800
minrate = 1000
module_obsoletes = 0
module_stream_switch = 0
multilib_policy = best
obsoletes = 1
password =
persistdir = /var/lib/dnf
persistence = auto
pluginconfpath = /etc/dnf/plugins
pluginpath = /usr/lib/python3.9/site-packages/dnf-plugins
plugins = 1
protect_running_kernel = 1
protected_packages = dnf, redhat-release, setup, dnf, systemd, systemd-udev, grub2-tools-minimal, grub2-efi-x64, yum, sudo, redhat-release, setup, dnf, systemd, systemd-udev, grub2-tools-minimal, grub2-efi-x64, yum, sudo
proxy =
proxy_auth_method = any
proxy_sslcacert =
proxy_sslclientcert =
proxy_sslclientkey =
proxy_sslverify = 1
recent = 7
repo_gpgcheck = 0
reposdir = /etc/yum.repos.d, /etc/yum/repos.d, /etc/distro.repos.d
reset_nice = 1
retries = 10
rpmverbosity = info
showdupesfromrepos = 0
skip_broken = 0
skip_if_unavailable = 0
sslcacert =
sslclientcert =
sslclientkey =
sslverify = 1
sslverifystatus = 0
strict = 1
system_cachedir = /var/cache/dnf
throttle = 0
timeout = 30
transformdb = 1
tsflags = repackage
upgrade_group_objects_upgrade = 1
user_agent = libdnf (Red Hat Enterprise Linux 9.6; generic; Linux.x86_64)
username =
varsdir = /etc/yum/vars, /etc/dnf/vars
zchunk = 1

That’s really odd. The only thing I can think of would be a firewall which inspects the traffic and doesn’t like it. As dnf uses different headers then curl that may explain the difference.

You could try to set the repo to https, i.e. change the line

 baseurl=http://yum.puppet.com/puppet8/el/9/$basearch

to

 baseurl=https://yum.puppet.com/puppet8/el/9/$basearch

in the repo file. That way, the firewall may not inspect the traffic and let it pass…

and… gvde is bang on. various tests did indeed eventually show that networks hadn’t opened port 80 despite being asked to and confirming they had some while ago.

Thanks all for you help - this thread is now closed.

Though I may be opening another as now I’ve managed to run

dnf -y install https://yum.puppet.com/puppet8-release-el-9.noarch.rpm
dnf -y install https://yum.theforeman.org/releases/3.15/el9/x86_64/foreman-release.rpm
dnf -y install foreman-installer
foreman-installer 

I now get a load of fails that look like prerequisites that Foreman :: Quickstart doesn’t mention.

So Ill need to find a fuller install manual!

didds