Katello - Disable Puppet?

katello

#1

This is more of a general question rather than a problem. I’m using Katello for package management and yum repos, however, I wanted to know if there’s a way to disable any unused services within Foreman?

I don’t believe that my build is using puppet in any way – is it possible to disable this on the Katello master and smart proxies if need be?

Thanks.


#2

I looked into this a bit and it appears there is an installer option[1] called ‘–puppet-server’ which appears to take true/false in order to install the puppet server or not.

That might be what you’re looking for! Generally speaking: if you’re not using the puppet server you can disable it (so I just learned myself). Though, the puppet agent needs to remain installed as it’s needed by the Foreman installer.

[1] Foreman :: Manual


#3

Hi Jonathon – thanks!!! I see what you’re saying.

From foreman-installer -h I see the below block:

= Module katello:
–katello-enable-deb Enable debian content plugin (current: true)
–katello-enable-docker Enable docker content plugin (current: true)
–katello-enable-file Enable generic file content management (current: true)
–katello-enable-ostree Enable ostree content plugin, this requires an ostree install (current: false)
–katello-enable-puppet Enable puppet content plugin (current: true)
–katello-enable-yum Enable rpm content plugin, including syncing of yum content (current: true)
–katello-proxy-password Proxy password for authentication (current: UNDEF)
–katello-proxy-port Port the proxy is running on (current: UNDEF)
–katello-proxy-url URL of the proxy server (current: UNDEF)
–katello-proxy-username Proxy username for authentication (current: UNDEF)
–katello-pulp-max-speed The maximum download speed per second for a Pulp task, such as a sync. (e.g. “4 Kb” (Uses SI KB), 4MB, or 1GB" ) (current: UNDEF)
–katello-repo-export-dir Directory to create for repository exports (current: “/var/lib/pulp/katello-export”)

Thanks for your help!


#4

Also note that there’s --foreman-proxy-content-puppet false. When you run this on an existing server it will stop managing the service, but it’ll probably keep running unless you disable it. Probably systemctl disable --now puppetserver. It’s also likely that foreman-maintain will start it up if present so you may need to actually use yum remove puppetserver.


#5

Thank you very much!


#6

Just to re-iterate, the way to disable puppet-server on the fly (after Katello was already installed) is to run:

  1. foreman-installer --foreman-proxy-content-puppet false
  2. systemctl disable --now puppetserver
  3. yum remove puppetserver

and for a fresh install, we make sure to disable it using --katelo-enable-puppet false.

How do I check if it’s actively disabled on the server after the fact? I noticed in infrastructure-> smart proxies my Katello server has the following error:

09 Jan 11:21 ERROR Failed to list puppet environments: Connection refused - connect(2)

And ‘puppet’ is still listed as a service after the refresh.

Thanks.


#7

This is incomplete. For a proxy it’s more like

foreman-installer \
  # Stop the puppet agent
  --puppet-runmode none \
  # Unmanage the puppet server
  --puppet-server false \
  # Inform the foreman proxy this node has no puppet master
  --foreman-proxy-puppet false \
  # Inform the foreman proxy this node has no puppet ca
  --foreman-proxy-puppetca false \
  # Do not attempt to install certificates
  --foreman-proxy-content-puppet false

For the katello server itself you want to add --katello-enable-puppet false as well.

This is from the top of my head. I may have missed some things.