This is more of a general question rather than a problem. I’m using Katello for package management and yum repos, however, I wanted to know if there’s a way to disable any unused services within Foreman?
I don’t believe that my build is using puppet in any way – is it possible to disable this on the Katello master and smart proxies if need be?
I looked into this a bit and it appears there is an installer option called ‘–puppet-server’ which appears to take true/false in order to install the puppet server or not.
That might be what you’re looking for! Generally speaking: if you’re not using the puppet server you can disable it (so I just learned myself). Though, the puppet agent needs to remain installed as it’s needed by the Foreman installer.
= Module katello:
–katello-enable-deb Enable debian content plugin (current: true)
–katello-enable-docker Enable docker content plugin (current: true)
–katello-enable-file Enable generic file content management (current: true)
–katello-enable-ostree Enable ostree content plugin, this requires an ostree install (current: false) –katello-enable-puppet Enable puppet content plugin (current: true)
–katello-enable-yum Enable rpm content plugin, including syncing of yum content (current: true)
–katello-proxy-password Proxy password for authentication (current: UNDEF)
–katello-proxy-port Port the proxy is running on (current: UNDEF)
–katello-proxy-url URL of the proxy server (current: UNDEF)
–katello-proxy-username Proxy username for authentication (current: UNDEF)
–katello-pulp-max-speed The maximum download speed per second for a Pulp task, such as a sync. (e.g. “4 Kb” (Uses SI KB), 4MB, or 1GB" ) (current: UNDEF)
–katello-repo-export-dir Directory to create for repository exports (current: “/var/lib/pulp/katello-export”)
Also note that there’s --foreman-proxy-content-puppet false. When you run this on an existing server it will stop managing the service, but it’ll probably keep running unless you disable it. Probably systemctl disable --now puppetserver. It’s also likely that foreman-maintain will start it up if present so you may need to actually use yum remove puppetserver.
# Stop the puppet agent
--puppet-runmode none \
# Unmanage the puppet server
--puppet-server false \
# Inform the foreman proxy this node has no puppet master
--foreman-proxy-puppet false \
# Inform the foreman proxy this node has no puppet ca
--foreman-proxy-puppetca false \
# Do not attempt to install certificates
For the katello server itself you want to add --katello-enable-puppet false as well.
This is from the top of my head. I may have missed some things.
The thread is older, but very useful, so I’ll add to it.
In addition, you have to remove rubygem-hammer_cli_foreman_puppet if it is installed. Otherwise, hammer ping will produce an error.
Even with that removed, foreman-maintain health check still produces an error I am still tracking down:
Check whether all services are running using the ping call: [FAIL]
Couldn’t connect to the server: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
This is despite using an officially signed certificate that works everywhere else in foreman.