This is more of a general question rather than a problem. I’m using Katello for package management and yum repos, however, I wanted to know if there’s a way to disable any unused services within Foreman?
I don’t believe that my build is using puppet in any way – is it possible to disable this on the Katello master and smart proxies if need be?
Thanks.
I looked into this a bit and it appears there is an installer option[1] called ‘–puppet-server’ which appears to take true/false in order to install the puppet server or not.
That might be what you’re looking for! Generally speaking: if you’re not using the puppet server you can disable it (so I just learned myself). Though, the puppet agent needs to remain installed as it’s needed by the Foreman installer.
Hi Jonathon – thanks!!! I see what you’re saying.
From foreman-installer -h I see the below block:
= Module katello:
–katello-enable-deb Enable debian content plugin (current: true)
–katello-enable-docker Enable docker content plugin (current: true)
–katello-enable-file Enable generic file content management (current: true)
–katello-enable-ostree Enable ostree content plugin, this requires an ostree install (current: false)
–katello-enable-puppet Enable puppet content plugin (current: true)
–katello-enable-yum Enable rpm content plugin, including syncing of yum content (current: true)
–katello-proxy-password Proxy password for authentication (current: UNDEF)
–katello-proxy-port Port the proxy is running on (current: UNDEF)
–katello-proxy-url URL of the proxy server (current: UNDEF)
–katello-proxy-username Proxy username for authentication (current: UNDEF)
–katello-pulp-max-speed The maximum download speed per second for a Pulp task, such as a sync. (e.g. “4 Kb” (Uses SI KB), 4MB, or 1GB" ) (current: UNDEF)
–katello-repo-export-dir Directory to create for repository exports (current: “/var/lib/pulp/katello-export”)
Thanks for your help!
Also note that there’s --foreman-proxy-content-puppet false. When you run this on an existing server it will stop managing the service, but it’ll probably keep running unless you disable it. Probably systemctl disable --now puppetserver. It’s also likely that foreman-maintain will start it up if present so you may need to actually use yum remove puppetserver.
Thank you very much!
Just to re-iterate, the way to disable puppet-server on the fly (after Katello was already installed) is to run:
and for a fresh install, we make sure to disable it using --katelo-enable-puppet false.
How do I check if it’s actively disabled on the server after the fact? I noticed in infrastructure-> smart proxies my Katello server has the following error:
09 Jan 11:21 ERROR Failed to list puppet environments: Connection refused - connect(2)
And ‘puppet’ is still listed as a service after the refresh.
Thanks.
This is incomplete. For a proxy it’s more like
foreman-installer \
# Stop the puppet agent
--puppet-runmode none \
# Unmanage the puppet server
--puppet-server false \
# Inform the foreman proxy this node has no puppet master
--foreman-proxy-puppet false \
# Inform the foreman proxy this node has no puppet ca
--foreman-proxy-puppetca false \
# Do not attempt to install certificates
--foreman-proxy-content-puppet false
For the katello server itself you want to add --katello-enable-puppet false as well.
This is from the top of my head. I may have missed some things.
The thread is older, but very useful, so I’ll add to it.
In addition, you have to remove rubygem-hammer_cli_foreman_puppet if it is installed. Otherwise, hammer ping will produce an error.
Even with that removed, foreman-maintain health check still produces an error I am still tracking down:
Check whether all services are running using the ping call: [FAIL]
Couldn’t connect to the server: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
This is despite using an officially signed certificate that works everywhere else in foreman.
For current foreman/katello versions it’s best to use the purge-puppet command which should take care of everything: Configuring Hosts Using Puppet
Thank you, that worked.
The health check failure turned out to be unrelated and caused by the issue described here: Foreman-maintain health check fails - #16 by kkeane