Hello All,
Im a Katello noob trying to setup Foreman/Katello to replace my Spacewalk Server. My main goals are to perform patch management( getting CentOS errata listed), remote execution, vulnerability scanning, and later down the road, provisioning.
At the moment, Im having issues with my puppet setup. Im an experienced Linux Admin, but have little to no experience with puppet and ansible. Currently, I have a CentOS 7 server running Katello 3.16 and Foreman 2.1. I have fully synced Cent7 repos, A centos7 content view with the repos attached, published and promoted to Development and Production Lifecycles. Ansible is setup and is receiving facts from a CentOS 7 client.
Remote execution is working.
puppet is another matter. Below are all the packages, Foreman plugins and client side packages I installed.
On the server:
foreman 2.1
katello 3.16
puppet 6
yum -y install katello tfm-rubygem-hammer_cli_* foreman-proxy-content
foreman-installer --scenario katello --enable-foreman-plugin-ansible \
--enable-foreman-plugin-bootdisk \
--enable-foreman-plugin-discovery \
--enable-foreman-plugin-hooks \
--enable-foreman-plugin-openscap \
--enable-foreman-plugin-remote-execution \
--enable-foreman-plugin-templates
yum install tfm-rubygem-foreman_ansible tfm-rubygem-smart_proxy_ansible tfm-rubygem-foreman_ansible rubygem-smart_proxy_ansible ansible
foreman-installer --enable-foreman-plugin-ansible --enable-foreman-proxy-plugin-ansible
–enable-foreman-plugin-remote-execution --enable-foreman-proxy-plugin-remote-
execution-ssh
I registered my client as follows:
curl --insecure --output katello-ca-consumer-latest.noarch.rpm https://katelloserver316.localdomain/pub/katello-ca-consumer-latest.noarch.rpm
yum localinstall katello-ca-consumer-latest.noarch.rpm
subscription-manager register --org=“OrgName” --activationkey=“CentOS7_Key”
mkdir /etc/yum.repos.d/old ; mv /etc/yum.repos.d/CentOS-* /etc/yum.repos.d/old; mv /etc/yum.repos.d/epel* /etc/yum.repos.d/old
yum install -y https://yum.theforeman.org/client/2.1/el7/x86_64/foreman-client-release.rpm
yum -y install katello-host-tools katello-host-tools-tracer
When I run hammer puppet-environment list
I get
---|-----------
ID | NAME
---|-----------
1 | production
2 | Production
---|-----------
Ive reinstalled the katello server from scratch a couple of times and followed instructions from the official site as well suggestions from other sites. the last one I followed had me run this as a remote execution job to the client.
yum -y localinstall https://yum.puppet.com/puppet6-release-el-7.noarch.rpm
yum install -y puppet-agent
content=hostname -a
/opt/puppetlabs/puppet/bin/puppet config set --section agent server katelloserver316.localdomain ## katello server hostname
/opt/puppetlabs/puppet/bin/puppet config set --section agent certname ${content}katelloserver316.localdomain
/opt/puppetlabs/puppet/bin/puppet config set --section agent runinterval 1800
/opt/puppetlabs/puppet/bin/puppet config set --section agent environment Production
/opt/puppetlabs/puppet/bin/puppet config set --section agent listen false
/opt/puppetlabs/puppet/bin/puppet config set --section agent report true
/opt/puppetlabs/puppet/bin/puppet config set --section agent usecacheonfailure true
/opt/puppetlabs/puppet/bin/puppet config set --section agent pluginsync true
systemctl enable puppet
systemctl restart puppet
When I ran /opt/puppetlabs/bin/puppet agent -t --server katelloserver316.localdomain I was getting a number of errors, I made some changes to the above codeblock and it then prompted me to sign the cert on the server, which I did. I now get:
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for katelloserver316.localdomain
Info: Certificate Request fingerprint (SHA256): 36:06:41:0D:6C:78:CC:B2:5C:B4:C3:55:F6:AC:F0:BA:08:5F:0A:62:E9:2C:8A:91:A9:EB:42:FA:BB:B6:55:9D
Info: Downloaded certificate for katelloserver316.localdomain from https://katelloserver316.localdomain:8140/puppet-ca/v1
Error: The certificate for ‘CN=katelloserver316.localdomain’ does not match its private key
Error: Could not run: The certificate for ‘CN=katelloserver316.localdomain’ does not match its private key
Not suprisingly the server isnt receiving and puppet facts from the client.
I had a number of issues on previous installs and got puppet errors running puppet remote execution jobs and openscap scans.
I might be able to resolve the cert issue if I tried long enough. But I first want to know if Im on the right track or not. Can anyone suggest the proper way to setup puppet from A- Z on both the client and server, including installing and setting up modules ? Im not overly familiar with GIT either.
Do I even need puppet to reach my desired goals, patch management with centos errata listed, openscap and provisioning of new boxes, if I have ansible installed ?
Thank You