Katello Smart Proxy with puppet server only

gvde · April 13, 2021, 3:05pm

I currently have a katello 3.18.2 server which operates a single puppet master. I now wanted to set up another (compiler only) puppet master as smart proxy to take some load from the main server. My idea was to use the normal foreman proxy content installer but disable all content/pulp and the puppet ca (that should remain on the main server). Now I have managed the get the installer run set it pretty much the way I want except for one thing: it’s missing the directory /etc/pki/katello/puppet directory:

# /etc/puppetlabs/puppet/node.rb foreman-puppet.example.com
During fact upload occured an exception: No such file or directory - /etc/pki/katello/puppet/puppet_client.crt
Serving cached ENC: Could not send facts to Foreman: No such file or directory - /etc/pki/katello/puppet/puppet_client.crt
Unable to read from Cache file: No such file or directory - /opt/puppetlabs/server/data/puppetserver/yaml/foreman/foreman-puppet.example.com.yaml

I just can’t figure out what I need to do to get this created with the installer. For the time being I have manually installed the puppet_client RPM from the certs tar and then copied the cert and key from there. But of course, I would rather see this happen automatically… Any idea?

This is my latest foreman-installer options for the smart proxy: (the first part is the output from foreman-proxy-certs-generate on the main server)

foreman-installer \
  --scenario foreman-proxy-content \
  --certs-tar-file                              "/root/foreman-puppet.example.com-certs.tar"\
  --foreman-proxy-content-parent-fqdn           "foreman.example.com"\
  --foreman-proxy-register-in-foreman           "true"\           
  --foreman-proxy-foreman-base-url              "https://foreman.example.com"\
  --foreman-proxy-trusted-hosts                 "foreman.example.com"\
  --foreman-proxy-trusted-hosts                 "foreman-puppet.example.com"\
  --foreman-proxy-oauth-consumer-key            "<key>"\          
  --foreman-proxy-oauth-consumer-secret         "<secret>"\       
  --puppet-server-foreman-url                   "https://foreman.example.com" \
  --foreman-proxy-puppetca                      false \           
  --foreman-proxy-content-enable-puppet         false \
  --foreman-proxy-content-puppet                false \           
  --puppet-server-ca                            false \           
  --certs-update-all                            \                 
  --foreman-proxy-plugin-pulp-enabled           false \           
  --foreman-proxy-plugin-pulp-pulpnode-enabled  false \
  --puppet-ca-server                            https://foreman.example.com \
  --foreman-proxy-templates                     false

Jonathon_Turel · April 13, 2021, 7:46pm

Seems like a valid use case to me but I’m not sure about this area of the installer. My guess is creation of that dir is tied to one of the flags you’ve set to false. Any thoughts @ekohl ?