Need to replace foreman puppet master to existing puppet server

Problem: Replace Foreman puppet master to existing puppet master server

Expected outcome: Want to use existing puppet master server as Foreman puppet master

Foreman and Proxy versions: Foreman 3.4

Foreman and Proxy plugin versions: Foreman-proxy 3.4

Distribution and version: RHEL 8.7

Other relevant data: I want to replace foreman puppet master to existing puppet master server , Need to know what changes are required to perform the same so i can perform deployment through Foreman UI only.

Simply install the Smart Proxy with the Puppet and Puppet CA on the Puppetserver (you can try run the installation with --noop --dont-save-answers) and register it to Foreman. A problem could only be when you already installed an additional Puppetserver and are using its certificates, so you need to change them to be from the already existing one.

ok here is the scenario :slight_smile:

  1. installed puppet master on standalone server, trying to install foreman-proxy on it as you recommend.
    According to below article from foreman documentation , i assumed that i should create bootstrap certificate for my foreman puppet master server on newly puppet standalone server.

while doing this now i am getting error like
“Error: certificate verify failed [self signed certificate in certificate chain for CN=Puppet Root CA: cba256c141408d]”

I am getting confused with certificate stuff …

This should also work, but would be the other way round as it will use the certificates from the new Puppet server on Foreman for communication.
The error is from the certificate not being in the system’s trust store. Therefore I am not sure if this should be a manual task or done by the installer by some parameter.