Preinstalled Puppet version

Problem: Current Foreman setup installs Puppet from Ubuntu repos (depending on Ubuntu version it is Puppet version <= 5.5.6) by default after the OS is installed.

Expected outcome: Since we want to use newer Puppet versions it is required to add the Puppet5 (or later 6) repo to be able to install >= 5.5.7 while installing a host.

Foreman and Proxy versions: 1.21

Question: How can I change Foremans workflow (stop installing package puppet from Ubuntu repo) and add the official Puppet repo to install puppet-agent instead?
Can somebody point me in the right direction?

Can you clarify what you’re trying to install? If you mean to use foreman-installer then it should automatically use (and prefer) puppet-agent when it’s available. Just adding the repository + apt update should suffice.

And if you mean during provisioning, there are parameters like enable-puppetlabs-puppet5-repo you can set to get a specific repository enabled and Puppet version installed. Just have a look into the header of the provisioning templates used for all parameters used by the template.

I want to install a specific version of puppet-agent. Currently the package puppet is being installed in every installation. And it is taken from the official Ubuntu repositories. But this version is too old.
So in my understanding I have to add the official Puppet repo in a template and have to install the package puppet-agent instead of puppet.

In the provisioning template that is used in the operating system Ubuntu Bionic is no entry like enable-puppetlabs-puppet5-repo. But there is a separate template called puppetlabs_repo

Do I have to port that into my used template?

I forgot that for Preseed it is included in the finish template instead of provisioning because of Preseed not being able to include a script directly. So no need to port it, it is the same parameter only a small difference in the way it is used.

That’s the finish template the OS is using:

kind: finish
name: Preseed default finish
model: ProvisioningTemplate
- Debian
- Ubuntu
  # safemode renderer does not support unary negation
  pm_set = @host.puppetmaster.empty? ? false : true
  puppet_enabled = pm_set || host_param_true?('force-puppet')
  salt_enabled = host_param('salt_master') ? true : false
  chef_enabled = @host.respond_to?(:chef_proxy) && @host.chef_proxy

<% subnet = @host.subnet -%>
<% if subnet.respond_to?(:dhcp_boot_mode?) -%>
<% dhcp = subnet.dhcp_boot_mode? && !@static -%>
<% else -%>
<% dhcp = !@static -%>
<% end -%>
<% unless dhcp -%>
# host and domain name need setting as these values may have come from dhcp if pxe booting
/bin/sed -i "s/^search.*$/search <%= @host.domain %>/g" /etc/resolv.conf
/bin/sed -i "s/.*dns-search.*/\tdns-search <%= @host.domain %>/g" /etc/network/interfaces
/bin/sed -i "s/^<%= @host.ip %>.*/<%= @host.ip %>\t<%= @host.shortname %>.<%= @host.domain %>\t<%= @host.shortname %>/g" /etc/hosts
/bin/echo <%= @host.shortname %> > /etc/hostname
/bin/hostname  <%= @host.shortname %>.<%= @host.domain %>
<% end -%>

<% if host_enc['parameters']['realm'] && @host.realm && @host.realm.realm_type == 'FreeIPA' -%>
<%= snippet 'freeipa_register' %>
<% end -%>

<%= snippet('remote_execution_ssh_keys') %>

<%= snippet "blacklist_kernel_modules" %>

<% if chef_enabled %>
<%= snippet 'chef_client' %>
<% end -%>

<% if puppet_enabled %>
<% if host_param_true?('enable-puppetlabs-pc1-repo') || host_param_true?('enable-puppetlabs-repo') || host_param_true?('enable-puppetlabs-puppet5-repo') -%>
<%= snippet 'puppetlabs_repo' %>
<% end -%>
<%= snippet 'puppet_setup' %>
<% end -%>

<% if salt_enabled %>
<%= snippet 'saltstack_setup' %>
<% end -%>

<%= snippet 'preseed_networking_setup' %>
<%= snippet 'built' %>

This block

<% if puppet_enabled %>
<% if host_param_true?('enable-puppetlabs-pc1-repo') || host_param_true?('enable-puppetlabs-repo') || host_param_true?('enable-puppetlabs-puppet5-repo') -%>

seems to be the important part. Not sure what I have to change there, but could it be possible that both conditions don’t come true for $reasons? Or maybe I have to remove the first two host_param_true conditions to make sure puppet5 repo will be used?

You only have to add enable-puppetlabs-puppet5-repo as a parameter of type boolean with value true. I prefer adding it on the operating system, but you can also add it as global parameter or host depending on granularity needed.

It works perfectly! Thanks a lot!


Should that also work enable-puppetlabs-puppet6-repo? in my tests it didn’t work :frowning:

The parameter for Puppet6 is only in the community templates at the moment and should be included in the next release. If you want to use it now, you have to sync and use the community templates.

And how does it work? I mean, using community templates?

The enable-puppetlabs-puppet-repo has also been changed. In the past it contained Puppet 3 but now it appears to include the latest stable release which is currently Puppet 6.

I’ve tried a random shot with that. But 5.4 was installed. In this case, Foreman installs Ubuntu 18.
And also puppet was installed instead of puppet-agent package.