Setting up Foreman to access puppetdb?

I'm just adding Foreman to an existing, functioning Puppet configuration by
installing it on the same node as Puppet and PuppetDB. PuppetDB is backed
by postgresql.

I saw a note on the Foreman wiki which said:

"Foreman will automatically refresh the host facts once a puppet report
comes in if you setup Foreman to use the same database as storeconfigs in
the database.yml file."

To make this happen, do I need to set up Foreman to not only point to the
same postgresql instance, but also to the same database/user/password?

I don't want to hose my Puppet instance in the process, so I thought I'd
ask first. Thanks!

Don't do this, it's expecting a pre-PuppetDB activerecord storeconfigs
setup, not access to PuppetDB's private database.

The optimal setup is to use both PuppetDB and Foreman entirely
separately, with their own databases. Facts are uploaded to Foreman by
the ENC script (node.rb) and reports are uploaded by the Foreman report
processor and to PuppetDB if you wish. storeconfigs talks directly to
PuppetDB and there's no data sharing that way.

See also
http://projects.theforeman.org/projects/foreman/wiki/FAQ#How-does-Foreman-work-with-PuppetDB

··· On 05/02/13 12:51, Bret Wortman wrote: > I'm just adding Foreman to an existing, functioning Puppet configuration > by installing it on the same node as Puppet and PuppetDB. PuppetDB is > backed by postgresql. > > I saw a note on the Foreman wiki which said: > > "Foreman will automatically refresh the host facts once a puppet report > comes in if you setup Foreman to use the same database as storeconfigs > in the /database.yml/ file." > > To make this happen, do I need to set up Foreman to not only point to > the same postgresql instance, but also to the same database/user/password? > > I don't want to hose my Puppet instance in the process, so I thought I'd > ask first. Thanks!


Dominic Cleal
Red Hat Engineering

Wonderful. I'll give that a read and continue with the Foreman setup and
see what happens.

··· On Tuesday, February 5, 2013 7:58:32 AM UTC-5, Dominic Cleal wrote: > > On 05/02/13 12:51, Bret Wortman wrote: > > I'm just adding Foreman to an existing, functioning Puppet configuration > > by installing it on the same node as Puppet and PuppetDB. PuppetDB is > > backed by postgresql. > > > > I saw a note on the Foreman wiki which said: > > > > "Foreman will automatically refresh the host facts once a puppet report > > comes in if you setup Foreman to use the same database as storeconfigs > > in the /database.yml/ file." > > > > To make this happen, do I need to set up Foreman to not only point to > > the same postgresql instance, but also to the same > database/user/password? > > > > I don't want to hose my Puppet instance in the process, so I thought I'd > > ask first. Thanks! > > Don't do this, it's expecting a pre-PuppetDB activerecord storeconfigs > setup, not access to PuppetDB's private database. > > The optimal setup is to use both PuppetDB and Foreman entirely > separately, with their own databases. Facts are uploaded to Foreman by > the ENC script (node.rb) and reports are uploaded by the Foreman report > processor and to PuppetDB if you wish. storeconfigs talks directly to > PuppetDB and there's no data sharing that way. > > See also > > http://projects.theforeman.org/projects/foreman/wiki/FAQ#How-does-Foreman-work-with-PuppetDB > > -- > Dominic Cleal > Red Hat Engineering >

Okay. I've got Puppet 3.0.1-1.fc17 running on F17, and
foreman-1.1RC5-1.fc17. I tried importing my environments & classes as the
wiki page indicates, but I get nothing through the UI (actually, I just get
blank pages) and through the CLI, I get a warning that I nee da Smart Proxy
installed.

That's wonderful, but the Smart Proxy won't install on F17 because the Ruby
version is wrong (1.8 vice 1.9) and I'm not a Ruby guy, so trying to manage
that isn't a simple thing for me.

Thoughts?

··· On Tuesday, February 5, 2013 8:14:50 AM UTC-5, Bret Wortman wrote: > > Wonderful. I'll give that a read and continue with the Foreman setup and > see what happens. > > On Tuesday, February 5, 2013 7:58:32 AM UTC-5, Dominic Cleal wrote: >> >> On 05/02/13 12:51, Bret Wortman wrote: >> > I'm just adding Foreman to an existing, functioning Puppet >> configuration >> > by installing it on the same node as Puppet and PuppetDB. PuppetDB is >> > backed by postgresql. >> > >> > I saw a note on the Foreman wiki which said: >> > >> > "Foreman will automatically refresh the host facts once a puppet report >> > comes in if you setup Foreman to use the same database as storeconfigs >> > in the /database.yml/ file." >> > >> > To make this happen, do I need to set up Foreman to not only point to >> > the same postgresql instance, but also to the same >> database/user/password? >> > >> > I don't want to hose my Puppet instance in the process, so I thought >> I'd >> > ask first. Thanks! >> >> Don't do this, it's expecting a pre-PuppetDB activerecord storeconfigs >> setup, not access to PuppetDB's private database. >> >> The optimal setup is to use both PuppetDB and Foreman entirely >> separately, with their own databases. Facts are uploaded to Foreman by >> the ENC script (node.rb) and reports are uploaded by the Foreman report >> processor and to PuppetDB if you wish. storeconfigs talks directly to >> PuppetDB and there's no data sharing that way. >> >> See also >> >> http://projects.theforeman.org/projects/foreman/wiki/FAQ#How-does-Foreman-work-with-PuppetDB >> >> -- >> Dominic Cleal >> Red Hat Engineering >> >

It's a packaging error that's being fixed for the 1.1 release RPMs (due
today we hope), the proxy will run happily on F17 once that's corrected.

You do want the proxy server in order to import classes, handle signing
and so on, but you can disable this level of security by changing a few
settings. See the "No security: disable authentication" and
"Configuration options" sections of this manual page:

http://theforeman.org/manuals/1.1/index.html#5.4.1SecuringPuppetMasterRequests

This will permit any host to access the puppetmaster interfaces. I'd
suggest re-enabling it and requiring SSL once we have 1.1 proper.

··· On 05/02/13 13:46, Bret Wortman wrote: > Okay. I've got Puppet 3.0.1-1.fc17 running on F17, and > foreman-1.1RC5-1.fc17. I tried importing my environments & classes as > the wiki page indicates, but I get nothing through the UI (actually, I > just get blank pages) and through the CLI, I get a warning that I nee da > Smart Proxy installed. > > That's wonderful, but the Smart Proxy won't install on F17 because the > Ruby version is wrong (1.8 vice 1.9) and I'm not a Ruby guy, so trying > to manage that isn't a simple thing for me. > > Thoughts?


Dominic Cleal
Red Hat Engineering

Agreed, pages on the wiki can be hard to find. You'll notice the link
was for a new manual that was part of the recent web site launch, where
we're trying to establish curated, "official" documentation with good
recommendations on how to use Foreman.

The SSL / auth chapter was recently added to the 1.1 manual, while the
rest was imported and sorted out from the wiki. It still has a wiki
feel to it, but over time it should become more coherent I hope.

If you see something that's wrong, or can be improved, please consider
forking and editing the content. You should be able to do it all
through GitHub even:

https://github.com/theforeman/theforeman.org (under _includes/manuals)

··· On 05/02/13 14:10, Bret Wortman wrote: > Cool! I'll watch for them. I thought it was a genuine dependency thing. > > Thanks for the documentation pointers. The documentation's good, but it > can be challenging to tweeze out the relevant pages for a particular > problem.


Dominic Cleal
Red Hat Engineering