Using Foreman as a read-only reporting tool for Puppet

I've got PuppetDB running, but really need to provide some nice reports and
dashboards for my execs and I reckon that Foreman would do it - but I'm
quite worried about Foreman fiddling with the Puppet infrastructure. For
example, we use a role/profile system where nodes are classified with a
custom facter facts.txt file injected at the same point that the puppet
agent is installed - we can reliably predict every nodes behaviour.

I can't seem to find any definitive answers on how we can ensure it's only
reading data, not fiddling with the manifests - is that something that
might be asked here, or is there a better place?

I apologise if this is a stupid question - my exact infrastructure is a
Puppetmaster running 4.8.1 with PuppetDB installed locally, and I've
deployed a separate machine to install Foreman on and connect to Puppet
from.

> I've got PuppetDB running, but really need to provide some nice reports and
> dashboards for my execs and I reckon that Foreman would do it - but I'm
> quite worried about Foreman fiddling with the Puppet infrastructure. For
> example, we use a role/profile system where nodes are classified with a
> custom facter facts.txt file injected at the same point that the puppet
> agent is installed - we can reliably predict every nodes behaviour.
>
> I can't seem to find any definitive answers on how we can ensure it's only
> reading data, not fiddling with the manifests - is that something that
> might be asked here, or is there a better place?
>
> I apologise if this is a stupid question - my exact infrastructure is a
> Puppetmaster running 4.8.1 with PuppetDB installed locally, and I've
> deployed a separate machine to install Foreman on and connect to Puppet
> from.

Best place to look at is probably your Puppet master's puppet.conf.
Check that there is no field 'external_nodes' (normally pointint to a
script that fetches information from Foreman), only 'reports = foreman'
should be there in your case.

If this is the case already, I think you can be sure Foreman is just an
endpoint to receive reports from the Puppet master.

··· On 01/27, william.ayerst@capita.co.uk wrote:


You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


Daniel Lobato Garcia

@dLobatog
blog.daniellobato.me
daniellobato.me

GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30
Keybase: https://keybase.io/elobato

Thank you! I will check this now.

··· On Friday, 27 January 2017 13:18:32 UTC, Daniel Lobato wrote: > > On 01/27, william...@capita.co.uk wrote: > > I've got PuppetDB running, but really need to provide some nice reports > and > > dashboards for my execs and I reckon that Foreman would do it - but I'm > > quite worried about Foreman fiddling with the Puppet infrastructure. For > > example, we use a role/profile system where nodes are classified with a > > custom facter facts.txt file injected at the same point that the puppet > > agent is installed - we can reliably predict every nodes behaviour. > > > > I can't seem to find any definitive answers on how we can ensure it's > only > > reading data, not fiddling with the manifests - is that something that > > might be asked here, or is there a better place? > > > > I apologise if this is a stupid question - my exact infrastructure is a > > Puppetmaster running 4.8.1 with PuppetDB installed locally, and I've > > deployed a separate machine to install Foreman on and connect to Puppet > > from. > > Best place to look at is probably your Puppet master's puppet.conf. > Check that there is no field 'external_nodes' (normally pointint to a > script that fetches information from Foreman), only 'reports = foreman' > should be there in your case. > > If this is the case already, I think you can be sure Foreman is just an > endpoint to receive reports from the Puppet master. > > > -- > > You received this message because you are subscribed to the Google > Groups "Foreman users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to foreman-user...@googlegroups.com . > > To post to this group, send email to forema...@googlegroups.com > . > > Visit this group at https://groups.google.com/group/foreman-users. > > For more options, visit https://groups.google.com/d/optout. > > > -- > Daniel Lobato Garcia > > @dLobatog > blog.daniellobato.me > daniellobato.me > > GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30 > Keybase: https://keybase.io/elobato >