After much testing I've found that my deployment of Puppet + Foreman for a
HPC cluster requires the use of masterless puppet. Our plan is to have
Puppet run between jobs via SLURM Epilog and/or Prolog scripts and we
frequently have 64 node jobs which would mean 64 servers would hit the
Puppetmaster at the same time using a traditional Puppetmaster setup. I
would still like to use Foreman as it's one of the key pieces for managing
our HPC cluster. The issues I'm facing have to do with nodes getting their
ENC data, uploading their Facter facts, and submitting their report.
- Is there a way to configure Foreman so it authorizes a server to upload
facts/reports and pull ENC data based on the server's certificate being
signed by the Puppetmaster? For now I've had to set "
restrict_registered_puppetmasters" to false to allow servers to contact
- For fact uploading, would performing a "Facter.to_hash" in place of
reading the yaml file from the Puppetmaster have the same outcome?
Would it be more efficient to write a Foreman plugin that saves a host's
ENC YAML to a file that can be simply read very basic node.rb type script?
Currently our Puppet modules and all Puppet agent config files needed to
run "puppet apply" will be on a NFS share that is exported read-only to all
My goal is to reduce the runtime of these scripts as much as possible. If
I have 64 nodes contact Foreman for ENC data, that could become a bottle
neck as I don't have the resources to run Foreman on anything but a basic
If anyone has done Masterless Puppet with Foreman, or has any tips, please
let me know.