Using ForemanChef plugin without a Chef Server

We are running chef-client on all nodes in local mode. That means that we didn’t have a central Chef Server, because every node will run Chef-Zero (minimal Chef Server) locally. But we really would like to use the Chef integration in Foreman. Ideally every chef node will sign up itself to the Foreman server. Foreman creates a node and will periodically receive client-chef reports from all chef nodes. But… when I read the Foreman Chef plugin documentation, I am afraid the use of a Chef Server is mandatory. So I have the following questions:

  1. Would it be possible to use the Foreman Chef plugin without a Chef Server (only running chef-client tin local mode)?

  2. Currently, I did install the Foreman Chef plugin and the Smart-Proxy-Chef plugin (using debian packages). When I add a host to Foreman, it will finally ‘hang’ because it’s trying to run the “Actions::ForemanChef::Update::Host” task, which will fail after a period of time (I guess due to timing out). So installing the Foreman Chef plugin without having a Chef Server might not be a good idea. However, when I install the Foreman Chef plugin, it should still be possible to add a node in Foreman wihout using any Chef Server or Client, right?

Expected outcome:
Add a chef node to Foreman without using a Chef Server. All chef nodes send their chef reports to Foreman and can be monitored in The Foreman GUI

Foreman and Proxy versions:
Foreman : 1.23
Smart-Proxy : 1.23

Foreman and Proxy plugin versions:
Foreman Chef plugin : 0.8.1-1

Distribution and version:
Running Foreman on Debian Stretch 9.7

Other relevant data:
When adding a node to Foreman (with the Foreman Chef plugin installed), I can see the following loglines in the production.log:

2019-11-08T13:05:35 [I|bac|d9a0f136] Task {label: Actions::ForemanChef::Host::Update, id: …, execution_plan_id: …} state changed: planning
2019-11-08T13:05:35 [I|bac|d9a0f136] Task {label: Actions::ForemanChef::Host::Update, id: …, execution_plan_id: …} state changed: planned

After this logging lines I never see that the planned task has been finished succesfully. So it just seems to hang…


in general, it should be possible. In your case, you probably want to disable all ENC functionality. In that case, you should not assign any chef proxy to the host. You still need smart_proxy_chef plugin so that the client can upload the reports through it.

You may also need to update provisioning templates or at least bootstrap method to use validation.pem in Settings.

I have to admit I haven’t tried this and don’t have much time to debug, but with some effort, it should work as you described in expected outcome.


Thanks a lot for your suggestions!

I have successfully installed the foreman chef plugin by using the foreman-installer. I haven’t assigned any chef proxy to a host. But when I upload a report from a chef client, It seems from the proxy.log file that foreman-proxy still tries to reach ‘/chef/nodes/’ on the Chef server. Would it be possible to disable this call to the Chef server?

When I try to upload facts, I will get the same error as described here (facts_name_id error) : Issue with chef client uploading facts to foreman.
Will this error be fixed in the next Foreman release?

Hi again,

For some reason the Chef proxy was enabled for my test client… :frowning: So I am currently able to send chef reports to foreman. But at the moment I still have two problems to solve:

  1. When I upload a report from a host, which doesn’t exists in Foreman, I expect that the host will be created in Foreman. But when I upload a report from a non-existing host in Foreman, I don see a report and the host is not created in Foreman.
  2. There is still the fact uploading problem as mentioned before (the same as: Issue with chef client uploading facts to foreman.

You might have some ideas about the above problems…

Reports may not contain enough information to create a host. Usually it gets created by facts upload. Check your Administer -> Settings -> Puppet -> “Create new host when report is uploaded” setting (I know it’s under puppet, but it needs to be set to yes)

There may be some issue with facts parsing, but I have no time to debug that further. I would review the patch/release new version if someone sends a fix.

Thanks a lot for suggestions! I did check the ‘puppet’ setting ‘Create new host when report is uploaded’ and this is configured to true. Currently my workaround is just using the Foreman API to add a host. This is working fine!

Regarding the parsing of facts, I am able to upload facts with curl and creating my own facts JSON file. One thing that strikes me is that uploading facts using a fact “_type”:“foreman_chef” will fail with the NullViolation error described before. But when I use “_type”:“whatever string except foreman_chef”, uploading of facts will finish succesfully and will be visible in Foreman. In Foreman in this case all facts will be visible as puppet facts. So this “_type” fact might cause the failure…


The “_type” fact is added to the facts hash in the file ‘foreman_facts.rb’. If I change here foreman_chef to something different, the uploading of facts won’t fail anymore. But… the nesting of facts doesn’t seem to work. I can see a lot of fact names, but no values, due to nested parsing errors.