Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds the Proxy User to the 'puppet' Group when Not Present #295

Open
naftulikay opened this issue Oct 10, 2016 · 7 comments
Open

Adds the Proxy User to the 'puppet' Group when Not Present #295

naftulikay opened this issue Oct 10, 2016 · 7 comments
Labels
Waiting on contributor

Comments

@naftulikay
Copy link

This line causes foreman_proxy::groups to always include the puppet group, regardless of whether foreman_proxy::puppet is true or false. This breaks things:

Error: Could not set groups on user[foreman-proxy]: Execution of '/sbin/usermod -G puppet foreman-proxy' returned 6: usermod: group 'puppet' does not exist
@mmoll
Copy link
Contributor

mmoll commented Oct 10, 2016

this will probably require a larger refactoring... I also wonder how the ssl certificate stuff is handled now, when puppet-agent doesn't create the user/group anymore...

@naftulikay
Copy link
Author

My setup is that I have a single machine running Foreman and the proxy, with the proxy only managing a DHCP and TFTP server on the same machine.

My Puppet Server, CA, and DB are all remote hosts, as is BIND.

@mmoll
Copy link
Contributor

mmoll commented Oct 11, 2016

@rfkrocktk while for this specific usecase there solution might be an easy one, the underlying problem is a deeper one, as there are quite some places where the existence of a "puppet" group is just assumed.

@Yamakasi
Copy link

Yamakasi commented Apr 4, 2017

Is the issue #341 the same ?

I think we should just add a puppet user/group to an Puppet 4 AIO install and chown -R puppet:puppet /etc/puppetlabs/puppet/ssl to it and add the foreman-proxy group to it.

I did this manually earlier as I remember and that works and won't break a thing in the future as well.

@Yamakasi
Copy link

Yamakasi commented Apr 4, 2017

As far as I can see the AIO package is not detected right and the puppet_home is not set accordingly to it.

Can someone please check this ?

@ekohl
Copy link
Member

ekohl commented Aug 29, 2017

Doesn't e12a382 solve this?

@dgoetz
Copy link
Member

dgoetz commented May 17, 2018

@ekohl: I am still having this problem with smart proxy 1.17 and puppet 5.

My command line for the installer is the following (plus additional parameter for oauth and other environment specific parameters):

foreman-installer \
  --no-enable-foreman \
  --no-enable-foreman-cli \
  --no-enable-foreman-plugin-bootdisk \
  --no-enable-foreman-plugin-setup \
  --no-enable-puppet \
  --enable-foreman-proxy \
  --foreman-proxy-puppet-group="puppet" \
  --foreman-proxy-manage-puppet-group=true \
  --foreman-proxy-dns=true \
  --foreman-proxy-dns-managed=false \
  --foreman-proxy-dns-server=127.0.0.1 \
  --foreman-proxy-dhcp=true \
  --foreman-proxy-dhcp-managed=false \
  --foreman-proxy-tftp=true \
  ...

So it should go into the condition $foreman_proxy::manage_puppet_group and $foreman_proxy::ssl as it changes file ownership but !defined(Group[$foreman_proxy::puppet_group]) seems not to match.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Waiting on contributor
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ekohl @naftulikay @mmoll @dgoetz @Yamakasi