There should be no difference between adding a node on a foreman server and on a foreman docker. But the world is not ideal, and things don’t work out of the box, therefore, here’s my HOWTO. The original source is here.
First step is to install a puppet module on my foreman docker dfore. That I do as written, just to get an error:
dfore # puppet module install -i
Notice: Preparing to install into
Notice: Downloading from https://forgeapi.puppetlabs.com ...
Error: No suitable tar implementation found
Error: Try 'puppet help module install' for usage
I need to have tar installed in my docker, that’s it. After it I manage to install it. Next error I experience is with the import of the class.
More or less here. My puppet server was not able to realize the new class. What I did is simply install foreman again inside the docker:
dfore # foreman-installer
Installing Done [100%] [.........................................]
* Foreman is running at XXXX
Initial credentials are admin / changeme
* Foreman Proxy is running at https://XXXX:8443
* Puppetmaster is running at port 8140
The full log is at /var/log/foreman-installer/
I understand we can’t go and install foreman each time we import a puppet module. But let’s say you are starting as I am, that this docker is a playground, and we will not see this issue on a real server. Before testing the puppet agents, I add one node (a real computer) over the foreman web interface. But before adding it, we need to have
- Its Host Group defined (for example, mydomain.edu)
- An OS defined (for example, CentOS 7.4)
If we don’t define these two, we will not manage to fill all the requested information to add the node. As I said, I add my node pclient that runs CentOS 7.4 and on it, install, configure and start puppet. My /etc/puppet/puppet.conf is looking like this:
pclient ~ ## > more /etc/puppet/puppet.conf
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
#pluginsync = true
report = true
#certname = `hostname`
#environment = production
server = foremandocker.mydomain.edu
NOTE: I don’t give a certname, so pclient is used. At the very beginning I had troubles with this. For example in this howto add an existing VM to foreman, the line is like that:
hostname. I understood it as code, so I left it. Wrong. Anyway, it doesn’t look like the best idea to give a specific name to a client, different to the host name itself.
With the naming issue sorted out, we start them the puppet service on the client.
pclient ~ ## > systemctl start puppet
We check the certificate of pclient on our foreman docker, the CA authority:
dfore # puppet cert list
dfore # puppet cert sign pclient.mydomain.edu
Notice: Signed certificate request for pclient.mydomain.edu
Notice: Removing file Puppet::SSL::CertificateRequest
Your output, of course, will be different. Now we run the agent test.
pclient ~ ## > puppet agent -t
Warning: Unable to fetch my node definition,
but the agent run will continue:
Warning: Error 400 on SERVER: Failed to find
pclient.mydomain.edu via exec:
Execution of '/etc/puppet/node.rb pclient.mydomain.edu'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for pclient.mydomain.edu
Info: Applying configuration version 'XXXX'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.05 seconds
We wait a little and check the web interface. Alleluia! pclient is there, together with the cert authority itself. I’m done. Next step: PXE booting test.