So trying to install/setup the proxy for puppet functionality on my compile masters (so, no puppetca, also no puppetrun functionality), this module is insisting on setting up sudo. I'd like an option to turn that off completely (i can work up a PR for that), but also as is, since I hadn't defined a foreman_proxy::puppetrun_provider, it was undef, which seems to lead to creating a sudoers.d entry with * for the command which is invalid (and even if it was valid, would be scary). So, then sudoers doesn't parse and breaks.

my "fix" was, even though I'm not using puppetrun, setting the provider and a command so the template has something to fill in there and append the * as it expects.

I have a system without Puppet on it, but the smart proxy installed. He does not try to create a sudo setting, you should disable the parameter puppet...

foreman_proxy::puppet: false
foreman_proxy::puppetca: false
foreman_proxy::dhcp: true
foreman_proxy::dns: true
foreman_proxy::trusted_hosts:
  - puppetmaster.example.com

The sudoers file is created on condition:

  if $foreman_proxy::puppetca or $foreman_proxy::puppet {
    if $foreman_proxy::use_sudoersd {
      if $foreman_proxy::manage_sudoersd {
        file { "${::foreman_proxy::sudoers}.d":
          ensure => directory,
        }
      }
  ...

Right, so, in my seutp, the system does have puppet on it (its a compile master) and i DO want the puppet functionality enabled, just not the CA/puppet run functionality (basically I want to import environments/classes).

Ah I see, I guess we should bind the sudo rule to puppetrun_provider, similar to the puppet.yaml

@lazyfrosch will there be a PR? :)

I guess I can 😉