Adds the Proxy User to the 'puppet' Group when Not Present
naftulikay opened this issue · comments
This line causes foreman_proxy::groups
to always include the puppet
group, regardless of whether foreman_proxy::puppet
is true or false. This breaks things:
Error: Could not set groups on user[foreman-proxy]: Execution of '/sbin/usermod -G puppet foreman-proxy' returned 6: usermod: group 'puppet' does not exist
this will probably require a larger refactoring... I also wonder how the ssl certificate stuff is handled now, when puppet-agent doesn't create the user/group anymore...
My setup is that I have a single machine running Foreman and the proxy, with the proxy only managing a DHCP and TFTP server on the same machine.
My Puppet Server, CA, and DB are all remote hosts, as is BIND.
@rfkrocktk while for this specific usecase there solution might be an easy one, the underlying problem is a deeper one, as there are quite some places where the existence of a "puppet" group is just assumed.
Is the issue #341 the same ?
I think we should just add a puppet user/group to an Puppet 4 AIO install and chown -R puppet:puppet /etc/puppetlabs/puppet/ssl to it and add the foreman-proxy group to it.
I did this manually earlier as I remember and that works and won't break a thing in the future as well.
As far as I can see the AIO package is not detected right and the puppet_home is not set accordingly to it.
Can someone please check this ?
Doesn't e12a382 solve this?
@ekohl: I am still having this problem with smart proxy 1.17 and puppet 5.
My command line for the installer is the following (plus additional parameter for oauth and other environment specific parameters):
foreman-installer \
--no-enable-foreman \
--no-enable-foreman-cli \
--no-enable-foreman-plugin-bootdisk \
--no-enable-foreman-plugin-setup \
--no-enable-puppet \
--enable-foreman-proxy \
--foreman-proxy-puppet-group="puppet" \
--foreman-proxy-manage-puppet-group=true \
--foreman-proxy-dns=true \
--foreman-proxy-dns-managed=false \
--foreman-proxy-dns-server=127.0.0.1 \
--foreman-proxy-dhcp=true \
--foreman-proxy-dhcp-managed=false \
--foreman-proxy-tftp=true \
...
So it should go into the condition $foreman_proxy::manage_puppet_group and $foreman_proxy::ssl
as it changes file ownership but !defined(Group[$foreman_proxy::puppet_group])
seems not to match.