Adds the Proxy User to the 'puppet' Group when Not Present

Question

Adds the Proxy User to the 'puppet' Group when Not Present

naftulikay opened this issue 8 years ago · comments

This line causes foreman_proxy::groups to always include the puppet group, regardless of whether foreman_proxy::puppet is true or false. This breaks things:

Error: Could not set groups on user[foreman-proxy]: Execution of '/sbin/usermod -G puppet foreman-proxy' returned 6: usermod: group 'puppet' does not exist

Michael Moll · Answer 1 · Tue Oct 11 2016 05:03:53 GMT+0800 (China Standard Time)

this will probably require a larger refactoring... I also wonder how the ssl certificate stuff is handled now, when puppet-agent doesn't create the user/group anymore...

Naftuli Kay · Answer 2 · Tue Oct 11 2016 11:10:34 GMT+0800 (China Standard Time)

My setup is that I have a single machine running Foreman and the proxy, with the proxy only managing a DHCP and TFTP server on the same machine.

My Puppet Server, CA, and DB are all remote hosts, as is BIND.

Michael Moll · Answer 3 · Tue Oct 11 2016 16:23:00 GMT+0800 (China Standard Time)

@rfkrocktk while for this specific usecase there solution might be an easy one, the underlying problem is a deeper one, as there are quite some places where the existence of a "puppet" group is just assumed.

Yamakasi · Answer 4 · Tue Apr 04 2017 18:39:44 GMT+0800 (China Standard Time)

Is the issue #341 the same ?

I think we should just add a puppet user/group to an Puppet 4 AIO install and chown -R puppet:puppet /etc/puppetlabs/puppet/ssl to it and add the foreman-proxy group to it.

I did this manually earlier as I remember and that works and won't break a thing in the future as well.

Yamakasi · Answer 5 · Tue Apr 04 2017 19:12:03 GMT+0800 (China Standard Time)

As far as I can see the AIO package is not detected right and the puppet_home is not set accordingly to it.

Can someone please check this ?

Ewoud Kohl van Wijngaarden · Answer 6 · Tue Aug 29 2017 19:58:49 GMT+0800 (China Standard Time)

Doesn't e12a382 solve this?

Dirk Götz · Answer 7 · Thu May 17 2018 21:58:29 GMT+0800 (China Standard Time)

@ekohl: I am still having this problem with smart proxy 1.17 and puppet 5.

My command line for the installer is the following (plus additional parameter for oauth and other environment specific parameters):

foreman-installer \
  --no-enable-foreman \
  --no-enable-foreman-cli \
  --no-enable-foreman-plugin-bootdisk \
  --no-enable-foreman-plugin-setup \
  --no-enable-puppet \
  --enable-foreman-proxy \
  --foreman-proxy-puppet-group="puppet" \
  --foreman-proxy-manage-puppet-group=true \
  --foreman-proxy-dns=true \
  --foreman-proxy-dns-managed=false \
  --foreman-proxy-dns-server=127.0.0.1 \
  --foreman-proxy-dhcp=true \
  --foreman-proxy-dhcp-managed=false \
  --foreman-proxy-tftp=true \
  ...

So it should go into the condition $foreman_proxy::manage_puppet_group and $foreman_proxy::ssl as it changes file ownership but !defined(Group[$foreman_proxy::puppet_group]) seems not to match.