I'm going to re-ask this question because the issue is driving me crazy even though I'm already close enough to walk.
Here's the setup:
[Foreman Server with Puppet/PuppetDB]
^
|
V
[ Subordinate (remote) Puppet Server ] (Proxy installed)
^
|
V
[End client[
The Puppet master running on the Foreman host's job is to manage just the remote masters. The subordinate Puppet Masters are planned to be installed in various data centers around the country.
The end client's puppet.conf looks like this (with the template variables being replaced by their actual values):
### File managed with puppet ###
## Module: 'puppet'
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
# Allow services in the 'puppet' group to access key (Foreman + proxy)
privatekeydir = $ssldir/private_keys { group = service }
hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
# Puppet 3.0.x requires this in both [main] and [master] - harmless on agents
autosign = $confdir/autosign.conf { mode = 664 }
show_diff = false
hiera_config = $confdir/hiera.yaml
ca_server =<%= foreman_host_fqdn%>
### Next part of the file is managed by a different template ###
## Module: 'puppet'
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuration. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$statedir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
# Disable the default schedules as they cause continual skipped
# resources to be displayed in Foreman - only for Puppet >= 3.4
default_schedules = false
report = true
pluginsync = true
masterport = 8140
environment = POC
certname = <%= fqdn %>
server = <%= puppethost_fqdn %>
listen = false
splay = false
splaylimit = 1800
runinterval = 1800
noop = false
configtimeout = 600
Report is turned on and the remote Puppet Master is successfully managing the client.
The [master] section of the remote Puppet Master's puppet.conf looks like this:
[master]
storeconfigs = true
storeconfigs_backend = puppetdb
autosign = $confdir/autosign.conf { mode = 664 }
reports = foreman
external_nodes = /etc/puppet/node.rb
node_terminus = exec
ca = false
certname = <%= fqdn %>
strict_variables = false
environmentpath = /etc/puppet/environments
basemodulepath = /etc/puppet/environments/common:/etc/puppet/modules:/usr/share/puppet/modules
and I have a foreman.yaml file that looks like this:
---
# Update for your Foreman and Puppet master hostname(s)
:ssl_ca: "/var/lib/puppet/ssl/certs/ca.pem"
:ssl_cert: "/var/lib/puppet/ssl/certs<%= fqdn %>.pem"
:ssl_key: "/var/lib/puppet/ssl/private_keys/<%= fqdn %>.pem"
# Advanced settings
:user: ""
:password: ""
:puppetdir: "/var/lib/puppet"
:puppetuser: "puppet"
:facts: true
:timeout: 10
:threads: null
Now the *facts* are showing up on the Foreman server for the remote client but just not the reports.
First obvious question: should they or am I chasing a ghost?
If they should be showing up what am I missing here?