puppet open source reports and inventory to Satellite 6?

[Ryan Anderson]

I'd like to use my open source puppet master (puppetserver-2.3.1-1.el7) to send reports and inventory to Satellite 6, the commercial foreman/katello from Red Hat. Puppet Labs has a report processor for PE to accomplish this (https://forge.puppet.com/puppetlabs/satellite_pe_tools), but I am unable to find a comparable forge module for open source.

Is anyone doing what I am trying to do? It appears the foreman project provides what I need to send reports from puppet to foreman, which *should* work for Satellite: https://theforeman.org/manuals/1.13/index.html#3.5.4PuppetReports

[Ryan Anderson]

 Answering my own question. The URL I left before got me most of the way there, with some caveats. Hopefully this will keep others from having to reinvent the wheel on this. The steps are:

• Install the report processor as documented at https://theforeman.org/manuals/1.13/index.html#3.5.4PuppetReports to each puppet master
• Copy /etc/foreman-proxy from the Satellite 6 server to the puppet master
• Create /etc/puppetlabs/puppet/foreman.yml (assumes you are using Puppet Labs' AIO packages) with these contents:

# Update for your Satellite 6 hostname

:url: "https://sat6-server.example.com"

:ssl_ca: "/etc/foreman-proxy/foreman_ssl_ca.pem"

:ssl_cert: "/etc/foreman-proxy/foreman_ssl_cert.pem"

:ssl_key: "/etc/foreman-proxy/foreman_ssl_key.pem"

# Advanced settings

:puppetdir: "/opt/puppetlabs/puppet"

:puppetuser: "puppet"

:facts: true

:timeout: 10

:threads: null

• Modify the puppet master's /etc/puppetlabs/puppet/puppet.conf so the [master] section has this 'reports = foreman' (you may already have puppetdb, so it would now read 'reports = puppetdb, foreman'
• Restart the puppetmaster, eg systemctl restart puppetmaster
• Login to your Satellite 6 server web interface and observe the presence of configuration reports in the dashboard and on individual hosts

[Ryan Anderson]

One more update.

By default, all your puppet masters will dutifully forward reports of *all* agents--RHEL or otherwise--and Satellite will dutifully receive and display them. In my case, I had AIX and Solaris systems showing up in Satellite I did not care for. Puppet reports do not contain facts, so to filter out non-RHEL I had to filter out based on hostname. I added the line in foreman.rb on my masters below that starts with 'break' to exit if the hostname doesn't match.

 def process

    begin

      

      break if self.host !~ /.*linuxsrv.*|.*linuxws.*/

See Puppet Labs documentation: https://docs.puppet.com/puppet/latest/reference/reporting_write_processors.html 

[Suhail Choudhury]

Hi Ryan,

Thank you for sharing this very useful info.

Did you ever try sending reports successfully from a standalone PuppetMaster server to a Capsule which in turn was relayed back to the Satellite?

Regards,
Suhail.

[Ryan Anderson]

I did not, my Satellite 6 was on a single server. Give it a try and report your results!

[Suhail Choudhury]

Result was unsuccessful :(

PPM to SAT direct was fine, this is because PPM was using the foreman-*.* ca/cert/key SSL assets to connect to SAT.

However using these certs for PPM to CAP did allow the reports to be sent successfully to the CAP foreman https api, but there is no mechanism for these reports to then be relayed/proxied back to the SAT server AFAIK.

Regards,
Suhail.

On 16 February 2017 at 14:14, Ryan Anderson <ryan.c....@gmail.com> wrote:

I did not, my Satellite 6 was on a single server. Give it a try and report your results!

--
You received this message because you are subscribed to a topic in the Google Groups "Puppet Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/N8AaNx67g3A/unsubscribe.
To unsubscribe from this group and all its topics, send an email to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/024e1507-9d7f-4a19-91c1-3315667dadd5%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.