Discussion:
[lopsa-tech] Can red hat satellite server be managed by puppet?
(too old to reply)
Edward Ned Harvey (lopser)
2017-10-20 15:10:41 UTC
Permalink
We already have a robust puppet infrastructure, but upon building a new red hat satellite server (Version Satellite 6.2.10), which is based on a red hat customized version of puppet, discovered that puppet agent is configured by default to get its configuration from itself. We don't intend to use the satellite server for configuration management - just for yum repo and package management - so this configuration is undesired.

I can easily enough edit the puppet.conf file to use our pre-existing puppet server, but I can't seem to find any good documentation anywhere that says if this will break the universe, or work just fine.

Can red hat satellite server be managed by a pre-existing puppet server, which is not itself?
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/DM5PR0401MB3621A72CC3FC01D8DAF0779AA3430%40DM5PR0401MB3621.namprd04.prod.outlook.com.
David Bronder
2017-10-20 15:21:42 UTC
Permalink
We're in a similar situation. Best I can tell so far, if you're using open
source Puppet (vs. Puppet Enterprise), the answer is no.

At a minimum, you would have trouble with Red Hat support. I think the
bundled Puppet is integral to their whole content view, environments and
promotion model. If your existing Puppet infrastructure isn't at a
compatible version with what's in Sat6, it would seem there's no way not to
break things.

Red Hat is supposed to have some kind of support for integration with Puppet
Enterprise, though. I haven't looked into that much yet, so not sure how
that would play out.

Definitely a frustrating situation.

=Dave
Post by Edward Ned Harvey (lopser)
We already have a robust puppet infrastructure, but upon building a new red
hat satellite server (Version Satellite 6.2.10), which is based on a red hat
customized version of puppet, discovered that puppet agent is configured by
default to get its configuration from itself. We don't intend to use the
satellite server for configuration management - just for yum repo and package
management - so this configuration is undesired.
I can easily enough edit the puppet.conf file to use our pre-existing puppet
server, but I can't seem to find any good documentation anywhere that says if
this will break the universe, or work just fine.
Can red hat satellite server be managed by a pre-existing puppet server,
which is not itself?
--
Hello World. David Bronder - Systems Architect
Segmentation Fault ITS-EI, Univ. of Iowa
Core dumped, disk trashed, quota filled, soda warm. david-***@uiowa.edu
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/cd416608-0af5-e8a8-4724-5fad2d981969%40uiowa.edu.
Edward Ned Harvey (lopser)
2017-10-21 12:41:43 UTC
Permalink
Sent: Friday, October 20, 2017 11:22 AM
We're in a similar situation. Best I can tell so far, if you're using open source
Puppet (vs. Puppet Enterprise), the answer is no.
I did a little bit of experimentation yesterday - snapshotted the satellite server, then edited puppet.conf to make the agent use our normal puppet server instead. The first problem was keys. I had to go clear out the puppet ssl directory to get puppet agent to generate a key and register to the normal puppet server. There may be a more graceful, better way to approach that - and if you want something like this to work, it might be necessary to figure it out - because I was able to make the puppet agent on satellite connect to our normal puppet server, but I didn't thoroughly test things as far as satellite functionality is concerned, and I think there's a high risk that clearing the puppet ssl directory on satellite might have caused a problem with satellite operation. Don't know.

I *do* know, this got me to thinking "Why does satellite use puppet anyway?" It's not clear to me, what relationship puppet has with yum repository management. I honestly can't think of any reason for puppet server to be running on the satellite server, except to provide puppet functionality (as if you don't already have a puppet server). It seems like a weird combination of things to stick into a single box, and I can't figure out why they did it.

I know, after deleting the ssl directory, and getting puppet agent to work, I rebooted the machine, and httpd failed to start, because /etc/httpd/conf.d/ssl-90.conf references /var/lib/puppet/ssl/something.crt, which was a problem.

I didn't try much harder than that. I restored snapshot and let the system live without puppet agent.

If I'm not mistaken, red hat's licensing model also makes it difficult for us to build a dev/test server to perform these kinds of experiments on.
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/DM5PR0401MB36217C1596B3B2ED75D91DB3A3400%40DM5PR0401MB3621.namprd04.prod.outlook.com.
Continue reading on narkive:
Loading...