====== Configure Host "Puppet Run" on Foreman ======

===== Reference =====
  * [[http://projects.theforeman.org/projects/1/wiki/Puppetrun]]

===== Configuration Log =====

==== on client node ====

  * modify puppet.conf <code>
[root@cld-ganglia ~]# egrep -v '^    #|^#|^$' /etc/puppet/puppet.conf
[main]
vardir = /var/lib/puppet
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
listen        = true    <----------- new line
[agent]
pluginsync      = true
report          = true
ignoreschedules = true
daemon          = false
ca_server       = cld-foreman.cloud.pd.infn.it
certname        = cld-ganglia.cloud.pd.infn.it
environment     = production
server          = cld-foreman.cloud.pd.infn.it
</code>
  * modify auth.conf: <code>
[root@cld-ganglia ~]# tail -11 /etc/puppet/auth.conf
# added to enable puppetrun
path /run
auth any
method save
allow cld-foreman.cloud.pd.infn.it

# this one is not stricly necessary, but it has the merit
# to show the default policy which is deny everything else
path /
auth any
</code>

==== on foreman node ====

  * in foreman settings (More --> Settings --> "Puppet"tab), set puppetrun to "true".
  * enable foreman-proxy in sudoers: <code>
[root@cld-foreman ~]# grep foreman /etc/sudoers
## Allow foreman-proxy to do puppetrun
Defaults:foreman-proxy !requiretty
foreman-proxy ALL = NOPASSWD: /usr/bin/puppet kick *
</code>