Differences

This shows you the differences between two versions of the page.

--- progetti:cloud-areapd:best_practices:config_puppetrun [2014/01/24 23:13] – aiftim@infn.it
+++ progetti:cloud-areapd:best_practices:config_puppetrun [2014/01/29 19:29] (current) – [Reference] aiftim@infn.it
@@ Line 1: / Line 1: @@
+====== Configure Host "Puppet Run" on Foreman ======
+===== Reference =====
+  * [[http://projects.theforeman.org/projects/1/wiki/Puppetrun]]
+===== Configuration Log =====
+==== on client node ====
+  * modify puppet.conf <code>
+[root@cld-ganglia ~]# egrep -v '^    #|^#|^$' /etc/puppet/puppet.conf
+[main]
+vardir = /var/lib/puppet
+logdir = /var/log/puppet
+rundir = /var/run/puppet
+ssldir = $vardir/ssl
+listen        = true    <----------- new line
+[agent]
+pluginsync      = true
+report          = true
+ignoreschedules = true
+daemon          = false
+ca_server       = cld-foreman.cloud.pd.infn.it
+certname        = cld-ganglia.cloud.pd.infn.it
+environment     = production
+server          = cld-foreman.cloud.pd.infn.it
+</code>
+  * modify auth.conf: <code>
+[root@cld-ganglia ~]# tail -11 /etc/puppet/auth.conf
+# added to enable puppetrun
+path /run
+auth any
+method save
+allow cld-foreman.cloud.pd.infn.it
+# this one is not stricly necessary, but it has the merit
+# to show the default policy which is deny everything else
+path /
+auth any
+</code>
+==== on foreman node ====
+  * in foreman settings (More --> Settings --> "Puppet"tab), set puppetrun to "true".
+  * enable foreman-proxy in sudoers: <code>
+[root@cld-foreman ~]# grep foreman /etc/sudoers
+## Allow foreman-proxy to do puppetrun
+Defaults:foreman-proxy !requiretty
+foreman-proxy ALL = NOPASSWD: /usr/bin/puppet kick *
+</code>