Bug 1478403

Summary: Perhaps missing information about creating new puppet environment.
Product: Red Hat Satellite Reporter: Alfredo Pizarro <apizarro>
Component: Docs Puppet GuideAssignee: Sergei Petrosian <spetrosi>
Status: CLOSED CURRENTRELEASE QA Contact: Stephen Wadeley <swadeley>
Severity: low Docs Contact:
Priority: low    
Version: 6.2.10CC: adahms, apizarro, lpramuk, sbream
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-01-19 13:02:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alfredo Pizarro 2017-08-04 13:44:40 UTC 
Document URL: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html-single/puppet_guide/#sect-Red_Hat_Satellite-Puppet_Guide-Puppet_Environments

Section Number and Name: 3.7 Puppet Environments

Describe the issue: If the instruction are followed to create a new puppet environment, when registering a new host with a hostgroup linked to this new environment, it fails.

Suggestions for improvement: Adding the missing steps if there is any.

Additional information: If a new puppet environment is created and then associated to a host group, when running a bootstrap.py to register a new vm, the certificate request is never created because puppet fails to retrieve the puppet's ca certificate. When testing with puppet agent -t will fail with Environment XXX not found. When doing puppet -t debug the url puppet is trying to reach is like:

https://satellite.fqdn:8140/puppetenvironment/certificate/ca?fail_on_404=true

So, any new environment created from the portal will fail, except the one that is created out of the box called production. 

So the way we managed to fix this is in Satellite, was creating a new directory manually at /etc/puppet/environments/ and then from the portal:
Configure -> Environments -> and import from satellite, check the new created directory and with this step, the puppet ca is linked correctly so when running bootstrap.py won't fail. 

I'm not sure if this step is the correct, but doing it by the manual, it seems won't work correctly.
Regards,
Alfredo Pizarro
Comment 1 Alfredo Pizarro 2017-08-06 16:47:34 UTC 
*** Bug 1478732 has been marked as a duplicate of this bug. ***
Comment 2 Andrew Dahms 2017-09-07 12:35:44 UTC 
Assigning to Sergei for review.
Comment 4 Andrew Dahms 2017-09-19 23:16:24 UTC 
Hi Sergei,

Thank you for the needinfo request!

I think you could be right - would you be able to write to Marek Hulan and see if he has any advice about whether this is something that can be handled on the engineering side?

Kind regards,

Andrew
Comment 6 Lukas Pramuk 2017-11-07 12:21:16 UTC 
I tested that UI Create Puppet Environment is not enough since with next Import environments such environment is proposed for removal. After I created corresponding directory having proper ownership (tested on p4):

# mkdir /etc/puppet/environments/test
# chown apache /etc/puppet/environments/test

the "test" environment is no longer marked for removal. 

Put opposite way if I create directory manually first and Import environments then such environment is correctly imported.
Comment 8 Steve Bream 2017-11-21 10:44:01 UTC 
Hello Sergei,

It seems to me that the real issue here is that Puppet looks for a certificate directory that doesn't exist, and that's exposed when registering hosts. So the problem occurs when creating the Puppet environment, and is exposed when registering the host.

Since the procedure seems to be only two steps, I'd like to add it in all three places. In both places in the host config guide, adding the caveat that "If it doesn't already exist, create the directory /etc/puppet/environments/..."

Does that make sense?

Thanks,
Steve
Comment 10 Alfredo Pizarro 2017-11-28 15:37:25 UTC 
Yes, but I think that the procedure will always require to create the directory if the environment is created using stellite's portal. When the environment is created through the portal, it is never created under /etc/puppet/environments unless doing manually. 

Thanks!

Alfredo.
Comment 11 Andrew Dahms 2017-12-11 00:56:14 UTC 
Updating target milestone to 'GA'.
Comment 22 Sergei Petrosian 2018-01-19 13:02:04 UTC 
These changes are now live on the Customer Portal.

Thank you