Description of problem: When putting a load balancer in front of Satellite Capsules that have the Puppet feature the Puppet Certs for those Satellite Capsules must all have a DNS Alternative Name of the load balanced FQDN included in the Puppet certificate for hosts to be able to communicate to the Satellite Capsules via the load balanced FQDN. Version-Release number of selected component (if applicable): 6.2.4 How reproducible: RFE, always Work Around: 1) On Capsule Server : Run the `satellite-installer --scenario capsule` 2) On Satellite Server: `puppet cert clean $(hostname -f)` 3) On Satellite Server: `puppet cert generate $HOSTNAME --dns_alt_names=capsule.example.net,capsule.example.org` Request: add a --dns-alt-names (or equivlant) flag to the satellite-installer to be able to specify dns-alt names as part of the satellite-installer process
This will be available in Satellite 6.3. Puppet configuration is managed using the 'puppet' puppet class inside the installer, but it's not exposed as a top-level option to the user in current versions of Satellite. That many change so these would all be available as '--puppet-<parameter name>', but starting in *6.3*, we have a solution for any of the classes using hiera. See https://bugzilla.redhat.com/show_bug.cgi?id=1305782#c14 and comments 15 and 16 for an understanding of how this works, but it's essentially a single YAML file in /etc/foreman-installer/custom-hiera.conf. You can look at /etc/foreman-installer/modules/puppet/manifests/init.pp to see what can be set for the puppet class. The DNS alt names option is one of the ones available. So, in your case, the custom-hiera.conf would look like: --- puppet::dns_alt_names: ['foo1.example.com', 'foo2.example.com'] *** This bug has been marked as a duplicate of bug 1305782 ***
Stephen, Thank you. So to be clear this will not be available until Sat 6.3 correct? Blue Skies, ~Ian
For right now, that's the plan.