Document URL: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html-single/puppet_guide/#sect-Red_Hat_Satellite-Puppet_Guide-Puppet_Environments Section Number and Name: 3.7 Puppet Environments Describe the issue: If the instruction are followed to create a new puppet environment, when registering a new host with a hostgroup linked to this new environment, it fails. Suggestions for improvement: Adding the missing steps if there is any. Additional information: If a new puppet environment is created and then associated to a host group, when running a bootstrap.py to register a new vm, the certificate request is never created because puppet fails to retrieve the puppet's ca certificate. When testing with puppet agent -t will fail with Environment XXX not found. When doing puppet -t debug the url puppet is trying to reach is like: https://satellite.fqdn:8140/puppetenvironment/certificate/ca?fail_on_404=true So, any new environment created from the portal will fail, except the one that is created out of the box called production. So the way we managed to fix this is in Satellite, was creating a new directory manually at /etc/puppet/environments/ and then from the portal: Configure -> Environments -> and import from satellite, check the new created directory and with this step, the puppet ca is linked correctly so when running bootstrap.py won't fail. I'm not sure if this step is the correct, but doing it by the manual, it seems won't work correctly. Regards, Alfredo Pizarro
*** Bug 1478732 has been marked as a duplicate of this bug. ***
Assigning to Sergei for review.
Hi Sergei, Thank you for the needinfo request! I think you could be right - would you be able to write to Marek Hulan and see if he has any advice about whether this is something that can be handled on the engineering side? Kind regards, Andrew
I tested that UI Create Puppet Environment is not enough since with next Import environments such environment is proposed for removal. After I created corresponding directory having proper ownership (tested on p4): # mkdir /etc/puppet/environments/test # chown apache /etc/puppet/environments/test the "test" environment is no longer marked for removal. Put opposite way if I create directory manually first and Import environments then such environment is correctly imported.
Hello Sergei, It seems to me that the real issue here is that Puppet looks for a certificate directory that doesn't exist, and that's exposed when registering hosts. So the problem occurs when creating the Puppet environment, and is exposed when registering the host. Since the procedure seems to be only two steps, I'd like to add it in all three places. In both places in the host config guide, adding the caveat that "If it doesn't already exist, create the directory /etc/puppet/environments/..." Does that make sense? Thanks, Steve
Yes, but I think that the procedure will always require to create the directory if the environment is created using stellite's portal. When the environment is created through the portal, it is never created under /etc/puppet/environments unless doing manually. Thanks! Alfredo.
Updating target milestone to 'GA'.
These changes are now live on the Customer Portal. Thank you