Document URL: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html-single/managing_configurations_using_puppet_integration_in_red_hat_satellite/index#supported-puppet-versions-and-system-requirements_managing-configurations-puppet Section Number and Name: Chapter 1. Introducing Configuration Management Using Puppet Section 1.3. Enabling Puppet Integration with Satellite Describe the issue: The instructions to configure a Capsule as a puppetserver do not work. This is the command for the Capsule server to configure itself as a puppet server: ~~~ satellite-installer --foreman-proxy-puppet true \ --foreman-proxy-puppetca true \ --foreman-proxy-content-puppet true \ --enable-puppet \ --puppet-server true \ --puppet-server-foreman-ssl-ca /etc/pki/katello/puppet/puppet_client_ca.crt \ --puppet-server-foreman-ssl-cert /etc/pki/katello/puppet/puppet_client.crt \ --puppet-server-foreman-ssl-key /etc/pki/katello/puppet/puppet_client.key ~~~ Afterwards, any time we try to run "puppet agent -tv" from the Capsule itself, or from a content host registered to the Capsule server, we get this error (where test.example.com is the fqdn of the server we are running the "puppet agent -tv" from): ~~~ # puppet agent -tv Info: Using environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Failed when searching for node test.example.com: Failed to find test.example.com via exec: Execution of '/etc/puppetlabs/puppet/node.rb test.example.com' returned 1: Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run ~~~ The only way to get this to work is to include this flag when configuring the Capsule as a puppet server (where satellite.example.com is the fqdn of the Satellite server): "--puppet-server-foreman-url satellite.example.com" Suggestions for improvement: The command used to configure the Capsule as a puppet server needs to include the "--puppet-server-foreman-url" flag like so (where satellite.example.com is the fqdn of the Satellite server): ~~~ satellite-installer --foreman-proxy-puppet true \ --foreman-proxy-puppetca true \ --foreman-proxy-content-puppet true \ --enable-puppet \ --puppet-server true \ --puppet-server-foreman-ssl-ca /etc/pki/katello/puppet/puppet_client_ca.crt \ --puppet-server-foreman-ssl-cert /etc/pki/katello/puppet/puppet_client.crt \ --puppet-server-foreman-ssl-key /etc/pki/katello/puppet/puppet_client.key \ --puppet-server-foreman-url "satellite.example.com" ~~~ Additional information: Prior to 6.11, whenever the "capsule-certs-generate" was run from the Satellite server to generate certificates for a newly created Capsule server, the satellite-installer command the Satellite generates to be run on the Capsule server included this flag (where satellite.example.com is the fqdn of the satellite server): --puppet-server-foreman-url "satellite.example.com" As of 6.11, the Satellite no longer generates this for the "satellite-installer" command to be run on the Capsule server. This is to be expected since we don't configure Puppet Server on Satellite and Capsule by default anymore. However, this makes the default value the Capsule server has for "puppet-server-foreman-url" the fqdn of the Capsule server itself, and not of the satellite server. So this setting never gets configured to point to the fqdn of the Satellite server. I believe this causes issues since the Puppet CA certificate is a self-signed certificae issued by the Satellite server.
PR created. https://github.com/theforeman/foreman-documentation/pull/1692 +myoder, pls check if the cherry picking is selected properly in the PR above. Thank you :)
PR is merged into the master. No more updates are pending on this issue hence closing this issue. Here is the updated docs link for reference. https://docs.theforeman.org/nightly/Managing_Configurations_Puppet/index-satellite.html#Enabling_Puppet_Integration_managing-configurations-puppet Regards, Sagar Dubewar