Replying to my own thread to update what's going on so far. For this discussion foreman "master" is GEORGE-DEV and the second host is CONSTRUCTION-DEV.
Following the installations scenarios and still unable to get the second "local master" to work properly. I provisioned a cent7 host (CONSTRUCTION-DEV) that uses the main foreman host (GEORGE-DEV) as CA and puppet master. Once booted I ran the following commands and you can see the local "puppet agent" at this stage doesn't work on CONSTRUCTION-DEV. Before doing this I generated key on the GEORGE-DEV as instructed by the Scenarios docs and placed them in /etc/puppetlabs/puppet/ssl/*. Here is the script I ran to generate the CA and tarball it up so I could scp it to the CONSTRUCTION-DEV. #!/bin/sh echo "Cleaning any old certs for $1." puppet cert clean $1 echo "Generating cert for $1." puppet cert generate $1 echo "Making tar file of cert files for $1" tar cvf $1.tar /etc/puppetlabs/puppet/ssl/certs/$1.pem /etc/puppetlabs/puppet/ssl/private_keys/$1.pem /etc/puppetlabs/puppet/ssl/public_keys/$1.pem Here are the remaining commands up till I tried to run the puppet agent to see if it would talk to GEORGE-DEV. (before running foreman-install it did). I disabled firewalld in the dev environment just to make sure there are no "firewall" issues. [root@construction-dev /]# systemctl stop firewalld [root@construction-dev /]# systemctl disable firewalld Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service. [root@construction-dev /]# [root@construction-dev /]# foreman-installer \ > --no-enable-foreman \ > --no-enable-foreman-cli \ > --no-enable-foreman-plugin-bootdisk \ > --no-enable-foreman-plugin-setup \ > --enable-puppet \ > --enable-foreman-proxy \ > --puppet-server-ca=false \ > --puppet-server-foreman-url=https://george-dev.domain.com \ > --foreman-proxy-puppetca=false \ > --foreman-proxy-tftp=false \ > --foreman-proxy-foreman-base-url=https://george-dev.domain.com \ > --foreman-proxy-trusted-hosts=george-dev.domain.com \ > --foreman-proxy-oauth-consumer-key=PWD \ > --foreman-proxy-oauth-consumer-secret=PWD Installing Done [100%] [........................................................................................................................................................................................................] Success! * Foreman is running at https://construction-dev.domain.com Initial credentials are admin / PWD * Foreman Proxy is running at https://construction-dev.domain.com:8443 * Puppetmaster is running at port 8140 The full log is at /var/log/foreman-installer/foreman.log [root@construction-dev /]# [root@construction-dev /]# [root@construction-dev /]# puppet agent --test Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 400 on SERVER: Failed to find construction-dev.domain.com via exec: Execution of '/etc/puppet/node.rb construction-dev.domain.com' returned 1: Info: Retrieving pluginfacts Info: Retrieving plugin Notice: /File[/var/lib/puppet/lib/puppet]/ensure: removed Notice: /File[/var/lib/puppet/lib/puppet_x]/ensure: removed Notice: /File[/var/lib/puppet/lib/hiera]/ensure: removed Notice: /File[/var/lib/puppet/lib/facter]/ensure: removed Notice: /File[/var/lib/puppet/lib/puppetdb]/ensure: removed Notice: /File[/var/lib/puppet/lib/puppetdb.rb]/ensure: removed Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class nano for construction-dev.domain.com on node construction-dev.domain.com Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Am I just misunderstanding what that scenario is trying to do? My goal is GEORGE-DEV will be foreman/puppet master and the new CONSTRUCTION-DEV is to be a "local" puppet master at another pop. CONSTRUCTION-DEV will need to be a master AND agent. -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.