Foreman and the Puppetserver environment cache

August 17, 2019 

Importing classes is a two-phase process when you're using r10k with Foreman. Say you've created a new class, "role::ipa_server" to the "production" environment; without Foreman it would be sufficient to deploy the change on the Puppetserver with r10k:

$ r10k deploy environment production -vp

At this point Foreman does not, however, know anything about this new class deployed with r10k:

$ hammer puppet-class list --environment production|grep ipa_server

The "Smart proxy" component in Foreman - also known as "foreman-proxy" - is responsible for fetching new classes from Puppetserver. With the latest Puppet versions it uses the Puppetserver API to do the import. It is fairly trivial to update Foreman's list of classes using the command-line

$ hammer proxy import-classes --id 1
Successfully updated environment and puppetclasses from the on-disk puppet installation
Changed environments:
1) production
New classes:

The "id" above refers to the ID of the smart proxy fom which to fetch the classes - see "hammer proxy list" for details.

The command given above does not do anything if Puppetserver's environment class cache feature is turned on, because smart proxy receives an outdated list of Puppet classes in response to its API call. The problem can be fixed (or worked around) by turning that feature off by editing the file /etc/puppetlabs/puppetserver/conf.d/puppetserver.conf:

# (optional) enable or disable environment class cache
environment-class-cache-enabled: false

Once this is done the smart proxy logs will start displaying a warning:

2019-08-08T12:12:21 ed5f29fe [W] Puppet server classes cache is disabled, classes retrieval can be slow.

This is not a problem in relatively small environments and makes it much faster to test Puppet code using Foreman.

Samuli Seppänen
Samuli Seppänen
Author archive