support setting arbitrary servers as Puppet master and CA

README.md

@@ -150,7 +150,7 @@ This usage leverages the `--skip foreman` switch, which does not require usernam
  - the `--skip foreman` switch implies `--skip puppet`
  - When using `--skip foreman`, it is expected that the organization specified  (via `--organization|-o`) is specified via **LABEL**, not **NAME**.
 
-Option 1: using the `--skip foreman` option. 
+Option 1: using the `--skip foreman` option.
 
 ~~~
 # ./bootstrap.py -s foreman.example.com \
@@ -159,7 +159,7 @@ Option 1: using the `--skip foreman` option.
     --skip foreman
 ~~~
 
-Option 2 : using the `--content-only` option. This option exists as an alias to `--skip foreman`. 
+Option 2 : using the `--content-only` option. This option exists as an alias to `--skip foreman`.
 
 ~~~
 # ./bootstrap.py -s foreman.example.com \
@@ -403,7 +403,7 @@ When migrating or registering clients which may have never been managed via Pupp
 ### Providing a repository with the subscription-manager packages
 
 For clients who do not have subscription-manager installed (which is a prerequisite of `bootstrap.py`), the `deps-repository-url` option can be used to specify a yum repository which contains the `subscription-manager` RPMs
-On your Foreman instance, kickstart repositories are available via HTTP, and are ideal to be used in this scenario. However, any yum repository with the required packages would work.  
+On your Foreman instance, kickstart repositories are available via HTTP, and are ideal to be used in this scenario. However, any yum repository with the required packages would work.
 
 ~~~
 ./bootstrap.py -l admin \
@@ -450,7 +450,43 @@ is configured with this value. If desired, this value can be overridden using th
 
 ~~~
 
+### Using an alternative Puppet master or Puppet CA
 
+When attaching a client to a setup, where Puppet runs outside of the Foreman setup, you can configure the Puppet agent to use an alternative Puppet master using the `--puppet-server` switch.
+
+~~~
+./bootstrap.py -l admin \
+    -s foreman.example.com \
+    -o "Red Hat" \
+    -L RDU \
+    -g "RHEL7/Crash" \
+    -a ak-Reg_To_Crash \
+    --puppet-server=puppet.example.com
+~~~
+
+In the case the Puppet CA is running on a different server, you can use the `--puppet-ca-server` switch for the server hostname and the `--puppet-ca-port` one for the port.
+
+~~~
+./bootstrap.py -l admin \
+    -s foreman.example.com \
+    -o "Red Hat" \
+    -L RDU \
+    -g "RHEL7/Crash" \
+    -a ak-Reg_To_Crash \
+    --puppet-server=puppet.example.com \
+    --puppet-ca-server=puppetca.example.com
+~~~
+
+~~~
+./bootstrap.py -l admin \
+    -s foreman.example.com \
+    -o "Red Hat" \
+    -L RDU \
+    -g "RHEL7/Crash" \
+    -a ak-Reg_To_Crash \
+    --puppet-server=puppet.example.com \
+    --puppet-ca-port=8141
+~~~
 # Help / Available options:
 
 ~~~
@@ -481,6 +517,9 @@ Options:
   --skip-foreman        Do not create a Foreman host. Implies --skip-puppet.
                         When using --skip-foreman, you MUST pass the
                         Organization's LABEL, not NAME
+  --content-only        Setup host for content only. Alias to --skip foreman.
+                        Implies --skip-puppet. When using --content-only, you
+                        MUST pass the Organization's LABEL, not NAME
   -g HOSTGROUP, --hostgroup=HOSTGROUP
                         Title of the Hostgroup in Foreman that the host is to
                         be associated with
@@ -508,6 +547,15 @@ Options:
                         certs)
   --add-domain          Automatically add the clients domain to Foreman
   --puppet-noop         Configure Puppet agent to only run in noop mode
+  --puppet-server=PUPPET_SERVER
+                        Configure Puppet agent to use this server as master
+                        (defaults to the Foreman server)
+  --puppet-ca-server=PUPPET_CA_SERVER
+                        Configure Puppet agent to use this server as CA
+                        (defaults to the Foreman server)
+  --puppet-ca-port=PUPPET_CA_PORT
+                        Configure Puppet agent to use this port to connect to
+                        the CA
   --remove              Instead of registering the machine to Foreman remove
                         it
   -r RELEASE, --release=RELEASE
@@ -542,6 +590,8 @@ Options:
   --install-packages=installpackages
                         List of packages to be additionally installed - comma
                         separated
+  --new-capsule         Switch the server to a new capsule for content and
+                        Puppet. Pass --server with the Capsule FQDN as well.
   -t timeout, --timeout=timeout
                         Timeout (in seconds) for API calls and subscription-
                         manager registration. Defaults to 900
@@ -551,7 +601,7 @@ Options:
 
 ## FIPS support
 
-On systems with FIPS enabled (where `/proc/sys/crypto/fips_enabled == 1`), algorithms such as MD5 are disallowed. Bootstrap will configure `digest_algorithm = sha256` in puppet.conf to allow successful puppet runs. However, the signing algorithm **must** match on the Puppet Master. It is expected that the Puppet Masters are configured with the **same** algorithm prior to running `bootstrap.py` on the clients. 
+On systems with FIPS enabled (where `/proc/sys/crypto/fips_enabled == 1`), algorithms such as MD5 are disallowed. Bootstrap will configure `digest_algorithm = sha256` in puppet.conf to allow successful puppet runs. However, the signing algorithm **must** match on the Puppet Master. It is expected that the Puppet Masters are configured with the **same** algorithm prior to running `bootstrap.py` on the clients.
 
 # Ansible integration
 

bootstrap.py

@@ -479,7 +479,10 @@ def install_puppet_agent():
 certname        = %s
 environment     = %s
 server          = %s
-""" % (main_section, options.foreman_fqdn, FQDN, puppet_env, options.foreman_fqdn))
+""" % (main_section, options.puppet_ca_server, FQDN, puppet_env, options.puppet_server))
+    if options.puppet_ca_port:
+        puppet_conf.write("""ca_port         = %s
+""" % (options.puppet_ca_port))
     if options.puppet_noop:
         puppet_conf.write("""noop            = true
 """)
@@ -989,6 +992,9 @@ def exec_service(service, command, failonerror=True):
     parser.add_option("-f", "--force", dest="force", action="store_true", help="Force registration (will erase old katello and puppet certs)")
     parser.add_option("--add-domain", dest="add_domain", action="store_true", help="Automatically add the clients domain to Foreman")
     parser.add_option("--puppet-noop", dest="puppet_noop", action="store_true", help="Configure Puppet agent to only run in noop mode")
+    parser.add_option("--puppet-server", dest="puppet_server", action="store", help="Configure Puppet agent to use this server as master (defaults to the Foreman server)")
+    parser.add_option("--puppet-ca-server", dest="puppet_ca_server", action="store", help="Configure Puppet agent to use this server as CA (defaults to the Foreman server)")
+    parser.add_option("--puppet-ca-port", dest="puppet_ca_port", action="store", help="Configure Puppet agent to use this port to connect to the CA")
     parser.add_option("--remove", dest="remove", action="store_true", help="Instead of registering the machine to Foreman remove it")
     parser.add_option("-r", "--release", dest="release", help="Specify release version")
     parser.add_option("-R", "--remove-obsolete-packages", dest="removepkgs", action="store_true", help="Remove old Red Hat Network and RHUI Packages (default)", default=True)
@@ -1018,6 +1024,10 @@ def exec_service(service, command, failonerror=True):
     if options.content_only:
         print_generic("The --content-only option was provided. Adding --skip foreman")
         options.skip.append('foreman')
+    if not options.puppet_server:
+        options.puppet_server = options.foreman_fqdn
+    if not options.puppet_ca_server:
+        options.puppet_ca_server = options.foreman_fqdn
 
     # > Validate that the options make sense or exit with a message.
     # the logic is as follows:
@@ -1114,6 +1124,9 @@ def exec_service(service, command, failonerror=True):
         print "DOWNLOAD METHOD - %s" % options.download_method
         print "SKIP - %s" % options.skip
         print "TIMEOUT - %s" % options.timeout
+        print "PUPPET SERVER - %s" % options.puppet_server
+        print "PUPPET CA SERVER - %s" % options.puppet_ca_server
+        print "PUPPET CA PORT - %s" % options.puppet_ca_port
 
     # > Exit if the user isn't root.
     # Done here to allow an unprivileged user to run the script to see
@@ -1246,8 +1259,8 @@ def exec_service(service, command, failonerror=True):
             # that would nuke custom /etc/puppet/puppet.conf files, which might
             # yield undesirable results.
             print_running("Updating Puppet configuration")
-            exec_failexit("sed -i '/^[[:space:]]*server.*/ s/=.*/= %s/' %s" % (options.foreman_fqdn, puppet_conf_file))
-            exec_failok("sed -i '/^[[:space:]]*ca_server.*/ s/=.*/= %s/' %s" % (options.foreman_fqdn, puppet_conf_file))  # For RHEL5 stock puppet.conf
+            exec_failexit("sed -i '/^[[:space:]]*server.*/ s/=.*/= %s/' %s" % (options.puppet_server, puppet_conf_file))
+            exec_failok("sed -i '/^[[:space:]]*ca_server.*/ s/=.*/= %s/' %s" % (options.puppet_ca_server, puppet_conf_file))  # For RHEL5 stock puppet.conf
             delete_directory(ssl_dir)
             delete_file("%s/client_data/catalog/%s.json" % (var_dir, FQDN))