I’ve tried Foreman in the past for testing configuration management but now I’m trying out the RC’s for Foreman 3 and Katello 4.2 with a few test systems and I’ll likely implement into production once they are released. The setup consists of a number of LXC containers (via Proxmox) with a mix of Debian and Rocky Linux (as containers are migrated away from CentOS) split across a DMZ and internal network. The main goal for now is configuration and content management. Provisioning may come later but is not a priority right now.
Since most of the hosts already exist, I’m having a hard time figuring out the best way to add hosts to Foreman. I’ve used a simple script in the past to install the agent and use Foreman to sign the cert request and play around with the configuration side of things, but I’m not sure how to go about it with Katello.
Do I use the subscription-manager to first connect a host to Katello first then use the “register host” functionality to connect it to Foreman? I’m a bit confused as to the best way to do this without a lot of manual steps.
While I’m only relatively new to Foreman myself, if you are considering Ansible, setting up the Ansible Foreman callback and running a simple Ansible playbook or module (i.e., setup) against your Ansible inventory might solve your problem.
It depends on what options you have to run scripts on your hosts.
When I add an existing host manually to my katello/foreman I usually first register it to content management (i.e. katello) using an activation key which gives access to everything needed to install and run puppet agent in our environment.
Then I install and run the puppet agent on that host, sign the cert, and the next agent run sets everything up from the configuration side (including installing the SSH key for remote execution).
Either step makes the host known to foreman/katello, thus you can also go the other way round and do it the way you did before and then later register hosts for content management with subscription-manager.
Register Host allows you to create a simple shell script which you can run on a host which basically does all the above if you want. All you need to do then is run the shell script (i.e. use the curl command to retrieve the script and pipe it into bash) and that’s it. Of course, you can use the curl command directly to take a look at the resulting script.
You can also look at the provisioning templates used to generate the script. I think they are “Global Registration” and “Linux host_init_config default”.
You could use hammer CLI to make the registrations and then all you need to do is run the respective script on the respective host.
But the best approach for your environment depends on what you already have. From what you write it sounds like you already have puppet agent installed and working on all hosts, i.e. you could point the agent to the new installation and sign the certs to get them connected. After that you could use your puppet to get remote execution set up (which you’ll need for content management later, anyway). Once you have remote execution you can pretty easily get the katello-ca rpm installed and use subscription-manager to connect all hosts to content management.
As a starting point, you can use “Register Host” to set up a test host and have a look in the resulting shell script.
I haven’t thought about using Ansible at this point so I’ll look into that a bit more.
As for my hosts, I have the capability to run whatever I need so lots of flexibility there. I did try to Register Host command but received the following error:
This system is not yet registered. Try 'subscription-manager register --help' for more information
So based on that, it seemed like registering it to the content manager as you explained is the first step when using this method. I’d rather have all the hosts use our content server anyway so it seems like the logical step. After that, I can put together a script to install puppet and then it’s off to the races.
I did look at the “Linux host_init_config default” briefly but not he Global Registration. I’ll dig in a bit more and see what those scripts are doing and setup any customization there as well. I’m assuming it’s possible to clone and create a custom script that includes the puppet install and parameters setup?