Problem:
I am very new to foreman. We are currently using spacewalk and trying to move over to foreman/katello/etc. We rely heavily on configuration channels/configuration file tracking for our CM management. What are some ways I can manage files?
For example, if i need to update /etc/hosts and all of our servers, how do i do that and make sure they all have the current version/current changes?
How about when I setup a new server and I need it to have all of our custom configuration files (/etc/issue, /etc/ssh/sshd_config, etc, etc with specific permissions) - how do I do this?
Thank you in advance.
Foreman and Proxy versions:
foreman-installer-2.4.0-1.el8.noarch
foreman-proxy-2.4.0-1.el8.noarch
Foreman and Proxy plugin versions:
puppetserver-6.15.3-1.el8.noarch
katello-4.0.1-1.el8.noarch
Distribution and version:
CentOS Linux release 8.3.2011
There are many options. Foreman strength is the configuration management. Foreman has an integration with Puppet, Ansible, Chef and Salt, that are typically used for this. At the same time, they come with complexity. Puppet integration is the most used (I think) mainly becase it’s part of the Foreman core but is being extracted to a plugin, so you can really pick. I think the Ansible integration is most straightforward.
If you don’t want to learn a lot about all of this, perhaps you can take advantage of the remote execution plguin. That allows you to modify files on the system easily too. Think of templated scripts you execute though the SSH. In combination with Katello file repositories, you can easily recreate the configuration channels from Spacewalk. Your job would download the file from the repository on the Foreman Proxy, potentially configured permissions/ownership as necessary. The job can be schedule to run periodically. See Foreman :: Introduction to the Remote Execution Plugin for intro to this plugin.
We are often asked by Spacewalk users, but Foreman is based on completely different approach - we believe configuration management should be done with proper tools. So there is no replacement for the way how Spacewalk did this.
Some users do create similar workflow tho, Foreman has a powerful templating engine so you can move all your templates there, generate them on the fly and write your own agent/script that would download them. Just be sure to use HTTPS with X509 CA. But I’d rather invest time into Ansible or Puppet or anything as you will get much better experience, Foreman is able to show you detailed configuration reports, differences in applied changes (like GNU diff), facts and metrics.
