Hello,
Now I succeeded performing a all-in-one on a single dual nic server Foreman and it’s Smart Proxies, I’m trying to do the other way around :
I still want pxe, tfp, dhcp, dns managed by Foreman + to be able to run some Ansible playbooks or Puppet manifests on hosts once installed to further configure them. But I’d like to try the official single nic approach :
Reminder : my unattended hosts are on a private non-routed network
So I’m installing 3 components :
- one dual nic (one on a public routed network, one on a private non-routed subnet) server with foreman server only
- one server for pxe, tftp, dhcp,dns smart proxies (single nic on the private non-routed subnet)
- one server for puppet/puppet CA smart proxies (single nic on the private non-routed subnet)
[I first had to replicate locally foreman and puppet rpm mirrors and had to setup the repo manually to point to my repos].
Here are my concerns :
-
Am I right thinking, foreman-installer beeing basically just Puppet classes/modules, that it is run by a puppet-agent and that this puppet-agent needs to get its catalog from a puppet master : in my case, what would be the puppet-master : would it be the same puppet-server as the puppet smart-proxy in 3) or do I have to have a puppet master on each host I run the installer on ?
-
I did install 1) with :
foreman-installer --no-enable-foreman-proxy
and it worked
- I then copied the cert and ca files from the foreman server to the other servers :
/etc/puppetlabs/puppet/ssl/certs/foreman.it.pasteur.fr.pem
/etc/puppetlabs/puppet/ssl/certs/ca.pem
I don’t know if this makes any sense. Documentation says that obviouly a certificte is needed for the server <-> proxie communication but I didn’t see any details
- I did install 2) with :
--no-enable-foreman \
--no-enable-foreman-cli \
--no-enable-foreman-plugin-bootdisk \
--no-enable-foreman-plugin-setup \
--no-enable-puppet \
--enable-foreman-proxy \
--foreman-proxy-dhcp=true \
--foreman-proxy-dhcp-managed=true \
--foreman-proxy-dhcp-interface=eth0 \
--foreman-proxy-dhcp-subnets="192.168.10.0/24" \
--foreman-proxy-dhcp-gateway="192.168.10.10" \
--foreman-proxy-dhcp-range="192.168.10.200 192.168.10.210" \
--foreman-proxy-tftp=true \
--foreman-proxy-tftp-managed=true \
--foreman-proxy-dns=true \
--foreman-proxy-dns-managed=true \
--foreman-proxy-dns-interface=eth0 \
--foreman-proxy-dns-reverse=10.168.192.in-addr.arpa \
--foreman-proxy-dns-forwarders="157.99.64.64" \
--foreman-proxy-dns-forwarders="157.99.64.65" \
--foreman-proxy-bmc=true \
--foreman-proxy-foreman-base-url=https://foreman.dev.cluster.pasteur.fr \
--foreman-proxy-trusted-hosts=foreman.dev.cluster.pasteur.fr \
[+ oauth related arguments]
But it ended with the following error :
/Stage[main]/Foreman_proxy::Config/User[foreman-proxy]/groups: change from to 'named,puppet' failed: Could not set groups on user[foreman-proxy]: Execution of '/sbin/usermod -G named,puppet foreman-proxy' returned 6: usermod: group 'puppet' does not exist
I saw similar issues but dating from 2016…
What did I do wrong ?
Thanks
–
Thomas HUMMEL