Foreman 1.20 test week

Foreman 1.20 RC1 has been announced! Foreman 1.20.0-RC1 has been released

It is the time again where we put our effort into making sure that all most important scenarios work. It’s easy to get your hands dirty and help us with testing:

  1. Install Foreman RC version (the most up to date one)
  2. Pick a scenario from this post or add your own scenario
  3. If you find an issue, file it in the RedMine and make a comment in this thread linking the issue
  4. Mark the scenario as checked in this OP (this is an editable wiki post), here is syntax of checked and unchecked lines (you can click on checkboxes directly with mouse):
    • Unchecked
    • Checked
    • Checked (alternative syntax with no special semantics - both are equal)

You can start right away, the ideal timing is from Monday October 29th until Sunday November 4th but feel free to put your effort anytime before the final release comes out.

Installation

  • Install Foreman using existing script/forklift/beaker
    • RHEL / CentOS latest stable version
    • Debian stable
    • Ubuntu stable LTS
  • Install Foreman manually by following our installation guide
    • RHEL / CentOS latest stable version
    • Debian stable
    • Ubuntu stable LTS
  • Upgrade existing Foreman deployment (advertise in RedMine it was an upgraded instance if you encounter bug)
    • RHEL / CentOS latest stable version
    • Debian stable
    • Ubuntu stable LTS
  • Sanity checks
    • Installation on Red Hat distro with SELinux turned on
    • Packages passenger and tfm-rubygem-passenger are from the same repo (foreman) and in the same version
    • Logging in with a user that has limited permissions works properly

Provisioning

  • Bare-metal or virtualized PXE provisioning (host exits build mode and reboots)
    • BIOS host with CentOS
    • UEFI host with CentOS
    • BIOS host with Debian or Ubuntu
    • UEFI host with Debian or Ubuntu
    • BIOS host with Atomic OS
  • Compute Resources (VM is successfully created, finish or cloud-init is executed)
    • Create VMware host (Image Based/Network Based)
    • Create OpenStack host (Image Based)
    • Create Ovirt host (Image Based/Network Based)
    • Create Libvirt host (Image Based/Network Based)
    • Creare AWS host (Image Based)
    • Create GCE host
  • Puppet manifest import (classes are imported, parameters recognized)
  • Puppet configuration (class is assigned to a host, agent performs changes, reports and facts appears correctly)
  • Log in using user from LDAP (user account is created from LDAP)
  • Log in using user from FreeIPA (user account is created from FreeIPA)

Foreman Discovery

  • Bare-metal or virtualized provisioning via Provision - Customize Host (host exits build mode and reboots)
    • BIOS with discovery from PXE
    • UEFI with discovery from PXE
    • BIOS with discovery PXE-less
    • UEFI with discovery PXE-less
  • Provision a host via discovery rule
  • Provision a host via Customize UI button
  • Provision a host without hostgroup via Customize UI button
  • Provision a host via hammer via hostgroup
  • Provision a host via hammer via auto provisioning rule

Foreman Bootdisk

  • Bootdisk basic provisioning (host exits build mode and reboots)
    • Full host image
    • Host image
    • Generic image
    • Subnet image

Foreman Ansible

  • Import Roles
    • With/From Smart-Proxy
  • Assign Roles
    • Hostgroup
    • Hosts
  • Play Roles
    • Hostgroup
    • Hosts
  • Run shipped Ansible playbook (job), e.g. to install ansible role from galaxy

Foreman Remote Execution

  • Run some job, e.g. ‘ls /etc’ on a system that was provisioned from Foreman, it should work out of the box
  • Run some job against the Foreman host itself, only key configuration should be needed

Foreman Puppet run

  • Trigger Puppet run on host through SSH

Foreman Openscap

  • Create new content file, define a policy, assign it to a host and deploy the foreman_scap_client using puppet
  • Verify ARF report gets uploaded upon foreman_scap_client run and full version of it can be rendered
  • Create tailoring file, assign it to the policy and rerun client with the tailoring file

Foreman Virt Who Configure

  • Create a configuration definition and run it e.g. through REX on some provisioned host. It should succeed as long as it has access to sat tools repo on RHEL, epel (I think) on centos.

Foreman Templates

  • hammer import-templates --lock true # sync newest templates from community-templates repo, see audits
  • mkdir /repo; chown foreman /repo; hammer export-templates --repo /repo # may need setenforce 0

Just installed on centos 7 and the versions are not matching

yum info passenger tfm-rubygem-passenger | grep -e Name -e Version -e Release -e Repo -e From\ repo
Name        : passenger
Version     : 4.0.53
Release     : 4.el7
Repo        : installed
From repo   : epel

Name        : tfm-rubygem-passenger
Version     : 4.0.18
Release     : 10.12.el7
Repo        : installed
From repo   : foreman
1 Like

No SCAP content (XCCDF) profiles listed default scap-contents

https://projects.theforeman.org/issues/25339

Due to the issue, there no way to move ahead with testing the Scap workflow

I have found Bug #25346: User with restricted permissions sees all menu items - Foreman, which I believe is a blocker for the 1.20 release. @tbrisker: Do you concur?

1 Like

Upgrading from 1.19 to 1.20 lead to foreman-proxy error : TypeError no implicit conversion of nil into String

https://projects.theforeman.org/issues/25340

It looks like this is due to https://github.com/theforeman/theforeman.org/pull/1215/files#diff-18c3da045dbbd59ea35b110546f1f61fR395 - Can you please check your settings for ssl_certificate, ssl_ca_file and ssl_priv_key? They used to be derived from the puppet configuration previously, but now they need to be configured.

The ssl settings are set. They were already set for 1:19

1 Like

Thanks for reporting! there is a proposed fix at Fixes #25346 - Correctly render menu for non-admin users by tbrisker · Pull Request #6184 · theforeman/foreman · GitHub

There was a change in the way these settings are calculated in 1.20, can you please share what you see under “Admin → Settings → Auth → ssl certificate” and verify that the path specified there is correct and accessible?

SSL CA file and SSL certificate were empty. I have just completed that. But without success. The certs exist and are the ones for the whole puppet / foreman installation.

ssl settings in foreman-proxy/settings.yml
:ssl_certificate: /var/lib/puppet/ssl/certs/puppettesting.xeop.de.pem
:ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem
:ssl_private_key: /var/lib/puppet/ssl/private_keys/puppettesting.xeop.de.pem
#:foreman_ssl_ca: ssl/certs/ca.pem
#:foreman_ssl_cert: ssl/certs/fqdn.pem
#:foreman_ssl_key: ssl/private_keys/fqdn.pem

Can you verify /var/lib/puppet/ssl/certs/puppettesting.xeop.de.pem actually exists and is readable by the Foreman user?

Those are relevant only for the Proxy, but this is the main application. The relevant ones are in /etc/foreman/settings.yaml.

@Ondrej_Prazak I had a question regarding System admin Role, I know it is able to create users and orgs. I want to know, if what I am doing is a valid scenario.
User1 has a System Admin role with Default location and Default Organization assigned to it.
User1 Wants to create User2 with System Admin role but with Org2 and Default Location.
On doing this, I get a error “You don’t have permission edit_users with attributes that you have specified or you don’t have access to specified locations or organizations”

While assigning to the User2 I am able to see all Orgs

I found my error. I added “SSL CA file” and “SSL certificate” but was missing “SSL private key” in Settings -> Auth :frowning:

Maybe the new settings should be mentioned in the upgrade docu.

Now it works. Thanks for the help.

1 Like

https://github.com/theforeman/theforeman.org/pull/1215 adds a note about this.

This is how the Organizations/Locations work for non-admin users. If you want User1 to modify Org2, it should be assigned to Or2 as well.

2 Likes

Anyone else experiencing “Failure parsing Discovery Red Hat kexec: Safemode doesn’t allow to access ‘append’ on #<Safemode::ScopeObject>.” warning during build mode enter?

Hi,
we noticed that when installing the 1.20 smartproxy, it is missing a dependency for rubygem-logging. This prevents the smartproxy from starting, in 1.19 it also didn’t have a dependency (as far as I can tell), but it didn’t prevent the smartproxy from starting. Manually installing the package rubygem-logging fixes this issue. Tested on CentOs 7. Could someone please take a look at this? Thanks!

2 Likes

Is this an upgrade or new installation? Works fine for the latter here.