Foreman 1.7.1 -- Chef integration 12

Development
1

I am trying to integrate a new Foreman 1.7.1 with a new Chef 12 server.

I've installed them both and I wish to integrate it (https://www.youtube.com/watch?v=mtR0mCeisbs will be my inspiration).

I can't find any good How-to's or documentation regarding the installation and configuration flow.

I now can access my Foreman WebUI but it looks like the foreman-proxy is not right and I can't figure what I need to do :frowning:

After running forema-installer I can see a

"Could not find a suitable provider for foreman_smartproxy"

message and my foreman-proxy log says that "No client SSL certificate
supplied". I have ran the " puppet cert generate " command but nothing made
the trickโ€ฆ

More info:

[root@***** tmp]# gem list | grep foreman
/usr/local/lib/ruby/1.9.1/yaml.rb:84:in `<top (required)>':
It seems your ruby installation is missing psych (for YAML output).
To eliminate this warning, please install libyaml and reinstall your ruby.
foreman (0.77.0)
foreman-tasks (0.6.12)
foreman_chef (0.1.1)

[root@***** tmp]# rpm -qa | grep foreman
rubygem-hammer_cli_foreman-0.1.3-1.el6.noarch
foreman-compute-1.7.2-1.el6.noarch
ruby193-rubygem-foreman-mco-0.0.1-3.el6.noarch
foreman-selinux-1.7.2-1.el6.noarch
foreman-proxy-1.7.2-1.el6.noarch
foreman-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_setup-2.1.1-1.el6.noarch
ruby193-rubygem-foreman_column_view-0.2.0-1.el6.noarch
foreman-release-scl-1-1.el6.x86_64
foreman-cli-1.7.2-1.el6.noarch
foreman-vmware-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_templates-1.4.0-2.el6.noarch
ruby193-rubygem-foreman-tasks-0.6.12-2.el6.noarch
ruby193-rubygem-foreman_simplify-0.0.5-1.el6.noarch
ruby193-rubygem-foreman_custom_parameters-0.0.2-1.el6.noarch
foreman-installer-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_bootdisk-4.0.2-1.el6.noarch
ruby193-rubygem-foreman_chef-doc-0.1.1-1.el6.noarch
foreman-postgresql-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_discovery-2.0.0-0.1.rc2.el6.noarch
ruby193-rubygem-foreman_default_hostgroup-3.0.0-1.el6.noarch
foreman-release-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_chef-0.1.1-1.el6.noarch
ruby193-rubygem-foremancli-1.0-6.el6.noarch

[root@***** tmp]# ruby -v
ruby 1.9.3p551 (2014-11-13 revision 48407) [x86_64-linux]

And the Foreman configuration yaml:

ยทยทยท --- foreman: foreman_url: "https://foreman*.BLAH.BLAH" unattended: true authentication: true passenger: true passenger_scl: passenger_ruby: /usr/bin/ruby193-ruby passenger_ruby_package: ruby193-rubygem-passenger-native use_vhost: true servername: foreman*.BLAH.BLAH ssl: true custom_repo: true repo: stable configure_epel_repo: true configure_scl_repo: true configure_brightbox_repo: false selinux: gpgcheck: true version: present db_manage: true db_type: postgresql db_adapter: db_host: db_port: db_database: db_username: foreman db_password: ***** db_sslmode: app_root: /usr/share/foreman user: foreman group: foreman user_groups: - puppet environment: production puppet_home: /var/lib/puppet locations_enabled: false organizations_enabled: false passenger_interface: "" server_ssl_ca: /var/lib/puppet/ssl/certs/ca.pem server_ssl_chain: /var/lib/puppet/ssl/certs/ca.pem server_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem server_ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem oauth_active: true oauth_map_users: false oauth_consumer_key: **** oauth_consumer_secret: "****" passenger_prestart: true passenger_min_instances: "1" passenger_start_timeout: "600" admin_username: admin admin_password: ****** admin_first_name: admin_last_name: admin_email: initial_organization: initial_location: ipa_authentication: false http_keytab: /etc/httpd/conf/http.keytab pam_service: foreman configure_ipa_repo: false ipa_manage_sssd: true websockets_encrypt: true websockets_ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem websockets_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem foreman_proxy: repo: stable gpgcheck: true custom_repo: true version: present port: 8443 dir: /usr/share/foreman-proxy user: foreman-proxy log: /var/log/foreman-proxy/proxy.log ssl: true ssl_ca: /var/lib/puppet/ssl/certs/ca.pem ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem trusted_hosts: - foreman*.BLAH.BLAH manage_sudoersd: true use_sudoersd: true puppetca: true ssldir: /var/lib/puppet/ssl puppetdir: /etc/puppet autosign_location: /etc/puppet/autosign.conf puppetca_cmd: "/usr/bin/puppet cert" puppet_group: puppet puppetrun: true puppetrun_cmd: "/usr/bin/puppet kick" puppetrun_provider: "" customrun_cmd: /bin/false customrun_args: "-ay -f -s" puppetssh_sudo: false puppetssh_command: "/usr/bin/puppet agent --onetime --no-usecacheonfailure" puppetssh_user: root puppetssh_keyfile: /etc/foreman-proxy/id_rsa puppetssh_wait: false puppet_user: root puppet_url: "https://foreman*.BLAH.BLAH:8140" puppet_ssl_ca: /var/lib/puppet/ssl/certs/ca.pem puppet_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem puppet_ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem puppet_use_environment_api: tftp: true tftp_syslinux_root: /usr/share/syslinux tftp_syslinux_files: - pxelinux.0 - menu.c32 - chain.c32 - memdisk tftp_root: /var/lib/tftpboot/ tftp_dirs: - /var/lib/tftpboot//pxelinux.cfg - /var/lib/tftpboot//boot tftp_servername: "*.*.*.*." dhcp: false dhcp_managed: true dhcp_interface: eth0 dhcp_gateway: "*.*.100.1" dhcp_range: false dhcp_nameservers: default dhcp_vendor: isc dhcp_config: /etc/dhcp/dhcpd.conf dhcp_leases: /var/lib/dhcpd/dhcpd.leases dhcp_key_name: "" dhcp_key_secret: "" dns: false dns_managed: true dns_provider: nsupdate dns_interface: eth0 dns_zone: BLAH.BLAH dns_reverse: "100.168.192.in-addr.arpa"

โ€“ press enter/return to continue or q to stop โ€“
dns_server: "127.0.0.1"
dns_ttl: "86400"
dns_tsig_keytab: /etc/foreman-proxy/dns.keytab
dns_tsig_principal: "foremanproxy/foreman*.BLAH.BLAH@.CO.IL"
dns_forwarders: []
virsh_network: default
bmc: false
bmc_default_provider: ipmitool
realm: false
realm_provider: freeipa
realm_keytab: /etc/foreman-proxy/freeipa.keytab
realm_principal: "realm-proxy@EXAMPLE.COM"
freeipa_remove_dns: true
keyfile: /etc/rndc.key
register_in_foreman: true
foreman_base_url: "https://foreman*.BLAH.BLAH"
registered_name: foreman*.BLAH.BLAH
registered_proxy_url: "https://foreman*.BLAH.BLAH:8443"
oauth_effective_user: admin
oauth_consumer_key: ****************
oauth_consumer_secret: "*"
puppet: false
foreman_cli:
foreman_url:
manage_root_config: true
username:
password:
refresh_cache: false
request_timeout: 120
foreman_plugin_bootdisk: {}
foreman_plugin_chef: {}
foreman_plugin_default_hostgroup: false
foreman_plugin_discovery:
version: latest
source: "http://downloads.theforeman.org/discovery/releases/latest/"
initrd: foreman-discovery-image-latest.el6.iso-img
kernel: foreman-discovery-image-latest.el6.iso-vmlinuz
install_images: false
foreman_plugin_ovirt_provision: false
foreman_plugin_tasks: false
foreman_plugin_hooks: false
foreman_plugin_puppetdb: false
foreman_plugin_setup: {}
foreman_plugin_templates: {}
foreman_compute_ec2: false
foreman_compute_gce: false
foreman_compute_libvirt: false
foreman_compute_openstack: false
foreman_compute_ovirt: false
foreman_compute_rackspace: false
foreman_compute_vmware: {}
foreman_proxy_plugin_pulp: false

I hope tht this is the right place to ask this kind of help :slight_smile:

Michael.

2

> I hope tht this is the right place to ask this kind of help :slight_smile:

Hello, yeah, this or our -user list is even better spot. Anyway, let's
do this step-by-step. If we forget about Chef first, you need to follow
our documentation for the installation. We have an installer that does
everything for you and it ends up with working Foreman installation.

Supported platforms are RHEL/CentOS/Fedora and Debian/Ubuntu:

http://theforeman.org/manuals/1.7/#2.Quickstart

Have you followed that? What platform are you on? Did you encounter any
errors during the installation phase?

ยทยทยท -- Later, Lukas #lzap Zapletal
3

Hi Lukas,
thanks for the quick reply.

Have you followed that?

Yes, I've followed the guide

> What platform are you on?

my platform is CentOS 6.5

[***@foreman ~]$ cat /etc/issue
CentOS release 6.6 (Final)
Kernel \r on an \m

[mlev@foreman ~]$ uname -a
Linux foreman 2.6.32-504.8.1.el6.x86_64 #1 SMP Wed Jan 28 21:11:36 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux

Did you encounter any errors during the installation phase?

well my WebUI is up but I saw these ERROR in the end of the
foreman-installer:

"Could not find a suitable provider for foreman_smartproxy"

Secondly, I see a message on my foreman-proxy log (foreman-tail exec) and
when I browse to my foreman URL port 8443

"No client SSL certificate supplied".

I have ran the " puppet cert generate <hosntame -f>" command as stated in
the guide but still no success :frowning:

my hostname -f is forman.***.***.*** (It have a doman postifx)

Thanks!!
Michael.

ยทยทยท On Wednesday, February 4, 2015 at 2:15:04 PM UTC+2, Lukas Zapletal wrote: > > > I hope tht this is the right place to ask this kind of help :) > > Hello, yeah, this or our -user list is even better spot. Anyway, let's > do this step-by-step. If we forget about Chef first, you need to follow > our documentation for the installation. We have an installer that does > everything for you and it ends up with working Foreman installation. > > Supported platforms are RHEL/CentOS/Fedora and Debian/Ubuntu: > > http://theforeman.org/manuals/1.7/#2.Quickstart > > Have you followed that? What platform are you on? Did you encounter any > errors during the installation phase? > > -- > Later, > Lukas #lzap Zapletal >
4

Michael,

> Thanks!!

I am afraid the only way I can help you is when you use

foreman-debug

tool to collect logs and when the utility asks you do upload this on our
server. Only Foreman core team can read the file.

You must have misconfigured something with the installer, I suspect your
domain is incorrect or something.

ยทยทยท -- Later, Lukas #lzap Zapletal
5

Hi Lukas,
Thanks a lot for the help,
I have uploaded the debug now.

ยทยทยท On Thursday, February 5, 2015 at 11:26:10 AM UTC+2, Lukas Zapletal wrote: > > Michael, > > > Thanks!! > > I am afraid the only way I can help you is when you use > > foreman-debug > > tool to collect logs and when the utility asks you do upload this on our > server. Only Foreman core team can read the file. > > You must have misconfigured something with the installer, I suspect your > domain is incorrect or something. > > -- > Later, > Lukas #lzap Zapletal >
6

Hello,

before we get to chef configuration, how did you run the installer? The issue
seems to be that puppet did not generate certificates which happens if you
don't install puppet (which makes sense if you only want to have foreman +
chef). In such case you have to provide your own certificates.

So the first question, how did you run foreman-installer, any custom
parameters you used? (e.g. --enable-foreman-plugin-chef โ€ฆ). Also sending
/etc/foreman/foreman-installer-answers.yaml might help, note that it may
contain sensitive data, so clean them first.

ยทยทยท -- Marek

On Thursday 05 of February 2015 10:26:04 Lukas Zapletal wrote:

Michael,

Thanks!!

I am afraid the only way I can help you is when you use

foreman-debug

tool to collect logs and when the utility asks you do upload this on our
server. Only Foreman core team can read the file.

You must have misconfigured something with the installer, I suspect your
domain is incorrect or something.

7

Hello Marek,
Thank you for giving a hand.

Indeed, I do not need Puppet but I cannot be sure regarding the SSL
certificate configuration, where can I read about it (related to the
installation)?

foreman-installer give me a "Could not find a suitable provider for
foreman_smartproxy" ERROR and I cannot understand what is my next step
hereโ€ฆ

I am also attaching the setting.yml YAML file.

THANKS A LOT!
Michael.

foreman-installer-answers.yaml (8.7 KB)

ยทยทยท On Thursday, February 5, 2015 at 2:25:03 PM UTC+2, Marek Hulan wrote: > > Hello, > > before we get to chef configuration, how did you run the installer? The > issue > seems to be that puppet did not generate certificates which happens if you > don't install puppet (which makes sense if you only want to have foreman + > chef). In such case you have to provide your own certificates. > > So the first question, how did you run foreman-installer, any custom > parameters you used? (e.g. --enable-foreman-plugin-chef ...). Also sending > /etc/foreman/foreman-installer-answers.yaml might help, note that it may > contain sensitive data, so clean them first. > > -- > Marek > > On Thursday 05 of February 2015 10:26:04 Lukas Zapletal wrote: > > Michael, > > > > > Thanks!! > > > > I am afraid the only way I can help you is when you use > > > > foreman-debug > > > > tool to collect logs and when the utility asks you do upload this on our > > server. Only Foreman core team can read the file. > > > > You must have misconfigured something with the installer, I suspect your > > domain is incorrect or something. > >
8

Dropping this.
Installing everything on CentOS 7 made the trick :wink:

ยทยทยท On Thursday, February 5, 2015 at 3:42:56 PM UTC+2, Lev Michael wrote: > > Hello Marek, > Thank you for giving a hand. > > Indeed, I do not need Puppet but I cannot be sure regarding the SSL > certificate configuration, where can I read about it (related to the > installation)? > > foreman-installer give me a "Could not find a suitable provider for > foreman_smartproxy" ERROR and I cannot understand what is my next step > here.. > > I am also attaching the setting.yml YAML file. > > THANKS A LOT! > Michael. > > On Thursday, February 5, 2015 at 2:25:03 PM UTC+2, Marek Hulan wrote: >> >> Hello, >> >> before we get to chef configuration, how did you run the installer? The >> issue >> seems to be that puppet did not generate certificates which happens if >> you >> don't install puppet (which makes sense if you only want to have foreman >> + >> chef). In such case you have to provide your own certificates. >> >> So the first question, how did you run foreman-installer, any custom >> parameters you used? (e.g. --enable-foreman-plugin-chef ...). Also >> sending >> /etc/foreman/foreman-installer-answers.yaml might help, note that it may >> contain sensitive data, so clean them first. >> >> -- >> Marek >> >> On Thursday 05 of February 2015 10:26:04 Lukas Zapletal wrote: >> > Michael, >> > >> > > Thanks!! >> > >> > I am afraid the only way I can help you is when you use >> > >> > foreman-debug >> > >> > tool to collect logs and when the utility asks you do upload this on >> our >> > server. Only Foreman core team can read the file. >> > >> > You must have misconfigured something with the installer, I suspect >> your >> > domain is incorrect or something. >> >>