Hello,

some time ago I created simple Foreman appliance which was based on
Fedora and it was running a simple git checkout.

I'd like to push this a step further and create new CentOS based image
with Foreman installed from RPM using our installer. The goal is to have
Foreman app installed and run it via webrick (foreman-rake server). To
get there, I need to solve one issue with the installer.

When building a docker image, the environment has hostname set to
container id (sha, or whatever this is called in docker terms):

hostname

d80d8b40afff

This of course breaks our installer since we expect FQDN because of
certificates.

Now, is there any way to configure our installer to skip all the
FQDN-dependant puppet tasks? I am not interested in smart proxy and
services, I am only interested in Foreman itself (plus the ENC script).

If this is not possible, can Puppet experts give me some overview what
needs to be done to allow this?

Then, once container is executed with proper hostname set (via docker -h
option), we can execute the installer for the 2nd time to finish the
installation which should be relatively fast as everything should be
already set up.

Opinions? Anyone interested?

> Hello,
>
> some time ago I created simple Foreman appliance which was based on
> Fedora and it was running a simple git checkout.
>
> I'd like to push this a step further and create new CentOS based image
> with Foreman installed from RPM using our installer. The goal is to have
> Foreman app installed and run it via webrick (foreman-rake server). To
> get there, I need to solve one issue with the installer.

Why diverging from the default Apache + passenger setup we have in other places?

>
> When building a docker image, the environment has hostname set to
> container id (sha, or whatever this is called in docker terms):
>
> # hostname
> d80d8b40afff
>
> This of course breaks our installer since we expect FQDN because of
> certificates.
>
> Now, is there any way to configure our installer to skip all the
> FQDN-dependant puppet tasks? I am not interested in smart proxy and
> services, I am only interested in Foreman itself (plus the ENC script).
>
> If this is not possible, can Puppet experts give me some overview what
> needs to be done to allow this?

I don't consider myself a Puppet expert, but I would expect we would need
to have some variable ($skip_finish, or something like that), that wouldn't

1. generate the certificates
2. start and enable the services

This would be useful not just for docker images, but other images as well.

>
> Then, once container is executed with proper hostname set (via docker -h
> option), we can execute the installer for the 2nd time to finish the
> installation which should be relatively fast as everything should be
> already set up.
>
> Opinions? Anyone interested?

I was looking at possibilities for Katello as well (what a synchronization),
and awaiteka from pulp team was already doing some work around pulp:
https://github.com/aweiteka/pulp-dockerfiles - might be interesting place
inspiration/collaboration

Being able to run foreman, pulp, candlepin, puppet and smart proxy in containers
would be really nice for development (especially when more things testing
in parallel). From this perspective, being able to run the other services
that Foreman/Katello needs is more interesting for me, than the foreman itself
(although, for running the foreman on the stack we package it's definitely big win)

– Ivan

> Hello,
>
> some time ago I created simple Foreman appliance which was based on
> Fedora and it was running a simple git checkout.
>
> I'd like to push this a step further and create new CentOS based image
> with Foreman installed from RPM using our installer. The goal is to have
> Foreman app installed and run it via webrick (foreman-rake server). To
> get there, I need to solve one issue with the installer.
>
can we use puma instead of webrick? with 1.9 its multi threaded and allow
multiple requests.

>
> When building a docker image, the environment has hostname set to
> container id (sha, or whatever this is called in docker terms):
>
> # hostname
> d80d8b40afff
>
> This of course breaks our installer since we expect FQDN because of
> certificates.
>
> Now, is there any way to configure our installer to skip all the
> FQDN-dependant puppet tasks? I am not interested in smart proxy and
> services, I am only interested in Foreman itself (plus the ENC script).
>
> If this is not possible, can Puppet experts give me some overview what
> needs to be done to allow this?
>
a very quick hack would be something like:

export FACTER_fqdn=<some.spoofed.domain> && foreman-installer

>
> Then, once container is executed with proper hostname set (via docker -h
> option), we can execute the installer for the 2nd time to finish the
> installation which should be relatively fast as everything should be
> already set up.
>
> Opinions? Anyone interested?
>
Looking forward for the blog

thanks!
Ohad

> can we use puma instead of webrick? with 1.9 its multi threaded and allow
> multiple requests.

Sure, but for now webrick

I guess we need to test this configuration, there is nothing on our
wiki. Also non-threaded vs threaded worries me a bit. I am not sure if
we are thread safe?

> export FACTER_fqdn=<some.spoofed.domain> && foreman-installer

That won't do it. I can't change the hostname or /etc/hosts in docker
because it's mounted read only. I will try to remove our hostname
checker and start with that.

> Why diverging from the default Apache + passenger setup we have in other places?

I was thinking for the first phase just to run webrick. But in the
future, let's use supervisord or similar approach to spawn multiple
processes, yeah.

> I don't consider myself a Puppet expert, but I would expect we would need
> to have some variable ($skip_finish, or something like that), that wouldn't
>
> 1. generate the certificates
> 2. start and enable the services
>
> This would be useful not just for docker images, but other images as well.

Yeah, currently when I try this:

rm -f /usr/share/foreman-installer/checks/hostname.rb
export FACTER_fqdn=$(hostname)
foreman-installer --no-enable-puppet --no-enable-foreman-proxy

Puppet exits with 1 with no apparent reason:

http://sprunge.us/HbPD

> I was looking at possibilities for Katello as well (what a synchronization),
> and awaiteka from pulp team was already doing some work around pulp:
> https://github.com/aweiteka/pulp-dockerfiles - might be interesting place
> inspiration/collaboration

If you want to have a look:

https://github.com/lzap/foreman-docker/tree/master/centos-foreman-git-stable

> > Why diverging from the default Apache + passenger setup we have in other
> > places?
>
> I was thinking for the first phase just to run webrick. But in the
> future, let's use supervisord or similar approach to spawn multiple
> processes, yeah.

httpd is just on process, isn't it (not counting the child processes it spawns)?

>
> > I don't consider myself a Puppet expert, but I would expect we would need
> > to have some variable ($skip_finish, or something like that), that wouldn't
> >
> > 1. generate the certificates
> > 2. start and enable the services
> >
> > This would be useful not just for docker images, but other images as well.
>
> Yeah, currently when I try this:
>
> rm -f /usr/share/foreman-installer/checks/hostname.rb
> export FACTER_fqdn=$(hostname)
> foreman-installer --no-enable-puppet --no-enable-foreman-proxy
>
> Puppet exits with 1 with no apparent reason:
>
> http://sprunge.us/HbPD

Maybe you need to disable also all proxy plugins: https://github.com/theforeman/foreman-installer/blob/develop/config/answers.yaml#L19-L35