Foreman behind a NAT

Hello,

I would like to run foreman in a KVM VM to test it out.

This VM is behind a NAT so it does not have the public IP bound to its interface.
That’s why foreman-installer fails.

Any suggestions?

Kind regards,
Ori

You might want to look into forklift:

it allows quickly spinning up a vm with foreman running using vagrant, that is good for playing around with. Obviously not for production uses, but it’s good for testing/poc use.

Foreman (Installer) doesn’t care about public/private IP’s, but does have a DNS lookup check. This is because some code in Foreman does DNS requests and relies on being able to resolve its hostname. This is becoming less of an issue, but until someone actually verifies those checks are no longer needed, I don’t think we’ll remove them.

I don’t want you to remove any potential saveguards.
Letalone untested.

However, I would be grateful if somebody could point me to the bits where this check is beeing performed so I can disable it at my own risk :slight_smile:

Thanks for your suggestion, will take a closer look at it soon.
I am trying to avoid using vagrant.
This is how I came to find out about Foreman:

https://www.reddit.com/r/virtualization/comments/fgbzzt/to_vagrant_or_not_to_vagrant/

I am hoping to streamline the rollout of new KVM VMs using foreman and ansible.

forklift only uses vagrant to spin up a vm running foreman, it doesn’t force you to use vagrant for the managed hosts. It’s a development tool mostly, but it’s also useful for experimentation with foreman before setting up a production environment with it.

Will give it a try. Ty.

FYI as a Foreman core developer, I only use virt-builder and virt-install to quickly provision my dev/test setups. I have a shell script that installs Foreman and performs some post install actions, virt-builder can run that for me so essentially it’s a one command for me.

That sounds great. Mind sharing?

These are really complex as they support Foreman, Katello and Satellite and do a lot of provisioning setup stuff. Let me share just few bits:

yum -y install sshpass virt-install libvirt libguestfs\* telnet git

The main shell script which spawns the VM:

#!/bin/bash -xe

# Options for this script - use setup_*.conf.sh and options.conf.sh to override
NATLAN=${NATLAN:-199}
NATDNS=${NATDNS:-nat.lan}
IP=${IP:-3}
RAM=${RAM:-13000}
NAME=${NAME:-$1}
SIZE=${SIZE:-40G}
SCENARIO=${SCENARIO:-satellite}
SNAP=${SNAP:-1} # source: SNAP or CDN (applies only for Satellite scenario)
VIRTIMG=${VIRTIMG:-rhel-7.5}
IMAGE=${IMAGE:-/var/lib/libvirt/images/$NAME.img}
KATELLO_VER=${KATELLO_VER:-nightly}
FOREMAN_VER=${FOREMAN_VER:-1.17}
SATELLITE_VER=${SATELLITE_VER:-6.3} # used when SNAP=0
SNAP_AK=${SNAP_AK:-satellite-6.4.0-qa-rhel7} # used when SNAP=1
CDN_USER=${CDN_USER:-xxxxxxx}
CDN_PASSWORD=${CDN_PASSWORD:-xxxxxxx}
POOL_ID=${POOL_ID:-xxxxxxxx}
ROOT_PASS=${ROOT_PASS:-redhat}
RHEL_MIRROR=${RHEL_MIRROR:-http://xxxxxxxxxxxxxx/pub/rhel/released/RHEL-\$major/\$major.\$minor/Server/\$arch/os/}
CENTOS_MIRROR=${CENTOS_MIRROR:-http://mirror.centos.org/centos-\$major/\$major/os/x86_64/}
EXTRA_MIRROR_URL=${EXTRA_MIRROR_URL:-http://my.mirror.lan/\$major/\$major/os/x86_64/}
EXTRA_MIRROR_NAME=${EXTRA_MIRROR_NAME:-My CentOS mirror}
TIMEZONE=${TIMEZONE:-Europe/London}
GPGCHECK=${GPGCHECK:-1}
if [[ "$VIRTIMG" == rhel-7* || "$VIRTIMG" == centos-7* ]]; then
  NICDEV=${NICDEV:-eth0}
  EL_VERSION=7
else
  NICDEV=${NICDEV:-enp1s0}
  EL_VERSION=8
fi
BASEURLCDN=${BASEURLCDN:-https://cdn.redhat.com}
#SSH_KEY=root
[[ -f ./setup_$1.conf.sh ]] && source ./setup_$1.conf.sh
[[ -f ./options.conf.sh ]] && source ./options.conf.sh
SERVERNAME=$NAME.$NATDNS
if [[ "$SIZE" == "0" ]]; then
  SIZE_CMD=""
else
  SIZE_CMD="--size $SIZE"
fi
if [[ "$SSH_KEY" == "" ]]; then
  SSH_CMD=""
else
  SSH_CMD="--ssh-inject root:file:$SSH_KEY"
fi

cat >/tmp/firstboot-env.sh <<EOF
export EL_VERSION=$EL_VERSION
export KATELLO_VER=$KATELLO_VER
export FOREMAN_VER=$FOREMAN_VER
export SATELLITE_VER=$SATELLITE_VER
export HOME=/root
export PASS=changeme
export ORG=MyOrg
export LOC=MyLoc
export SCENARIO=$SCENARIO
export SNAP=$SNAP
export SNAP_AK=$SNAP_AK
export RHEL_MIRROR='$RHEL_MIRROR'
export CENTOS_MIRROR='$CENTOS_MIRROR'
export EXTRA_MIRROR_NAME='$EXTRA_MIRROR_NAME'
export EXTRA_MIRROR_URL='$EXTRA_MIRROR_URL'
export CDN_USER=$CDN_USER
export CDN_PASSWORD=$CDN_PASSWORD
export POOL_ID=$POOL_ID
export IP=$IP
export NATLAN=$NATLAN
export NATDNS=$NATDNS
export SERVERNAME=$SERVERNAME
export GPGCHECK=$GPGCHECK
export HTTP_PROXY_HOST=$HTTP_PROXY_HOST
export HTTP_PROXY_PORT=$HTTP_PROXY_PORT
export NICDEV=$NICDEV
export BASEURLCDN=$BASEURLCDN
alias v=vim
alias vi=vim
alias g=git
alias off="foreman-maintain service stop || systemctl stop httpd foreman-proxy foreman-tasks postgresql; poweroff"
EOF

# local script to execute - modify as needed (git ignored)
test -f local.sh || touch local.sh

bash ./00-network.sh

# Destroy all domains first to avoid corrupt images
virsh destroy $SERVERNAME &>/dev/null || true
virsh undefine $SERVERNAME &>/dev/null || true

cat /tmp/firstboot-env.sh

virt-builder $VIRTIMG $SIZE_CMD --format raw \
--output $IMAGE --hostname $SERVERNAME --update --selinux-relabel \
--copy-in /tmp/firstboot-env.sh:/root \
--copy-in NetworkManager.conf:/etc/NetworkManager \
--firstboot 00-clean-nm.sh \
--firstboot 01-setup-nm.sh \
--firstboot 05-repos-$SCENARIO.sh \
--firstboot 06-gpgcheck.sh \
--firstboot 10-install.sh \
--firstboot 20-seed.sh \
--firstboot 40-sync-rhel.sh \
--firstboot 30-ansible.sh \
--firstboot 50-ldap.sh \
--firstboot 99-cleanup.sh \
--firstboot local.sh \
--timezone $TIMEZONE \
--root-password "password:$ROOT_PASS" $SSH_CMD

virt-install --import --name $SERVERNAME --vcpus 2 --ram $RAM \
--disk path=$IMAGE,format=raw \
--os-variant rhel7.4 -w network=$NATDNS \
--graphics spice,listen=0.0.0.0 --noautoconsole \
--serial tcp,host=:4555,mode=bind,protocol=telnet

telnet localhost 4555

Basically it creates a file with many variables, then it creates an image which executes a lot of scripts during first boot. These scripts does the setup - network, install foreman, configure foreman via the installer and then a lot of post actions via hammer CLI. That’s the rough idea, you need to quite simplify this, my scripts also install Satellite from internal URLs or Red Hat CDN so it’s utterly complex.

I see.
So to get it running like this I would need all the mentioned shell scripts.

However I see you are using something called “virt-builder” to create the Image used by virt-install.

Virt-builder seems to import the scripts you are generating via “–copy-in” and provide them during the install process. Then you define what scripts to run unsing “–firstboot”. Not sure how the mentioned shell scripts make it into the image.

That brings me to the most interresting part: VIRTIMG:-rhel-7.5
This seems to be the indication what base OS is to be used by virt-builder.
But where does it come from?

On http://libguestfs.org/virt-builder.1.html I found:

 virt-builder --list

will list out the operating systems available to install. A selection of freely redistributable OSes is available as standard. You can add your own too (see below).

Are those official Images mainained by the distribution maintainers?
How do I verify this against some sha265 sum found on the redhat website for example?

Looks like virt-builder & virt-install might already be sufficiant for my needs.
It would be great if you guys could point me to further resources so I can learn about those tools.

Kind regards,
Ori

I suggest to read virt-builder’s man page, it’s really powerfull tool. Firstboot option copies the script into the image and sets a service that starts only during the first boot. You will find logs from these runs in /root.

RHEL is only available in our internal Red Hat repository, you need to make your own RHEL images if you want that.