Getting Started

Support
21

Here’s @mason 's notes, expanded as to how my latest setup is running:

Please do comment/advise on any (additional) headings that could assist in paving the way for newcomers.

Unfortunately I’m out-of-time today, being somehow stuck at adding DHCP, DNS and TFTP with the foreman-installer repetitively complaining about “ERROR: too many arguments” …

Min Requirements:

2x logical processsors
8GB RAM
50GB+ storage

1. Install CentOS

  • Create non-privileged “user”
  • Set the hostname “foreman” and domain “example.com

Upon restart:

  • Allow “user” to sudo

usermod –a –G wheel “user”

  • add IP and FQDN for local name resolution

sudo vi /etc/hosts

    2001:db8::51f0 foreman.example.com foreman
  • Disable IPv4

sudo vi /etc/sysconfig/network-scripts/ifcfg-ens160

    BOOTPROTO=”dhcp”                    <- Uncomment for dual stack support
    IPV6_ADDR_GEN_MODE=”stable-privacy” <- Comment for MAC -> EUI64
  • Setup NTP

sudo yum install ntp
systemctl enable ntps
systemctl start ntpd
systemctl status ntpd

  • Firewall ports:

firewall-cmd –get active-zones
firewall-cmd --zone=public --add-port=22/tcp –permanent

    22          TCP        SSH
    53          TCP/UDP    DNS
    67,68       UDP        DHCP
    69          UDP        TFTP **
    80,443      TCP        HTTP / HTTPS           Foreman
    3000        TCP        WEB UI                 Foreman
    3306        TCP        MySQL DB
    5432        TCP        PostgreSQL DB
    5647        TCP        qrouterd               Katello
    5910-5930   TCP        VNC Consoles           Foreman
    8140        TCP        Puppet Master
    8443        TCP        Smart Proxy            Foreman
    9090        TCP        HTTPS – Smart Proxy    Katello

Firewall-cmd --reload

  • Optional : disable firewall (just for testing, not for production deployment)

systemctl status firewalld
systemctl disable firewalld
systemctl stop firewalld
systemctl status firewalld

  • Tools – Validation:

sudo yum –y install net-tools nmap

  • @host:

hostname –f
hostname –s
hostname -d
netstat -tulpan

  • @remote

nmap –v -6 foreman.example.com

2. Setup Repos:

sudo yum -y install https://fedorapeople.org/groups/katello/releases/yum/3.10/katello/el7/x86_64/katello-repos-latest.rpm
sudo yum -y install http://yum.theforeman.org/releases/1.20/el7/x86_64/foreman-release.rpm
sudo yum -y install https://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm
** No IPv6 support @ dl.fedoraproject.org - Reverting to dual stack **
sudo yum -y install http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 
sudo yum -y install foreman-release-scl python2-django
sudo yum -y update

sudo yum -y install katello

3. Pre-install Config:

Katello:

Edit the katello answer file (/etc/foreman-installer/scenario.d/katello-answers.yaml)

Specify

  • default organization
  • default location
  • plugins to install <- ( ** What would be advisable for experimenting beginners **) ?

4. Installation: (Multiple runs of the foreman-installer, each with different options on each run, is currently a requirement / design)

sudo foreman-installer --scenario katello

  • Note generated admin credentials
  • Grab the oauth credentials generated

sudo grep oauth /etc/foreman/settings.yaml | grep consumer

Re-run the foreman-installer in order to configure DHCP, DNS and TFTP

sudo foreman-installer --scenario katello
–enable-foreman-proxy
–foreman-proxy-tftp=true
–foreman-proxy-tftp-servername=2001:db8::51f0
–foreman-proxy-dhcp=true
–foreman-proxy-dhcp-interface=ens160
–foreman-proxy-dhcp-gateway=2001:db8::1
–foreman-proxy-dhcp-nameservers=2001:db8::51f0
–foreman-proxy-dns=true
–foreman-proxy-dns-interface=ens160
–foreman-proxy-dns-zone=example.com
–foreman-proxy-dns-reverse=0.0.0.0.0.0.0.0.0.8.b.d.1.0.0.2.ip6.arpa.
–foreman-proxy-dns-forwarders=2001:4860:4860::8888
–foreman-proxy-foreman-base-url=https://foreman.example.com
–foreman-proxy-oauth-consumer-key=CHANGEME!
–foreman-proxy-oauth-consumer-secret=CHANGEME!

  • sudo foreman-installer –help will display each option’s current configuration at the end of the particular line

At this point you should be able to point your laptop to the DNS server running on your new host, login to the web interface and start working through the process of configuring Foreman and Katello. If you prefer using the CLI, just make sure that you had selected the necessary CLI plugins when you were editing the katello answer file above.

5. Configuring Foreman / Katello:

… in due course

  • Puppet Modules:

    Adding NTP example:

  • Host management:

    Unattended Host Provisioning:

Existing host discovery:

… what else to add in ?

Caveats:

  • Apparent requirement exist for more than one run of the foreman-installer program, with different options each time. Current understanding is that it’s not possible to specify all the options you might need on the first run of the installer.

  • Don’t use the setup plugin, it’s not compatible with foreman 1.20.1

  • Don’t try to sync the Puppet Forge repos, this process is broken in 1.20.1

  • Even though you should follow the Katello 3.10 install instructions… Don’t. The instructions will lead you to install an ancient version of Puppet. The list of repos I gave above is a mixture of the Foreman and Katello install instructions, which installs the latest 5.x version of Puppet along with the latest Katello and Foreman packages.

Credits:

@mason