Nice, I suggest to pull this out to a separate thread and convert the post to wiki.
With the Debian QuickStart Installation one also has to contend with the following installation errors::
ERROR : invalid locale name: āen_US.utf8ā
Resolve: dpkg-reconfigure locales
Set āen_US.UTF-8 UTF-8ā as default
Error : tftpd-hpa.service failed: Control process exitā¦s=66
Resolve: sudo vi /etc/default/tftpd-hpa
TFTP_ADDRESS="[2001:db8:51f0]:69"
sudo service tftpd-hpa restart
Error : Unable to connect to PostgreSQL server! (:5432)
Resolve: sudo vi /etc/postgresql/9.6/main/postgresql.conf
add serverās public IP address to the end of the setting listen_addresses
(separate multiple entries by commas); uncomment the line if it is commented out (e.g. with ā#ā)
sudo service postgresql restart
With CentOS, itās just been a much smoother installation (especially if contemplating Katello).
As one of the maintainers of the installer I feel like I should jump in here. Iām certainly aware that the installer has a lot of options and can be difficult to navigate. Are you aware of foreman-installer --scenario katello --interactive
?
We have options for those. Any time you need to edit answers file manually itās a good indication of a bug/failure on the installers side. For every plugin we should have --enable-foreman-plugin-<plugin>
, --enable-foreman-cli-plugin-<plugin>
and --foreman-proxy-plugin-<plugin>
options. For the default org and location we have --foreman-initial-[organization|location]
. Thereās also --foreman-[username|password]
which will be renamed to --foreman-initial-[username|password]
in 1.21 to better indicate itās only done while seeding. If you later rerun it, it wonāt touch the username/password.
It should be possible to do this all in a single run. There should be no need for multiple runs.
This should be autogenerated based on the system hostname.
This should be done out of the box. They are generated randomly but they read the same cache.
Youāre totally right. We should fix this oversight. Care to send a PR to https://github.com/theforeman/theforeman.org?
It could make a lot of sense to include this in our installer. I havenāt played with this myself, but https://github.com/theforeman/puppet-tftp could manage this file on Debian(-based) distros. That said, we donāt expose the tftp settings as parameters so then youād need to edit custom-hiera.yaml
which is also not a very good workflow.
I thought we should use sockets by default. We also test this in our nightly builds so this surprises me. Did you change the postgresql hostname Foreman connects to from localhost
to $fqdn
?
Itās a copy of my current notes.
In all regards, Iām more than willing to post it to a Wiki and continue fleshing it out as we progress. Also adding other common areas of interest for newcomers.
Question would just be, at what (wiki) URL ?
Sorry, canāt recall. At the time I followed the Quickstart (https://www.theforeman.org/manuals/1.20/index.html#2.Quickstart) for Debian 9 (Stretch) on a text based minimal (debian-9.6.0-amd64-netinst.iso) installation to the letter.
ā¦ being more concerned over dl.fedoraproject.org and forge.puppet.com that does not support IPv6 ā¦
This be the way forward :
@ekohl, yes I started with the interactive option, but it only seemed to provide options for choosing plugins. I had hoped it would follow a question and answer process in order to determine settings for DNS, DHCP, TFTP, etc, but it didnāt. As Iām learning more about the capabilities of Foreman, I can see that there are so many potential deployment scenarios that this Q&A approach could be difficult for anything more than simple deployments or lab style setups.
I chose to edit the answer file, so that it would be easier for me to script a repeatable installation process.
If this is the case, could you please share how? It seems as though the oauth credentials need to be provided in order for Foreman to correctly control these services, yet the credentials are not generated until one run of the installer has been completed. Iām sure the answer will be really obvious, once you point it out, but at the moment it eludes me.
This is the part of the single pass install that currently has me stumped.
@mason, please bear with me for a moment.
At present Iām specifically looking into enabling/configuring DHCP (ISC) and DNS (BIND). Iām only excluding TFTP as itās already showing as an āActive featureā under Infrastructure > Smart Proxies - āforeman.domain.comā host.
I understand that I only need to edit:
- /etc/foreman-proxy/settings.d/dhcp.yml <- changing :enabled: false -> enabled: https
- /etc/foreman-proxy/settings.d/dns.yml <- changing :enabled: false -> enabled: https
The only pre-requisite to these config changes is to install BIND & ISC_DHCP
#yum install -y bind isc-dhcp-server
Yet after a foreman-proxy restart, Foremanās logs will state:
ERROR Disabling all modules in the group [ādns_nsupdateā, ādnsā] due to a failure in one of them: File at ā/etc/rndc.keyā defined in ādns_keyā parameter doesnāt exist or is unreadable
ERROR Disabling all modules in the group [ādhcp_iscā, ādhcpā] due to a failure in one of them: File at ā/etc/dhcp/dhcpd.confā defined in āconfigā parameter doesnāt exist or is unreadable
Understandable as neither files exist.
Presently Iām not sure if āforeman_proxy_plugin_dhcp_infobloxā and āforeman_proxy_plugin_dns_infobloxā even has to be configured with the āforeman-installerā, though it is.
Am I on course or just drifting away ā¦ ?
Is the āforeman-installerā script to be run as root or is sudoāing sufficient ?
(Already anticipating slap to rear of head)
@Peek, the installer will install and configure ISC DHCP and BIND, if you tell it to. You donāt need to install them separately. The process that you outlined in your earlier post should work.
@ekohl has said that this can all be done in a single pass of the installer, but as mentioned in my previous post, I donāt know how to do that yet. I think heās away at FOSDEM, so Iām not sure when heāll be able to reply back to us. It would be great if I could supply all the arguments that I need for a single pass of the installer.
Iāve been writing a script to install Katello and Foreman and to do all the initial setup of creating products, importing GPG keys, syncing repos, etc. I can share that with you once I have it to the point where I have a basic but functional Foreman/Katello setup.
Reason Iām asking is because āforeman-installer -scenario katello -iā will only provide the following āDHCPā and āDNSā options :
- [ā] Configure foreman_proxy_plugin_dhcp_infoblox
- [ā] Configure foreman_proxy_plugin_dns_infoblox
and even with them selected and following the steps I listed a moment ago, still leaves me with an incomplete config/setup as mentioned.
Which is why Iām pondering whether this is the point at which youād start editing the /etc/foreman-installer/scenario.d/katello-answers.yaml file before re-running the foreman-installer ?
Infoblox is a third-party commercial product, you would choose these options if you were in an existing environment that currently used an Infoblox appliance for managing DHCP and DNS. I get the impression that youāre trying to setup an environment from scratch and you want to use ISC DHCP and BIND (this is what Iām doing too).
Yes, that was my experience as well. The installerās interactive flag only seems to allow you to select plugins, it doesnāt help you setup DHCP, DNS, etc.
No, to have foreman-installer setup DHCP and DNS, you need to pass options to the installer. As mentioned before, the interactive installer doesnāt ask you any questions relating to configuring DNS, DHCP, etc. Note that in the command below, I am specifying that the installer be run in interactive mode (so that you can choose the plugins you want), but Iām explicitly telling it to setup TFTP, DHCP and DNS.
foreman-installer --interactive --scenario katello
āenable-foreman-proxy
āforeman-proxy-tftp=true
āforeman-proxy-tftp-servername=2001:db8::51f0
āforeman-proxy-dhcp=true
āforeman-proxy-dhcp-interface=ens160
āforeman-proxy-dhcp-gateway=2001:db8::1
āforeman-proxy-dhcp-nameservers=2001:db8::51f0
āforeman-proxy-dns=true
āforeman-proxy-dns-interface=ens160
āforeman-proxy-dns-zone=example.com
āforeman-proxy-dns-reverse=0.0.0.0.0.0.0.0.0.8.b.d.1.0.0.2.ip6.arpa.
āforeman-proxy-dns-forwarders=2001:4860:4860::8888
āforeman-proxy-foreman-base-url=https://foreman.example.com
Thanks a million. Thatās another landmine cleared up.
ā¦ though the installer isnāt happy ( IPv6 addresses specified with or without [ā¦], using FQDNs or even IPv4 ) result in:
Welcome to the Katello installer!
This wizard will gather all required information. You can change any parameter
to your needs.Ready to start? (y/n)
You must enter a valid
#<Proc:0x000000038fd880@/usr/share/gems/gems/highline-1.7.8/lib/highline.rb:227
(lambda)>.Ready to start? (y/n)
You must enter a valid
#<Proc:0x000000038fd880@/usr/share/gems/gems/highline-1.7.8/lib/highline.rb:227
(lambda)>.Ready to start? (y/n)
You must enter a valid
#<Proc:0x000000038fd880@/usr/share/gems/gems/highline-1.7.8/lib/highline.rb:227
(lambda)>.Ready to start? (y/n)
e
Please enter āyesā or ānoā.Ready to start? (y/n)
n
How stupid am I ? Cause Iāve been at it for an afternoon and simply canāt get it to run
Sorry @Peek I didnāt actually carefully look over my last post. I had copied and pasted from an earlier post of yours, just because you had specified all the IPs that were specific to your environment. I just tried running that command on my own test machine and it didnāt work due to a number of formatting issues. Here is a command that I know works, because I just ran it:
foreman-installer --interactive --scenario katello \
--enable-foreman-proxy \
--foreman-proxy-tftp=true \
--foreman-proxy-tftp-servername=192.168.50.20 \
--foreman-proxy-dhcp=true \
--foreman-proxy-dhcp-interface=eth0 \
--foreman-proxy-dhcp-gateway=192.168.50.1 \
--foreman-proxy-dhcp-nameservers="192.168.50.20" \
--foreman-proxy-dns=true \
--foreman-proxy-dns-interface=eth0 \
--foreman-proxy-dns-zone=example.com \
--foreman-proxy-dns-reverse=50.168.192.in-addr.arpa \
--foreman-proxy-dns-forwarders=9.9.9.9 \
--foreman-proxy-foreman-base-url=https://foreman.example.com
My 2cās here:
I think the biggest issue is that our users need to figure out those long installer commands themselves. We do have a (currently broken) foreman setup which somehow guides users and Installation Scenarios section but itās probably not enough.
I vote for expanding the Installation Scenarios here - please describe your setup, maybe draw a diagram of your infrastructure and then provide the working installer command:
https://theforeman.org/manuals/1.20/index.html#3.2.3InstallationScenarios
If this is missing in Katello docs we should probably do link from there to Foreman manual. This is fuzzyā¦
@mason, I second your query to @ekohl. The confusion is not only around syntax errors. For eg:
8 hours ago, I started āanewā on the installer.
āforeman-installer -i --scenario katello -āforeman-proxy-dhcp=true --foreman-proxy-dns=trueā completed successfully and reflected the DHCP & DNS features as being active on the proxy (visible via web interface -> Infrastructure > Smart Proxies -> localhost) !
Naturally I did do a quick dance around my chair. But this was only the start.
I then started applying config changes one-by-one, adding only a single option after every successful foreman-installer run, validating the config change with āforeman-installer --help | lessā
IPv6 addresses (with or without [ā¦]) is definitely not accepted by the foreman-installer which I believe only caters for IPv4 in the DHCP proxy. With FQDNās being accepted, Iām hoping for a manual DHCP6 configuration workaround a bit laterā¦
ā¦ with the DNS proxy though, the foreman-installer happily accepts IPv6 addresses i.e.
āforman-proxy-dns-forwarders=2001:4860:4860::8888
though being reflected as [ā2001:4860:4860::8888ā] when being validated. Yet now I ponder the reasoning for the quotes (") within the brackets ([ā¦]) than being on the outside as one wouldāve expected with IPv6 ?
Marching on, the āinstaller initialization stringā at this point thus being :
**foreman-installer -i --scenario katello **
**āforeman-proxy-dhcp=true **
**āforeman-proxy-dhcp-interface=ens160 **
**āforeman-proxy-dhcp-gateway=gateway.domain.com **
**āforeman-proxy-dhcp-nameservers=foreman.domain.com **
**āforeman-proxy-dns=true **
**āforeman-proxy-dns-interface=ens160 **
**āforeman-proxy-dns-zone=domain.com **
**āforeman-proxy-dns-forwarders=2001:4860:4860::8888 **
āforeman-proxy-foreman-base-url=https://foreman.domain.com
Yet ā¦ the moment I started to add TFTP options, the DHCP proxy started to fail with
āCouldnāt enable ādhcp_iscā: Invalid IP Address gateway.domain.comā
and within
/var/log/foreman-proxy/proxy.log
" Disabling all modules in the group [ādhcp_iscā, ādhcpā] due to a failure in one of them: Invalid IP Address gateway.domain.com"
The host is still dual stacked (IPv4 & IPv6) and gateway.domain.com resolves correctly to the hostsās IPv4 addressā¦ changing the FQDN to the IPv4 address, doesnāt resolved the issue ā¦
and /etc/hosts has all references to 127.0.0.1 and ::1 removed.
** For clarity, once āforeman-installer -i --scenario katello -āforeman-proxy-dhcp=true --foreman-proxy-dns=trueā completed successfully, a single option was tacked on per installer run, until the noted error was experienced.
The DHCP config being:
--foreman-proxy-dhcp Enable DHCP feature (current: true) --foreman-proxy-dhcp-additional-interfaces Additional DHCP listen interfaces (in addition to dhcp_interface). Note: as opposed to dhcp_interface additional subnets using `dhcp::pool` and related resource types (provided by the theforeman/puppet-dhcp --foreman-proxy-dhcp-config DHCP config file path (current: "/etc/dhcp/dhcpd.conf") --foreman-proxy-dhcp-gateway DHCP pool gateway (current: "10.10.0.1") --foreman-proxy-dhcp-interface DHCP listen interface (current: "ens160") --foreman-proxy-dhcp-key-name DHCP key name (current: UNDEF) --foreman-proxy-dhcp-key-secret DHCP password (current: UNDEF) --foreman-proxy-dhcp-leases DHCP leases file (current: "/var/lib/dhcpd/dhcpd.leases") --foreman-proxy-dhcp-listen-on DHCP proxy to listen on https, http, or both (current: "https") --foreman-proxy-dhcp-managed DHCP is managed by Foreman proxy (current: true) --foreman-proxy-dhcp-nameservers DHCP nameservers, comma-separated (current: "10.10.0.121") --foreman-proxy-dhcp-netmask DHCP server netmask value, defaults otherwise to value based on IP of dhcp_interface (current: UNDEF) --foreman-proxy-dhcp-network DHCP server network value, defaults otherwise to value based on IP of dhcp_interface (current: UNDEF) --foreman-proxy-dhcp-node-type DHCP node type (current: "standalone") --foreman-proxy-dhcp-omapi-port DHCP server OMAPI port (current: 7911) --foreman-proxy-dhcp-option-domain DHCP use the dhcpd config option domain-name (current: ["pxecloud.com"]) --foreman-proxy-dhcp-peer-address The other DHCP servers address (current: UNDEF) --foreman-proxy-dhcp-provider DHCP provider (current: "isc") --foreman-proxy-dhcp-pxefilename DHCP "filename" value, defaults otherwise to pxelinux.0 (current: "pxelinux.0") --foreman-proxy-dhcp-pxeserver DHCP "next-server" value, defaults otherwise to IP of dhcp_interface (current: UNDEF) --foreman-proxy-dhcp-range Space-separated DHCP pool range (current: UNDEF) --foreman-proxy-dhcp-search-domains DHCP search domains option (current: UNDEF) --foreman-proxy-dhcp-server Address of DHCP server to manage (current: "127.0.0.1") --foreman-proxy-dhcp-subnets Subnets list to restrict DHCP management to (current: [])
Then I tacked on āāforeman-proxy-dhcp-server=10.10.0.121ā and life is all funky again
The āinstaller initialization stringā now mutating to:
**foreman-installer -i --scenario katello **
**āenable-foreman-proxy **
**āforeman-proxy-dhcp=true **
**āforeman-proxy-dhcp-server=10.10.0.121 **
**āforeman-proxy-dhcp-interface=ens160 **
**āforeman-proxy-dhcp-gateway=10.10.0.1 **
**āforeman-proxy-dhcp-nameservers=10.10.0.121 **
**āforeman-proxy-dns=true **
**āforeman-proxy-dns-interface=ens160 **
**āforeman-proxy-dns-zone=domain.com **
**āforeman-proxy-dns-forwarders=2001:4860:4860::8888 **
āforeman-proxy-foreman-base-url=https://foreman.domain.com
ā¦ and so the journey continues, still eluding the once off single installer line ā¦ and acquiring clarity.
@lzap, I believe @mason and @jmrice6640 would agree that weāre after a very simple, yet fully functional commissioning environment, from scratch. The most basic initial components being:
- puppet
- dhcp (isc)
- dns (bind)
- tftp ( Iād LOVE to have this scratched in favor of HTTP Boot)
all on a bed of succulent IPv6.
Topped off with a quick auto deploying of a CentOS & Debian image.
Config change, i.e. NTP
Remote execution example
and the destruction of the images to conclude the life-cycle thereof.
We just never expected it to be this ā¦ frustratingly interesting ā¦
Originally we only hoped to HTTP Boot diskless stations. Only, Intel has other ideas ā¦