Foreman 1.20 can do both TFTP and UEFI HTTP Boot now. Another alternative is iPXE but you need to have luck to have hardware supported by iPXE.
Just for grins, I ran foreman-installer --full-help ⌠Over 1,600 lines of options.
Thatâs a lot of trial and error, and wiping it clean and starting over a few times isnât practical.
Iâve reviewed my notes, and donât think that I could boil it down into a simple set of instructions
on how I got to where I am now. Lost. But I do believe that starting over with what has been shared here
will end up saving me some time in the long run.
Yes, @lzap, I agree. Installation Scenarios should be expanded. But with so many combinations,
there wonât be a one size fits all approach. Perhaps include an example of some of the more common ones.
The most important one Iâve found so far is to start with Katello. That little caveat needs to be more prominent. I didnât realize that I wanted/needed it until after installing and configuring 5 nodes, DHCP, DNS, NTP, SSH, and was looking into adding additional modules âŚ
I read the book, Mastering Puppet, Second Addition. The problem with books is that by the time they get printed and released, they are obsolete. This one was on Puppet version 4.2, and only had 5 pages about Foreman, and then, only as a Puppet reporting tool.
I am still searching for anything more in depth about Foreman, other than a $3,100 4-day training course.
@Peek I have created a Github repo that contains my automated install script. At the moment, it does the following:
- Disables the firewall
- Installs all the yum repo definitions necessary to install Foreman, Katello, Puppet, EPEL
- Creates an answer file which has several plugins enabled
- Installs Foreman, Katello, ISC DHCP, Bind and TFTP
- Changes /etc/resolv.conf to use the newly created local DNS server
- Performs a full backup (using foreman-maintain) of the install to this point
- Sets the default Org and Location in Foreman
- Creates 5 products and their associated GPG keys and yum repos
- CentOS 7
- EPEL 7
- Puppet 5
- Katello Agent
- Lynis
- Synchronizes the repos
- Creates a content view
- Performs an incremental backup, using foreman-maintain
Note that I havenât fully broken out all my local names into the local.conf file, so if you were to run the script, without modification, you would see some personalized names in Foreman.
Iâm still learning as I go, so any feedback that you or anyone else has, about my script or how it sets up Foreman/Katello, would be very helpful.
1 Like
Mutual.
1 Like
⌠UEFI iPXE doesnât function like ye olde âROMsâ⌠May I enlighten you on a topic that has already taken to much time hostage, yet is simpler than one would expect, yet very few are aware of?
i.e.
- Download & drop the iPXE âUEFI versionâ onto a FAT32 formatted USB drive.
- Boot into the âUEFI Built-in Shellâ of a physical machine.
- At the shell prompt, type:
Shell> map
â Which will list all the mapped drives
â Lets assume the USB drive is FS3
â Type fs3: at the prompt
Shell> fs3:
â Do a listing of the files on the partition
Shell> ls
â Execute iPXE by simply typing itâs name
Shell> iPXE.efi
Lo and behold 
Were you aware of this before ?
The only burning question being: How to âflashâ the iPXE.efi file to NVRAM of a physical machine?
With the Foreman/Katello hostâs Smart Proxy now featuring:
- DHCP
- DNS
- Dynflow
- Logs
- Pulp
- Puppet
- Puppet CA
- Templates and
- TFTP
What would be the advisable âareaâ a noob should be focusing on ?
Setting up for the first unattended auto deployment âŚ
When this error starts popping up, simply disable the DHCP proxy:
âforeman-installer --scenario katello -i --foreman-proxy-dhcp=falseâ
Immediately follow it up with a rerun of the foreman-installer specifying the FQDNâs as opposed to the IPs, and itâs all happy again.
"foreman-installer --scenario katello -i
âenable-foreman-proxy
âforeman-proxy-tftp=true
âforeman-proxy-tftp-servername=foreman.domain.com
âforeman-proxy-dhcp=true
âforeman-proxy-dhcp-server=foreman.domain.com
âforeman-proxy-dhcp-interface=ens160
âforeman-proxy-dhcp-gateway=gateway.domain.com
âforeman-proxy-dhcp-nameservers=foreman.domain.com
âforeman-proxy-dns=true
âforeman-proxy-dns-interface=ens160
âforeman-proxy-dns-zone=domain.com
âforeman-proxy-dns-forwarders=2001:4860:4860::8888
âforeman-proxy-foreman-base-url=https://foreman.domain.com"
Well, Foreman supports this workflow as well via Bootdisk plugin. You generate bootable ISO which you can dd to USB stick as well and itâs fully automatic. However we do support BIOS out of box and UEFI hasnât yet landed. There were several attempts to implement this, latest being:
AFAIK NVRAM cannot be used to flash bootloaders, itâs only used for variables, settings essentially. Bootloaders are required to reside on ESP, you can however set the path to EFI loader on the ESP partition.
1 Like
Yet with âHTTP Bootâ the EFI bootloader resides on a web server as opposed to the ESP partition.
Yet one cannot set an HTTP URL, unless the particular deviceâs UEFI implementation has the âHTTP driverâ compiled in. UEFI being modular in design.
âHTTP Bootâ (aka âBoot from URLâ) is supported since UEFI specification 2.5. With specification 2.7 having been available since May 2017. Why is Intel devices then running UEFI specification 2.6 which is crippled as to not allow âHTTP Bootâ?..
A very informative UEFI course:
| Zip File** | Lesson 0: Introduction and Defining Specifications Role in Firmware - Overview |
|---|---|
| Zip File** | Lesson 1: Pre-EFI (PEI) and Security (SEC) Phases |
| Zip File** | Lesson 2: Driver Execution Environment (DXE) |
| Zip File** | Lesson 3: UEFI Drivers |
| Zip File** | Lesson 4: Firmware and Data Storage |
| Zip File** | Lesson 5: Boot Device Selection (BDS) and Human Interface Infrastructure (HII) |
1 Like
So question, when you make changes to Foreman using the foreman-installer, how do you keep track of the changes over time? Are you storing the answers file in Git? Would scenarios play into this?
I was looking at making changes to Foreman directly from Puppet manifests, as we would do for MySQL, Apache and most other software. Unfortunately, I couldnât get very far-- I canât figure out what many of the parameters should be.
Finally came up with a list of plugins to include, and after installing katello with the proper repos,
I ran the installer interactively with the following:
# foreman-installer --interactive --scenario katello \
> --enable-foreman-proxy \
> --foreman-proxy-tftp=true \
> --foreman-proxy-tftp-servername=10.0.0.234 \
> --foreman-proxy-dhcp=true \
> --foreman-proxy-dhcp-interface=ens192 \
> --foreman-proxy-dhcp-gateway=10.0.0.234 \
> --foreman-proxy-dhcp-nameservers="10.0.0.234" \
> --foreman-proxy-dns=true \
> --foreman-proxy-dns-interface=ens192 \
> --foreman-proxy-dns-zone=domain.com \
> --foreman-proxy-dns-reverse=0.0.10.in-addr.arpa \
> --foreman-proxy-dns-forwarders=9.9.9.9 \
> --enable-foreman-plugin-discovery \
> --enable-foreman-proxy-plugin-discovery \
> --enable-foreman-cli-discovery \
> --enable-foreman-plugin-docker \
> --enable-foreman-proxy-plugin-dynflow \
> --enable-foreman-plugin-memcache \
> --enable-foreman-proxy-plugin-monitoring \
> --enable-foreman-plugin-openscap \
> --enable-foreman-proxy-plugin-openscap \
> --enable-foreman-cli-openscap \
> --enable-foreman-proxy-plugin-pulp \
> --enable-foreman-plugin-puppetdb \
> --enable-foreman-plugin-remote-execution \
> --enable-foreman-proxy-plugin-remote-execution-ssh \
> --enable-foreman-cli-remote-execution \
> --enable-foreman-plugin-tasks \
> --enable-foreman-cli-tasks \
> --enable-foreman-plugin-templates \
> --enable-foreman-cli-templates \
> --enable-foreman-plugin-digitalocean \
> --foreman-proxy-foreman-base-url=https://foreman.domain.com
ERROR: Unrecognised option '--enable-foreman-plugin-docker'
See: âforeman-installer --helpâ
[root@foreman ~]#
Did I miss something about including extra options to the installer command line?
I'm pretty sure that --enable-foreman-plugin-docker is in the list.
As a followup âŚ
[root@foreman ~]# foreman-installer --help
ERROR: No installation scenario was selected, the installer cannot continue.
Even --help content is dependent on selected scenario.
Select scenario with --scenario SCENARIO or list available scenarios with --list-scenarios.
[root@foreman ~]# foreman-installer --list-scenarios
Available scenarios
Foreman (use: --scenario foreman)
Default installation of Foreman
Foreman Proxy (use: --scenario foreman-proxy-content)
Install a stand-alone Foreman Proxy.
Katello (use: --scenario katello)
Install Foreman with Katello
[root@foreman ~]#
Taking a stab in the dark here, but is it complaining that the foreman plugins I want
are not included in the /etc/foreman-installer/scenarios.d/katello-answers.yaml file?
foreman_proxy::plugin::pulp:
enabled: true
pulpnode_enabled: false
foreman::plugin::ansible: false
foreman::plugin::bootdisk: false
foreman::plugin::chef: false
foreman::plugin::default_hostgroup: false
foreman::plugin::discovery: false
foreman::plugin::hooks: false
foreman::plugin::openscap: false
foreman::plugin::puppetdb: false
foreman::plugin::remote_execution: false
foreman::plugin::setup: false
foreman::plugin::tasks: true
foreman::plugin::templates: false
foreman_proxy::plugin::ansible: false
foreman_proxy::plugin::chef: false
foreman_proxy::plugin::dhcp::infoblox: false
foreman_proxy::plugin::dns::infoblox: false
foreman_proxy::plugin::openscap: false
foreman_proxy::plugin::remote_execution::ssh: false
foreman_proxy::plugin::discovery: false
foreman::compute::ec2: false
foreman::compute::gce: false
foreman::compute::libvirt: false
foreman::compute::openstack: false
foreman::compute::ovirt: false
foreman::compute::rackspace: false
foreman::compute::vmware: false
foreman::cli: true
foreman::cli::openscap: false
foreman::cli::discovery: false
foreman::cli::tasks: false
foreman::cli::templates: false
foreman::cli::remote_execution: false
It looks like katello has a list of defaults.
Should katello be built with options at install time, or can the answers file be edited to include them?
Is there a list of available classes?
Sorry for the long list of replies here, but âŚ
The installer options list includes more than what is available in the foreman-installer.
Run interactively, the Main Config list includes:
Main Config Menu
1. [â] Configure certs
2. [â] Configure foreman
3. [â] Configure foreman_cli
4. [â] Configure foreman_cli_discovery
5. [â] Configure foreman_cli_openscap
6. [â] Configure foreman_cli_remote_execution
7. [â] Configure foreman_cli_tasks
8. [â] Configure foreman_cli_templates
9. [â] Configure foreman_compute_ec2
10. [â] Configure foreman_compute_gce
11. [â] Configure foreman_compute_libvirt
12. [â] Configure foreman_compute_openstack
13. [â] Configure foreman_compute_ovirt
14. [â] Configure foreman_compute_rackspace
15. [â] Configure foreman_compute_vmware
16. [â] Configure foreman_plugin_ansible
17. [â] Configure foreman_plugin_bootdisk
18. [â] Configure foreman_plugin_chef
19. [â] Configure foreman_plugin_default_hostgroup
20. [â] Configure foreman_plugin_discovery
21. [â] Configure foreman_plugin_hooks
22. [â] Configure foreman_plugin_openscap
23. [â] Configure foreman_plugin_puppetdb
24. [â] Configure foreman_plugin_remote_execution
25. [â] Configure foreman_plugin_setup
26. [â] Configure foreman_plugin_tasks
27. [â] Configure foreman_plugin_templates
28. [â] Configure foreman_proxy
29. [â] Configure foreman_proxy_content
30. [â] Configure foreman_proxy_plugin_ansible
31. [â] Configure foreman_proxy_plugin_chef
32. [â] Configure foreman_proxy_plugin_dhcp_infoblox
33. [â] Configure foreman_proxy_plugin_discovery
34. [â] Configure foreman_proxy_plugin_dns_infoblox
35. [â] Configure foreman_proxy_plugin_openscap
36. [â] Configure foreman_proxy_plugin_pulp
37. [â] Configure foreman_proxy_plugin_remote_execution_ssh
38. [â] Configure katello
39. [â] Configure puppet
40. Display current config
41. Save and run
42. Cancel run without Saving
Choose an option from the menu...
missing from the Main Config Menu (that we need):
foreman-plugin-digitalocean
foreman-plugin-docker
foreman-plugin-memcache
foreman-plugin-monitoring
foreman-proxy-plugin-dynflow
foreman-proxy-plugin-monitoring
foreman-proxy-plugin-pulp
There are others missing, but we donât need them âŚ
foreman-plugin-azure
foreman-plugin-cockpit
foreman-plugin-dhcp-browser
foreman-plugin-expire-hosts
foreman-plugin-host-extra-validator
foreman-plugin-omaha
foreman-plugin-ovirt-provision
foreman-plugin-salt
foreman-plugin-snapshot-management
foreman-proxy-plugin-abrt
foreman-proxy-plugin-dhcp-remote-isc
foreman-proxy-plugin-dns-powerdns
foreman-proxy-plugin-omaha
foreman-proxy-plugin-salt
If I run the installer non-interactively, it still complains that the options are Unrecognised.
# foreman-installer --scenario katello \
> --enable-foreman-plugin-digitalocean \
> --enable-foreman-plugin-docker \
> --enable-foreman-plugin-memcache \
> --enable-foreman-plugin-monitoring \
> --enable-foreman-proxy-plugin-dynflow \
> --enable-foreman-proxy-plugin-monitoring \
> --enable-foreman-proxy-plugin-pulp
ERROR: Unrecognised option '--enable-foreman-plugin-digitalocean'
See: 'foreman-installer --help'
[root@foreman ~]#
Are these just non-supported plugins, or am I missing something basic here?
Docker is in the foreman scenario, but not in the katello scenario. Every scenario can expose a different set of classes, depending on which are relevant. In this particular case docker is not exposed because Katello already has a packaging dependency on it. Exposing the option would give the illusion itâs optional.
I think these options were mostly untested. Before we also had two different git repositories so keeping them in sync was hard. Now that weâve merged them, it should be easier but thereâs still some way to go. Most of those plugins make sense to add (except docker, which I mentioned in my previous reply). Iâve submitted a quick PR to expose a few more but youâre right we should go over the list a bit more.
The installer stores them itself - running foreman-installer with no args should produce the exact same configuration as last time you ran it.
Obviously, this data is stored in a file (in /etc/foreman-installer) so you can copy it from one machine to another if need be, just be careful of things like hostnames, IP addresses, etc. that may be unique to the host.
I just wanted to drop by and say how awesome it is to see new users supporting each other - self-sustaining communities are very much something I like to see 
. As others have said, please do keep sharing your experiences, as we âold timersâ donât see the sharp edges any more. You guys rock 
!
2 Likes
Thank you, Greg. Iâm just a clueless noob here, but an old-timer in a lot of other areas.
(I started out in the keypunch days, more than a decade before .com was allowed on the netâŚ)
My first email address was UUCP style with a bang! But I digress âŚ
That said, I really appreciate this community. I have received great support, and quick, quality responses.
In the interest of sharing my experiences, Ewoud answered one question, which begs another âŚ
Our developers are moving towards Jenkins as part of their workflow. I would like to support them,
where it makes sense to integrate into the foreman/puppet model. (Jenkins -> Pipeline -> Docker).
If someone who has experience with this combination, please share.
I have installed Katello, and I am still trying for my first successful foreman-installer run with options.
If I cannot include Docker in the Katello scenario, must I run the installer again with the foreman scenario?
I am assuming that one cannot specify more than one scenario on the command line such as:
# foreman-installer -i --scenario katello --scenario foreman ...
But I feel like I am getting very close.
Which packaging dependency is included with katello, and would it conflict with the docker plugin
if I added that later?
@ekohlâs point is that Docker is included in Katello, and canât be disabled. Thus, the option is meaningless in this scenario, as it cannot be removed. Thatâs what he means by âillusion of choiceâ