Foreman 1.20 can do both TFTP and UEFI HTTP Boot now. Another alternative is iPXE but you need to have luck to have hardware supported by iPXE.
Just for grins, I ran foreman-installer --full-help … Over 1,600 lines of options.
That’s a lot of trial and error, and wiping it clean and starting over a few times isn’t practical.
I’ve reviewed my notes, and don’t think that I could boil it down into a simple set of instructions
on how I got to where I am now. Lost. But I do believe that starting over with what has been shared here
will end up saving me some time in the long run.
Yes, @lzap, I agree. Installation Scenarios should be expanded. But with so many combinations,
there won’t be a one size fits all approach. Perhaps include an example of some of the more common ones.
The most important one I’ve found so far is to start with Katello. That little caveat needs to be more prominent. I didn’t realize that I wanted/needed it until after installing and configuring 5 nodes, DHCP, DNS, NTP, SSH, and was looking into adding additional modules …
I read the book, Mastering Puppet, Second Addition. The problem with books is that by the time they get printed and released, they are obsolete. This one was on Puppet version 4.2, and only had 5 pages about Foreman, and then, only as a Puppet reporting tool.
I am still searching for anything more in depth about Foreman, other than a $3,100 4-day training course.
- Disables the firewall
- Installs all the yum repo definitions necessary to install Foreman, Katello, Puppet, EPEL
- Creates an answer file which has several plugins enabled
- Installs Foreman, Katello, ISC DHCP, Bind and TFTP
- Changes /etc/resolv.conf to use the newly created local DNS server
- Performs a full backup (using foreman-maintain) of the install to this point
- Sets the default Org and Location in Foreman
- Creates 5 products and their associated GPG keys and yum repos
- CentOS 7
- EPEL 7
- Puppet 5
- Katello Agent
- Synchronizes the repos
- Creates a content view
- Performs an incremental backup, using foreman-maintain
Note that I haven’t fully broken out all my local names into the local.conf file, so if you were to run the script, without modification, you would see some personalized names in Foreman.
I’m still learning as I go, so any feedback that you or anyone else has, about my script or how it sets up Foreman/Katello, would be very helpful.
… UEFI iPXE doesn’t function like ye olde “ROMs”… May I enlighten you on a topic that has already taken to much time hostage, yet is simpler than one would expect, yet very few are aware of?
- Download & drop the iPXE “UEFI version” onto a FAT32 formatted USB drive.
- Boot into the “UEFI Built-in Shell” of a physical machine.
- At the shell prompt, type:
— Which will list all the mapped drives
— Lets assume the USB drive is FS3
— Type fs3: at the prompt
— Do a listing of the files on the partition
— Execute iPXE by simply typing it’s name
Lo and behold Were you aware of this before ?
The only burning question being: How to “flash” the iPXE.efi file to NVRAM of a physical machine?
With the Foreman/Katello host’s Smart Proxy now featuring:
- Puppet CA
- Templates and
What would be the advisable “area” a noob should be focusing on ?
Setting up for the first unattended auto deployment …
When this error starts popping up, simply disable the DHCP proxy:
“foreman-installer --scenario katello -i --foreman-proxy-dhcp=false”
Immediately follow it up with a rerun of the foreman-installer specifying the FQDN’s as opposed to the IPs, and it’s all happy again.
"foreman-installer --scenario katello -i
Well, Foreman supports this workflow as well via Bootdisk plugin. You generate bootable ISO which you can
dd to USB stick as well and it’s fully automatic. However we do support BIOS out of box and UEFI hasn’t yet landed. There were several attempts to implement this, latest being:
AFAIK NVRAM cannot be used to flash bootloaders, it’s only used for variables, settings essentially. Bootloaders are required to reside on ESP, you can however set the path to EFI loader on the ESP partition.
Yet with “HTTP Boot” the EFI bootloader resides on a web server as opposed to the ESP partition.
Yet one cannot set an HTTP URL, unless the particular device’s UEFI implementation has the “HTTP driver” compiled in. UEFI being modular in design.
“HTTP Boot” (aka “Boot from URL”) is supported since UEFI specification 2.5. With specification 2.7 having been available since May 2017. Why is Intel devices then running UEFI specification 2.6 which is crippled as to not allow “HTTP Boot”?..
A very informative UEFI course:
|Zip File**||Lesson 0: Introduction and Defining Specifications Role in Firmware - Overview|
|Zip File**||Lesson 1: Pre-EFI (PEI) and Security (SEC) Phases|
|Zip File**||Lesson 2: Driver Execution Environment (DXE)|
|Zip File**||Lesson 3: UEFI Drivers|
|Zip File**||Lesson 4: Firmware and Data Storage|
|Zip File**||Lesson 5: Boot Device Selection (BDS) and Human Interface Infrastructure (HII)|
So question, when you make changes to Foreman using the foreman-installer, how do you keep track of the changes over time? Are you storing the answers file in Git? Would scenarios play into this?
I was looking at making changes to Foreman directly from Puppet manifests, as we would do for MySQL, Apache and most other software. Unfortunately, I couldn’t get very far-- I can’t figure out what many of the parameters should be.
Finally came up with a list of plugins to include, and after installing katello with the proper repos,
I ran the installer interactively with the following:
Did I miss something about including extra options to the installer command line? I'm pretty sure that --enable-foreman-plugin-docker is in the list.
# foreman-installer --interactive --scenario katello \ > --enable-foreman-proxy \ > --foreman-proxy-tftp=true \ > --foreman-proxy-tftp-servername=10.0.0.234 \ > --foreman-proxy-dhcp=true \ > --foreman-proxy-dhcp-interface=ens192 \ > --foreman-proxy-dhcp-gateway=10.0.0.234 \ > --foreman-proxy-dhcp-nameservers="10.0.0.234" \ > --foreman-proxy-dns=true \ > --foreman-proxy-dns-interface=ens192 \ > --foreman-proxy-dns-zone=domain.com \ > --foreman-proxy-dns-reverse=0.0.10.in-addr.arpa \ > --foreman-proxy-dns-forwarders=220.127.116.11 \ > --enable-foreman-plugin-discovery \ > --enable-foreman-proxy-plugin-discovery \ > --enable-foreman-cli-discovery \ > --enable-foreman-plugin-docker \ > --enable-foreman-proxy-plugin-dynflow \ > --enable-foreman-plugin-memcache \ > --enable-foreman-proxy-plugin-monitoring \ > --enable-foreman-plugin-openscap \ > --enable-foreman-proxy-plugin-openscap \ > --enable-foreman-cli-openscap \ > --enable-foreman-proxy-plugin-pulp \ > --enable-foreman-plugin-puppetdb \ > --enable-foreman-plugin-remote-execution \ > --enable-foreman-proxy-plugin-remote-execution-ssh \ > --enable-foreman-cli-remote-execution \ > --enable-foreman-plugin-tasks \ > --enable-foreman-cli-tasks \ > --enable-foreman-plugin-templates \ > --enable-foreman-cli-templates \ > --enable-foreman-plugin-digitalocean \ > --foreman-proxy-foreman-base-url=https://foreman.domain.com ERROR: Unrecognised option '--enable-foreman-plugin-docker'
See: ‘foreman-installer --help’
As a followup …
[root@foreman ~]# foreman-installer --help ERROR: No installation scenario was selected, the installer cannot continue. Even --help content is dependent on selected scenario. Select scenario with --scenario SCENARIO or list available scenarios with --list-scenarios. [root@foreman ~]# foreman-installer --list-scenarios Available scenarios Foreman (use: --scenario foreman) Default installation of Foreman Foreman Proxy (use: --scenario foreman-proxy-content) Install a stand-alone Foreman Proxy. Katello (use: --scenario katello) Install Foreman with Katello [root@foreman ~]#
Taking a stab in the dark here, but is it complaining that the foreman plugins I want
are not included in the /etc/foreman-installer/scenarios.d/katello-answers.yaml file?
foreman_proxy::plugin::pulp: enabled: true pulpnode_enabled: false foreman::plugin::ansible: false foreman::plugin::bootdisk: false foreman::plugin::chef: false foreman::plugin::default_hostgroup: false foreman::plugin::discovery: false foreman::plugin::hooks: false foreman::plugin::openscap: false foreman::plugin::puppetdb: false foreman::plugin::remote_execution: false foreman::plugin::setup: false foreman::plugin::tasks: true foreman::plugin::templates: false foreman_proxy::plugin::ansible: false foreman_proxy::plugin::chef: false foreman_proxy::plugin::dhcp::infoblox: false foreman_proxy::plugin::dns::infoblox: false foreman_proxy::plugin::openscap: false foreman_proxy::plugin::remote_execution::ssh: false foreman_proxy::plugin::discovery: false foreman::compute::ec2: false foreman::compute::gce: false foreman::compute::libvirt: false foreman::compute::openstack: false foreman::compute::ovirt: false foreman::compute::rackspace: false foreman::compute::vmware: false foreman::cli: true foreman::cli::openscap: false foreman::cli::discovery: false foreman::cli::tasks: false foreman::cli::templates: false foreman::cli::remote_execution: false
It looks like katello has a list of defaults.
Should katello be built with options at install time, or can the answers file be edited to include them?
Is there a list of available classes?
Sorry for the long list of replies here, but …
The installer options list includes more than what is available in the foreman-installer.
Run interactively, the Main Config list includes:
Main Config Menu 1. [✓] Configure certs 2. [✓] Configure foreman 3. [✓] Configure foreman_cli 4. [✗] Configure foreman_cli_discovery 5. [✗] Configure foreman_cli_openscap 6. [✗] Configure foreman_cli_remote_execution 7. [✗] Configure foreman_cli_tasks 8. [✗] Configure foreman_cli_templates 9. [✗] Configure foreman_compute_ec2 10. [✗] Configure foreman_compute_gce 11. [✗] Configure foreman_compute_libvirt 12. [✗] Configure foreman_compute_openstack 13. [✗] Configure foreman_compute_ovirt 14. [✗] Configure foreman_compute_rackspace 15. [✗] Configure foreman_compute_vmware 16. [✗] Configure foreman_plugin_ansible 17. [✗] Configure foreman_plugin_bootdisk 18. [✗] Configure foreman_plugin_chef 19. [✗] Configure foreman_plugin_default_hostgroup 20. [✗] Configure foreman_plugin_discovery 21. [✗] Configure foreman_plugin_hooks 22. [✗] Configure foreman_plugin_openscap 23. [✗] Configure foreman_plugin_puppetdb 24. [✗] Configure foreman_plugin_remote_execution 25. [✗] Configure foreman_plugin_setup 26. [✓] Configure foreman_plugin_tasks 27. [✗] Configure foreman_plugin_templates 28. [✓] Configure foreman_proxy 29. [✓] Configure foreman_proxy_content 30. [✗] Configure foreman_proxy_plugin_ansible 31. [✗] Configure foreman_proxy_plugin_chef 32. [✗] Configure foreman_proxy_plugin_dhcp_infoblox 33. [✗] Configure foreman_proxy_plugin_discovery 34. [✗] Configure foreman_proxy_plugin_dns_infoblox 35. [✗] Configure foreman_proxy_plugin_openscap 36. [✓] Configure foreman_proxy_plugin_pulp 37. [✗] Configure foreman_proxy_plugin_remote_execution_ssh 38. [✓] Configure katello 39. [✓] Configure puppet 40. Display current config 41. Save and run 42. Cancel run without Saving Choose an option from the menu...
missing from the Main Config Menu (that we need):
There are others missing, but we don’t need them …
If I run the installer non-interactively, it still complains that the options are Unrecognised.
# foreman-installer --scenario katello \ > --enable-foreman-plugin-digitalocean \ > --enable-foreman-plugin-docker \ > --enable-foreman-plugin-memcache \ > --enable-foreman-plugin-monitoring \ > --enable-foreman-proxy-plugin-dynflow \ > --enable-foreman-proxy-plugin-monitoring \ > --enable-foreman-proxy-plugin-pulp ERROR: Unrecognised option '--enable-foreman-plugin-digitalocean' See: 'foreman-installer --help' [root@foreman ~]#
Are these just non-supported plugins, or am I missing something basic here?
Docker is in the foreman scenario, but not in the katello scenario. Every scenario can expose a different set of classes, depending on which are relevant. In this particular case docker is not exposed because Katello already has a packaging dependency on it. Exposing the option would give the illusion it’s optional.
I think these options were mostly untested. Before we also had two different git repositories so keeping them in sync was hard. Now that we’ve merged them, it should be easier but there’s still some way to go. Most of those plugins make sense to add (except docker, which I mentioned in my previous reply). I’ve submitted a quick PR to expose a few more but you’re right we should go over the list a bit more.
The installer stores them itself - running
foreman-installer with no args should produce the exact same configuration as last time you ran it.
Obviously, this data is stored in a file (in /etc/foreman-installer) so you can copy it from one machine to another if need be, just be careful of things like hostnames, IP addresses, etc. that may be unique to the host.
I just wanted to drop by and say how awesome it is to see new users supporting each other - self-sustaining communities are very much something I like to see . As others have said, please do keep sharing your experiences, as we “old timers” don’t see the sharp edges any more. You guys rock !
Thank you, Greg. I’m just a clueless noob here, but an old-timer in a lot of other areas.
(I started out in the keypunch days, more than a decade before .com was allowed on the net…)
My first email address was UUCP style with a bang! But I digress …
That said, I really appreciate this community. I have received great support, and quick, quality responses.
In the interest of sharing my experiences, Ewoud answered one question, which begs another …
Our developers are moving towards Jenkins as part of their workflow. I would like to support them,
where it makes sense to integrate into the foreman/puppet model. (Jenkins -> Pipeline -> Docker).
If someone who has experience with this combination, please share.
I have installed Katello, and I am still trying for my first successful foreman-installer run with options.
If I cannot include Docker in the Katello scenario, must I run the installer again with the foreman scenario?
I am assuming that one cannot specify more than one scenario on the command line such as:
# foreman-installer -i --scenario katello --scenario foreman ...
But I feel like I am getting very close.
Which packaging dependency is included with katello, and would it conflict with the docker plugin
if I added that later?