Getting Started


#62

Hi Greg, Sorry to hear you are leaving. I found out through the Foreman UI, so thank you, as well.

What I did was edit the /etc/foreman-installer/scenarios.d/katello-answers.yaml
and made these changes:

foreman::plugin::discovery: true
foreman::plugin::openscap: true
foreman::plugin::puppetdb: true
foreman::plugin::remote_execution: true
foreman::plugin::templates: true
foreman_proxy::plugin::openscap: true
foreman_proxy::plugin::remote_execution::ssh: true
foreman_proxy::plugin::discovery: true
foreman::compute::vmware: true
foreman::cli::discovery: true
foreman::cli::tasks: true
foreman::cli::templates: true
foreman::cli::remote_execution: true

because that is easier than setting each checkbox interactively one at a time …

Then I ran:
[root@foreman ~]# foreman-installer --interactive --scenario katello

Main Config Menu
1. [✓] Configure certs
2. [✓] Configure foreman
3. [✓] Configure foreman_cli
4. [✓] Configure foreman_cli_discovery
5. [✓] Configure foreman_cli_openscap
6. [✓] Configure foreman_cli_remote_execution
7. [✓] Configure foreman_cli_tasks
8. [✓] Configure foreman_cli_templates
9. [✗] Configure foreman_compute_ec2
10. [✗] Configure foreman_compute_gce
11. [✗] Configure foreman_compute_libvirt
12. [✗] Configure foreman_compute_openstack
13. [✗] Configure foreman_compute_ovirt
14. [✗] Configure foreman_compute_rackspace
15. [✓] Configure foreman_compute_vmware
16. [✗] Configure foreman_plugin_ansible
17. [✗] Configure foreman_plugin_bootdisk
18. [✗] Configure foreman_plugin_chef
19. [✗] Configure foreman_plugin_default_hostgroup
20. [✓] Configure foreman_plugin_discovery
21. [✗] Configure foreman_plugin_hooks
22. [✓] Configure foreman_plugin_openscap
23. [✓] Configure foreman_plugin_puppetdb
24. [✓] Configure foreman_plugin_remote_execution
25. [✗] Configure foreman_plugin_setup
26. [✓] Configure foreman_plugin_tasks
27. [✓] Configure foreman_plugin_templates
28. [✓] Configure foreman_proxy
29. [✓] Configure foreman_proxy_content
30. [✗] Configure foreman_proxy_plugin_ansible
31. [✗] Configure foreman_proxy_plugin_chef
32. [✗] Configure foreman_proxy_plugin_dhcp_infoblox
33. [✓] Configure foreman_proxy_plugin_discovery
34. [✗] Configure foreman_proxy_plugin_dns_infoblox
35. [✓] Configure foreman_proxy_plugin_openscap
36. [✓] Configure foreman_proxy_plugin_pulp
37. [✓] Configure foreman_proxy_plugin_remote_execution_ssh
38. [✓] Configure katello
39. [✓] Configure puppet
40. Display current config
41. Save and run
42. Cancel run without Saving
Choose an option from the menu... 41
(...)
Preparing installation Debug: importing '/usr/share/foreman-installer/mod[0
Installing             Package[postgresql-server]                         [6%]
Installing             Foreman_config_entry[puppetdb_address]             [79%]
Installing             Package[tfm-rubygem-foreman_remote_execution]      [80%]
Installing             Service[puppetserver]                              [87%]
Installing             Exec[foreman-rake-apipie:cache:index]              [87%]
Installing             Done                                               [100%]
  Success!

I updated the firewall rules, and accessed the UI at: https://foreman.mydomain.com
started foreman, and ran puppet agent --test. At this point it gets blurry again . . .

The dashboard shows 0 hosts.
Not sure what to do next?

The topic “Getting Started” is still appropriate, but getting harder to follow. My apologies for that.


#63

My “Getting Started” experience is being steered as follows:

6. Add a puppet module .i.e NTP
7. Import puppet environment/classes into Foreman
8. Unattended host provisioning
9

In Foreman’s Monitor > DashBoard, I then have:

Under Foreman’s Hosts > All Hosts :

Listing only the foreman host once the Puppet classes had been imported to Foreman’s database. The only “smart proxy” applicable, running on the host foreman.domain.com.

** A very important note: Only 1x smart proxy runs on a host. Yet 1x smart proxy can act on behalf of numerous other “services”, i.e. DHCP and/or DNS and/or TFTP etc. ***

My notes therefore continuing as follows:

6. First Puppet Module:

Goto website: forge.puppetlabs.com
Search: NTP
Review module’s “How to install” notes

	#cd /etc/puppetlabs/code/environments

Install

#puppet module install puppetlabs-ntp

Validate installation to folder - /etc/puppetlabs/code/environment/production/modules

Import Puppet module into Foreman – Web Interface

Configure > Classes > Import environments from foreman.example.com

Setting a parameter

	Click on “NTP” class
	Select “Smart Class Parameters”
	Filter for “servers”
	Set	Override	checked
Key Type	array
		Default Value	[“0.pool.ntp.org.za”,“1.pool.ntp.org.za”,“2.pool.ntp.org.za”]
	Click Submit

7. Puppet Server & Puppet Agent Basics

Puppet Certificates / Comms between PuppetMaster & Puppet Agent:

	List certificates at Puppet Master
	@PuppetServer: puppetserver ca list --all
	
	Generate client certificate at Puppet Agent 
	@PuppetAgent: puppet agent –t

	Sign client certificate at Puppet Master
	@PuppetServer: puppetserver ca sign –certname “PuppetAgent”

	Obtain signed certificate at Puppet Agent
	@PuppetAgent: puppet agent -t

Install puppet NTP module (as root | validate installation to correct path |

etc/puppetlabs/code/environment/production/modules):

#puppet module install puppetlabs-ntp
...
#puppet module install puppetlabs-mysql
#puppet module install mayflower-php

Adding classes from module to main manifest

#cd /etc/puppetlabs/code/environments/production/manifests

#vi site.pp

Important to understand Puppet Resources, modules & manifests - To elaborate

-----Resource------------------

file { ‘/etc/inetd.conf’:
	ensure => ‘/etc/inet/inetd.conf’,
}

-----Resources------------------

package { ‘http’:
	ensure => installed,
}
service { ‘httpd’:
	ensure => running,
}

------From installed modules – puppetlabs-mysql & mayflower-php-----------------

include ‘::mysql::server’
include ‘::php’

--------From installed module – puppetlabs-ntp---------------------------

node default {
  class { 'ntp':
    servers => ['0.pool.ntp.org.za','1.pool.ntp.org.za','2.pool.ntp.org.za','3.pool.ntp.org.za']
  }
}

Start Puppet run at Puppet Agent:

#puppet agent –t

Check if new services is running at Puppet Agent:

#puppet resource service ntpd
#mysql –v
#php -version

8.Unattended host Provisioning:

to be continued …

Unattended Host Provisioning:

Existing host discovery:


#64

Odd, even without classes, Foreman should create the host entry. Can you show the puppet agent output (you may need to add -v or even -d).

It occurs to me that a “Beginner’s Case Study” video interview might be a fun thing to do. We used to do a lot of case studies back in the day (see https://www.youtube.com/watch?v=WwY_IawhRKc&list=PLLTIBSsvp9qRcL6yCQqmdMJSRSYNI9DbK). Would any of you be interested in joining me for something like that, @Peek @jmrice6640 @mason?


#65

I think I could be bribed to do something humiliating like that :wink: What I mean by “bribed” is that I don’t yet have a functional Foreman system (because the process was taking too long and I had to shift my focus to more pressing tasks for a bit) so I could really use some help to get my system to a state where I can do useful work. At that point, I think it would make sense for me to do a beginner case study. Would you or one of the other experienced folks be willing to spend a bit of time with me to get setup and in exchange I’ll give you a useful noob case study?


#66

Maybe we should record that too, if the systems you’re working on aren’t too private? That kind of debugging process could be really valuable to others, I think.


#67

I installed puppetlabs-ntp, added the class ntp to the node default in site.pp.
Configure > Classes > Import environments from foreman.mydomain.com

And now in the foreman UI I can see these Puppet Classes:
ntp
ntp::config
ntp::install
ntp::service
stdlib
stdlib::stages

And there are 5 signed certificates. NTP is running as a service on all my hosts.

But under Configure -> Environments none are displayed. There is a button to Create Puppet Environment.
And one to Import environments from foreman.mydomain.com I selected that …

It said: Successfully updated environments and Puppet classes …
And yet, there are still no environments, and no hosts managed by puppet.

I must have missed a step. I didn’t have this problem with my previous attempts without Katello.
That setup shows the production environment and 5 managed hosts. So what did I do differently this time?


#68

I did notice that the Smart Proxies URL is different:

Old: https://foreman.messagebroadcast.com:8443 (Foreman default installation)
New: https://foreman.messagebroadcast.com:9090 (Foreman with Katello)


#69

At the moment, everything I’m doing is just a lab, so no there’s nothing particularly private.


#70

That’s expected, Katello has (had?) another service on 8443, so in that scenario we have to change the proxy port.

Not sure what’s going on with your classes/envs, hopefully someone from @katello can help?


#71

Could it be related to the facts not being reported?
I thought that once foreman receives facts, it creates the hosts.
Is katello/discovery getting in the way?

How can I have the hosts push facts manually?


#72

That’s possible. If you tail the production.log file in var/log/foreman, and run puppet agent in another terminal, you should see a set of requests, one of which is a POST to the facts API. Knowing if that happened (and if it succeeded) seems a good next step.


#73

Not sure if this is useful …

[root@foreman foreman]# puppet agent -v --test
Info: Using configured environment ‘production’
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for foreman.mydomain.com
Info: Applying configuration version ‘1550001592’
Notice: Applied catalog in 0.63 seconds
[root@foreman foreman]#

2019-02-12T11:59:53 [I|app|] Started POST “/api/config_reports” for 10.0.0.234 at 2019-02-12 11:59:53 -0800
2019-02-12T11:59:53 [I|app|3a03a] Processing by Api::V2::ConfigReportsController#create as JSON
2019-02-12T11:59:53 [I|app|3a03a] Parameters: {“config_report”=>"[FILTERED]", “apiv”=>“v2”}
2019-02-12T11:59:53 [I|app|3a03a] Scanning report with: Foreman::PuppetReportScanner
2019-02-12T11:59:54 [I|app|3a03a] Imported report for foreman.mydomain.com in 62.0 ms, status refreshed in 14.6 ms
2019-02-12T11:59:54 [I|app|3a03a] Rendering api/v2/config_reports/create.json.rabl
2019-02-12T11:59:54 [I|app|3a03a] Rendered api/v2/config_reports/create.json.rabl (26.1ms)
2019-02-12T11:59:54 [I|app|3a03a] Completed 201 Created in 120ms (Views: 23.9ms | ActiveRecord: 26.6ms)
2019-02-12T12:00:10 [W|app|] Creating scope :path_of. Overwriting existing method Taxonomy.path_of.
2019-02-12T12:00:10 [W|app|] Creating scope :path_of. Overwriting existing method Taxonomy.path_of.
2019-02-12T12:00:13 [W|app|] Creating scope :path_of. Overwriting existing method Hostgroup.path_of.
2019-02-12T12:00:13 [W|app|] Creating scope :completer_scope. Overwriting existing method Organization.completer_scope.
2019-02-12T12:00:13 [W|app|] Creating scope :path_of. Overwriting existing method Hostgroup.path_of.
2019-02-12T12:00:14 [W|app|] Creating scope :completer_scope. Overwriting existing method Organization.completer_scope.
2019-02-12T12:00:15 [W|app|] Creating scope :completer_scope. Overwriting existing method Location.completer_scope.
2019-02-12T12:00:15 [W|app|] Creating scope :completer_scope. Overwriting existing method Location.completer_scope.
2019-02-12T12:00:16 [W|app|] Scoped order is ignored, it’s forced to be batch order.
2019-02-12T12:00:16 [W|app|] Scoped order is ignored, it’s forced to be batch order.


#74

OK, I changed the view on All Hosts from Default Organization to Any Organization, and now they show up.
I think Organization and Location contexts are new to this combination.


#75

There are 5 hosts with no organization assigned


#76

After reading a bit more, I created an Organization and some Locations, and assigned the hosts to them.
I think I might actually be Getting Started …


#77

Sounds good to me. Though I unfortunately also

Please note that I have no preference for Puppet over Ansible, Chef or Salt.

Puppet is purely the preferred option based on available documentation. As such, is there a case to rather focus on Ansible ?.. (or Salt …)


#78

Make it, Break it, Fix it, Hack it, Own it.

Shouldn’t be a problem as I believe we’re all still sand boxing …


#79

I have one only environment, being “production”.

Disregard my notes where it states to edit files by hand. This is not necessary …

However, do ensure your puppet modules install to the correct location. I’ve found that "sudo"ing will not install them to correctly. At present I ran all commands as “root”. Yes, I know, totally acceptable… but it’s the only time I get the puppet modules to install to /etc/puppetlabs/code/environment/production/modules

Try and advise on your mileage.


#80

For clarification, when I ran the foreman-installer with all defaults, I, too, had one environment, production.
When I started over, installed katello, then ran the installer again, this introduced the concept of Organizations and Locations. Even after I added a few hosts, none of them displayed in the UI, as I had not yet created any Organizations nor Locations, and I had not assigned my hosts to them. The UI displayed the Default Organization and Default Location, so, no Environment, and no Hosts …

Once I changed the view (top of the screen pull down menus next to the Foreman logo) by setting it to Any Organization and Any Location, then the Environment and Hosts appeared.

But that was just the fun part of “Getting Started”. My fear is that now the real work begins.

Things I want to accomplish/understand next, in no particular order:
Additional Plugins
Host Groups
Users
Certificate management
Provisioning new Hosts from VMware
OpenSCAP integration
OS Hardening via Puppet
LDAP, FreeIPA
Jenkins/Pipeline/Docker Workflow

I’m sure there is at least another week’s worth of questions there …


#81

Would you mind advising how you went about adding hosts ?