How to copy without console access to foreman server?

I’ve been working on learning foreman and have been having to run the following command on the server server itself to enable remote execution for that specific host.

ssh-copy-id -i ~foreman-proxy/.ssh/ root@[IPADDRESS]

Aside from downloading the .pub file and manually importing it on hosts, is there a better way I could import the certificate on individual hosts? Were I to eventually implement foreman at work, having to SSH to the server itself each time we’re adding a new host wouldn’t work well.

There is already a snippet “remote_execution_ssh_keys” included in the provisioning template that will do the work for you, so if you provision your systems with Foreman it should be ready to accept jobs after provision finished successfully.

Do you know how to run this snippet in a standalone fashion? It’s also not theisable to run it directly from the server in cases where sshd_config has root ssh set to prohibit-password.

The snippet could also be used in other templates except from job templates, but this should not be a problem as it is for setting up jobs. If you simply want to execute it manually you can go on the preview of the template and copy&paste it to the console.

Setting this up after provisioning without a root access or at least a user with sudo rules already in place is a pain. But you can also use the user with sudo to run jobs by using the settings in Foreman.

What I did once in the past at a customer where I had no puppet to do the configuration and only had my personal account with ssh key and sudo rules already deployed, was to configure Foreman to use my account for job execution until I had successfully run a job creating a new user rex at all systems and then change the configuration to use this user instead.

For Puppet users it’s also provided via the ENC. You can use this class to manage the REX user:

1 Like