I'm trying to create an openstack cloud using staypuft, but I think the
problem is more generic.
I'm running on an RFC1918 (private) network, so need to set an http proxy
to reach the internet.
Per a hint from the IRC channel, I tried setting the global parameters
"http-proxy" and "http-proxy-port", but the install of the first host still
fails in a way that makes it look like the proxy isn't being set. The
first file fetch (from the local foreman server) succeeds, but the
subsequent requests (to the CentOS mirror) fail.
Is that the right way to set an HTTP proxy? Is there some other way?
Should I create a local mirror on the foreman server so I don't need to
set the http_proxy?
Thanks!
John,
I had set up an environment similar to yours (I believe). I have the
foreman server installed with two NICs. One connects to the 192.168.x.x
network that is the main network, and the other connects to the 10.10.x.x
network that is internal to the openstack servers.
The ideal scenario is to have a repo server feeding the 10.10.x.x network,
but in the mean time, for testing purposes, I enabled the foreman server to
act as a pass through between both networks, so that the servers in
10.10.x.x can access the mirror.centos.org sites via the foreman server.
Here is what I did AFTER running the staypuft installer:
- Allow for traffic to transverse between the two nics at the foreman
server
cat /proc/sys/net/ipv4/ip_forward
change net.ipv4.ip_forward from 0 to 1
vi /etc/sysctl.conf
sysctl -e -p /etc/sysctl.conf
- Modify iptables
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save
vi /etc/sysconfig/iptables
service iptables restart
Hope this helps.
IB
···
On Wednesday, September 3, 2014 5:51:31 PM UTC-4, John Hazen wrote:
>
> I'm trying to create an openstack cloud using staypuft, but I think the
> problem is more generic.
>
> I'm running on an RFC1918 (private) network, so need to set an http proxy
> to reach the internet.
>
> Per a hint from the IRC channel, I tried setting the global parameters
> "http-proxy" and "http-proxy-port", but the install of the first host still
> fails in a way that makes it look like the proxy isn't being set. The
> first file fetch (from the local foreman server) succeeds, but the
> subsequent requests (to the CentOS mirror) fail.
>
> Is that the right way to set an HTTP proxy? Is there some other way?
> Should I create a local mirror on the foreman server so I don't need to
> set the http_proxy?
>
> Thanks!
>
Hi Ignacio-
Thanks for the reply. I have the hosts on a routable (to the rest of our
infrastructure) network, with a router connected to it. So I don't need to
do routing via the foreman box.
But, to reach the CentOS mirror, I need to have an http proxy set (if I
manually "export http_proxy=…" it works), and I'm struggling to get
foreman to do that for me.
If I can't do that, I may have to do something like this:
http://emeraldreverie.org/blog/2012/05/12/caching-packages-with-theforeman/
···
On Wed, Sep 3, 2014 at 9:47 PM, Ignacio Bravo wrote:
John,
I had set up an environment similar to yours (I believe). I have the
foreman server installed with two NICs. One connects to the 192.168.x.x
network that is the main network, and the other connects to the 10.10.x.x
network that is internal to the openstack servers.
The ideal scenario is to have a repo server feeding the 10.10.x.x network,
but in the mean time, for testing purposes, I enabled the foreman server to
act as a pass through between both networks, so that the servers in
10.10.x.x can access the mirror.centos.org sites via the foreman server.
Here is what I did AFTER running the staypuft installer:
- Allow for traffic to transverse between the two nics at the foreman
server
cat /proc/sys/net/ipv4/ip_forward
change net.ipv4.ip_forward from 0 to 1
vi /etc/sysctl.conf
sysctl -e -p /etc/sysctl.conf
- Modify iptables
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save
vi /etc/sysconfig/iptables
service iptables restart
Hope this helps.
IB
On Wednesday, September 3, 2014 5:51:31 PM UTC-4, John Hazen wrote:
I’m trying to create an openstack cloud using staypuft, but I think the
problem is more generic.
I’m running on an RFC1918 (private) network, so need to set an http proxy
to reach the internet.
Per a hint from the IRC channel, I tried setting the global parameters
"http-proxy" and “http-proxy-port”, but the install of the first host still
fails in a way that makes it look like the proxy isn’t being set. The
first file fetch (from the local foreman server) succeeds, but the
subsequent requests (to the CentOS mirror) fail.
Is that the right way to set an HTTP proxy? Is there some other way?
Should I create a local mirror on the foreman server so I don’t need to
set the http_proxy?
Thanks!
–
You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/foreman-users/-_QtvyPz7rM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
Have you seen Katello? It is based on the foreman and adds the capability
of providing an internal repo based on the Centos mirror outside. It takes
a long time at first to copy the mirrors, but after that, it is all
internal traffic.
BTW, other than the issue with the proxy, are you able to provision the
openstack servers? I am stuck with the puppet configurations after the
build.
IB
···
On Thursday, September 4, 2014 1:37:26 AM UTC-4, John Hazen wrote:
>
> Hi Ignacio-
>
> Thanks for the reply. I have the hosts on a routable (to the rest of our
> infrastructure) network, with a router connected to it. So I don't need to
> do routing via the foreman box.
>
> But, to reach the CentOS mirror, I need to have an http proxy set (if I
> manually "export http_proxy=..." it works), and I'm struggling to get
> foreman to do that for me.
>
> If I can't do that, I may have to do something like this:
>
> http://emeraldreverie.org/blog/2012/05/12/caching-packages-with-theforeman/
>
>
>
> On Wed, Sep 3, 2014 at 9:47 PM, Ignacio Bravo > wrote:
>
>> John,
>>
>> I had set up an environment similar to yours (I believe). I have the
>> foreman server installed with two NICs. One connects to the 192.168.x.x
>> network that is the main network, and the other connects to the 10.10.x.x
>> network that is internal to the openstack servers.
>>
>> The ideal scenario is to have a repo server feeding the 10.10.x.x
>> network, but in the mean time, for testing purposes, I enabled the foreman
>> server to act as a pass through between both networks, so that the servers
>> in 10.10.x.x can access the mirror.centos.org sites via the foreman
>> server.
>>
>> Here is what I did AFTER running the staypuft installer:
>>
>> 1. Allow for traffic to transverse between the two nics at the foreman
>> server
>>
>> cat /proc/sys/net/ipv4/ip_forward
>> # change net.ipv4.ip_forward from 0 to 1
>> vi /etc/sysctl.conf
>> sysctl -e -p /etc/sysctl.conf
>>
>> 2. Modify iptables
>> iptables -A FORWARD -i eth0 -j ACCEPT
>> iptables -A FORWARD -o eth0 -j ACCEPT
>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>> service iptables save
>> vi /etc/sysconfig/iptables
>> service iptables restart
>>
>>
>> Hope this helps.
>> IB
>>
>>
>>
>> On Wednesday, September 3, 2014 5:51:31 PM UTC-4, John Hazen wrote:
>>>
>>> I'm trying to create an openstack cloud using staypuft, but I think the
>>> problem is more generic.
>>>
>>> I'm running on an RFC1918 (private) network, so need to set an http
>>> proxy to reach the internet.
>>>
>>> Per a hint from the IRC channel, I tried setting the global parameters
>>> "http-proxy" and "http-proxy-port", but the install of the first host still
>>> fails in a way that makes it look like the proxy isn't being set. The
>>> first file fetch (from the local foreman server) succeeds, but the
>>> subsequent requests (to the CentOS mirror) fail.
>>>
>>> Is that the right way to set an HTTP proxy? Is there some other way?
>>> Should I create a local mirror on the foreman server so I don't need to
>>> set the http_proxy?
>>>
>>> Thanks!
>>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Foreman users" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/foreman-users/-_QtvyPz7rM/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> foreman-user...@googlegroups.com .
>> To post to this group, send email to forema...@googlegroups.com
>> .
>> Visit this group at http://groups.google.com/group/foreman-users.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
I was hoping not to have to learn Katello at the same time, but now I think
I'm going to need to build a local repo of some sort, so I might as well
look at it.
And, no. I haven't been able to provision any hosts yet, due to the proxy
issue. (It doesn't even get through the kickstart.)
I'm hoping to have this resolved today, so I can either help you debug the
lack of puppet config, or actually build my openstack cluster.
-John
···
On Wed, Sep 3, 2014 at 11:03 PM, Ignacio Bravo wrote:
Have you seen Katello? It is based on the foreman and adds the capability
of providing an internal repo based on the Centos mirror outside. It takes
a long time at first to copy the mirrors, but after that, it is all
internal traffic.
BTW, other than the issue with the proxy, are you able to provision the
openstack servers? I am stuck with the puppet configurations after the
build.
IB
On Thursday, September 4, 2014 1:37:26 AM UTC-4, John Hazen wrote:
Hi Ignacio-
Thanks for the reply. I have the hosts on a routable (to the rest of our
infrastructure) network, with a router connected to it. So I don’t need to
do routing via the foreman box.
But, to reach the CentOS mirror, I need to have an http proxy set (if I
manually “export http_proxy=…” it works), and I’m struggling to get
foreman to do that for me.
If I can’t do that, I may have to do something like this:
http://emeraldreverie.org/blog/2012/05/12/caching-
packages-with-theforeman/
On Wed, Sep 3, 2014 at 9:47 PM, Ignacio Bravo ibr...@ltgfederal.com >> wrote:
John,
I had set up an environment similar to yours (I believe). I have the
foreman server installed with two NICs. One connects to the 192.168.x.x
network that is the main network, and the other connects to the 10.10.x.x
network that is internal to the openstack servers.
The ideal scenario is to have a repo server feeding the 10.10.x.x
network, but in the mean time, for testing purposes, I enabled the foreman
server to act as a pass through between both networks, so that the servers
in 10.10.x.x can access the mirror.centos.org sites via the foreman
server.
Here is what I did AFTER running the staypuft installer:
- Allow for traffic to transverse between the two nics at the foreman
server
cat /proc/sys/net/ipv4/ip_forward
change net.ipv4.ip_forward from 0 to 1
vi /etc/sysctl.conf
sysctl -e -p /etc/sysctl.conf
- Modify iptables
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save
vi /etc/sysconfig/iptables
service iptables restart
Hope this helps.
IB
On Wednesday, September 3, 2014 5:51:31 PM UTC-4, John Hazen wrote:
I’m trying to create an openstack cloud using staypuft, but I think the
problem is more generic.
I’m running on an RFC1918 (private) network, so need to set an http
proxy to reach the internet.
Per a hint from the IRC channel, I tried setting the global parameters
"http-proxy" and “http-proxy-port”, but the install of the first host still
fails in a way that makes it look like the proxy isn’t being set. The
first file fetch (from the local foreman server) succeeds, but the
subsequent requests (to the CentOS mirror) fail.
Is that the right way to set an HTTP proxy? Is there some other way?
Should I create a local mirror on the foreman server so I don’t need to
set the http_proxy?
Thanks!
–
You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit https://groups.google.com/d/
topic/foreman-users/-_QtvyPz7rM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-user...@googlegroups.com.
To post to this group, send email to forema...@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/foreman-users/-_QtvyPz7rM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
