Installing Foreman in an air-gapped environment
This is the method I used to create an off-line repository containing all the packages I needed to be able to perform an installation of Foreman in an air-gapped environment. I used method two to create a small repo - 655Mb, rather than downloading entire repos. I hope this saves someone the pain I had to go through.
Let me know if you find errors / problems.
Create a local repository of rpms
There are two methods for creating a local copy of the packages required to install Foreman:
- Download full repository copies using reposync.
- Downloading all packages installed in a completed Foreman installation.
Both methods require internet access and require the yum-utils and createrepo packages:
# yum install -y yum-utils createrepo
Create a directory to store copies of all the packages:
# mkdir /var/local/repos
Method 1 - Downloading full copies of the following repositories:
# rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
# rpm -ivh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# yum -y install http://yum.theforeman.org/releases/1.9/el7/x86_64/foreman-release.rpm
# reposync -d -n -p /var/local/repos --repoid=base --repoid=epel --repoid=updates --repoid=foreman --repoid=foreman-plugins --repoid=puppetlabs-deps --repoid=puppetlabs-products --repoid=rhscl-ruby193-epel-7-x86_64 --repoid=rhscl-v8314-epel-7-x86_64
Method 2 - Download only the rpms from a fully installed Foreman VM:
Follow the Foreman quick start guide at https://www.theforeman.org/manuals/1.9/quickstart_guide.html to install Foreman.
Once the foreman-installer has completed without error, perform the following steps to download copies of the rpms. NOTE: This is a slow process, but avoids having to download the entire CentOS base, epel and updates repositories. The total volume of packages is approximately 655Mb.
# for i in `yum list installed | grep @base | awk '{print $1}'`; do yum reinstall $i --downloadonly --downloaddir=/var/local/repos/base; done
# for i in `yum list installed | grep @epel | awk '{print $1}'`; do yum reinstall $i --downloadonly --downloaddir=/var/local/repos/epel; done
Download the remaining small repos in full:
# reposync -d -n -p /var/local/repos --repoid=foreman --repoid=foreman-plugins --repoid=puppetlabs-deps --repoid=puppetlabs-products --repoid=rhscl-ruby193-epel-7-x86_64 --repoid=rhscl-v8314-epel-7-x86_64
Execute createrepo for each repo directory:
createrepo --update /var/local/repos/base
createrepo --update /var/local/repos/updates
createrepo --update /var/local/repos/epel
createrepo --update /var/local/repos/foreman
createrepo --update /var/local/repos/foreman-plugins
createrepo --update /var/local/repos/puppetlabs-deps
createrepo --update /var/local/repos/puppetlabs-products
createrepo --update /var/local/repos/rhscl-ruby193-epel-7-x86_64
createrepo --update /var/local/repos/rhscl-v8314-epel-7-x86_64/
Transfer the /var/local/repos directory to the target Foreman VM, perhaps using scp
Installing Foreman on a VM / Server
Adding another disk to the VM if required:
# for host in /sys/class/scsi_host/*; do echo "- - -" | sudo tee $host/scan; ls /dev/sd* ; done
# lsblk
# fdisk /dev/sdb # New partition type 8e
# pvcreate /dev/sdb1
# pvdisplay
# vgextend centos /dev/sdb1
# lvdisplay
# lvextend -L +100G /dev/centos/root
# xfs_growfs /dev/centos/root
Disable SELinux
setenforce 0
# vi /etc/sysconfig/selinux # And set SELINUX=permissive
Configure firewalld
Replace IP and FQD as required:
echo "<IP> <FQDN> foreman" >> /etc/hosts
# echo "10.0.1.200 foreman.rancher.int foreman" >> /etc/hosts
# firewall-cmd --permanent --zone=public --add-port=53/tcp \
--add-port=53/udp --add-port=67-68/udp --add-port=69/udp --add-port=80/tcp \
--add-port=443/tcp --add-port=3000/tcp --add-port=3306/tcp --add-port=5910-5930/tcp \
--add-port=5432/tcp --add-port=8140/tcp --add-port=8443/tcp; firewall-cmd --reload
Set-up the repos
# rm -f /etc/yum.repos.d/*
# cat << EOF > /etc/yum.repos.d/local.repo
[base]
name=CentOS-$releasever - Base
baseurl=file:///var/local/repos/base
enabled=1
gpgcheck=0
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=file:///var/local/repos/epel
enabled=1
gpgcheck=0
[foreman-plugins]
name=Foreman plugins 1.9
baseurl=file:///var/local/repos/foreman-plugins
enabled=1
gpgcheck=0
[foreman]
name=Foreman 1.9
baseurl=file:///var/local/repos/foreman
enabled=1
gpgcheck=0
[puppetlabs-products]
name=Puppet Labs Products El 7 - $basearch
baseurl=file:///var/local/repos/puppetlabs-products
enabled=1
gpgcheck=0
[puppetlabs-deps]
name=Puppet Labs Dependencies El 7 - $basearch
baseurl=file:///var/local/repos/puppetlabs-deps
enabled=1
gpgcheck=0
[rhscl-ruby193-epel-7-x86_64]
name=Ruby193 - epel-7-x86_64
baseurl=file:///var/local/repos/rhscl-ruby193-epel-7-x86_64
enabled=1
gpgcheck=0
[rhscl-v8314-epel-7-x86_64]
name=V8 3.14.5.10 - epel-7-x86_64
baseurl=file:///var/local/repos/rhscl-v8314-epel-7-x86_64
enabled=1
gpgcheck=0
EOF
Install the yum-utils package:
# yum install -y /var/local/repos/base/yum-utils-1.1.31-53.el7.noarch.rpm
# yum install /var/local/repos/base/createrepo-0.9.9-28.el7.noarch.rpm
Update the repos
# createrepo --update /var/local/repos/base
# createrepo --update /var/local/repos/updates
# createrepo --update /var/local/repos/epel
# createrepo --update /var/local/repos/foreman
# createrepo --update /var/local/repos/foreman-plugins
# createrepo --update /var/local/repos/puppetlabs-deps
# createrepo --update /var/local/repos/puppetlabs-products
# createrepo --update /var/local/repos/rhscl-ruby193-epel-7-x86_64
# createrepo --update /var/local/repos/rhscl-v8314-epel-7-x86_64/
# yum clean all && rm -rf /var/cache/yum/* && yum repolist
Install the foreman installer:
# yum -y install foreman-installer
Set the foreman-installaer prarameters
Edit the /etc/foreman/foreman-installer-answers.yaml file and set configure_epel_repo: false. Do not alter the indentation of the line in the file.
# vi /etc/foreman/foreman-installer-answers.yaml
foreman:
custom_repo: true
configure_epel_repo: false
.
.
Install Foreman
# foreman-installer -v
.
.
.
Installing Done [100%] [...............................................................................................................................]
Success!
* Foreman is running at https://foreman.rancher.int
Initial credentials are admin / 7Jw3vJfCzp5TUsGG
* Foreman Proxy is running at https://foreman.rancher.int:8443
* Puppetmaster is running at port 8140
The full log is at /var/log/foreman-installer/foreman-installer.log
NOTE: If Firefox does not give you an option of adding an exception for the certificate, it may be because it already has a certificate exception added for the site. Delete the existing certificate from Firefox/Options/Privacy & Security/View Certificates/Server (tab)
Post-install steps
After installation, the Foreman installer will have set up a puppet master on the host, fully integrated with Foreman. First run the Puppet agent on the Foreman host which will send the first Puppet report to Foreman, automatically creating the host in Foreman’s database.
# puppet agent --test
Puppet 3+ will show a warning the first time that the node can’t be found, this can be ignored.
In Foreman, click on the Hosts tab and your Foreman host should be visible in the list with an “O” status. This indicates its status is OK, with no changes made on the last Puppet run.
This completes the basic off-line installation. Consult the Foreman documentation for detailed steps on using Foremen to manage nodes: Foreman :: Manual