Installing Foreman in an air-gapped environment

Installing Foreman in an air-gapped environment

This is the method I used to create an off-line repository containing all the packages I needed to be able to perform an installation of Foreman in an air-gapped environment. I used method two to create a small repo - 655Mb, rather than downloading entire repos. I hope this saves someone the pain I had to go through.

Let me know if you find errors / problems.

Create a local repository of rpms

There are two methods for creating a local copy of the packages required to install Foreman:

  1. Download full repository copies using reposync.
  2. Downloading all packages installed in a completed Foreman installation.

Both methods require internet access and require the yum-utils and createrepo packages:

# yum install -y yum-utils createrepo

Create a directory to store copies of all the packages:

# mkdir /var/local/repos

Method 1 - Downloading full copies of the following repositories:

# rpm -ivh
# rpm -ivh
# yum -y install
# reposync -d -n -p /var/local/repos --repoid=base --repoid=epel --repoid=updates --repoid=foreman --repoid=foreman-plugins --repoid=puppetlabs-deps --repoid=puppetlabs-products --repoid=rhscl-ruby193-epel-7-x86_64 --repoid=rhscl-v8314-epel-7-x86_64 

Method 2 - Download only the rpms from a fully installed Foreman VM:

Follow the Foreman quick start guide at to install Foreman.

Once the foreman-installer has completed without error, perform the following steps to download copies of the rpms. NOTE: This is a slow process, but avoids having to download the entire CentOS base, epel and updates repositories. The total volume of packages is approximately 655Mb.

# for i in `yum list installed | grep @base | awk '{print $1}'`; do yum reinstall $i --downloadonly --downloaddir=/var/local/repos/base; done

# for i in `yum list installed | grep @epel | awk '{print $1}'`; do yum reinstall $i --downloadonly --downloaddir=/var/local/repos/epel; done

Download the remaining small repos in full:

# reposync -d -n -p /var/local/repos --repoid=foreman --repoid=foreman-plugins --repoid=puppetlabs-deps --repoid=puppetlabs-products --repoid=rhscl-ruby193-epel-7-x86_64 --repoid=rhscl-v8314-epel-7-x86_64 

Execute createrepo for each repo directory:

createrepo --update /var/local/repos/base
createrepo --update /var/local/repos/updates
createrepo --update /var/local/repos/epel
createrepo --update /var/local/repos/foreman
createrepo --update /var/local/repos/foreman-plugins
createrepo --update /var/local/repos/puppetlabs-deps
createrepo --update /var/local/repos/puppetlabs-products
createrepo --update /var/local/repos/rhscl-ruby193-epel-7-x86_64
createrepo --update /var/local/repos/rhscl-v8314-epel-7-x86_64/

Transfer the /var/local/repos directory to the target Foreman VM, perhaps using scp

Installing Foreman on a VM / Server

Adding another disk to the VM if required:

# for host in /sys/class/scsi_host/*; do echo "- - -" | sudo tee $host/scan; ls /dev/sd* ; done
# lsblk
# fdisk /dev/sdb # New partition type 8e
# pvcreate /dev/sdb1
# pvdisplay
# vgextend centos /dev/sdb1
# lvdisplay
# lvextend -L +100G /dev/centos/root
# xfs_growfs  /dev/centos/root

Disable SELinux

setenforce 0
# vi /etc/sysconfig/selinux		# And set SELINUX=permissive

Configure firewalld

Replace IP and FQD as required:

echo "<IP> <FQDN> foreman" >> /etc/hosts
# echo " foreman" >> /etc/hosts
# firewall-cmd --permanent --zone=public --add-port=53/tcp \
--add-port=53/udp --add-port=67-68/udp --add-port=69/udp --add-port=80/tcp \
--add-port=443/tcp --add-port=3000/tcp --add-port=3306/tcp --add-port=5910-5930/tcp \
--add-port=5432/tcp --add-port=8140/tcp --add-port=8443/tcp; firewall-cmd --reload

Set-up the repos

# rm -f /etc/yum.repos.d/*
# cat << EOF > /etc/yum.repos.d/local.repo
name=CentOS-$releasever - Base

name=Extra Packages for Enterprise Linux 7 - $basearch

name=Foreman plugins 1.9

name=Foreman 1.9

name=Puppet Labs Products El 7 - $basearch

name=Puppet Labs Dependencies El 7 - $basearch

name=Ruby193 - epel-7-x86_64

name=V8 - epel-7-x86_64

Install the yum-utils package:

# yum install -y /var/local/repos/base/yum-utils-1.1.31-53.el7.noarch.rpm 
# yum install /var/local/repos/base/createrepo-0.9.9-28.el7.noarch.rpm

Update the repos

# createrepo --update /var/local/repos/base
# createrepo --update /var/local/repos/updates
# createrepo --update /var/local/repos/epel
# createrepo --update /var/local/repos/foreman
# createrepo --update /var/local/repos/foreman-plugins
# createrepo --update /var/local/repos/puppetlabs-deps
# createrepo --update /var/local/repos/puppetlabs-products
# createrepo --update /var/local/repos/rhscl-ruby193-epel-7-x86_64
# createrepo --update /var/local/repos/rhscl-v8314-epel-7-x86_64/
# yum clean all && rm -rf /var/cache/yum/* && yum repolist

Install the foreman installer:

# yum -y install foreman-installer

Set the foreman-installaer prarameters

Edit the /etc/foreman/foreman-installer-answers.yaml file and set configure_epel_repo: false. Do not alter the indentation of the line in the file.

# vi /etc/foreman/foreman-installer-answers.yaml 
  custom_repo: true
  configure_epel_repo: false

Install Foreman

# foreman-installer -v 
Installing             Done                                               [100%] [...............................................................................................................................]
  * Foreman is running at
      Initial credentials are admin / 7Jw3vJfCzp5TUsGG
  * Foreman Proxy is running at
  * Puppetmaster is running at port 8140
  The full log is at /var/log/foreman-installer/foreman-installer.log

NOTE: If Firefox does not give you an option of adding an exception for the certificate, it may be because it already has a certificate exception added for the site. Delete the existing certificate from Firefox/Options/Privacy & Security/View Certificates/Server (tab)

Post-install steps

After installation, the Foreman installer will have set up a puppet master on the host, fully integrated with Foreman. First run the Puppet agent on the Foreman host which will send the first Puppet report to Foreman, automatically creating the host in Foreman’s database.

# puppet agent --test

Puppet 3+ will show a warning the first time that the node can’t be found, this can be ignored.

In Foreman, click on the Hosts tab and your Foreman host should be visible in the list with an “O” status. This indicates its status is OK, with no changes made on the last Puppet run.

This completes the basic off-line installation. Consult the Foreman documentation for detailed steps on using Foremen to manage nodes: Foreman :: Manual


Thanks for this! Do you have plans to update it to a recent version? 1.9 is very old. The general flow will still be the same but some repo locations should be updated.


Yes, I’ll be updating it at some point. I’ll post an update once I’m done.


1 Like

Has anyone tried am “air gap” or “disconnected” installation of Foreman 2.1 on CentOS 8?
I’m having lots of issues in getting the repository correct plus this new feature of dnf called “modules”.

Any specific reasons as to why you are disabling SELinux?