Installing Smart Proxy

Hi,

I have a foreman server, installed with foreman-installer and everything
work really well.

I have another subnet which i want to provision with foreman also. My idea
was to install a foreman smart proxy on this subnet to manage DHCP, DNS and
TFTP, and link it to my central foreman server.

Can I do this ? And can i do it with foreman-installer ? I've tried various
options to foreman-installer like this :

Puppet is my working foreman installation with
PuppetCA,Puppet,TFTP,DHCP,DNS on a Debian Wheezy.

172.16.1.x is my new subnet

foreman-installer
–enable-foreman-proxy
–puppet-puppetmaster=puppet
–foreman-proxy-tftp=true
–foreman-proxy-tftp-servername=172.16.1.5
–foreman-proxy-dhcp=true
–foreman-proxy-dhcp-interface=eth0
–foreman-proxy-dhcp-gateway=172.16.1.1
–foreman-proxy-dhcp-range="172.16.1.10 172.16.1.230"
–foreman-proxy-dhcp-nameservers="172.16.1.5"
–foreman-proxy-dns=true
–foreman-proxy-dns-interface=eth0
–foreman-proxy-dns-zone=new.lan
–foreman-proxy-dns-reverse=1.16.172.in-addr.arpa
–foreman-proxy-dns-forwarders=172.16.1.2
–foreman-proxy-foreman-base-url=https://puppet
–foreman-proxy-oauth-consumer-key=xxx
–foreman-proxy-oauth-consumer-secret=xx

I think i misunderstood something but i can't find it.

Any pointer this install scenario would be greatly appreciated.

Regards,

Hey,

and what does not work exactly?

> foreman-installer
> --enable-foreman-proxy
> --puppet-puppetmaster=puppet
> --foreman-proxy-tftp=true
> --foreman-proxy-tftp-servername=172.16.1.5
> --foreman-proxy-dhcp=true
> --foreman-proxy-dhcp-interface=eth0
> --foreman-proxy-dhcp-gateway=172.16.1.1
> --foreman-proxy-dhcp-range="172.16.1.10 172.16.1.230"
> --foreman-proxy-dhcp-nameservers="172.16.1.5"
> --foreman-proxy-dns=true
> --foreman-proxy-dns-interface=eth0
> --foreman-proxy-dns-zone=new.lan
> --foreman-proxy-dns-reverse=1.16.172.in-addr.arpa
> --foreman-proxy-dns-forwarders=172.16.1.2
> --foreman-proxy-foreman-base-url=https://puppet \

Make sure this resolves to foreman base url and proxy can connect
foreman on this URL correctly.

> --foreman-proxy-oauth-consumer-key=xxx
> --foreman-proxy-oauth-consumer-secret=xx

I think this would install Foreman as well on your proxy node what is
not what you really want. You want to add

--no-enable-foreman

option for foreman-proxy installation.

>
> Hey,
>
> and what does not work exactly?
>

I always get this after running forman-installer :

Preparing installation Done
Something went wrong! Check the log for ERROR-level output

And the error.log gives this :

pick(): must receive at least one non empty value at
/usr/share/foreman-installer/modules/foreman/manifests/cli.pp:31 on node
puppet

> > foreman-installer \
> > --enable-foreman-proxy \
> > --puppet-puppetmaster=puppet \
> > --foreman-proxy-tftp=true \
> > --foreman-proxy-tftp-servername=172.16.1.5 \
> > --foreman-proxy-dhcp=true \
> > --foreman-proxy-dhcp-interface=eth0 \
> > --foreman-proxy-dhcp-gateway=172.16.1.1 \
> > --foreman-proxy-dhcp-range="172.16.1.10 172.16.1.230" \
> > --foreman-proxy-dhcp-nameservers="172.16.1.5" \
> > --foreman-proxy-dns=true \
> > --foreman-proxy-dns-interface=eth0 \
> > --foreman-proxy-dns-zone=new.lan \
> > --foreman-proxy-dns-reverse=1.16.172.in-addr.arpa \
> > --foreman-proxy-dns-forwarders=172.16.1.2 \
> > --foreman-proxy-foreman-base-url=https://puppet \
>
> Make sure this resolves to foreman base url and proxy can connect
> foreman on this URL correctly.
>

I can confirm than there is no network problem preventing this server to
contact base foreman

>
> > --foreman-proxy-oauth-consumer-key=xxx \
> > --foreman-proxy-oauth-consumer-secret=xx
>
> I think this would install Foreman as well on your proxy node what is
> not what you really want. You want to add
>
> --no-enable-foreman
>
>
I've tried with this option and it gives me the same error message as above.

> pick(): must receive at least one non empty value at
> /usr/share/foreman-installer/modules/foreman/manifests/cli.pp:31 on node
> puppet

This looks like a bug. Try to provide:

–foreman-foreman-url=http://dummy

if it helps.

>
> > pick(): must receive at least one non empty value at
> > /usr/share/foreman-installer/modules/foreman/manifests/cli.pp:31 on node
> > puppet
>
> This looks like a bug. Try to provide:
>
> --foreman-foreman-url=http://dummy
>
> if it helps.
>

Still playing with foreman-installer, i've getting rid off this error
message by passing this arguments to foreman-installer :

foreman-installer
–enable-foreman-proxy
–puppet-puppetmaster=puppet.hq0 \

• –foreman-cli-foreman-url=https://puppet.hq0 *
• –foreman-cli-username=admin *
• –foreman-cli-password=mypassword *
  –foreman-proxy-tftp=true
  –foreman-proxy-tftp-servername=172.16.1.5
  –foreman-proxy-dhcp=true
  –foreman-proxy-dhcp-interface=eth0
  –foreman-proxy-dhcp-gateway=172.16.1.1
  –foreman-proxy-dhcp-range="172.16.1.10 172.16.1.230"
  –foreman-proxy-dhcp-nameservers="172.16.1.5"
  –foreman-proxy-dns=true
  –foreman-proxy-dns-interface=eth0
  –foreman-proxy-dns-zone=ny0.lan
  –foreman-proxy-dns-reverse=1.16.172.in-addr.arpa
  –foreman-proxy-dns-forwarders=172.16.1.2
  –foreman-proxy-foreman-base-url=https://puppet.hq0

and now i get this error :

Could not find dependent Class[Foreman::Service] for Package[setup] at
/usr/share/foreman-installer/modules/foreman/manifests/plugin.pp:16

I think i miss something, maybe i'm not providing the correct options, but
i can't find a good explanation on how to setup this kind of features. It
strange because i think this is a common task.

> Could not find dependent Class[Foreman::Service] for Package[setup] at
> /usr/share/foreman-installer/modules/foreman/manifests/plugin.pp:16

We are not including some dependencies, I am not Puppet expert. Anyone
else?

Hi,

I've finally get it working with this :

foreman-installer
–no-enable-foreman
–no-enable-foreman-cli
–no-enable-foreman-plugin-bootdisk
–no-enable-foreman-plugin-setup
–no-enable-puppet
–enable-foreman-proxy
–foreman-proxy-puppetca=false
–foreman-proxy-puppetrun=false
–foreman-proxy-tftp=true
–foreman-proxy-tftp-servername=172.16.1.5
–foreman-proxy-dhcp=true
–foreman-proxy-dhcp-interface=eth0
–foreman-proxy-dhcp-gateway=172.16.1.1
–foreman-proxy-dhcp-range="172.16.1.10 172.16.1.230"
–foreman-proxy-dhcp-nameservers="172.16.1.5"
–foreman-proxy-dns=true
–foreman-proxy-dns-interface=eth0
–foreman-proxy-dns-zone=ny0.lan
–foreman-proxy-dns-reverse=1.16.172.in-addr.arpa
–foreman-proxy-dns-forwarders=172.16.1.2
–foreman-proxy-foreman-base-url=https://fm.ny0.lan
–foreman-proxy-trusted-hosts=puppet.hq0
–foreman-proxy-oauth-consumer-key=xx
–foreman-proxy-oauth-consumer-secret=xx
–foreman-proxy-registered-proxy-url=https://fm.ny0.lan:8443

I really wonder how i can miss this part on the foreman manual.

Thanks for your help,

> foreman-installer
> --no-enable-foreman
> --no-enable-foreman-cli
> --no-enable-foreman-plugin-bootdisk
> --no-enable-foreman-plugin-setup
> --no-enable-puppet
> --enable-foreman-proxy \

I wonder if it worked without the following lines too:

> --no-enable-foreman-cli
> --no-enable-foreman-plugin-bootdisk
> --no-enable-foreman-plugin-setup \

It should.

> I really wonder how i can miss this part on the foreman manual.

Well, I guess we have a documentation now

I will make a patch to
http://theforeman.org/manuals/1.7/#4.3SmartProxies

Thanks.

I've tried without and it didn't work.

If i enable foreman cli, i need to pass username and password as well, but
i end up with the failed dependency on foreman::service mention earlier.

If i can help you in any way, feel free to tell me