Installing Smart Proxy

Hi,

I have a foreman server, installed with foreman-installer and everything
work really well.

I have another subnet which i want to provision with foreman also. My idea
was to install a foreman smart proxy on this subnet to manage DHCP, DNS and
TFTP, and link it to my central foreman server.

Can I do this ? And can i do it with foreman-installer ? I've tried various
options to foreman-installer like this :

Puppet is my working foreman installation with
PuppetCA,Puppet,TFTP,DHCP,DNS on a Debian Wheezy.

172.16.1.x is my new subnet

foreman-installer
–enable-foreman-proxy
–puppet-puppetmaster=puppet
–foreman-proxy-tftp=true
–foreman-proxy-tftp-servername=172.16.1.5
–foreman-proxy-dhcp=true
–foreman-proxy-dhcp-interface=eth0
–foreman-proxy-dhcp-gateway=172.16.1.1
–foreman-proxy-dhcp-range="172.16.1.10 172.16.1.230"
–foreman-proxy-dhcp-nameservers="172.16.1.5"
–foreman-proxy-dns=true
–foreman-proxy-dns-interface=eth0
–foreman-proxy-dns-zone=new.lan
–foreman-proxy-dns-reverse=1.16.172.in-addr.arpa
–foreman-proxy-dns-forwarders=172.16.1.2
–foreman-proxy-foreman-base-url=https://puppet
–foreman-proxy-oauth-consumer-key=xxx
–foreman-proxy-oauth-consumer-secret=xx

I think i misunderstood something but i can't find it.

Any pointer this install scenario would be greatly appreciated.

Regards,

Hey,

and what does not work exactly?

> foreman-installer
> --enable-foreman-proxy
> --puppet-puppetmaster=puppet
> --foreman-proxy-tftp=true
> --foreman-proxy-tftp-servername=172.16.1.5
> --foreman-proxy-dhcp=true
> --foreman-proxy-dhcp-interface=eth0
> --foreman-proxy-dhcp-gateway=172.16.1.1
> --foreman-proxy-dhcp-range="172.16.1.10 172.16.1.230"
> --foreman-proxy-dhcp-nameservers="172.16.1.5"
> --foreman-proxy-dns=true
> --foreman-proxy-dns-interface=eth0
> --foreman-proxy-dns-zone=new.lan
> --foreman-proxy-dns-reverse=1.16.172.in-addr.arpa
> --foreman-proxy-dns-forwarders=172.16.1.2
> --foreman-proxy-foreman-base-url=https://puppet \

Make sure this resolves to foreman base url and proxy can connect
foreman on this URL correctly.

> --foreman-proxy-oauth-consumer-key=xxx
> --foreman-proxy-oauth-consumer-secret=xx

I think this would install Foreman as well on your proxy node what is
not what you really want. You want to add

--no-enable-foreman

option for foreman-proxy installation.

··· -- Later, Lukas #lzap Zapletal

>
> Hey,
>
> and what does not work exactly?
>

I always get this after running forman-installer :

Preparing installation Done
Something went wrong! Check the log for ERROR-level output

And the error.log gives this :

pick(): must receive at least one non empty value at
/usr/share/foreman-installer/modules/foreman/manifests/cli.pp:31 on node
puppet

> > foreman-installer \
> > --enable-foreman-proxy \
> > --puppet-puppetmaster=puppet \
> > --foreman-proxy-tftp=true \
> > --foreman-proxy-tftp-servername=172.16.1.5 \
> > --foreman-proxy-dhcp=true \
> > --foreman-proxy-dhcp-interface=eth0 \
> > --foreman-proxy-dhcp-gateway=172.16.1.1 \
> > --foreman-proxy-dhcp-range="172.16.1.10 172.16.1.230" \
> > --foreman-proxy-dhcp-nameservers="172.16.1.5" \
> > --foreman-proxy-dns=true \
> > --foreman-proxy-dns-interface=eth0 \
> > --foreman-proxy-dns-zone=new.lan \
> > --foreman-proxy-dns-reverse=1.16.172.in-addr.arpa \
> > --foreman-proxy-dns-forwarders=172.16.1.2 \
> > --foreman-proxy-foreman-base-url=https://puppet \
>
> Make sure this resolves to foreman base url and proxy can connect
> foreman on this URL correctly.
>

I can confirm than there is no network problem preventing this server to
contact base foreman

>
> > --foreman-proxy-oauth-consumer-key=xxx \
> > --foreman-proxy-oauth-consumer-secret=xx
>
> I think this would install Foreman as well on your proxy node what is
> not what you really want. You want to add
>
> --no-enable-foreman
>
>
I've tried with this option and it gives me the same error message as above.

··· Le lundi 12 janvier 2015 10:56:33 UTC+1, Lukas Zapletal a écrit :

option for foreman-proxy installation.


Later,
Lukas #lzap Zapletal

> pick(): must receive at least one non empty value at
> /usr/share/foreman-installer/modules/foreman/manifests/cli.pp:31 on node
> puppet

This looks like a bug. Try to provide:

–foreman-foreman-url=http://dummy

if it helps.

··· -- Later, Lukas #lzap Zapletal

>
> > pick(): must receive at least one non empty value at
> > /usr/share/foreman-installer/modules/foreman/manifests/cli.pp:31 on node
> > puppet
>
> This looks like a bug. Try to provide:
>
> --foreman-foreman-url=http://dummy
>
> if it helps.
>

Still playing with foreman-installer, i've getting rid off this error
message by passing this arguments to foreman-installer :

foreman-installer
–enable-foreman-proxy
–puppet-puppetmaster=puppet.hq0 \

  • –foreman-cli-foreman-url=https://puppet.hq0 *
  • –foreman-cli-username=admin *
  • –foreman-cli-password=mypassword *
    –foreman-proxy-tftp=true
    –foreman-proxy-tftp-servername=172.16.1.5
    –foreman-proxy-dhcp=true
    –foreman-proxy-dhcp-interface=eth0
    –foreman-proxy-dhcp-gateway=172.16.1.1
    –foreman-proxy-dhcp-range="172.16.1.10 172.16.1.230"
    –foreman-proxy-dhcp-nameservers="172.16.1.5"
    –foreman-proxy-dns=true
    –foreman-proxy-dns-interface=eth0
    –foreman-proxy-dns-zone=ny0.lan
    –foreman-proxy-dns-reverse=1.16.172.in-addr.arpa
    –foreman-proxy-dns-forwarders=172.16.1.2
    –foreman-proxy-foreman-base-url=https://puppet.hq0

and now i get this error :

Could not find dependent Class[Foreman::Service] for Package[setup] at
/usr/share/foreman-installer/modules/foreman/manifests/plugin.pp:16

I think i miss something, maybe i'm not providing the correct options, but
i can't find a good explanation on how to setup this kind of features. It
strange because i think this is a common task.

··· Le lundi 12 janvier 2015 12:19:56 UTC+1, Lukas Zapletal a écrit :


Later,
Lukas #lzap Zapletal

> Could not find dependent Class[Foreman::Service] for Package[setup] at
> /usr/share/foreman-installer/modules/foreman/manifests/plugin.pp:16

We are not including some dependencies, I am not Puppet expert. Anyone
else?

··· -- Later, Lukas #lzap Zapletal

Hi,

I've finally get it working with this :

foreman-installer
–no-enable-foreman
–no-enable-foreman-cli
–no-enable-foreman-plugin-bootdisk
–no-enable-foreman-plugin-setup
–no-enable-puppet
–enable-foreman-proxy
–foreman-proxy-puppetca=false
–foreman-proxy-puppetrun=false
–foreman-proxy-tftp=true
–foreman-proxy-tftp-servername=172.16.1.5
–foreman-proxy-dhcp=true
–foreman-proxy-dhcp-interface=eth0
–foreman-proxy-dhcp-gateway=172.16.1.1
–foreman-proxy-dhcp-range="172.16.1.10 172.16.1.230"
–foreman-proxy-dhcp-nameservers="172.16.1.5"
–foreman-proxy-dns=true
–foreman-proxy-dns-interface=eth0
–foreman-proxy-dns-zone=ny0.lan
–foreman-proxy-dns-reverse=1.16.172.in-addr.arpa
–foreman-proxy-dns-forwarders=172.16.1.2
–foreman-proxy-foreman-base-url=https://fm.ny0.lan
–foreman-proxy-trusted-hosts=puppet.hq0
–foreman-proxy-oauth-consumer-key=xx
–foreman-proxy-oauth-consumer-secret=xx
–foreman-proxy-registered-proxy-url=https://fm.ny0.lan:8443

I really wonder how i can miss this part on the foreman manual.

Thanks for your help,

··· 2015-01-13 13:59 GMT+01:00 Lukas Zapletal :

Could not find dependent Class[Foreman::Service] for Package[setup] at
/usr/share/foreman-installer/modules/foreman/manifests/plugin.pp:16

We are not including some dependencies, I am not Puppet expert. Anyone
else?


Later,
Lukas #lzap Zapletal


You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

> foreman-installer
> --no-enable-foreman
> --no-enable-foreman-cli
> --no-enable-foreman-plugin-bootdisk
> --no-enable-foreman-plugin-setup
> --no-enable-puppet
> --enable-foreman-proxy \

I wonder if it worked without the following lines too:

> --no-enable-foreman-cli
> --no-enable-foreman-plugin-bootdisk
> --no-enable-foreman-plugin-setup \

It should.

> I really wonder how i can miss this part on the foreman manual.

Well, I guess we have a documentation now :slight_smile:

I will make a patch to
http://theforeman.org/manuals/1.7/#4.3SmartProxies

Thanks.

··· -- Later, Lukas #lzap Zapletal

I've tried without and it didn't work.

If i enable foreman cli, i need to pass username and password as well, but
i end up with the failed dependency on foreman::service mention earlier.

If i can help you in any way, feel free to tell me :wink:

··· 2015-01-14 10:16 GMT+01:00 Lukas Zapletal :

foreman-installer
–no-enable-foreman
–no-enable-foreman-cli
–no-enable-foreman-plugin-bootdisk
–no-enable-foreman-plugin-setup
–no-enable-puppet
–enable-foreman-proxy \

I wonder if it worked without the following lines too:

–no-enable-foreman-cli
–no-enable-foreman-plugin-bootdisk
–no-enable-foreman-plugin-setup \

It should.

I really wonder how i can miss this part on the foreman manual.

Well, I guess we have a documentation now :slight_smile:

I will make a patch to
Foreman :: Manual

Thanks.


Later,
Lukas #lzap Zapletal


You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.