Hey guys, since Foreman has so many was to be used and so many scenarios and plugins I get lost in all this documentation. I’m in the process of setup Foreman for my scenario below. When done, I plan to document in detail setup and process for my use case and post it to tutorials section here in the community.
Please help me out to complete my setup.
I have servers in several locations which are manged through Chef.
Each location is a separate Chef environment. What I’m am missing is central patch management system and for that purpose I wish to use foreman in scenario Katello.
As per documentation and official recommendations each location/Chef_environment will have one smart proxy that will report to Central Foreman server, and servers/nodes in specific location/Chef_environment will report to that foreman proxy server. Image on https://www.theforeman.org/plugins/foreman_chef/0.1/
Deploying central Foreman server:
In order to install central server with this sccenario to use Katello follow the instructions here Foreman :: Plugin Manuals but once you come to the foreman-installer line use the following:
foreman-installer --scenario katello --enable-foreman-plugin-chef --enable-foreman-plugin-tasks --enable-foreman-proxy-plugin-chef --no-enable-puppet --foreman-proxy-puppet false --foreman-proxy-puppetca false --foreman-proxy-content-puppet false
Once the installer is complete it will output instructions how to setup smart proxy:
foreman-proxy-certs-generate --foreman-proxy-fqdn "proxy1.domain.com" --certs-tar "/etc/ssl/proxy1.domain.com-certs.tar"
Setting up smart proxy:
On smart proxy server to install add the repo’s as before, copy certs.tar from previous command onto proxy server and run:
foreman-installer \ --scenario foreman-proxy-content \ --certs-tar-file "/root/proxy1.domain.com-certs.tar"\ --foreman-proxy-content-parent-fqdn "proxy1.domain.com"\ --foreman-proxy-register-in-foreman "true"\ --foreman-proxy-foreman-base-url "https://proxy1.domain.com"\ --foreman-proxy-trusted-hosts "foreman.domain.com"\ --foreman-proxy-trusted-hosts "proxy1.domain.com"\ --foreman-proxy-oauth-consumer-key "someKeyHere"\ --foreman-proxy-oauth-consumer-secret "someKeyHereToo"\ --puppet-server-foreman-url "https://foreman.domain.com"
This is what I got from instructions but I assume this needs to be modified in order to enable chef plugins and connect smart proxy to chef server. Please let me know hot to correct this.
Install gem foreman_chef
Add to client.rb
chef_server_url "https://chef.domain.com/organizations/myorg" validation_client_name "validator" validation_key '/etc/chef/validator.pem' client_key '/etc/chef/client.pem' log_location STDOUT node_name "node1.domain.com" trusted_certs_dir "/etc/chef/trusted_certs"
Also,do I need to install katello-agent on nodes?
Foreman and Proxy versions:
Foreman 1.23 and Katello 3.13
Distribution and version: