Hey guys, since Foreman has so many was to be used and so many scenarios and plugins I get lost in all this documentation. I’m in the process of setup Foreman for my scenario below. When done, I plan to document in detail setup and process for my use case and post it to tutorials section here in the community.
Please help me out to complete my setup.
Problem/scenario:
I have servers in several locations which are manged through Chef.
Each location is a separate Chef environment. What I’m am missing is central patch management system and for that purpose I wish to use foreman in scenario Katello.
Architecture design:
As per documentation and official recommendations each location/Chef_environment will have one smart proxy that will report to Central Foreman server, and servers/nodes in specific location/Chef_environment will report to that foreman proxy server. Image on https://www.theforeman.org/plugins/foreman_chef/0.1/
Deploying central Foreman server:
In order to install central server with this sccenario to use Katello follow the instructions here Foreman :: Plugin Manuals but once you come to the foreman-installer line use the following:
foreman-installer --scenario katello --enable-foreman-plugin-chef --enable-foreman-plugin-tasks --enable-foreman-proxy-plugin-chef --no-enable-puppet --foreman-proxy-puppet false --foreman-proxy-puppetca false --foreman-proxy-content-puppet false
Once the installer is complete it will output instructions how to setup smart proxy:
foreman-proxy-certs-generate --foreman-proxy-fqdn "proxy1.domain.com" --certs-tar "/etc/ssl/proxy1.domain.com-certs.tar"
Setting up smart proxy:
On smart proxy server to install add the repo’s as before, copy certs.tar from previous command onto proxy server and run:
foreman-installer \ --scenario foreman-proxy-content \ --certs-tar-file "/root/proxy1.domain.com-certs.tar"\ --foreman-proxy-content-parent-fqdn "proxy1.domain.com"\ --foreman-proxy-register-in-foreman "true"\ --foreman-proxy-foreman-base-url "https://proxy1.domain.com"\ --foreman-proxy-trusted-hosts "foreman.domain.com"\ --foreman-proxy-trusted-hosts "proxy1.domain.com"\ --foreman-proxy-oauth-consumer-key "someKeyHere"\ --foreman-proxy-oauth-consumer-secret "someKeyHereToo"\ --puppet-server-foreman-url "https://foreman.domain.com"
This is what I got from instructions but I assume this needs to be modified in order to enable chef plugins and connect smart proxy to chef server. Please let me know hot to correct this.
Configuring chef-client:
Install gem foreman_chef
Add to client.rb
chef_server_url "https://chef.domain.com/organizations/myorg" validation_client_name "validator" validation_key '/etc/chef/validator.pem' client_key '/etc/chef/client.pem' log_location STDOUT node_name "node1.domain.com" trusted_certs_dir "/etc/chef/trusted_certs"
Also,do I need to install katello-agent on nodes?
Foreman and Proxy versions:
Foreman 1.23 and Katello 3.13
Distribution and version:
CentOS 7.6