WEBrick to Passenger & authentication

Duncan_Innes · May 29, 2014, 9:52am

Hi,

A Foreman 1.5 install that I recently upgraded from 1.3 is running WEBrick
and doesn't have any login screen to authenticate users. I didn't create
the original install, but would like to migrate it to

a) use authentication

and

b) use Passenger rather than WEBrick (although this needs to wait until I
push a firewall change through).

How do I migrate this installation to authenticate users without losing any
of my current data? Ideally I'll link this to our IPA installation.

Then, how do I migrate the system from WEBrick to Passenger (once the
firewall is fixed)?

Are these issues just a case of (re-)running the foreman-installer?

Thanks

Duncan

Dominic_Cleal · May 30, 2014, 7:56am

> Hi,
>
> A Foreman 1.5 install that I recently upgraded from 1.3 is running
> WEBrick and doesn't have any login screen to authenticate users. I
> didn't create the original install, but would like to migrate it to
>
> a) use authentication
>
> and
>
> b) use Passenger rather than WEBrick (although this needs to wait until
> I push a firewall change through).
>
> How do I migrate this installation to authenticate users without losing
> any of my current data? Ideally I'll link this to our IPA installation.

This part's easy - in /etc/foreman/settings.yaml, change :login to true
and restart. You should be able to log in with admin/changeme, else run
"foreman-rake permissions:reset". Once logged in as admin, you can add
an LDAP server or more user accounts.

> Then, how do I migrate the system from WEBrick to Passenger (once the
> firewall is fixed)?

Assuming you're on EL6, you can do this by hand too:

yum install mod_passenger ruby193-rubygem-passenger-native

Then you need two vhosts:

/etc/httpd/conf.d/05-foreman.conf
http://paste.fedoraproject.org/105825/40143643/
/etc/httpd/conf.d/05-foreman-ssl.conf
http://paste.fedoraproject.org/105826/36438140/

Also create these empty dirs:

mkdir -p /etc/httpd/conf.d/05-foreman{-ssl,}.d

I think that'll be enough for it to run.

> Are these issues just a case of (re-)running the foreman-installer?

Yep, you can do that too. I'd always run it with "-v --noop" first
though so you get a full set of diffs and actions it'll take -
particularly if you've had this installed for a while and customised it.

···

On 29/05/14 10:52, Duncan Innes wrote:

–
Dominic Cleal
Red Hat Engineering