Re: [foreman-dev] How to disable puppet management of DHCP/DNS/TFTP

2017-08-11 Thread Ewoud Kohl van Wijngaarden 

On Fri, Aug 11, 2017 at 08:25:56AM +0200, Lukas Zapletal wrote:

Thanks, created http://projects.theforeman.org/issues/20555

If anyone can take a look, this has been pain for a very long time.


https://github.com/theforeman/puppet-dns/pull/95


Now, what workaround do you recommend for DNS today? How to
essentially stop updating it with our installer?


I expect --foreman-proxy-dns-managed=false to do exactly what you want 
so it surprises me this doesn't work. I've tried it locally and I can 
add things to /etc/named/zones.conf without it being overwritten.



LZ

On Thu, Aug 10, 2017 at 5:48 PM, Ewoud Kohl van Wijngaarden
 wrote:

On Tue, Aug 01, 2017 at 01:08:14PM +0200, Lukas Zapletal wrote:


I wrote a short blogpost about how to add new DHCP subnet to Foreman:

https://theforeman.org/2017/07/adding-new-subnet-for-provisioning.html

At the end of the post, I am giving an advice to turn off DHCP puppet
management so new declarations won't get overwritten as our puppet
modules (or installer not sure) do not support multiple declarations.

But when I edit foreman-installer answer files, it does not work
actually. I tried to do this via foreman-installer switches (changed
the blog post) to:

# foreman-installer -v -n --scenario katello \
--foreman-proxy-dns=true --foreman-proxy-dns-managed=false \
--foreman-proxy-dhcp=true --foreman-proxy-dhcp-managed=false

This seemed to work but I was fooled, I was running with dry run and
we have a bug that the installer actually commits some changes (!!!)
so it is actually not working at all and I had to fix my instance
after this screwup.

Now the question is - how the heck do I stop puppet or our installer
from modifying dhcpd.conf? Can someone tell me please so I can change
the post once again? I spent an hour trying to figure out.



I think this is the wrong approach and it's better to make the installer set
up the zones for you. While sadly we don't expose this option in the
installer, we can use hiera by placing the following content in
/etc/foreman-installer/custom-hiera.yaml:

dhcp::pools:
 isolated.lan:
   network: 192.168.99.0
   mask: 255.255.255.0
   gateway: 192.168.99.1
   range: 192.168.99.5 192.168.99.49

Now if you re-run the installer you should get an additional subnet.

Sadly this is not possible for DNS but we could add that support.


--
You received this message because you are subscribed to the Google Groups 
"foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [foreman-dev] kerberos auth for the API

2017-08-11 Thread Tomas Strachota 
Hello,
yes, kerberos API authentication is tracked in the issue that you
sent. Unfortunately there's really no solution yet. Important
prerequisites have been released with the Foreman 1.15 (session
support in the API) but the API still lacks entry point for external
login (equivalent of /users/extlogin).

T.


On Tue, Aug 8, 2017 at 2:16 AM, Sergei Gerasenko  wrote:
> Hello,
>
> I was wondering if anything exists for API authentication using kerberos. I
> think this describes the issue and it looks like no solution exists yet, but
> I just want to make sure that's the case.
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "foreman-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to foreman-dev+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[foreman-dev] Jenkins will show Rails logs for all failed tests

2017-08-11 Thread Lukas Zapletal 
Hey,

I had an idea today which turned into:

https://github.com/theforeman/foreman/pull/4739

When there is a test failure, it is usually impossible to find the
correct log in logs/test.log file for paritular failed tests. This
patch automatically adds Rails logs (including ActiveRecord) to STDOUT
for every single test failure, so it's visible. Each log transaction
starts with "Rails logs for [name of the test] FAILURE" so it's easy
to grep it.

This hooks into ActiveSupport::TestCase, so make sure you do not use
Minitest::Test directly. We do not do that, there was just a one test
which was changed.

Remember, if you run into issues on Jenkins, open full console output
and search for "Rails logs" to find the logs for failed tests (once
the PR is merged).

-- 
Later,
  Lukas @lzap Zapletal

-- 
You received this message because you are subscribed to the Google Groups 
"foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [foreman-dev] How to disable puppet management of DHCP/DNS/TFTP

2017-08-11 Thread Lukas Zapletal 
Thanks, created http://projects.theforeman.org/issues/20555

If anyone can take a look, this has been pain for a very long time.

Now, what workaround do you recommend for DNS today? How to
essentially stop updating it with our installer?

LZ

On Thu, Aug 10, 2017 at 5:48 PM, Ewoud Kohl van Wijngaarden
 wrote:
> On Tue, Aug 01, 2017 at 01:08:14PM +0200, Lukas Zapletal wrote:
>>
>> I wrote a short blogpost about how to add new DHCP subnet to Foreman:
>>
>> https://theforeman.org/2017/07/adding-new-subnet-for-provisioning.html
>>
>> At the end of the post, I am giving an advice to turn off DHCP puppet
>> management so new declarations won't get overwritten as our puppet
>> modules (or installer not sure) do not support multiple declarations.
>>
>> But when I edit foreman-installer answer files, it does not work
>> actually. I tried to do this via foreman-installer switches (changed
>> the blog post) to:
>>
>> # foreman-installer -v -n --scenario katello \
>> --foreman-proxy-dns=true --foreman-proxy-dns-managed=false \
>> --foreman-proxy-dhcp=true --foreman-proxy-dhcp-managed=false
>>
>> This seemed to work but I was fooled, I was running with dry run and
>> we have a bug that the installer actually commits some changes (!!!)
>> so it is actually not working at all and I had to fix my instance
>> after this screwup.
>>
>> Now the question is - how the heck do I stop puppet or our installer
>> from modifying dhcpd.conf? Can someone tell me please so I can change
>> the post once again? I spent an hour trying to figure out.
>
>
> I think this is the wrong approach and it's better to make the installer set
> up the zones for you. While sadly we don't expose this option in the
> installer, we can use hiera by placing the following content in
> /etc/foreman-installer/custom-hiera.yaml:
>
> dhcp::pools:
>  isolated.lan:
>network: 192.168.99.0
>mask: 255.255.255.0
>gateway: 192.168.99.1
>range: 192.168.99.5 192.168.99.49
>
> Now if you re-run the installer you should get an additional subnet.
>
> Sadly this is not possible for DNS but we could add that support.
>
> --
> You received this message because you are subscribed to the Google Groups
> "foreman-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to foreman-dev+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.



-- 
Later,
  Lukas @lzap Zapletal

-- 
You received this message because you are subscribed to the Google Groups 
"foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.