Re: [foreman-users] DNS smart proxy

2017-09-25 Thread עידו Gmail 
Thanks! It's working.

Ido


> On 25 Sep 2017, at 23:06, Ivan Necas  wrote:
> 
> Hi Ido,
> 
> It should be possible. See "Advanced module configuration" section in the 
> manual
> 
>   https://theforeman.org/manuals/1.15/index.html#3.2.2InstallerOptions
> 
> The param you're seatching for is probably $::dns::allow_recursion
> (taken from 
> https://github.com/theforeman/puppet-dns/blob/5.0.0/manifests/init.pp#L112)
> 
> -- Ivan
> 
>> On Mon, Sep 25, 2017 at 7:19 PM, Ido Kaplan  wrote:
>> Hi,
>> 
>> If it possible to edit the setting "allow-recursion" in the configuration
>> file "/etc/named/options.conf" when using "foreman-installer"?
>> 
>> Please advise.
>> 
>> Thanks!
>> Ido`
>> 
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Foreman users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to foreman-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to foreman-users@googlegroups.com.
>> Visit this group at https://groups.google.com/group/foreman-users.
>> For more options, visit https://groups.google.com/d/optout.
> 
> -- 
> You received this message because you are subscribed to a topic in the Google 
> Groups "Foreman users" group.
> To unsubscribe from this topic, visit 
> https://groups.google.com/d/topic/foreman-users/7CrxIWPBzBc/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to 
> foreman-users+unsubscr...@googlegroups.com.
> To post to this group, send email to foreman-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Re: [foreman-users] DNS smart proxy

2017-09-25 Thread Ivan Necas 
Hi Idox,

It should be possible. See "Advanced module configuration" section in the manual

   https://theforeman.org/manuals/1.15/index.html#3.2.2InstallerOptions

The param you're seatching for is probably $::dns::allow_recursion
(taken from 
https://github.com/theforeman/puppet-dns/blob/5.0.0/manifests/init.pp#L112)

-- Ivan

On Mon, Sep 25, 2017 at 7:19 PM, Ido Kaplan  wrote:
> Hi,
>
> If it possible to edit the setting "allow-recursion" in the configuration
> file "/etc/named/options.conf" when using "foreman-installer"?
>
> Please advise.
>
> Thanks!
> Idox`
>
> --
> You received this message because you are subscribed to the Google Groups
> "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to foreman-users+unsubscr...@googlegroups.com.
> To post to this group, send email to foreman-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] DNS smart proxy

2017-09-25 Thread Ido Kaplan 
Hi,

If it possible to edit the setting "allow-recursion" in the configuration 
file "/etc/named/options.conf" when using "foreman-installer"?

Please advise.

Thanks!
Idox`

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: incorrect creating vmware network from image

2017-09-25 Thread lexagrunge 
I updated to 1.16 version, but still the problem remained. Foreman creates 
a standard network instead of a distributed port group

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Re: [foreman-users] Re: Remote smart proxy issue

2017-09-25 Thread Adam Ruzicka 
Hi James,
the files should be set properly on the host where the separate proxy runs.

I asked around and found out the foreman-proxy and smart_proxy_dynflow_core
have to be configured to use the same certificate to talk to each other,
however weird it may sound. If they use different SSL certificates (even if
they are signed by the same CA), you will get the unexpected serial error.
Are you by any chance having them use different certs?

-- Adam

On Mon, Sep 25, 2017 at 12:31 PM, James Denton  wrote:

>  Hi Adam
>
>
> Thanks for your help (apologies I didnt respond sooner i was away last
> week). The settings in the .yaml files you mention appear correct as far as
> I know. Just so you know i am attempting to run a remote job from our
> Foreman master server to a client via a smart-proxy running on a seperate
> server in isolation. Therefore with the 2 files you mention do you mean on
> our Foreman master server or the seperate Proxy. This is from the error log
> on the foreman-proxy server running seperate from Foreman master:
>
> D, [2017-09-25T11:24:58.230191 ] DEBUG -- : accept: 10.10.240.195:46416
> D, [2017-09-25T11:24:58.232804 ] DEBUG -- : Rack::Handler::WEBrick is
> invoked.
> [2017-09-25 11:24:58.331 #59264] ERROR -- invalid worlds found
> {"8f03b9ac-d048-41a1-b25b-49b24d5e2594"=>:invalidated}
> E, [2017-09-25T11:24:58.358327 #59264] ERROR -- : SSL certificate with
> unexpected serial supplied
> [2017-09-25 11:24:58.361 #59264]  INFO -- 10.10.240.195 - -
> [25/Sep/2017:11:24:58 +0100] "GET /dynflow/tasks/count?state=running
> HTTP/1.1" 403 59 0.0037
>
> [2017-09-25 11:24:58.403 #59264] DEBUG -- close: 10.10.240.195:46416
>
>
> 10.10.240.195 is the IP of the Foreman Master.
>
> Thanks!
>
> James
>
> --
> You received this message because you are subscribed to the Google Groups
> "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to foreman-users+unsubscr...@googlegroups.com.
> To post to this group, send email to foreman-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Foreman 1.16.0-RC1 available for testing

2017-09-25 Thread Daniel Lobato Garcia 
Foreman 1.16.0-RC1 is now available for testing - the first of the
release candidates for the upcoming 1.16 version.

Please help by testing and getting it release-ready, and look out for
new release candidates approximately every two weeks with the latest bug
fixes.

Installation quick start:
https://theforeman.org/manuals/1.16/quickstart_guide.html

Upgrade instructions:
https://theforeman.org/manuals/1.16/index.html#3.6Upgrade

Release notes:
https://theforeman.org/manuals/1.16/index.html#Releasenotesfor1.16

This is also a good time to improve translations for existing locales to
ensure full coverage. Help out at
https://www.transifex.com/foreman/foreman/dashboard/.

Changes in this release
===
This release contains many changes, including:

- Netgroups support for LDAP
- VMWare SCSI controllers with per-disk configuration
- Puppet 5 support
- Many UI changes such as Patternfly pagination
- An interface to Webpack for plugins

Testing of these particular changes is quite important for the release,
but many other features and bug fixes can be found listed in the release
notes by category.

Please have a look through for anything that you might rely on and give
it a test:
https://theforeman.org/manuals/1.16/index.html#Releasenotesfor1.16

One security issues have also been fixed in this release:

- CVE-2017-7535: Stored XSS when assigning unassigned hosts to
  organization/location

Lastly, do take note of the upgrade warnings and deprecations in this
release (right now empty, it will be updated with anything we find):
https://theforeman.org/manuals/1.16/index.html#Upgradewarnings

Downloads
=
Packages may be found in the 1.16 directories on both deb.foreman.org
and yum.theforeman.org, and tarballs are on downloads.theforeman.org.

The GPG key used for RPMs and tarballs has the following fingerprint:
  41EE 8815 A84C ACA4 A583 5055 9C21 BCB2 8977 40E9
  (https://theforeman.org/security.html#GPGkeys)

Bug reporting
=
If you come across a bug in your testing, please file it and note the
version of Foreman that you're using in the report.

Foreman: http://projects.theforeman.org/projects/foreman/issues/new
Proxy: http://projects.theforeman.org/projects/smart-proxy/issues/new
Installer:
http://projects.theforeman.org/projects/puppet-foreman/issues/new

---

Lastly - our project could use help from another release nanny, if
anything to split the work between releases and automate as much as
humanly possible. At this point, it's a matter of running a few
scripts in https://github.com/dlobatog/foreman_release,
and following 
http://projects.theforeman.org/projects/foreman/wiki/Release_Process.

If you are interested, please reply here or contact me (dlobatog) on
#theforeman-dev IRC and I'll be happy to help you get started. The first
initial RC and the .0 release usually are a lot more work, but minor
releases are a good way to get introduced to how we do this.

--
Daniel Lobato Garcia

@dLobatog
blog.daniellobato.me
daniellobato.me

GPG: http://keys.gnupg.net/pks/lookup?op=get=0x7A92D6DD38D6DE30
Keybase: https://keybase.io/elobato

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

[foreman-users] export of a resource for import later or elsewhere

2017-09-25 Thread Tom McKay 
Three and a half years ago I started a pet project, hammer-cli-csv[1], to
export Foreman resources in CSV format with enough detail to be able to
later reimport that data for an exact clone. Although I envisioned broader
customer usage, it was mainly useful for devs that would often tear down
and spin up a new server. With CSV I could repopulate nearly all details of
the orgs, locs, settings, puppet classes, lifecycle environments, hosts,
host groups, etc.[2] Over time, certain resource types were incorporated
into Satellite-6 customer flows, specifically manipulating subscriptions on
content hosts[3]. Some addition aspects that may be interesting listed
below. Many of these are partially complete but worked well enough for my
own usage. As they say, "Pull-requests welcome!"

+ Originally designed to do multi-threaded import (added to expose problems
with server stress)
+ Allows custom columns to be defined and exported (custom reports)
+ Allows a subset of columns to be exported (custom reports)
+ Able to take yaml input instead of csv (useful for repopulating with
ansible playbook via forklift)
+ Import of Sat-5 export CSV
+ Server plugin for hosts to speed up import by a factor of ten

Over the past year other devs have worked on related features in Foreman.
These include rake scripts for export (very fast compared to API that
hammer csv has to use), export button on tables in UI (very convenient and
accessible compared to CLI), and more. Unfortunately all of the work
combined is not compatible. For example, exported CSV from a table can't
then be imported with hammer csv.

The question I have is, should additional dev effort be put into hammer
csv? Is the concept important? Could it be used for custom report
generation or inter-server sync (ISS)? Do we want a coherent vision and
strategy or is it alright to continue with point solutions?



[1] https://github.com/Katello/hammer-cli-csv
[2]
https://docs.google.com/spreadsheets/d/1brcqqUpfdoWCLDHkQc6f-AX-c93mwaqm7qUgzKfuvBM/edit?usp=sharing
[3] https://access.redhat.com/blogs/1169563/posts/2632781

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Re: [foreman-users] Re: Remote smart proxy issue

2017-09-25 Thread James Denton 
 Hi Adam


Thanks for your help (apologies I didnt respond sooner i was away last 
week). The settings in the .yaml files you mention appear correct as far as 
I know. Just so you know i am attempting to run a remote job from our 
Foreman master server to a client via a smart-proxy running on a seperate 
server in isolation. Therefore with the 2 files you mention do you mean on 
our Foreman master server or the seperate Proxy. This is from the error log 
on the foreman-proxy server running seperate from Foreman master:

D, [2017-09-25T11:24:58.230191 ] DEBUG -- : accept: 10.10.240.195:46416
D, [2017-09-25T11:24:58.232804 ] DEBUG -- : Rack::Handler::WEBrick is 
invoked.
[2017-09-25 11:24:58.331 #59264] ERROR -- invalid worlds found 
{"8f03b9ac-d048-41a1-b25b-49b24d5e2594"=>:invalidated}
E, [2017-09-25T11:24:58.358327 #59264] ERROR -- : SSL certificate with 
unexpected serial supplied
[2017-09-25 11:24:58.361 #59264]  INFO -- 10.10.240.195 - - 
[25/Sep/2017:11:24:58 +0100] "GET /dynflow/tasks/count?state=running 
HTTP/1.1" 403 59 0.0037

[2017-09-25 11:24:58.403 #59264] DEBUG -- close: 10.10.240.195:46416


10.10.240.195 is the IP of the Foreman Master. 

Thanks!

James

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Re: [foreman-users] Foreman + Isc DHCP

2017-09-25 Thread Lukas Zapletal 
Hello,

this page is pretty out of date (2013), you are not supposed to be
installing these services manually, we have a puppet-based installer
that does all the magic. If you do not want to use it, I recommend you
to install foreman on a test server and then investigate the
configuration files contents because your approach will be painful I
think.

Anyway, Foreman does manage DHCP records using OMAPI (adding/removing
records, tracking leases) but it does NOT create subnets. You need to
do this manually, our installer can create one subnet for you (it
requires it actually) and more subnets using Hiera configuration. A
typical configuration is:

--foreman-proxy-dhcp=true \ --foreman-proxy-dhcp-interface=eth0 \
--foreman-proxy-dhcp-gateway=10.0.0.1 \
--foreman-proxy-dhcp-range="10.0.0.100 10.0.0.200" \
--foreman-proxy-dhcp-nameservers="10.0.1.2,10.0.1.3"

https://theforeman.org/manuals/1.15/index.html#3.2ForemanInstaller

On Sun, Sep 24, 2017 at 12:10 AM, Konstantin Raskoshnyi
 wrote:
> Hi guys,
> I'm a new to foreman. I used to use spacewalk for a long time, trying to
> find a better solution for our company.
>
> I was trying to set up a demo box with foreman & isc dhcpd on centos 7.3.
> I followed the docs
> (http://projects.theforeman.org/projects/smart-proxy/wiki/ISC_DHCP)
> I added proxy feature, keys, dhcp network in foreman etc.
> Foreman says that dhcp feature is up and running.
> Docs say I need to start up dhcpd, which doesn't make any sense for me since
> I didn't configure any nets directly in /etc/dhcpd/dhcpd.conf, I assume
> foreman has to do that?
> Here's is config files:
>
> dhcpd.conf:
> #
> # DHCP Server Configuration file.
> #   see /usr/share/doc/dhcp*/dhcpd.conf.example
> #   see dhcpd.conf(5) man page
> #
> omapi-port 7911;
> key omapi_key {
> algorithm HMAC-MD5;
> secret
> "mmaA9cCfrl+KjQVQwbSQfN/LAyok58Kbb9Y4XrOs9UoK7j8ePYIGyDcNAWnDYFmdRgaEahs94rdAo4B9IyV6pA==";
> #<-The output from the generated key above.
> };
> omapi-key omapi_key;
>
>
> [root@foreman settings.d]# cat dhcp.yml
> ---
> # Enable DHCP management
> # Can be true, false, or http/https to enable just one of the protocols
> :enabled: true
>
> # valid providers:
> #   - dhcp_isc (ISC dhcp server)
> #   - dhcp_native_ms (Microsoft native implementation)
> #   - dhcp_libvirt (dnsmasq via libvirt)
> :use_provider: dhcp_isc
> :server: 127.0.0.1
> # subnets restricts the subnets queried to a subset, to reduce the query
> time.
> :subnets:
>   - 192.168.56.0/255.255.255.0
> #  - 192.168.205.128/255.255.255.128
>
> [root@foreman settings.d]# cat dhcp_isc.yml
> ---
> #
> # Configuration file for ISC dhcp provider
> #
>
> :config: /etc/dhcp/dhcpd.conf
> :leases: /var/lib/dhcpd/dhcpd.leases
>
> :key_name: omapi_key
> :key_secret:
> mmaA9cCfrl+KjQVQwbSQfN/LAyok58Kbb9Y4XrOs9UoK7j8ePYIGyDcNAWnDYFmdRgaEahs94rdAo4B9IyV6pA==
>
>
> :omapi_port: 7911
>
> # use :server setting in dhcp.yml if you are managing a dhcp server which is
> not localhost
>
>
> Will be happy to hear any suggestions.
> Happy weekend!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to foreman-users+unsubscr...@googlegroups.com.
> To post to this group, send email to foreman-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.



-- 
Later,
  Lukas @lzap Zapletal

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.