Re: [foreman-users] Errata and Content View issue

2017-12-09 Thread Andrew Schofield 
You are encountering this 
bug: https://bugzilla.redhat.com/show_bug.cgi?id=1488167 looks like this 
fix is in pulp-2.14


On Saturday, December 9, 2017 at 3:51:08 AM UTC-5, Arsène Gschwind wrote:
>
>
>
> On Saturday, December 9, 2017 at 2:40:04 AM UTC+1, Lachlan Musicman wrote:
>>
>> On 9 December 2017 at 07:38, Arsène Gschwind  
>> wrote:
>>
>>> Hi,
>>>
>>> I'm running Foreman 1.15.6 and Katello 3.4.
>>> I did apply an Errata to a host what did generate a new Content View 
>>> version, so far s good. The new Content View includes the Errata but not 
>>> the package for the this Errata.
>>>
>>>
>>> 
>>> As you may see on the picture in version 1.1 there is one more Errata 
>>> but the amount of packages didn't change.
>>> When doing a yum check-update on host i don't see any new package.
>>>
>>> After generating a full new version version of the content view i will 
>>> get those updates on the host.
>>> This sounds like a bug
>>>
>>> Thanks for any hint to help debug that issue.
>>>
>>>
>> I also saw this with these versions. If you look at the release notes for 
>> Foreman 1.16 and Katello 3.5 there are a number of bugs related that will 
>> hopefully fix this issue.
>>
>> The upgrade is a relatively simple process - I'd recommend it.
>>
>> Cheers
>> L.
>>
>
> I've tried the update to TFM 1.16 and Katello 3.5 but I had to revert back 
> since the provisioning didn't work at all.
> I may give another attempt
>
> Tanks.
> Cheers,
> Arsène 
>
>>  
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Re: [foreman-users] AD/LDAP group authentication?

2017-10-27 Thread Andrew Schofield 
The answer is more 'sort of'. So Marek is entirely correct however users 
which are created in this way are NOT assigned to any locations nor 
organizations so there is manual (or scripted) post work required to be 
done.

I raised [1] in 2015, it's private but the comments are:

Currently, when you create a user you have to assign that user to a location in 
order for that user to be able to view / manage entities within that location. 
However this is not ideal for two key reasons:

1) Users which belong to the same group and role still require manual tasks to 
be performed to ensure they can behave is a consistent manner.

2) Users created via LDAP / AD where the 'Automatically create accounts in 
Foreman' option is checked are not added to ANY location. This means that 
manual steps have to be take to add the users to locations and organizations.

This RFE therefore is to allow location / organization details to be assigned 
per user group as the user groups section maps users to AD (or internal) groups 
and maps the groups to roles. This should be enhanced to add Organizations and 
Locations such that users created who belong to this group will be assigned 
locations and organizations commensurate to these groups.


[1] https://bugzilla.redhat.com/show_bug.cgi?id=1293835



On Friday, October 27, 2017 at 4:17:07 PM UTC-4, Marek Hulán wrote:
>
> On pátek 6. října 2017 22:27:46 CEST Charlie Baum wrote: 
> > Pretty new to Foreman and standing up our first POC of the product. 
> > 
> > Can someone verify/shoot down a question I have?  Does Foreman not 
> support 
> > AD group authentication?  In other words, can you authenticate to the 
> > Foreman UI without being setup as a local Foreman user first?  I am 
> playing 
> > around with AD stuff in there and got my AD account setup for access 
> just 
> > fine.  I created a user group linked to an external AD account but 
> unless I 
> > setup the user locally in Foreman, a member of that AD group could not 
> > login to Foreman.  Is this by design or am I overlooking something? 
>  Thanks 
> > folks! 
> > 
> > CB 
>
> Hello, yes, this is entirely possible. Just setup LDAP auth source. Double 
> check you have "Automatically create accounts in Foreman" checkbox enabled 
> for 
> this auth source (it's under Account tab) 
>
> Hope this helps 
>
> -- 
> Marek 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: commercial certificate for foreman

2017-10-08 Thread Andrew Schofield 
Of limited help I suspect but I can confirm that as a Satellite user I'm 
able to use a commercial certificate and I also don't have a CSR (where is 
asked for the CSR, create an empty file).

On Friday, October 6, 2017 at 6:09:39 AM UTC-4, Doug O wrote:
>
> Hello,
>
> I am bringing up a katello/foreman/puppet server and I have a hard 
> requirement by my organization that self-signed SSL certificates are not 
> allowed for web servers. The currently approved certificate is a wildcard 
> cert for which I do not have the csr. I've been through this group and 
> found several messages on how to install a commercial certificate for the 
> web interface while leaving all other certificates untouched. These 
> instructions are somewhat contradictory and none have worked for me. Does 
> anybody have an authoritative answer on how to install a commercial 
> wildcard certificate for the web interface that does not break puppet?
>
> I'm running Katello 3.4.5, Foreman 1.15.4, and puppet 4.10.8 under CentOS 
> 7.4
>
> Thanks,
>
> Doug
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: api setting host build flag

2017-09-21 Thread Andrew Schofield 
Use version 2 of the api. Pass version=2 in the accept header or 
api/v2/hosts. Also, PUT of what you get with a GET isn't going to work. You 
need to PUT {host: {build: 1}} to api/v2/54/

On Thursday, September 21, 2017 at 4:37:28 PM UTC-4, justin parker wrote:
>
> I am trying to toggle a host's build flag using the api and it's not work 
> at all.  I've tried setting build_hosts, build, build_status all at the 
> same time, one at time, and multiple other combinations with True.  Any 
> help would greatly be appreciated.
>
> I am using this python script:
>
> import requests
> import json
> import sys
>
> user = 'devopsuser'
> paswd = 'password'
>
> def getHosts():
> targeturl = 'https://foreman.eng.fireeye.com/api/hosts'
> r = requests.get(targeturl, auth=(user, paswd), verify=False)
> return r
>
> def getHost(id):
> targeturl = 'https://foreman.eng.fireeye.com/api/hosts/%s' % id
> r = requests.get(targeturl, auth=(user, paswd), verify=False)
> return r
>
> def putHost(id, payload):
> targeturl = 'https://foreman.eng.fireeye.com/api/hosts/%s' % id
> r = requests.put(targeturl, data=payload, auth=(user, paswd), 
> verify=False)
>
>
> r = getHost(54)
>
> results = json.loads(r.text)
> print ['results']
>
> #results['build_hosts'] = '1'
> results['build'] = 1
> #results['build_status'] = '1'
>
> putHost(54, results)
>
> r = getHost(54)
>
> results = json.loads(r.text)
>
> print results
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Re: [foreman-users] Re: subscription expected behaviour?

2017-08-20 Thread Andrew Schofield 
Give hammer host subscription attach a try. For hosts use 
subscription-manager.

On Sunday, August 20, 2017 at 8:06:48 PM UTC-4, Lachlan Musicman wrote:
>
> On 18 August 2017 at 12:58, Andrew Schofield <a...@ourhavens.co.uk 
> > wrote:
>
>> Activation keys are good for the initial host registration only. If you 
>> assign new products to a content view then you need to :
>>
>> a) Add these to the activation key (so newly provisioned servers get the 
>> new repos)
>> b) Either manually / automatically subscribe servers to the new products 
>> from the host (command line / scripts / puppet etc) or use the web ui / 
>> hammer / api todo this
>>
>> Subscription manager (from memory I'm probably wrong on timings) will 
>> auto-refresh every 4 hrs or so.
>>
>
> Ah! This answers a question of mine from another thread.
>
> Can someone give an example of the hammer command to update the 
> /etc/yum.repos.d/redhat.repo from the server?
>
> Neither hammer repository nor hammer repository-set seem quite right.
>
> Alternatively - and probably preferably (so that it can be scripted to run 
> via ansible) - the puppet command that would pull updates to the repo file?
>
> cheers
> L. 
>
>
>
>
>
> --
> "The antidote to apocalypticism is *apocalyptic civics*. Apocalyptic 
> civics is the insistence that we cannot ignore the truth, nor should we 
> panic about it. It is a shared consciousness that our institutions have 
> failed and our ecosystem is collapsing, yet we are still here — and we are 
> creative agents who can shape our destinies. Apocalyptic civics is the 
> conviction that the only way out is through, and the only way through is 
> together. "
>
> *Greg Bloom* @greggish 
> https://twitter.com/greggish/status/873177525903609857
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: subscription expected behaviour?

2017-08-17 Thread Andrew Schofield 
Activation keys are good for the initial host registration only. If you 
assign new products to a content view then you need to :

a) Add these to the activation key (so newly provisioned servers get the 
new repos)
b) Either manually / automatically subscribe servers to the new products 
from the host (command line / scripts / puppet etc) or use the web ui / 
hammer / api todo this

Subscription manager (from memory I'm probably wrong on timings) will 
auto-refresh every 4 hrs or so.

Thanks,
Andrew

On Thursday, August 17, 2017 at 2:08:32 AM UTC-4, Denis Müller wrote:
>
> Hi,
>
> do we always need to "reregister" the machine if we provide new content 
> like a new repo in a content-view or new Product to activation key?
>
> I thought the command "subscription-manager refresh" would tell the 
> machine to get the new content, but fotunately noi have to reregister 
> the machine all the time.
>
> Or maybe i'm doing something wrong?
>
> I would appreciate any advice.
>
> Greets,
> Denis
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Re: [foreman-users] Re: LCE or CV/CCV package differentials

2017-08-03 Thread Andrew Schofield 
On 3 August 2017 at 20:49, Eric D Helms  wrote:

> There are existing issues around this large feature and an RFC if you'd
> like to contribute via review:
>
> https://github.com/theforeman/rfcs/pull/17
>
> I've written a script using both hammer and apipie to do comparisons I
> could share.
>

I'd be interested in this?

I have a basic script which calls the api and drags down all packages from
version a and version b and does a comparison. Its simplistic at best.

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: LCE or CV/CCV package differentials

2017-08-01 Thread Andrew Schofield 
There is no easy way to do this. We have the same issue and I'd think its a 
pretty basic use case!

>From memory, there is a compare API endpoint but that will only report on 
errata differences between two content view versions. 

We do this by grabbing all packages / puppet modules (as that's the two 
bits we're interested in) in the two content view versions and diff'ing. 
Its slow. Really slow - like 15 minutes or so slow. 

On Tuesday, August 1, 2017 at 12:59:02 AM UTC-4, Lachlan Musicman wrote:
>
> On 1 August 2017 at 14:14, Lachlan Musicman  > wrote:
>
>> Hola,
>>
>> Is there an easy way to get a comprehensive list of package changes 
>> between two CV versions or two Lifecycle Environment versions?
>>
>> I'm looking into the hammer help now, and have found 
>> http://projects.theforeman.org/issues/20046 
>> 
>> which suggests that a per CV package list is available. I could wrap up a 
>> couple of those in a bash script I guess?
>>
>> I presumed this would be a solved problem - being able to report on what 
>> packages will change should the LCE be promoted to the new CV version. 
>> That's the actual problem I'm trying to solve - am I doing it wrong again?
>>
>
>
> After some banging away, I found this:
>
> hammer package list --organization-id 1 --content-view-id 25 
> --content-view-version 25 --repository-id 2 
>
> returned a list, but only after I'd tried
>
> hammer package list --organization-id 1 --content-view-id 25 
>
> then
>
> hammer package list --organization-id 1 --content-view-id 25 
> --content-view-version 25 
>  
> It would be great to be able to iterate over the included repo versions 
> without necessarily needing to know what they were - so that 
>
> hammer package list --organization-id 1 --content-view-id 25 
> --content-view-version 25 
>
> returned a list of packages of all the repos in it? Am I missing something 
> simple?
>
> L.
>
>
> --
> "The antidote to apocalypticism is *apocalyptic civics*. Apocalyptic 
> civics is the insistence that we cannot ignore the truth, nor should we 
> panic about it. It is a shared consciousness that our institutions have 
> failed and our ecosystem is collapsing, yet we are still here — and we are 
> creative agents who can shape our destinies. Apocalyptic civics is the 
> conviction that the only way out is through, and the only way through is 
> together. "
>
> *Greg Bloom* @greggish 
> https://twitter.com/greggish/status/873177525903609857
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Re: [foreman-users] Katello 2.4 capsule load balancing

2017-07-16 Thread Andrew Schofield 
Good news that everything else works. For puppet I have the LB name in the
auth.conf file on the relevant allow lines. The cert for puppet have the lb
name AND the name of the hosts sitting behind it in a SAN (Server Alternate
Name) certificate.

On 11 July 2017 at 12:01, Unix SA  wrote:

> Thanks,
>
> I am having issue with puppet, when i provision client i give puppet CA
> and master as CNAME now after succesful provision puppet.conf in client has
> cname as CA and server, but when i check capsule it has not generated
> certificates using cname and puppet communication fails, am i missing
> something ?
>
> How do generate puppet CA cert as well with CNAME for puppet to work?
>
> Do you have sequence of steps you followed if you can share please ?
>
> For testing i have below setup currently
>
> Satellite master
> Haproxy server
> UK capsule, (after some testing will add more capsules)
>
> Thanks,
> DJ
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Foreman users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/foreman-users/CzORDwoCc8w/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> foreman-users+unsubscr...@googlegroups.com.
> To post to this group, send email to foreman-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Thanks,
Andrew

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: Error with Red Hat Repositories

2017-07-10 Thread Andrew Schofield 
We see occasional issues similar to this (difficult to say if its exact or 
not). We tend to refresh the manifest and that seems to straighten things 
out.

On Monday, July 10, 2017 at 6:18:42 AM UTC-4, nd_dut...@yahoo.fr wrote:
>
> Hi,
>
> With Katello 3.4.2, there is an error with access to Red Hat Repositories 
> page :
>
> 2017-07-10 12:15:59 575301bc [app] [I] Processing by 
> Katello::ProvidersController#redhat_provider_tab as */*
> 2017-07-10 12:15:59 575301bc [app] [I]   Parameters: {"tab"=>"rpms"}
> 2017-07-10 12:15:59 575301bc [app] [I] Current user: admin (administrator)
> 2017-07-10 12:16:00 575301bc [app] [I]   Rendered 
> /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.4.2/app/views/katello/providers/redhat/_tab.html.erb
>  
> (1146.6ms)
> 2017-07-10 12:16:00 575301bc [app] [I] Completed 500 Internal Server Error 
> in 1281ms (ActiveRecord: 4.0ms)
> 2017-07-10 12:16:00 575301bc [app] [F]
>  | RestClient::ResourceNotFound (Katello::Resources::Candlepin::Product: 
> 404 Resource Not Found {"displayMessage":"Product with ID '179' could not 
> be found.","requestUuid":"3dedd070-2fd4-4e22-a0f6-4d672dcdb622"} (GET 
> /candlepin/owners/Geodis_RT/products/179/?include=name=
> attributes.name
> =attributes.value=productContent.content.contentUrl=productContent.content.label=productContent.content.modifiedProductIds=productContent.content.type=
> productContent.content.id=productContent.content.name)):
>  |   katello (3.4.2) app/lib/katello/http_resource.rb:84:in `get'
>  |   katello (3.4.2) app/lib/katello/resources/candlepin.rb:660:in `get'
>  |   katello (3.4.2) app/models/katello/glue/candlepin/product.rb:19:in 
> `block (2 levels) in included'
>  |   katello (3.4.2) app/lib/katello/lazy_accessor.rb:160:in 
> `instance_eval'
>  |   katello (3.4.2) app/lib/katello/lazy_accessor.rb:160:in 
> `run_initializer'
>  |   katello (3.4.2) app/lib/katello/lazy_accessor.rb:139:in 
> `lazy_attribute_get'
>  |   katello (3.4.2) app/lib/katello/lazy_accessor.rb:60:in `block (2 
> levels) in lazy_accessor'
>  |   katello (3.4.2) app/models/katello/glue/candlepin/product.rb:81:in 
> `displayable_product_contents'
>  |   katello (3.4.2) app/helpers/katello/providers_helper.rb:24:in `block 
> in redhat_repo_tab'
>  |   katello (3.4.2) app/helpers/katello/providers_helper.rb:23:in 
> `redhat_repo_tab'
>  |   katello (3.4.2) app/views/katello/providers/redhat/_tab.html.erb:1:in 
> `_41ea9beb3ddf17094c0928f9a41367ee'
>  |   katello (3.4.2) app/controllers/katello/providers_controller.rb:33:in 
> `redhat_provider_tab'
>  |   app/controllers/concerns/application_shared.rb:15:in `set_timezone'
>  |   app/controllers/concerns/foreman/controller/topbar_sweeper.rb:12:in 
> `set_topbar_sweeper_controller'
>  |   katello (3.4.2) lib/katello/params_parser_wrapper.rb:12:in `call'
>  |   lib/middleware/catch_json_parse_errors.rb:8:in `call'
>  |   lib/middleware/tagged_logging.rb:18:in `call'
>  |
>  |
>
>
> There is several repos concerned :
>
> checking - Red Hat Developer Toolset for RHEL Workstation - PRODUCT ID: 14
> (hammer repository-set list --product-id 14)
> Katello::Resources::Candlepin::Product: 404 Resource Not Found 
> {"displayMessage":"Product with ID '179' could not be 
> found.","requestUuid":"551d803d-898d-44cd-9d1e-41331bbc8944"} (GET 
> /candlepin/owners/Geodis_RT/products/179/?include=name=
> attributes.name
> =attributes.value=productContent.content.contentUrl=productContent.content.label=productContent.content.modifiedProductIds=productContent.content.type=
> productContent.content.id=productContent.content.name)
>
> checking - Red Hat Software Collections Beta for RHEL Client - PRODUCT ID: 
> 11
> (hammer repository-set list --product-id 11)
> Katello::Resources::Candlepin::Product: 404 Resource Not Found 
> {"displayMessage":"Product with ID '206' could not be 
> found.","requestUuid":"447b1473-4972-455a-a4ac-cf327c44de43"} (GET 
> /candlepin/owners/Geodis_RT/products/206/?include=name=
> attributes.name
> =attributes.value=productContent.content.contentUrl=productContent.content.label=productContent.content.modifiedProductIds=productContent.content.type=
> productContent.content.id=productContent.content.name)
>
> checking - Red Hat Software Collections Beta for RHEL Workstation - 
> PRODUCT ID: 8
> (hammer repository-set list --product-id 8)
> Katello::Resources::Candlepin::Product: 404 Resource Not Found 
> {"displayMessage":"Product with ID '207' could not be 
> found.","requestUuid":"17007730-71d8-44d9-b37e-65178ab2aa70"} (GET 
> /candlepin/owners/Geodis_RT/products/207/?include=name=
> attributes.name
> =attributes.value=productContent.content.contentUrl=productContent.content.label=productContent.content.modifiedProductIds=productContent.content.type=
> productContent.content.id=productContent.content.name)
>
> checking - Red Hat Software Collections for RHEL Client - PRODUCT ID: 12
> (hammer repository-set list --product-id 12)
> Katello::Resources::Candlepin::Product: 404 Resource Not

Re: [foreman-users] Katello 2.4 capsule load balancing

2017-07-08 Thread Andrew Schofield 
Yes, we have our capsules (4 per region) sitting behind load balancers 
using custom SSL. A few gotchas for Satellite:

1. katello-ca-consumer-latest sets subscription manager with the capsules 
hostname. So after the install of that rpm , we update the subscription 
manager config to the load balancer
2. Puppet ssl and tftp directories need to be shares - we use NFS for this 
- you will need to write a selinux module to deal with this, default 
modules break due to NFS.
3. All the capsules MUST be registered in Satellite AND be assigned the 
same life cycles etc.
4. The LB MUST be registered as a dummy capsule but DO NOT assign any life 
cycles to this.

On Friday, July 7, 2017 at 4:47:31 AM UTC-4, Unix SA wrote:
>
> hey, 
>
> did you get chance to test it ?
>
> On Friday, 6 May 2016 07:58:27 UTC+5:30, Andrew Schofield wrote:
>>
>> Apparently RH have a reference architecture for this. We are also testing 
>> this shortly too. We will be migrating some  20k hosts to some 20 or so 
>> Capsules!
>>
>> On Tuesday, April 5, 2016 at 4:42:01 PM UTC-4, George Lim wrote:
>>>
>>> We are planning to register thousands of machines for content management 
>>> and some of our team members are concerned with performance and scaling. 
>>> How can I create multiple capsule servers and place them behind a load 
>>> balancer like F5? Without a capsule load balancing feature, do I need to 
>>> write a script which round robin the ca consumer bootstrap and registration 
>>> with the capsule servers?
>>>
>>> On Saturday, April 2, 2016 at 4:56:23 AM UTC-7, Eric Helms wrote:
>>>>
>>>> Can you clarify what you mean by "Capsule load balancing" ?
>>>> On Mar 31, 2016 8:12 PM, "George Lim" <georg...@gmail.com> wrote:
>>>>
>>>>> I just read somewhere that Katello 2.4 Capsule does not support 
>>>>> Capsule load balancing yet. Do you know if it's available Katello 3.0 RC 
>>>>> or 
>>>>> when do you think the feature will be added?
>>>>>
>>>>> -- 
>>>>> You received this message because you are subscribed to the Google 
>>>>> Groups "Foreman users" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send 
>>>>> an email to foreman-user...@googlegroups.com.
>>>>> To post to this group, send email to forema...@googlegroups.com.
>>>>> Visit this group at https://groups.google.com/group/foreman-users.
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: Newbie help with configuring classes

2017-07-03 Thread Andrew Schofield 
You need to use the cron::job class. Looks like you're using the cron 
class. The documentation for this seems pretty clear?

On Monday, July 3, 2017 at 1:30:56 PM UTC-4, 1284...@gmail.com wrote:
>
> Hi
>
> It might be best if you post your class to debug...
>
>
>
> On Friday, June 23, 2017 at 9:35:50 AM UTC+1, Hernan Vera wrote:
>>
>> Hi, I´m new to Foreman and Puppet, I´ve deployed Foreman and upgraded it 
>> to 15, it´s working right for NTP class (as shown on tutorials).
>> I´m trying to configure cron on clients, but I don´t know how to do it, 
>> which Smart Parameters should I modify and where to add the job to deploy 
>> to clients. I´ve looked on the web but nothing found. I´m using 
>> rmueller/cron from forge puppet. Would anyone help me please?
>>
>>
>>
>> 
>>
>>
>> 
>>
>>
>>
>> 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: Foreman/Katello 1.14, Roles setting for "Content Source"?

2017-06-29 Thread Andrew Schofield 
Also if you trawl the production.log file too you should start to see which 
permissions are missing.

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: Foreman/Katello 1.14, Roles setting for "Content Source"?

2017-06-29 Thread Andrew Schofield 
If you're using locations and orgs then you need view / assign organisations 
and locations too. You probably want a load of other views - for operating 
systems etc too. 

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: Foreman/Katello 1.14, Roles setting for "Content Source"?

2017-06-26 Thread Andrew Schofield 
Do you have the view_proxy permissions set - and is the proxy in the same 
location / org as the host you're trying to create?

On Monday, June 26, 2017 at 5:30:40 PM UTC-4, Mike Wilson wrote:
>
> I am setting up a role that's restricted (for proof of concept for 
> managers) that will allow a user to create some hosts via foreman. The 
> problem comes from the fact I can't figure out what permission I need to 
> give them to see "Content Source".
>
> See Attached Image.
>
> I've been able to figure out everything else so far but this one is 
> eluding me and google has failed me today to sort it out.
>
> Is this a role issue or is it a configuration issue elsewhere? 
> (location/organization problem)?
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Re: [foreman-users] Recommendations for products with discovered repositories and subscriptions for content hosts

2017-03-03 Thread Andrew Schofield 
Hi Tomas,

No, we don't use multiple activations keys. We tie the 
AK___ key to the 
/<region(s)>// hostgroup. We have 7 lifecycles and 
4 regions, so each product has 7 *  activation keys and each 
product has <os's> * 7 (lifecycles) * 4 (regions) hostgroups. You end up 
with a lot quickly! The only way to manage this is scripting. For building 
the activations keys, we copy the os key (so it keeps the subscriptions) 
then we add the new subscriptions (the products created) and adjust the 
content view.

On Thursday, March 2, 2017 at 12:59:11 PM UTC-5, Tomas Hajek wrote:
>
> Andrew,
>   I did read over you post in that thread and it was very helpful. I think 
> even though we only have a couple hundred servers there are very few that 
> are actually alike I think your methodology probably fits fairly well but I 
> also like Rich's suggestion of using multiple activation keys.  I was 
> wondering about the shear number of activation keys that we would wind up 
> with and I suppose automating that might help, that appears to be what you 
> did base on your note about building the Activation Keys pragmatically.  Do 
> you use multiple activation keys, I'm somewhat assuming not based on you 
> example of AK__ and AK___?
> thanks again,
>  -Tomas
>
> On Wed, Mar 1, 2017 at 9:24 PM, Andrew Schofield <a...@ourhavens.co.uk 
> > wrote:
>
>> Tomas - I'd read that whole thread. I have a post in there too which 
>> explains my view of the world - it works well for our (large (20k+), multi 
>> region, multi user) setup and takes a very structured approach. Its 
>> probably overkill for a few hundred servers.
>>
>> On Monday, February 27, 2017 at 11:54:16 AM UTC-5, Jason B. Nance wrote:
>>>
>>> Hi Tomas,
>>>
>>> Check out my reply in the following thread:
>>>
>>> 
>>> https://groups.google.com/d/msg/foreman-users/q_Qr9sg2PJs/XUN8YEeMDAAJ
>>>
>>> It includes my reasoning for using CVs and a bit of insight into why I 
>>> structured how I did.
>>>
>>> If you have further questions don't hesitate to ask.
>>>
>>> j
>>>
>>>
>>>
>>> --
>>> *From: *"Tomas Hajek" <tha...@gmail.com>
>>> *To: *"Foreman Users" <forema...@googlegroups.com>
>>> *Sent: *Monday, February 27, 2017 10:41:46 AM
>>> *Subject: *Re: [foreman-users] Recommendations for products with 
>>> discovered repositories and subscriptions for content hosts
>>>
>>> Good question.  
>>>I'm not actively trying to avoid using Content Views just thought I 
>>> could get a particular issue resolved without them.  I am still trying to 
>>> wrap my head around all of the various organizational structures (Products, 
>>> Content Views, Activation Keys, Host Groups, Host Collections, Config 
>>> Groups, etc.) and determine what fits best for various use cases and how 
>>> best to structure them for our environment.  
>>>Based on training I am going through right now (RH403 Satellite 6 
>>> Administration) I thought one of my use cases would be fairly simple and 
>>> straight forward to accomplish.  Basically, I have about 200 RHEL 6 systems 
>>> that I need to transition from RHN Classic subscriptions to 
>>> subscription-manager but with the caveat that most of these systems pull in 
>>> non-Red Hat repositories and I wanted to get them into Satellite instead of 
>>> sending each system out through a Squid proxy.  So, Instead of going from 
>>> RHN Classic to RHSM and then to Satellite I thought I would setup the 
>>> existing repositories that we use as products in Satellite, unregister from 
>>> RHN Classic, and register with Satellite as Content Hosts and basically be 
>>> done (without having to deal with Life Cycle Environments and promoting 
>>> Content Views, etc. as that brings a whole additional level of complexity). 
>>>   If my use case was to only use Red Hat repositories then I think this 
>>> would work as demonstrated in the training course but as with most things 
>>> it got complicated quickly.  It seemed like Products and repositories were 
>>> the basic unit set to work with so I wanted to start there.  I kind of 
>>> thought that the discovery mechanism and resultant exposure to clients 
>>> would work similar to the .repo files with $releasever and $basearch but 
>>> it's obviously more complicated than that.  
>>>
>>> Would you mind sharing generally how you organized your products and 
>>> content views (or any

[foreman-users] Re: pre-create ad computer object prior to domain join?

2017-03-01 Thread Andrew Schofield 
Have you looked at foreman-hooks? 

https://github.com/theforeman/foreman_hooks

On Thursday, February 23, 2017 at 7:55:21 AM UTC-5, Jason McMahan wrote:
>
> Good day,
> We are working on provisioning from foreman. We can successfully create a 
> vm guest in Vsphere 6, join our active directory domain and within run once 
> install puppet agent on machine.
>
> The problem we are having is we need to create the computer object in a 
> non-default ou as that ou is used by workstations in our environment.
> Any suggestions to pre-create the computer object prior to join domain 
> through customization?
>
> Unfortunately we realized run once occurs after customization which has 
> domain join as part of it so that will not work.
> We will be using this for our Linux and Windows machines.
>
> Any help or suggestions is appreciated. 
> Thank you
>
> Jason 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: Issues with certificates in Foreman

2017-03-01 Thread Andrew Schofield 
This tells you the issue:

>> Warning: SSL_connect returned=1 errno=0 state=error: certificate verify 
failed: [certificate revoked for /CN=linuxhub.az.int]

The certificate on the puppet master has been revoked. Run a puppet cert 
clean on the master and remove /var/lib/puppet/ssl on your client and re 
run. Assuming you have autosign on this will generate a new cert for you.

On Wednesday, March 1, 2017 at 3:13:21 PM UTC-5, Jonathan D wrote:
>
> After cleaning and re-signing the CA certificate in foreman, I now get the 
> following error with I test the agent:
>
> root@linuxhub:/etc/puppetlabs/puppet# puppet agent --test
>
>
> Warning: Unable to fetch my node definition, but the agent run will 
> continue:
> Warning: SSL_connect returned=1 errno=0 state=error: certificate verify 
> failed: [certificate revoked for /CN=linuxhub.az.int]
> Info: Retrieving pluginfacts
> Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate 
> additional resources using 'eval_generate': SSL_connect returned=1 errno=0 
> state=error: certificate verify failed: [certificate revoked for /CN=
> linuxhub.az.int]
> Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: 
> Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect 
> returned=1 errno=0 state=error: certificate verify failed: [certificate 
> revoked for /CN=linuxhub.az.int]
> Info: Retrieving plugin
> Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate 
> additional resources using 'eval_generate': SSL_connect returned=1 errno=0 
> state=error: certificate verify failed: [certificate revoked for /CN=
> linuxhub.az.int]
> Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could 
> not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 
> errno=0 state=error: certificate verify failed: [certificate revoked for 
> /CN=linuxhub.az.int]
> Info: Loading facts
> Error: Could not retrieve catalog from remote server: SSL_connect 
> returned=1 errno=0 state=error: certificate verify failed: [certificate 
> revoked for /CN=linuxhub.az.int]
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
> Error: Could not send report: SSL_connect returned=1 errno=0 state=error: 
> certificate verify failed: [certificate revoked for /CN=linuxhub.az.int]
>
> 
>
>
> Is there a site where I can read up on troubleshooting this problem? 
>
> Thank you in advance! 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Re: [foreman-users] Generic Image For Capsule

2017-02-15 Thread Andrew Schofield 
I found that out the hard way a while back too Jason. This should be more 
visible on the UI somewhere!

On Wednesday, February 15, 2017 at 9:58:09 AM UTC-5, Jason B. Nance wrote:
>
> Ahh... this is much simpler than I though.  The "subnet" image basically 
> is the "generic" image just pointing to the Capsule/Smart Proxy.  The name 
> of the ISO was what was throwing me off.  I thought there was something 
> subnet-specific in there, but after mounting and comparing I see otherwise. 
>
> j 
>
>
> - Original Message - 
> From: "Foreman Users"  
> To: "Foreman Users"  
> Sent: Wednesday, February 15, 2017 8:44:18 AM 
> Subject: Re: [foreman-users] Generic Image For Capsule 
>
> Hi Lukas, 
>
> I already had the settings as you indicated but the generic image for this 
> host is pointing to the primary Katello/Foreman server.  I tried cancelling 
> the build and clicking build again but results were same. 
>
> Am I misunderstanding how this should work?  Is the "generic" image always 
> the same regardless of content host/location/subnet?  Should I be using the 
> subnet image instead? 
>
> Thanks, 
>
> j 
>
>
> - Original Message - 
> From: "Lukas Zapletal"  
> To: "Foreman Users"  
> Sent: Wednesday, February 15, 2017 5:54:41 AM 
> Subject: Re: [foreman-users] Generic Image For Capsule 
>
> Make sure both TFTP and Templates features are enabled on Subnet 
> proxy, then rebuild the host (hit Build button) and you should see 
> templated bootdisk. 
>
> Can you please upvote this bug? I want to start counting on this, 
> other users often hit this. 
>
> http://projects.theforeman.org/issues/17316 
>
> LZ 
>
> On Tue, Feb 14, 2017 at 3:59 PM, 'Jason B. Nance' via Foreman users 
>  wrote: 
> > Hello, 
> > 
> > After creating a new host I can download the generic image, which can be 
> used to boot/install the host.  This generic image points at the 
> Katello/Foreman server itself.  How do I download a generic image that 
> points at a Capsule/Smart Proxy? 
> > 
> > I've tried creating a host and setting its content source to the Capsule 
> but the generic boot disk still points at the primary Kat/TFM server. 
> > 
> > Thanks, 
> > 
> > j 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Foreman users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to foreman-user...@googlegroups.com . 
> > To post to this group, send email to forema...@googlegroups.com 
> . 
> > Visit this group at https://groups.google.com/group/foreman-users. 
> > For more options, visit https://groups.google.com/d/optout. 
>
>
>
> -- 
> Later, 
>   Lukas @lzap Zapletal 
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Foreman users" group. 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to foreman-user...@googlegroups.com . 
> To post to this group, send email to forema...@googlegroups.com 
> . 
> Visit this group at https://groups.google.com/group/foreman-users. 
> For more options, visit https://groups.google.com/d/optout. 
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Foreman users" group. 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to foreman-user...@googlegroups.com . 
> To post to this group, send email to forema...@googlegroups.com 
> . 
> Visit this group at https://groups.google.com/group/foreman-users. 
> For more options, visit https://groups.google.com/d/optout. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: This thing itches me....

2016-12-18 Thread Andrew Schofield 
And to add (sorry!)

The API! 
- Unify and standardise the foreman and katello API's (same arguments, same 
return)
- Fix the Content Upload API!

- Allow packages to be managed / copied / moved between repositories.

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: Naming products and repos?

2016-11-20 Thread Andrew Schofield 
Well, we take a somewhat different approach.

We sync directly from RedHat and hence (re)naming those repos in Satellite 
isn't really an option. We base our setup on 'products' and 'os' a 
'product' being really an 'os' and other things (applications, db etc). But 
a 'product' can also be part of our core operating system. We do this to 
play better with the RBAC model.

So we will have 

P_
  R__Yum
  R__Puppet

The RBAC model only allows you to permission at the product level so we can 
hand that of to that team.

We construct our OS as a content view:

CV_
  RHEL 6Server
  P_ # Ok, in reality you add the repository but this is 
for representation, this is owned by 
  P_ # Owner is 

But also:

CV_
  P_

We will also allow the following

CCV__ # This can be permissioned to  team to manage
  CV_# But they can't modify 
  CV_# But they can modify 

This is so that (for instance) we can control what goes into the OS and use 
the RBAC controls to prevent the owner of  from being able to 
modify that but allow them to control their own content views and publish / 
promote as they see fit.

The we tie these to hostgroups structured:

HG_//  # Assign CV_ here

or HG_/// # Assign CCV__ here

We then use the same methodology for activation keys etc. So an activation 
key is:

AK__   # Assigns all the products / os which 
is in content view CV_ and is assigned to HG_//
AK___
  
We build these programmatically.


On Wednesday, November 9, 2016 at 6:21:12 PM UTC-5, Alan Evans wrote:
>
> Is there any guide or are there any recommendations for naming/labeling 
> products and repos?
>
> Is CentOS, CentOS 6, CentOS 6 x86_64 a product?
> What are people doing for CentOS/EPEL?
>
> If left to it's own devices katello just replaces spaces with underscores 
> for product/repo labels.
>
> What about other "products?"
>   Is Katello a product?  Katello 3.2?
>   Puppet?  Puppet PC1?
>   Puppet Enterprise? Puppet Enterprise 2016.4?  or is the product "Puppet" 
> with repos for the versions?
>
> I am leaning toward:
>
> Product: CentOS 6 (centos-6)
>   Repo: CentOS 6 x86_64 OS - centos-6-x86_64-os = 
> http://mirror.centos.org/centos/6/os/x86_64/
>   Repo: CentOS 6 x86_64 Updates - centos-6-x86_64-updates = 
> http://mirror.centos.org/centos/6/updates/x86_64/
>   - or more generally -
>   Repo: CentOS $major $arch $repo - lower(centos-$major-$arch-$repo) = 
> lower(http://mirror.centos.org/centos/$major/$repo/$arch/)
>
> Product CentOS 7 (centos-7)
>   Repo: CentOS $major $arch $repo - lower(centos-$major-$arch-$repo) = 
> lower(http://mirror.centos.org/centos/$major/$repo/$arch/)
>
> Product EPEL 6 (epel-6)
>   Repo: EPEL $major $arch - lower(epel-$major-$arch) = 
> http://dl.fedoraproject.org/pub/epel/$major/$arch/
>
> Puppet Enterprise (puppet-enterprise)
>   Repo: Puppet Enterprise 3.7.2 EL7 x86_64 - 
> puppet-enterprise-3.7.2-el-7-x86_64 = 
> https://puppet-master:8140/packages/3.7.2/el-7-x86_64
>   Repo: Puppet Enterprise 2016.4 EL7 x86_64 - 
> puppet-enterprise-2016.4-el-7-x86_64 = 
> https://puppet-master:8140/packages/2016.4/el-7-x86_64
>
> Thoughts?
> -Alan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: [Katello] Using an external CA to generate SSL Certificates

2016-11-20 Thread Andrew Schofield 


On Sunday, November 20, 2016 at 12:54:51 PM UTC-5, Danny Kimsey wrote:
>
> External certs don't work correctly. Its an outstanding issue. Somewhere 
> on foreman's issue tracker is a ticket talking about this. I outlined a few 
> things I did, but found out that at least one step breaks another further 
> downstream.
>
> Basically comes down to the fact that Katello needs to build two top-level 
> CAs and use them accordingly one for the "custom" certs and one for the 
> "default" based certs. Until that happens I don't see all the cert issues 
> being resolved correctly.
>
>
We're running Satellite 6.2 with custom certs and everything works (well, 
see the note below!):
 

> For example, I have a working instance after some cert shuffling and root 
> CA updates. But the moment I installed the components for docker image 
> repositories, the $capsule:5000 vhost has the wrong cert chain. 
>

I *suspect* we are hitting this - do you know a BZ or tracker ID? 

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: [Katello] How should RedHat products be accessed behind Corporate firewalls & w/ a proxy?

2016-11-15 Thread Andrew Schofield 
We are using Satellite 6.2 behind our proxy servers without issue. The 
settings which Sean mentions should get you out of trouble.

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: API issues with override_values

2016-10-25 Thread Andrew Schofield 
Hi Jack,

Also see: https://bugzilla.redhat.com/show_bug.cgi?id=1192549 
and http://projects.theforeman.org/issues/17087.

We now run the param through to_json (we're using ruby) then post that. 

We are doing a lot of this. Also, as a gotcha, I see you're trying do a 
match, note that values you want to match against must be in 
override_value_order (hostgroup is by default).

Thanks,
Andrew

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: extending node.rb to query external CMDB

2016-10-09 Thread Andrew Schofield 
I'd use a combination of foreman_hooks and an external process. Changing 
node.rb will be obfuscation at best and you will risk losing your edits on 
an upgrade.

foreman_hooks are great and (generally) work well. Be careful of any update 
hooks you have which trigger and update - you'll find yourself in a 
recursive nightmare (update triggers a hook which makes and update which 
triggers the hook).  Great think about hooks is you can have various 
actions base against what happens to the host. For example, we use a 
destroy hook to clean AD entries and set CMDB entries when a host is 
removed etc.

Personally, to scrape a CMDB and set permissions etc I'd probably look at 
an external API based script and batch this. Just my view...

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Re: [foreman-users] [Katello] freeze particular OS release version and only make errata changes

2016-10-09 Thread Andrew Schofield 
As Sean mentions. When 7.3 is released, the 7.2 repo will still be well, 
7.2. If you're not using 7Server then you don't need to create a filtered 
view (although the general recommendation is to create a filtered view...). 
When 7.3 is released, so will a new RHEL 7 repo 7.3...

On Tuesday, October 4, 2016 at 1:23:41 AM UTC-4, Unix SA wrote:
>
> Hello,
>
> i am using RHEL7.2 repo only ... and i continully sync it for updates till 
> RHEL7.3 release, after RHEL7.3 release, i will freeze RHEL7.2 and keep 
> updating RHEL7.3 and for RHEL7.2, will only add Erratas and bug fixes.
>
> Thanks,
> Dhaval
>
> On Monday, 3 October 2016 17:17:59 UTC+5:30, Sean O'Keeffe wrote:
>>
>> Why not just sync the RHEL7.2 repo and use that in the content view ? I 
>> assume you are currently using the RHEL 7Server repo
>>
>> On Monday, 3 October 2016, Unix SA  wrote:
>>
>>> Hello,
>>>
>>>
>>> I have some requirement so when i am working on RHEL7.2 OS release, i 
>>> sync repos daily night and run some CI jobs and publish and promote CV 
>>> version as per success of jobs.
>>>
>>> now when RHEL7.3 OS is ready to release, i want to freeze sync for 
>>> RHEL7.2 CV and below is what i think i should be doing
>>>
>>> 1) i will create filter with "Include all rmps" and "include all errata 
>>> up to today's date" ... 
>>>
>>> 2) publish CV, and promote it to all life cycle envs 
>>>
>>> 3) now i will start updating 7.3 CV till 7.4 releases .. 
>>>
>>> 4) if any bug fix or erratas comes in, i will "include" that in 7.2 CV 
>>> (filters) and publish.
>>>
>>>
>>>
>>> Now question i have is, when i do step 1 above, is it good step to 
>>> freeze CV? is that CV version will be same as earlier version (before 
>>> filters) ? 
>>>
>>>
>>> Do i need to include "package groups" or it automatically include those ?
>>>
>>>
>>> whenever new erratas come in, i will change "Errata" date or include 
>>> another filter to include errata date to today, and publish CV, when i 
>>> publish CV will it change any RPM version as well ? ( apart from errata? , 
>>> for example kernel rpm version )
>>>
>>>
>>> Does anyone have some better way of doing it?
>>>
>>>
>>> Thanks,
>>> DJ
>>>
>>>
>>>
>>>
>>>
>>>
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Foreman users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to foreman-users+unsubscr...@googlegroups.com.
>>> To post to this group, send email to foreman-users@googlegroups.com.
>>> Visit this group at https://groups.google.com/group/foreman-users.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

[foreman-users] Re: Automated import and export of (JSON) data

2016-09-19 Thread Andrew Schofield 
Maurice, we have this too - I posted here originally (and some time ago!) 
- https://groups.google.com/d/msg/foreman-users/Xn3hAYL95QM/r1D22blTBgAJ

Our script(s):

- create lifecycles / locations / settings etc
- enable / sync RH repos
- create / sync custom repos (and add urls)
- create gpg keys
- create and assign sync plans
- create content view, publish version 1 and promote to all lifecycles
- create activation keys, assign subscriptions
- create / upload provisioning templates, partition tables etc
- creates hostgroups, assigns OSs to them
- allows for provisioning template lifecycle overrides per host groups etc
- sets parameters throughout

It's all heavily structured (and we nest a lot) and the input file is a big 
chunk of yaml. The api scripts are written in (bad) ruby - I'm not really a 
programmer! -  started originally RH professional services.



On Monday, August 15, 2016 at 6:12:35 AM UTC-4, Maurice Mouw wrote:
>
> Hi,
>
> I've been working on a project for a completely automated setup of 
> Foreman, this includes subnets, dns-zones, etc. I will not bore you with 
> the details but i've got this pretty much setup and it works. The company 
> I'm doing this project for uses configuration files that describe what 
> hosts should be setup with what details. I've created a converter for these 
> files that enables me to import this data using the REST API. This again 
> works well no troubles. Now this is basically the initial setup, after the 
> import is done I do not want to use these old configuration files but 
> something structured for example in JSON. So I was thinking of writing a 
> script that extracts all the (JSON) data that I want to a file. Than it 
> needs to be possible to reinstall the Foreman server and import the file 
> again using a script. After the import is done I should basically be able 
> to deploy nodes again as if nothing happened. For now the JSON file should 
> include an organization, multiple locations, multiple hostgroup, multiple 
> subnets, one or more domains, the hosts and all the parameters defined in 
> Foreman. Everything will be linked to a organization.Than my questions:
>
>
>- Is setting up on or more scripts for this a viable way for doing 
>this?
>- Is there more efficient way of doing this (maybe this is easier 
>using the hammer cli or just extracting it out of the database)?
>- Is there anybody out there already doing something similar, if so 
>how?
>- Are there people interested in a setup like this?
>
> I would assume Foreman being written in ruby that this would be the best 
> language to do it in. Unfortunately I'm not very proficient in ruby and 
> will most likely do this in either python or PHP. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Re: [foreman-users] Re: The operating system value changes after first puppet run.

2016-09-16 Thread Andrew Schofield 
Ok, for anybody who is curious.

Doing a PUT to /provisioning_templates/:id with

{"provisioning_template" : {"template_combinations_attributes" : 
[{"hostgroup_id" : "73"}, {"hostgroup_id" : "77"}, {"hostgroup_id" : "81"}, 
{"hostgroup_id" : "85"}]}}

Seems to do this trick.

On Thursday, September 15, 2016 at 9:58:37 PM UTC-4, Andrew Schofield wrote:

> 2 years later and it still doesn't!I've lost a few hours today trying to 
> figure this out!
>
> My next question though is how do we do this via the API? Taking a look at 
> what is generated by foreman:
>
> 2016-09-15T21:46:41 [app] [I] Started PATCH 
> "/templates/provisioning_templates/22-Kickstart%20RHEL%20default" for 
> 127.0.0.1 at 2016-09-15 21:46:41 -0400
>
> 2016-09-15T21:46:42 [app] [I] Processing by 
> ProvisioningTemplatesController#update as */*
>
> 2016-09-15T21:46:42 [app] [I]   Parameters: {"utf8"=>"✓", 
> "authenticity_token"=>"RMIiR7+Dn1xqM8EL0IvjeLwKrFvBGkDm+x36bAU1K5k=", 
> "provisioning_template"=>{"name"=>"Kickstart RHEL default", "default"=>"1", 
> "template"=>"SNIP", "audit_comment"=>"", "snippet"=>"0", 
> "template_kind_id"=>"4", "operatingsystem_ids"=>[""], 
> "template_combinations_attributes"=>{"1473990106406"=>{"hostgroup_id"=>"1", 
> "environment_id"=>"", "_destroy"=>"false"}}, "location_ids"=>["", "1"], 
> "organization_ids"=>["", "2"]}, "preview_host_id"=>"2", "mode"=>"ruby", 
> "keybinding"=>"Default", "id"=>"22-Kickstart RHEL default"}
>
> It *looks* like this might be done via template_combinations_attributes 
> and a PATCH method. Neither of these are documented in the API calls at 
> https://theforeman.org/api/1.12/index.html. Does anybody know? Likewise 
> for assigning a template to an OS...
>
> On Wednesday, July 16, 2014 at 1:16:11 PM UTC-4, Greg Sutcliffe wrote:
>>
>> Good stuff! Yeah, that feature doesn't get enough coverage, and it's 
>> very useful :) 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Re: [foreman-users] Re: The operating system value changes after first puppet run.

2016-09-15 Thread Andrew Schofield 
2 years later and it still doesn't!I've lost a few hours today trying to 
figure this out!

My next question though is how do we do this via the API? Taking a look at 
what is generated by foreman:

2016-09-15T21:46:41 [app] [I] Started PATCH 
"/templates/provisioning_templates/22-Kickstart%20RHEL%20default" for 
127.0.0.1 at 2016-09-15 21:46:41 -0400

2016-09-15T21:46:42 [app] [I] Processing by 
ProvisioningTemplatesController#update as */*

2016-09-15T21:46:42 [app] [I]   Parameters: {"utf8"=>"✓", 
"authenticity_token"=>"RMIiR7+Dn1xqM8EL0IvjeLwKrFvBGkDm+x36bAU1K5k=", 
"provisioning_template"=>{"name"=>"Kickstart RHEL default", "default"=>"1", 
"template"=>"SNIP", "audit_comment"=>"", "snippet"=>"0", 
"template_kind_id"=>"4", "operatingsystem_ids"=>[""], 
"template_combinations_attributes"=>{"1473990106406"=>{"hostgroup_id"=>"1", 
"environment_id"=>"", "_destroy"=>"false"}}, "location_ids"=>["", "1"], 
"organization_ids"=>["", "2"]}, "preview_host_id"=>"2", "mode"=>"ruby", 
"keybinding"=>"Default", "id"=>"22-Kickstart RHEL default"}

It *looks* like this might be done via template_combinations_attributes and 
a PATCH method. Neither of these are documented in the API calls 
at https://theforeman.org/api/1.12/index.html. Does anybody know? Likewise 
for assigning a template to an OS...

On Wednesday, July 16, 2014 at 1:16:11 PM UTC-4, Greg Sutcliffe wrote:
>
> Good stuff! Yeah, that feature doesn't get enough coverage, and it's 
> very useful :) 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.