[foreman-users] Re: Migrate from Foreman to Foreman+Katello
Same boat here. Seems to be a lack of docs on that for some reason... Pretty excited to get that integration going! Both projects have come so far!! On Friday, October 14, 2016 at 5:36:35 PM UTC-4, steved0ca wrote: > > Hello, > > It looks like it is not possible to add Katello to an existing Foreman > installation. http://projects.theforeman.org/issues/7605 > > Are there any recommended methods of migrating from an existing Foreman > only install, to a fresh Foreman+Katello installation? The puppet modules > and existing puppet certificates should be easy enough to copy over, but > what about my templates/hosts/host groups etc? Any way I can dump this data > and import it into the new host? > > Thanks, > Steve > > > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] Upgrade Failure on db:migrate v1.7.5 to 1.13 - what now?
Greetings! Updating to the latest and greatest foreman - following the outstanding online documentation and received the following error (please note paste is with --trace option): [root@%FOREMANSERVER-EDITED% ~]# foreman-rake db:migrate --trace ** Invoke db:migrate (first_time) ** Invoke environment (first_time) ** Execute environment ** Invoke db:load_config (first_time) ** Execute db:load_config ** Execute db:migrate == 20150508124600 CopyUnmanagedHostsToInterfaces: migrating === -- Migrating Unmanaged Host interfaces to standalone Interfaces -- ... migrating %DBSERVER-EDITED% rake aborted! StandardError: An error has occurred, all later migrations canceled: undefined local variable or method `ip6' for #/opt/rh/sclo-ror42/root/usr/share/gems/gems/activemodel-4.2.5.1/lib/active_model/attribute_methods.rb:433:in `method_missing' /usr/share/foreman/app/models/nic/interface.rb:92:in `normalize_ip' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/ active_support/callbacks.rb:432:in `block in make_lambda' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:164:in `call' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:164:in `block in halting' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/ active_support/callbacks.rb:504:in `call' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:504:in `block in call' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:504:in `each' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/ active_support/callbacks.rb:504:in `call' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:92:in `__run_callbacks__' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:778:in `_run_validation_callbacks' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activemodel-4.2.5.1/lib/ active_model/validations/callbacks.rb:113:in `run_validations!' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activemodel-4.2.5.1/lib/active_model/validations.rb:338:in `valid?' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/validations.rb:58:in `valid?' /usr/share/foreman/app/models/concerns/orchestration.rb:77:in `valid?' /usr/share/foreman/db/migrate/20150508124600_copy_unmanaged_hosts_to_interfaces.rb:27:in `block in up' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/relation/delegation.rb:46:in `each' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/ active_record/relation/delegation.rb:46:in `each' /usr/share/foreman/db/migrate/20150508124600_copy_unmanaged_hosts_to_interfaces.rb:21:in `up' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/migration.rb:611:in `exec_migration' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/ active_record/migration.rb:592:in `block (2 levels) in migrate' /opt/rh/rh-ruby22/root/usr/share/ruby/benchmark.rb:288:in `measure' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/migration.rb:591:in `block in migrate' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/ active_record/connection_adapters/abstract/connection_pool.rb:292:in `with_connection' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/migration.rb:590:in `migrate' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/migration.rb:768:in `migrate' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/ active_record/migration.rb:998:in `block in execute_migration_in_transaction' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/migration.rb:1046:in `ddl_transaction' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/migration.rb:997:in `execute_migration_in_transaction' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/ active_record/migration.rb:959:in `block in migrate' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/migration.rb:955:in `each' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/migration.rb:955:in `migrate' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/ active_record/migration.rb:823:in `up' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/migration.rb:801:in `migrate' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/tasks/database_tasks.rb:137:in `migrate' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/ active_record/railties/databases.rake:44:in `block (2 levels) in '
Re: [foreman-users] Puppet ca proxy ssl issues
Thanks for the info. I was able to setup the new puppetmaster/ca/tftp proxy by doing this: 1. I generated the first set of certs for the proxy server on the full installation foreman server with the command 'puppet cert generate new-proxy-server.example.com' 2. Ran a puppetmaster/ca/tftp install on the new proxy server: foreman-installer \ --no-enable-foreman \ --no-enable-foreman-cli \ --no-enable-foreman-plugin-bootdisk \ --no-enable-foreman-plugin-setup \ --enable-puppet \ --puppet-server-ca=true \ --puppet-server-foreman-url=https://foreman-server.example.com \ --enable-foreman-proxy \ --foreman-proxy-puppetca=true \ --foreman-proxy-tftp=true \ --foreman-proxy-foreman-base-url=https://foreman-server.example.com \ --foreman-proxy-trusted-hosts=foreman-server.example.com \ --foreman-proxy-oauth-consumer-key=** \ --foreman-proxy-oauth-consumer-secret=* **This will fail because the generated certs have not been copied over yet** 3. Created a new ssl certs directory @ /etc/puppetlabs/puppet/ssl/proxy on the proxy server 4. Copied the generated certs from step 1 to /etc/puppetlabs/puppet/ssl/proxy/certs||private_keys respectively 5. Edited /etc/foreman-proxy/settings.yml and /etc/puppetlabs/puppet/foreman.yaml to point to the certs in the /etc/puppetlabs/puppet/ssl/proxy/ directory 6. Manually added the smart proxy from the Foreman UI I can now import classes from the new proxy and run puppet on the new proxy server without any errors. Thanks! On Monday, October 17, 2016 at 2:44:17 AM UTC-7, Matt wrote: > > I would not count on the installer here. > > If the packages are installed just do it manually, set your ca in your > puppet.conf and go from there, do a run, sign and done. > > The installer is too complex or fails here if you ask me. > > > Op maandag 17 oktober 2016 09:56:28 UTC+2 schreef Dominic Cleal: >> >> On 15/10/16 00:33, Jack Watroba wrote: >> > I've been trying to setup a foreman installation with a separate >> > puppetmaster/puppetca host. I've installed a full foreman installation >> > on one server, and then followed the instructions from the "Setting up >> > Foreman with external Puppet masters" section of the documentation, >> > including generating ssl certs on the original server and copying them >> > over to the new proxy server. If I follow those directions, I can setup >> > an external puppetmaster that works fine, but if I want to also make >> > that into a puppetca server by setting: 'puppet-server-ca=true' and >> > 'foreman-proxy-puppetca=true', then I run into ssl errors when >> > attempting to import classes from the puppet proxy/ca server, or even >> > just running 'puppet agent -t' on the puppetmaster/ca proxy server. >> > >> > The error in the proxy.log on the proxy server is: >> > "[2016-10-14T22:11:25.305337 #3733] ERROR -- : Failed to list puppet >> > environments: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read >> > finished A" >> > >> > Are there additional steps that I need to take in regards to the ssl >> > certificates in order to make this work? >> >> Ensure you separate the two sets of SSL certificates (and CAs) and have >> the correct settings pointing to the correct set of certs. It sounds >> like they may be muddled. >> >> /etc/foreman-proxy/settings.d/puppet_proxy_puppet_api.yml must reference >> the certificates used to access the local Puppet master, while >> /etc/foreman-proxy/settings.yml must instead reference the certs used by >> your Foreman installation to communicate with the smart proxy. >> >> -- >> Dominic Cleal >> dom...@cleal.org >> > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] Re: Officially Unofficial Foreman 1.13 on EL6 Now Available
Good work from the Red Hat Devs again! Good teamwork guys! Cheers, Matt Op dinsdag 18 oktober 2016 00:10:28 UTC+2 schreef Eric Helms: > > All, > > Given that Foreman has officially dropped EL6 support for 1.13, we are > providing a set of EL6 builds for existing Foreman users as well as Katello > users who may not have been aware of the impending support drop. The builds > are being hosted with Katello's repositories and are signed by the Katello > GPG key. This includes an EL6 plugins repository as well (although, like > usual, they are not signed). > > We will be working to ensure that for each Foreman z-stream release, we > will rebuild the EL6 repositories with the updates and provide them within > a few days of the official Foreman release. > > Known Issues: > > Base Foreman installation will fail with a TFTP error that will ideally be > fixed by having [1] included in Foreman 1.13.1. > > We do not plan to build and support Foreman 1.14 and beyond on EL6 which > also means Katello will be moving off EL6 then as well. So please consider > planning a migration strategy to continue getting updates if you are on > EL6. The Katello team will be working to build out a migration path and > strategy to ensure there is a supported path to go from EL6 to El7. If you > have questions or concerns please reach out to us so we can help with this > effort. > > For Katello 3.2 RC users, expect an EL6 Katello build to follow in the > next few days. > > > Thanks, > Eric > > > [1] https://github.com/theforeman/puppet-foreman_proxy/pull/293 > > > -- > Eric D. Helms > Red Hat Engineering > > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] Officially Unofficial Foreman 1.13 on EL6 Now Available
All, Given that Foreman has officially dropped EL6 support for 1.13, we are providing a set of EL6 builds for existing Foreman users as well as Katello users who may not have been aware of the impending support drop. The builds are being hosted with Katello's repositories and are signed by the Katello GPG key. This includes an EL6 plugins repository as well (although, like usual, they are not signed). We will be working to ensure that for each Foreman z-stream release, we will rebuild the EL6 repositories with the updates and provide them within a few days of the official Foreman release. Known Issues: Base Foreman installation will fail with a TFTP error that will ideally be fixed by having [1] included in Foreman 1.13.1. We do not plan to build and support Foreman 1.14 and beyond on EL6 which also means Katello will be moving off EL6 then as well. So please consider planning a migration strategy to continue getting updates if you are on EL6. The Katello team will be working to build out a migration path and strategy to ensure there is a supported path to go from EL6 to El7. If you have questions or concerns please reach out to us so we can help with this effort. For Katello 3.2 RC users, expect an EL6 Katello build to follow in the next few days. Thanks, Eric [1] https://github.com/theforeman/puppet-foreman_proxy/pull/293 -- Eric D. Helms Red Hat Engineering -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Duplicate declaration error.
On Monday, October 17, 2016 at 2:53:12 AM UTC-5, Dominic Cleal wrote: > > On 14/10/16 22:54, re-g...@wiu.edu wrote: > > In this thread you are discussing an intentional declaration. > > But in my issue (see my puppet-user thread) the declaration is > > unintentional. > > And we think that under uncommon circumstances we cannot determine, The > > Foreman as ENC causes the rsyslog::client subclass to be declared before > > the rsyslog class. > > > > Not only is it unintentional, but my specific environment (1 primary and > > 3 secondary masters puppet servers with The Foreman Proxy) shows that it > > can happen on one secondary-node, and not at all on another > > secondary-master. And then hours later this scenario can flip. And at > > the same time a third secondary-master puppet server under The Foreman > > Proxy server does not ever experience the issue. > > > > The issue is never experienced with the primary-master puppet server, to > > which is also the primary The Foreman server. > > So perhaps it points to an issue with a The Foreman Proxy server? ... I > > do not know. > > > > > > Having subclasses declared before the parent class seems to not be an > > issue with many other puppet modules. So that points at an issue with > > the saz-rsyslog module - to which I submitted an issue with the > > puppet-module author. > > > > However, looking back at The Foreman, I wonder if it is not the > > intention that The Foreman as ENC would under these undetermined > > circumstances declare a subclass before the parent class, and then 8-12 > > hours later change to have the parent class declared before the > > subclass. Something is causing that subclass to be declared first in the > > catalog, and that cause may be independent to The Foreman alone - after > > tracing out the results I have experienced. > > This is an issue with the format of the ENC YAML used between Foreman > and Puppet, and is best fixed in the module. > > The list of classes is given as a hash/dictionary and so has no > particular order defined - it's down to the Puppet master/server to > iterate over it, and it probably does so in no particular order. It > isn't under Foreman's control. > > -- > Dominic Cleal > dom...@cleal.org > Thank you for your answer. I was incorrect in thinking The Foreman was used to assemble the resulting catalog given to the puppet agent. Instead The Foreman provides a YAML ENC output that the puppet server reads in to assemble the puppet catalog given to the agent. I found both the ENC output and the Catalog output files on the Foreman/Puppet servers, which led me to a conclusion. I have confirmed that the The Foreman, and The Foreman Proxy are outputting the exact same ENC yaml. But the Primary master puppet server and the Secondary master puppet server are creating catalogs that are not the same. The classes are not in the same order on the secondary puppet master as it is in the primary puppet master. I have posted my findings in this thread: https://groups.google.com/d/topic/puppet-users/0JHrMGuo8YQ/discussion -RG -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] custom fact packages does not show up in a column
Hi All,
I setup a custom fact to display the list of packages. It displays nicely
with a facter command, but does not show up
right in the foreman gui. Any suggestion how to fix the view?
# facter -p packages
[root@ip-172-31-7-124 ~]# facter -p packages
tfm-rubygem-passenger-native-libs 4.0.18-9.11.el7
gnutls 3.3.8-14.el7_2
filesystem 3.2-20.el7
ntpdate 4.2.6p5-22.el7.centos.2
net-tools 2.0-0.17.20131004git.el7
libndp 1.2-4.el7
tzdata 2016a-1.el7
libtiff 4.0.3-14.el7
xz-libs 5.1.2-12alpha.el7
jansson 2.4-6.el7
libsepol 2.1.9-3.el7
cloud-init 0.7.5-10.el7.centos.1
info 5.1-4.el7
popt 1.13-16.el7
kernel 3.10.0-327.10.1.el7
nss-util 3.19.1-4.el7_1
tuned 2.5.1-4.el7_2.2
gawk 4.0.2-4.el7
chrony 2.1.1-1.el7.centos
sqlite 3.7.17-8.el7
parted 3.1-23.el7
libffi 3.0.13-16.el7
selinux-policy-targeted 3.13.1-60.el7_2.3
libattr 2.4.46-12.el7
passwd 0.79-4.el7
libnl3 3.2.21-10.el7
tar 1.26-29.el7
lua 5.1.4-14.el7
puppetlabs-release-pc1 1.1.0-2.el7
libcap-ng 0.7.5-4.el7
gpg-pubkey 7dfe6fc2-57cd589f
findutils 4.5.11-5.el7
ruby-libs 2.0.0.598-25.el7_1
file 5.11-31.el7
rubygem-bigdecimal 1.2.0-25.el7_1
nss-softokn 3.16.2.3-13.el7_1
rubygems 2.0.14-25.el7_1
libgomp 4.8.5-4.el7
rubygem-multi_json 1.10.1-3.el7
libedit 3.0-12.20121213cvs.el7
rubygem-kafo_parsers 0.1.2-1.el7
slang 2.2.4-11.el7
foreman-selinux 1.13.0-1.el7
libdaemon 0.14-7.el7
centos-release-scl 2-2.el7.centos
ethtool 3.15-2.el7
rh-ruby22-runtime 2.0-6.sc1.el7
dmidecode 2.12-9.el7
rh-ruby22-rubygem-psych 2.0.8-12.el7
less 458-9.el7
rh-ruby22-rubygems 2.4.5-12.el7
vim-minimal 7.4.160-1.el7
sclo-ror42-rubygem-rack 1.6.2-2.el7
tcp_wrappers 7.6-77.el7
tfm-rubygem-net-ldap 0.15.0-1.el7
mozjs17 17.0.0-12.el7
sclo-ror42-rubygem-i18n 0.7.0-3.el7
kmod-libs 20-5.el7
sclo-ror42-rubygem-tzinfo 1.2.2-2.el7
krb5-libs 1.13.2-10.el7
tfm-rubygem-ruby2ruby 2.1.3-4.el7
python-libs 2.7.5-34.el7
tfm-rubygem-little-plugger 1.1.3-21.el7
cracklib 2.9.0-11.el7
tfm-rubygem-http-cookie 1.0.2-1.el7
dbus-python 1.1.1-9.el7
foreman gui: (attached png)
Here is the script I used to generate the fact
(using the code
from http://www.uberobert.com/puppet-facts-with-package-versions/)
# cat lib/facter/packages.rb
version = Facter::Util::Resolution.exec("rpm -qa --queryformat '[%{NAME}
%{VERSION}-%{RELEASE}\n]'")
Facter.add(:packages) do
setcode do
packages = {}
version.each_line do |package|
package_name = "#{package.split[0]}".gsub('-','_')
package_version = "#{package.split[1]}"
packages[package_name] = package_version
end
end
end
Any suggestion on a fix is really appreciated!
Thanks
--
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
[foreman-users] [Event] FOSDEM 2017 & CfgMgmtCamp Ghent - call for papers
Hi all Firstly, apologies for the cross-post - both user stories and development talks are welcome for these CFPs, so it's relevant to both lists. # FOSDEM - 4 & 5th Feb 2017 The call-for-papers for FOSDEM 17 is now available. As with previous years, there's both a Configuration Management track and a Virtualization track - various things from the Foreman community might be relevant in either track. You can find the CFPs at: CfgMgmt: https://lists.fosdem.org/pipermail/fosdem/2016-October/002459.html Virt/IaaS: http://www.ovirt.org/blog/2016/10/call-for-proposal-fosdem-2017/ Should you wish to submit to other rooms, the full list is at: https://fosdem.org/2017/news/2016-10-10-accepted-developer-rooms/ Submissions are due by Nov 18th # CfgMgmtCamp Ghent - 6th & 7th Feb 2017 CfgMgmtCamp is happening again in Ghent this year, and we're delighted to be a part of it again - and the CFP is now open! This year we're going for "tags" on the submissions, and we'll build the tracks out of the popular tags - so be sure to tick Foreman when submitting :) https://docs.google.com/forms/d/e/1FAIpQLSeAMyDhrz4Z-xcSvCIroDoA1EKy-FhWIRwg8CEwjB1Lt9GM_g/viewform?c=0=1 Submissions are due by Nov 15th Looking forward to seeing you all there! Greg -- Greg Sutcliffe IRC: gwmngilfen -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] Problem with Google Compute plugin
Hello, I'm wondering if anyone else has noticed this problem too, or has a workaround? I'm trying to create a new host via GCE compute resource. If I enable External IP option in VM tab, I'm getting: "Invalid value for field 'resource.networkInterfaces[0].accessConfigs[0]': ''. Specified external IP address not found." This is also reported in http://projects.theforeman.org/issues/14132 Anurag -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Cannot import Modules/Classes on 1.12 with Puppet 4
Hi Greg,
I wasn't sure about them, here they are:
# tree /etc/puppetlabs/code/environments -d -L 3
/etc/puppetlabs/code/environments
├── common
│ ├── accounts
│ │ ├── files
│ │ ├── lib
│ │ ├── manifests
│ │ ├── spec
│ │ └── templates
│ ├── apache
│ │ ├── files
│ │ ├── manifests
│ │ └── templates
│ ├── apt
│ │ ├── lib
│ │ ├── manifests
│ │ ├── spec
│ │ ├── templates
│ │ └── tests
│ ├── stdlib
│ │ ├── examples
│ │ ├── lib
│ │ ├── manifests
│ │ └── spec
│ ├── tests
│ │ ├── manifests
│ │ └── templates
│ ├── timezone
│ │ ├── manifests
│ │ ├── spec
│ │ └── tests
│ ├── vscrepo
│ │ ├── examples
│ │ ├── lib
│ │ └── spec
│ └── yum
│ ├── manifests
│ ├── spec
│ └── tests
├── development
│ ├── manifests
│ └── modules
└── production
puppet.conf:
# cat /etc/puppetlabs/puppet/puppet.conf
### File managed with puppet ###
## Module: 'puppet'
[main]
# Where Puppet's general dynamic and/or growing data is kept
vardir = /opt/puppetlabs/puppet/cache
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppetlabs/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppetlabs
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = /etc/puppetlabs/puppet/ssl
# Allow services in the 'puppet' group to access key (Foreman + proxy)
privatekeydir = $ssldir/private_keys { group = service }
hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
show_diff = false
log_level = debug
## Server config
reports = foreman,puppetdb
environmentpath = /etc/puppetlabs/code/environments
basemodulepath = /etc/puppetlabs/code/environments/common:/etc/
puppetlabs/code/modules:/usr/share/puppet/modules
hiera_config = $confdir/hiera.yaml
### Next part of the file is managed by a different template ###
## Module: 'puppet'
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuration. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$statedir/classes.txt'.
classfile = $statedir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
# Disable the default schedules as they cause continual skipped
# resources to be displayed in Foreman - only for Puppet >= 3.4
default_schedules = false
report= true
pluginsync= true
masterport= 8140
#environment = production
certname = foreman-01.my.domain
server= foreman.my.domain
listen= false
splay = false
splaylimit= 1800
runinterval = 1800
noop = false
usecacheonfailure = true
ca_server = puppetca.my.domain
### Next part of the file is managed by a different template ###
## Module: 'puppet'
[master]
#autosign = /etc/puppetlabs/puppet/autosign.conf { mode = 0664 }
external_nodes = /etc/puppetlabs/puppet/node.rb
node_terminus = exec
ca = false
ssldir = /etc/puppetlabs/puppet/ssl
certname = foreman-01.my.domain
parser = current
ca_server = puppetca.my.domain
strict_variables = false
#pluginsync = true
storeconfigs = true
storeconfigs_backend = puppetdb
log_level = debug
reports = foreman
# environmentpath=/etc/puppetlabs/code/environments
Op maandag 17 oktober 2016 10:04:11 UTC+2 schreef Greg Sutcliffe:
>
> It's hard to say what might be happening without seeing the structure. Can
> you share your puppet.conf on the master, and the output of "tree
> /etc/puppetlabs/code/environments -d -L 3"?
>
--
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Cannot import Modules/Classes on 1.12 with Puppet 4
It's hard to say what might be happening without seeing the structure. Can you share your puppet.conf on the master, and the output of "tree /etc/puppetlabs/code/environments -d -L 3"? -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Puppet ca proxy ssl issues
On 15/10/16 00:33, Jack Watroba wrote: > I've been trying to setup a foreman installation with a separate > puppetmaster/puppetca host. I've installed a full foreman installation > on one server, and then followed the instructions from the "Setting up > Foreman with external Puppet masters" section of the documentation, > including generating ssl certs on the original server and copying them > over to the new proxy server. If I follow those directions, I can setup > an external puppetmaster that works fine, but if I want to also make > that into a puppetca server by setting: 'puppet-server-ca=true' and > 'foreman-proxy-puppetca=true', then I run into ssl errors when > attempting to import classes from the puppet proxy/ca server, or even > just running 'puppet agent -t' on the puppetmaster/ca proxy server. > > The error in the proxy.log on the proxy server is: > "[2016-10-14T22:11:25.305337 #3733] ERROR -- : Failed to list puppet > environments: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read > finished A" > > Are there additional steps that I need to take in regards to the ssl > certificates in order to make this work? Ensure you separate the two sets of SSL certificates (and CAs) and have the correct settings pointing to the correct set of certs. It sounds like they may be muddled. /etc/foreman-proxy/settings.d/puppet_proxy_puppet_api.yml must reference the certificates used to access the local Puppet master, while /etc/foreman-proxy/settings.yml must instead reference the certs used by your Foreman installation to communicate with the smart proxy. -- Dominic Cleal domi...@cleal.org -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] API to Get Hosts with "configuration_status_label=Active"
On 17/10/16 04:25, Amrit Atmajit wrote: > Thanks Dominic, > > This search option is a proper approach to get active hosts rather than > "configuration_status_label=Active". > > But adding to Vishal's query, our requirement is to list the active > hosts along with their facts values (like, hostname, macaddress, > manufacturer, etc.) using a single api. Foreman doesn't have many APIs that try to combine things, you should use multiple API calls. > API we are using to list all hosts and their facts values is: > "/api/fact_values" > > We can add an external facts value to this api which will provide us > last_report > "35 minutes ago" . > But, we are not sure how to get this value. These searches will only work on the hosts list, the fact_values API has a more limited ability to search details of hosts. Fetch the list of hosts using /api/v2/hosts, then query the facts for each one in turn with GET /api/v2/hosts/example.com/facts. -- Dominic Cleal domi...@cleal.org -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
