Fleet Management
WARNING
This page is work in progress. Related issue: #41
foreman-katello installation
Base OS: Alma Linux 9.4
Minimum Requirements for Foreman:
- 4 CPU
- 24 GB RAM
- 200 GB HD (or more, depends on how many and what repositories are mirrored)
Repositories: /etc/yum.repos.d/foreman.repo
[foreman]
name=Foreman 3.14
baseurl=https://yum.theforeman.org/releases/3.14/el9/$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-foreman
[foreman-source]
name=Foreman 3.14 - source
baseurl=https://yum.theforeman.org/releases/3.14/el9/source
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-foreman(maybe: dnf install foreman-release)
/etc/yum.repos.d/foreman-plugins.repo
[foreman-plugins]
name=Foreman plugins 3.14
baseurl=https://yum.theforeman.org/plugins/3.14/el9/$basearch
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-foreman
[foreman-plugins-source]
name=Foreman plugins 3.14 - source
baseurl=https://yum.theforeman.org/plugins/3.14/el9/source
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-foreman/etc/yum.repos.d/katello.repo
# Place this file in your /etc/yum.repos.d/ directory
[katello]
name=Katello 4.16
baseurl=https://yum.theforeman.org/katello/4.16/katello/el9/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-foreman
enabled=1
gpgcheck=1
# Candlepin RPMs as supported by Katello - This is a coordinated
# copy of Candlepin's packages in order to ensure compatibility
[candlepin]
name=Candlepin: an open source entitlement management system.
baseurl=https://yum.theforeman.org/candlepin/4.4/el9/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-candlepin
enabled=1
gpgcheck=1
[pulpcore]
name=pulpcore: Fetch, Upload, Organize, and Distribute Software Packages.
baseurl=https://yum.theforeman.org/pulpcore/3.63/el9/$basearch/
gpgkey=https://yum.theforeman.org/pulpcore/3.63/GPG-RPM-KEY-pulpcore
enabled=1
gpgcheck=1
# source repositories
[katello-source]
name=Katello 4.16 Source
baseurl=https://yum.theforeman.org/katello/4.16/katello/el9/source/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-foreman
enabled=0
gpgcheck=1
[candlepin-source]
name=Katello Candlepin source
baseurl=https://yum.theforeman.org/candlepin/4.16/el9/source/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-candlepin
enabled=0
gpgcheck=1
[pulpcore-source]
name=pulpcore source
baseurl=https://yum.theforeman.org/pulpcore/3.63/el9/source/
gpgkey=https://yum.theforeman.org/pulpcore/3.63/GPG-RPM-KEY-pulpcore
enabled=0
gpgcheck=1or just install the RPMs:
dnf install https://yum.theforeman.org/releases/3.14/el9/x86_64/foreman-release.rpm
dnf install https://yum.theforeman.org/katello/4.16/katello/el9/x86_64/katello-repos-latest.rpmadditionally: dnf install https://yum.puppet.com/puppet8-release-el-9.noarch.rpm
Updating Package cache: dnf makecache
installation foreman-katello
(as root)
dnf install foreman-installer-katelloNow install + configure foreman + katello:
(as root)
foreman-installer \
--scenario katello \
--tuning development \
--skip-checks-i-know-better \
--foreman-initial-organization=Training \
--foreman-initial-location=Hypervisor \
--foreman-initial-admin-username admin \
--foreman-initial-admin-password=s3cr3t \
--foreman-proxy-content-enable-ostree=true \
--enable-foreman-plugin-webhooks \
--enable-foreman-proxy-plugin-shellhooks \
--enable-foreman-plugin-templates \
--enable-puppet \
--puppet-server=true \
--enable-foreman-plugin-puppet \
--foreman-proxy-puppet=true \
--foreman-proxy-puppetca=true \
--enable-foreman-cli-puppet \
--enable-foreman-plugin-ansible \
--enable-foreman-proxy-plugin-ansible \
--enable-foreman-cli-ansible \
--foreman-proxy-plugin-remote-execution-script-mode=pull-mqtt \
--enable-foreman-plugin-salt \
--enable-foreman-proxy-plugin-saltFor this PoC we do not need DNS, TFTP nor DHCP, so do not activate it.
Now it needs some time. foreman-katello will be installed, configured and started.
Check output for errors. If you encounter some errors, read them, understand them and fix them. You can omit errors regarding sssd_kcm.
foreman is installed and setup is completed.
Now we need to configure some stuff.
Create Repository
Initially foreman only knows Alma Linux and you only can create hosts of OS type "Alma Linux". You have to create a new content.
In WebUI go to "content > products" and click on "create product".
Fill out the form. The name automatically fills the "label" field. Any other fields are optional. Fill them if needed or known. Klick Save at the bottom of the form.
Now add the repository you want to clone. Click on "New Repository". The Name field will fill the labal field, too. choose the type at the bottom and fill the fields Upstream-URL and any needed field, too. For an OSTree Repository choose "ostree".
preparing puppet master/foreman
hammer puppet-environment create \
--organizations Training \
--locations Hypervisor \
--name managementhammer proxy import-classes \
--puppet-environment production \
--location Hypervisor \
--organization Training \
--name fleet.testing.eu-os.eu
hammer proxy import-classes \
--puppet-environemt management \
--location Hypervisor \
--organization Training \
--name fleet.testing.eu-os.euCheck if directories "management" and "production" exists in /etc/puppetlabs/code/environments If not, create them.
mkdir /etc/puppetlabs/code/environments/{production,management}Add new environment "management" in katello:
hammer host update \
--name fleet.testing.eu-os-eu \
--puppet-environment managementRegister Clients
on client side
Install puppet yum repo: dnf install https://yum.puppet.com/puppet8-release-el-9.noarch.rpm && dnf makecache
puppet agent has to be installed first by dnf install puppet-agent
in file /etc/puppet/puppet.conf:
[main]
server = fleet.testing.eu-os.euUse the FQDN of your foreman/puppet server
registering client in puppet master/foreman
command puppet ssl bootstrap waitforcert 120 creates a SSL certificate. The certificate needs to be signed by puppet master.
on puppet master/foreman
puppetserver ca sign --certname <hostname>