I am trying to integrate a new Foreman 1.7.1 with a new Chef 12 server.
I've installed them both and I wish to integrate it (https://www.youtube.com/watch?v=mtR0mCeisbs will be my inspiration).
I can't find any good How-to's or documentation regarding the installation and configuration flow.
I now can access my Foreman WebUI but it looks like the foreman-proxy is not right and I can't figure what I need to do 🙁
After running forema-installer I can see a
"Could not find a suitable provider for foreman_smartproxy"
message and my foreman-proxy log says that "No client SSL certificate supplied"
. I have ran the " puppet cert generate " command but nothing made the trick..
More info:
[root@***** tmp]# gem list | grep foreman
/usr/local/lib/ruby/1.9.1/yaml.rb:84:in `<top (required)>':
It seems your ruby installation is missing psych (for YAML output).
To eliminate this warning, please install libyaml and reinstall your ruby.
foreman (0.77.0)
foreman-tasks (0.6.12)
foreman_chef (0.1.1)
[root@***** tmp]# rpm -qa | grep foreman
rubygem-hammer_cli_foreman-0.1.3-1.el6.noarch
foreman-compute-1.7.2-1.el6.noarch
ruby193-rubygem-foreman-mco-0.0.1-3.el6.noarch
foreman-selinux-1.7.2-1.el6.noarch
foreman-proxy-1.7.2-1.el6.noarch
foreman-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_setup-2.1.1-1.el6.noarch
ruby193-rubygem-foreman_column_view-0.2.0-1.el6.noarch
foreman-release-scl-1-1.el6.x86_64
foreman-cli-1.7.2-1.el6.noarch
foreman-vmware-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_templates-1.4.0-2.el6.noarch
ruby193-rubygem-foreman-tasks-0.6.12-2.el6.noarch
ruby193-rubygem-foreman_simplify-0.0.5-1.el6.noarch
ruby193-rubygem-foreman_custom_parameters-0.0.2-1.el6.noarch
foreman-installer-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_bootdisk-4.0.2-1.el6.noarch
ruby193-rubygem-foreman_chef-doc-0.1.1-1.el6.noarch
foreman-postgresql-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_discovery-2.0.0-0.1.rc2.el6.noarch
ruby193-rubygem-foreman_default_hostgroup-3.0.0-1.el6.noarch
foreman-release-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_chef-0.1.1-1.el6.noarch
ruby193-rubygem-foremancli-1.0-6.el6.noarch
[root@***** tmp]# ruby -v
ruby 1.9.3p551 (2014-11-13 revision 48407) [x86_64-linux]
And the Foreman configuration yaml:
---
foreman:
foreman_url: "https://foreman*.BLAH.BLAH"
unattended: true
authentication: true
passenger: true
passenger_scl:
passenger_ruby: /usr/bin/ruby193-ruby
passenger_ruby_package: ruby193-rubygem-passenger-native
use_vhost: true
servername: foreman*.BLAH.BLAH
ssl: true
custom_repo: true
repo: stable
configure_epel_repo: true
configure_scl_repo: true
configure_brightbox_repo: false
selinux:
gpgcheck: true
version: present
db_manage: true
db_type: postgresql
db_adapter:
db_host:
db_port:
db_database:
db_username: foreman
db_password: *****
db_sslmode:
app_root: /usr/share/foreman
user: foreman
group: foreman
user_groups:
- puppet
environment: production
puppet_home: /var/lib/puppet
locations_enabled: false
organizations_enabled: false
passenger_interface: ""
server_ssl_ca: /var/lib/puppet/ssl/certs/ca.pem
server_ssl_chain: /var/lib/puppet/ssl/certs/ca.pem
server_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem
server_ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem
oauth_active: true
oauth_map_users: false
oauth_consumer_key: ****
oauth_consumer_secret: "****"
passenger_prestart: true
passenger_min_instances: "1"
passenger_start_timeout: "600"
admin_username: admin
admin_password: ******
admin_first_name:
admin_last_name:
admin_email:
initial_organization:
initial_location:
ipa_authentication: false
http_keytab: /etc/httpd/conf/http.keytab
pam_service: foreman
configure_ipa_repo: false
ipa_manage_sssd: true
websockets_encrypt: true
websockets_ssl_key:
/var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem
websockets_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem
foreman_proxy:
repo: stable
gpgcheck: true
custom_repo: true
version: present
port: 8443
dir: /usr/share/foreman-proxy
user: foreman-proxy
log: /var/log/foreman-proxy/proxy.log
ssl: true
ssl_ca: /var/lib/puppet/ssl/certs/ca.pem
ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem
ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem
trusted_hosts:
- foreman*.BLAH.BLAH
manage_sudoersd: true
use_sudoersd: true
puppetca: true
ssldir: /var/lib/puppet/ssl
puppetdir: /etc/puppet
autosign_location: /etc/puppet/autosign.conf
puppetca_cmd: "/usr/bin/puppet cert"
puppet_group: puppet
puppetrun: true
puppetrun_cmd: "/usr/bin/puppet kick"
puppetrun_provider: ""
customrun_cmd: /bin/false
customrun_args: "-ay -f -s"
puppetssh_sudo: false
puppetssh_command: "/usr/bin/puppet agent --onetime --no-usecacheonfailure"
puppetssh_user: root
puppetssh_keyfile: /etc/foreman-proxy/id_rsa
puppetssh_wait: false
puppet_user: root
puppet_url: "https://foreman*.BLAH.BLAH:8140"
puppet_ssl_ca: /var/lib/puppet/ssl/certs/ca.pem
puppet_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem
puppet_ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem
puppet_use_environment_api:
tftp: true
tftp_syslinux_root: /usr/share/syslinux
tftp_syslinux_files:
- pxelinux.0
- menu.c32
- chain.c32
- memdisk
tftp_root: /var/lib/tftpboot/
tftp_dirs:
- /var/lib/tftpboot//pxelinux.cfg
- /var/lib/tftpboot//boot
tftp_servername: "*.*.*.*."
dhcp: false
dhcp_managed: true
dhcp_interface: eth0
dhcp_gateway: "*.*.100.1"
dhcp_range: false
dhcp_nameservers: default
dhcp_vendor: isc
dhcp_config: /etc/dhcp/dhcpd.conf
dhcp_leases: /var/lib/dhcpd/dhcpd.leases
dhcp_key_name: ""
dhcp_key_secret: ""
dns: false
dns_managed: true
dns_provider: nsupdate
dns_interface: eth0
dns_zone: BLAH.BLAH
dns_reverse: "100.168.192.in-addr.arpa"
-- press enter/return to continue or q to stop --
dns_server: "127.0.0.1"
dns_ttl: "86400"
dns_tsig_keytab: /etc/foreman-proxy/dns.keytab
dns_tsig_principal: "foremanproxy/foreman*.BLAH.BLAH@BLAH.CO.IL"
dns_forwarders: []
virsh_network: default
bmc: false
bmc_default_provider: ipmitool
realm: false
realm_provider: freeipa
realm_keytab: /etc/foreman-proxy/freeipa.keytab
realm_principal: "realm-proxy@EXAMPLE.COM"
freeipa_remove_dns: true
keyfile: /etc/rndc.key
register_in_foreman: true
foreman_base_url: "https://foreman*.BLAH.BLAH"
registered_name: foreman*.BLAH.BLAH
registered_proxy_url: "https://foreman*.BLAH.BLAH:8443"
oauth_effective_user: admin
oauth_consumer_key: ****************
oauth_consumer_secret: "******"
puppet: false
foreman_cli:
foreman_url:
manage_root_config: true
username:
password:
refresh_cache: false
request_timeout: 120
foreman_plugin_bootdisk: {}
foreman_plugin_chef: {}
foreman_plugin_default_hostgroup: false
foreman_plugin_discovery:
version: latest
source: "http://downloads.theforeman.org/discovery/releases/latest/"
initrd: foreman-discovery-image-latest.el6.iso-img
kernel: foreman-discovery-image-latest.el6.iso-vmlinuz
install_images: false
foreman_plugin_ovirt_provision: false
foreman_plugin_tasks: false
foreman_plugin_hooks: false
foreman_plugin_puppetdb: false
foreman_plugin_setup: {}
foreman_plugin_templates: {}
foreman_compute_ec2: false
foreman_compute_gce: false
foreman_compute_libvirt: false
foreman_compute_openstack: false
foreman_compute_ovirt: false
foreman_compute_rackspace: false
foreman_compute_vmware: {}
foreman_proxy_plugin_pulp: false
Thanks all!
Michael.
Best Answer
first a small warning, Foreman 1.7 and chef integration might be a bit hard to setup and there are limitation (e.g. you can't use https for communication between Foreman and Foreman proxy). This will be much simpler in 1.8 which is in about RC1 stage. So maybe starting with Foreman nightly builds would make it easier for you if it's an option.
If you still want to use 1.7, make sure you have the latest 1.7 minor version, which is currently 1.7.2. Then install foreman_chef plugin (it seems you already did) using foreman-installer. Several manual steps should follow now:
1) install smart_proxy_chef plugin (depending on your platform, it's either rubygem-smart_proxy_chef rpm or ruby-smart-proxy-chef deb (only in nightly repository, but works with 1.7)
2) setup smart_proxy_chef plugin open /etc/foreman-proxy/settings.d/chef.yml and adjust settings to your needs, make sure enabled is set to true
3) restart the smart-proxy
4) refresh smart proxy features in Foreman, you should see Chef among features now
As stated above, smart proxy can't use https to communicate to Foreman in 1.7 unless you also have puppet installed (and client certificate for that proxy in place). So if this is the case, make sure your Foreman url is http and you have smart proxy among trusted host in Foreman setting.
Good news is that I'm working on docs which should cover installation with Foreman 1.8 and Chef 12.
Hope this helps
EDIT: the docs I've mentioned is published at http://www.theforeman.org/plugins/foreman_chef/0.1/