Integrating Foreman 1.7.1 with Chef12

I am trying to integrate a new Foreman 1.7.1 with a new Chef 12 server.

I've installed them both and I wish to integrate it (https://www.youtube.com/watch?v=mtR0mCeisbs will be my inspiration).

I can't find any good How-to's or documentation regarding the installation and configuration flow.

I now can access my Foreman WebUI but it looks like the foreman-proxy is not right and I can't figure what I need to do 🙁

After running forema-installer I can see a

"Could not find a suitable provider for foreman_smartproxy"

message and my foreman-proxy log says that "No client SSL certificate supplied". I have ran the " puppet cert generate " command but nothing made the trick..

More info:

[root@***** tmp]# gem list | grep foreman
/usr/local/lib/ruby/1.9.1/yaml.rb:84:in `<top (required)>':
It seems your ruby installation is missing psych (for YAML output).
To eliminate this warning, please install libyaml and reinstall your ruby.
foreman (0.77.0)
foreman-tasks (0.6.12)
foreman_chef (0.1.1)



[root@***** tmp]# rpm -qa | grep foreman
rubygem-hammer_cli_foreman-0.1.3-1.el6.noarch
foreman-compute-1.7.2-1.el6.noarch
ruby193-rubygem-foreman-mco-0.0.1-3.el6.noarch
foreman-selinux-1.7.2-1.el6.noarch
foreman-proxy-1.7.2-1.el6.noarch
foreman-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_setup-2.1.1-1.el6.noarch
ruby193-rubygem-foreman_column_view-0.2.0-1.el6.noarch
foreman-release-scl-1-1.el6.x86_64
foreman-cli-1.7.2-1.el6.noarch
foreman-vmware-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_templates-1.4.0-2.el6.noarch
ruby193-rubygem-foreman-tasks-0.6.12-2.el6.noarch
ruby193-rubygem-foreman_simplify-0.0.5-1.el6.noarch
ruby193-rubygem-foreman_custom_parameters-0.0.2-1.el6.noarch
foreman-installer-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_bootdisk-4.0.2-1.el6.noarch
ruby193-rubygem-foreman_chef-doc-0.1.1-1.el6.noarch
foreman-postgresql-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_discovery-2.0.0-0.1.rc2.el6.noarch
ruby193-rubygem-foreman_default_hostgroup-3.0.0-1.el6.noarch
foreman-release-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_chef-0.1.1-1.el6.noarch
ruby193-rubygem-foremancli-1.0-6.el6.noarch




[root@***** tmp]# ruby -v
ruby 1.9.3p551 (2014-11-13 revision 48407) [x86_64-linux]

And the Foreman configuration yaml:

--- 
  foreman: 
    foreman_url: "https://foreman*.BLAH.BLAH"
    unattended: true
    authentication: true
    passenger: true
    passenger_scl: 
    passenger_ruby: /usr/bin/ruby193-ruby
    passenger_ruby_package: ruby193-rubygem-passenger-native
    use_vhost: true
    servername: foreman*.BLAH.BLAH
    ssl: true
    custom_repo: true
    repo: stable
    configure_epel_repo: true
    configure_scl_repo: true
    configure_brightbox_repo: false
    selinux: 
    gpgcheck: true
    version: present
    db_manage: true
    db_type: postgresql
    db_adapter: 
    db_host: 
    db_port: 
    db_database: 
    db_username: foreman
    db_password: *****
    db_sslmode: 
    app_root: /usr/share/foreman
    user: foreman
    group: foreman
    user_groups: 
      - puppet
    environment: production
    puppet_home: /var/lib/puppet
    locations_enabled: false
    organizations_enabled: false
    passenger_interface: ""
    server_ssl_ca: /var/lib/puppet/ssl/certs/ca.pem
    server_ssl_chain: /var/lib/puppet/ssl/certs/ca.pem
    server_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem
    server_ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem
    oauth_active: true
    oauth_map_users: false
    oauth_consumer_key: ****
    oauth_consumer_secret: "****"
    passenger_prestart: true
    passenger_min_instances: "1"
    passenger_start_timeout: "600"
    admin_username: admin
    admin_password: ******
    admin_first_name: 
    admin_last_name: 
    admin_email: 
    initial_organization: 
    initial_location: 
    ipa_authentication: false
    http_keytab: /etc/httpd/conf/http.keytab
    pam_service: foreman
    configure_ipa_repo: false
    ipa_manage_sssd: true
    websockets_encrypt: true
    websockets_ssl_key:
/var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem
    websockets_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem
  foreman_proxy: 
  repo: stable
    gpgcheck: true
    custom_repo: true
    version: present
    port: 8443
    dir: /usr/share/foreman-proxy
    user: foreman-proxy
    log: /var/log/foreman-proxy/proxy.log
    ssl: true
    ssl_ca: /var/lib/puppet/ssl/certs/ca.pem
    ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem
    ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem
    trusted_hosts: 
      - foreman*.BLAH.BLAH
    manage_sudoersd: true
    use_sudoersd: true
    puppetca: true
    ssldir: /var/lib/puppet/ssl
    puppetdir: /etc/puppet
    autosign_location: /etc/puppet/autosign.conf
    puppetca_cmd: "/usr/bin/puppet cert"
    puppet_group: puppet
    puppetrun: true
    puppetrun_cmd: "/usr/bin/puppet kick"
    puppetrun_provider: ""
    customrun_cmd: /bin/false
    customrun_args: "-ay -f -s"
    puppetssh_sudo: false
    puppetssh_command: "/usr/bin/puppet agent --onetime --no-usecacheonfailure"
    puppetssh_user: root
    puppetssh_keyfile: /etc/foreman-proxy/id_rsa
    puppetssh_wait: false
    puppet_user: root
    puppet_url: "https://foreman*.BLAH.BLAH:8140"
    puppet_ssl_ca: /var/lib/puppet/ssl/certs/ca.pem
    puppet_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem
    puppet_ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem
    puppet_use_environment_api: 
    tftp: true
    tftp_syslinux_root: /usr/share/syslinux
    tftp_syslinux_files: 
      - pxelinux.0
      - menu.c32
      - chain.c32
      - memdisk
    tftp_root: /var/lib/tftpboot/
    tftp_dirs: 
      - /var/lib/tftpboot//pxelinux.cfg
      - /var/lib/tftpboot//boot
    tftp_servername: "*.*.*.*."
    dhcp: false
    dhcp_managed: true
    dhcp_interface: eth0
    dhcp_gateway: "*.*.100.1"
    dhcp_range: false
    dhcp_nameservers: default
    dhcp_vendor: isc
    dhcp_config: /etc/dhcp/dhcpd.conf
    dhcp_leases: /var/lib/dhcpd/dhcpd.leases
    dhcp_key_name: ""
    dhcp_key_secret: ""
    dns: false
    dns_managed: true
    dns_provider: nsupdate
    dns_interface: eth0
    dns_zone: BLAH.BLAH
    dns_reverse: "100.168.192.in-addr.arpa"

-- press enter/return to continue or q to stop --  
                                                       dns_server: "127.0.0.1"
    dns_ttl: "86400"
    dns_tsig_keytab: /etc/foreman-proxy/dns.keytab
    dns_tsig_principal: "foremanproxy/foreman*.BLAH.BLAH@BLAH.CO.IL"
    dns_forwarders: []
    virsh_network: default
    bmc: false
    bmc_default_provider: ipmitool
    realm: false
    realm_provider: freeipa
    realm_keytab: /etc/foreman-proxy/freeipa.keytab
    realm_principal: "realm-proxy@EXAMPLE.COM"
    freeipa_remove_dns: true
    keyfile: /etc/rndc.key
    register_in_foreman: true
    foreman_base_url: "https://foreman*.BLAH.BLAH"
    registered_name: foreman*.BLAH.BLAH
    registered_proxy_url: "https://foreman*.BLAH.BLAH:8443"
    oauth_effective_user: admin
    oauth_consumer_key: ****************
    oauth_consumer_secret: "******"
  puppet: false
  foreman_cli: 
    foreman_url: 
    manage_root_config: true
    username: 
    password: 
    refresh_cache: false
    request_timeout: 120
  foreman_plugin_bootdisk: {}
  foreman_plugin_chef: {}
  foreman_plugin_default_hostgroup: false
  foreman_plugin_discovery: 
    version: latest
    source: "http://downloads.theforeman.org/discovery/releases/latest/"
    initrd: foreman-discovery-image-latest.el6.iso-img
    kernel: foreman-discovery-image-latest.el6.iso-vmlinuz
    install_images: false
  foreman_plugin_ovirt_provision: false
  foreman_plugin_tasks: false
  foreman_plugin_hooks: false
  foreman_plugin_puppetdb: false
  foreman_plugin_setup: {}
  foreman_plugin_templates: {}
  foreman_compute_ec2: false
  foreman_compute_gce: false
  foreman_compute_libvirt: false
  foreman_compute_openstack: false
  foreman_compute_ovirt: false
  foreman_compute_rackspace: false
  foreman_compute_vmware: {}
  foreman_proxy_plugin_pulp: false

Thanks all!

Michael.

Best Answer

first a small warning, Foreman 1.7 and chef integration might be a bit hard to setup and there are limitation (e.g. you can't use https for communication between Foreman and Foreman proxy). This will be much simpler in 1.8 which is in about RC1 stage. So maybe starting with Foreman nightly builds would make it easier for you if it's an option.

If you still want to use 1.7, make sure you have the latest 1.7 minor version, which is currently 1.7.2. Then install foreman_chef plugin (it seems you already did) using foreman-installer. Several manual steps should follow now:

1) install smart_proxy_chef plugin (depending on your platform, it's either rubygem-smart_proxy_chef rpm or ruby-smart-proxy-chef deb (only in nightly repository, but works with 1.7)

2) setup smart_proxy_chef plugin open /etc/foreman-proxy/settings.d/chef.yml and adjust settings to your needs, make sure enabled is set to true

3) restart the smart-proxy

4) refresh smart proxy features in Foreman, you should see Chef among features now

As stated above, smart proxy can't use https to communicate to Foreman in 1.7 unless you also have puppet installed (and client certificate for that proxy in place). So if this is the case, make sure your Foreman url is http and you have smart proxy among trusted host in Foreman setting.

Good news is that I'm working on docs which should cover installation with Foreman 1.8 and Chef 12.

Hope this helps

EDIT: the docs I've mentioned is published at http://www.theforeman.org/plugins/foreman_chef/0.1/

Best Answer

Related Solutions

Foreman-Installer change certificate

Foreman-installer on wheezy fails

Related Topic