lost and found ( for me ? )

Foreman : add new hosts to foreman

Here are logs when adding new hosts on foreman.

Reference
https://docs.puppetlabs.com/guides/install_puppet/install_fedora.html
https://www.digitalocean.com/community/tutorials/how-to-install-puppet-to-manage-your-server-infrastructure#sign-request-on-master

Assume that foreman/puppet agent can communicate with the other by using hostname instead of IP addresses.

foreman : CentOS7, hostname : foreman.localdomain
new host : fedora 21, hostname : puppet-agent01.localdomain
new host : ubuntu14.04, hostname : ubuntu1404-puppet-agent01.localdomain

foreman can communicate with the puppet agent.
[root@foreman ~]# ping -c 1 puppet-agent01.localdomain
PING puppet-agent01.localdomain (192.168.122.233) 56(84) bytes of data.
64 bytes from puppet-agent01.localdomain (192.168.122.233): icmp_seq=1 ttl=64 time=0.455 ms

--- puppet-agent01.localdomain ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.455/0.455/0.455/0.000 ms

puppet agent can communicate with the foreman
[root@puppet-agent01 ~]# ping -c 1 foreman.localdomain
PING foreman.localdomain (192.168.122.70) 56(84) bytes of data.
64 bytes from foreman.localdomain (192.168.122.70): icmp_seq=1 ttl=64 time=0.353 ms

--- foreman.localdomain ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.353/0.353/0.353/0.000 ms

[ install puppet agent on Fedora21 ]

[root@puppet-agent01 ~]# yum search puppet

[root@puppet-agent01 ~]# systemctl status puppet.service
* puppet.service - Puppet agent
  Loaded: loaded (/usr/lib/systemd/system/puppet.service; disabled)
  Active: inactive (dead)

edit /etc/puppet/puppet.conf
[root@puppet-agent01 puppet]# grep -v '#' puppet.conf
[main]
   logdir = /var/log/puppet

   rundir = /var/run/puppet

   ssldir = $vardir/ssl

[agent]
   classfile = $vardir/classes.txt

   localconfig = $vardir/localconfig

   server = foreman.localdomain

start puppet agent.
When you run puppet agent first time, puppet agent send a certificate signing request to the puppet master(foreman).
[root@puppet-agent01 puppet]# systemctl start puppet.service

[root@puppet-agent01 puppet]# systemctl status puppet.service
* puppet.service - Puppet agent
  Loaded: loaded (/usr/lib/systemd/system/puppet.service; disabled)
  Active: active (running) since Tue 2014-12-30 02:34:20 JST; 4s ago
Main PID: 1293 (start-puppet-ag)
  CGroup: /system.slice/puppet.service
          |-1293 /bin/sh /usr/bin/start-puppet-agent agent --no-daemonize
          `-1294 /usr/bin/ruby-mri /usr/bin/puppet agent --no-daemonize

on the foreman host, sing the client Cert
[root@foreman ~]# puppet cert list
 "puppet-agent01.localdomain" (SHA256) FA:7A:C3:0F:69:F6:D2:DC:B3:6E:50:69:08:96:99:D3:B1:7A:8F:80:B7:97:1B:7F:A9:24:24:A9:2B:06:CC:1E


[root@foreman ~]# puppet cert sign puppet-agent01.localdomain
Notice: Signed certificate request for puppet-agent01.localdomain
Notice: Removing file Puppet::SSL::CertificateRequest puppet-agent01.localdomain at '/var/lib/puppet/ssl/ca/requests/puppet-agent01.localdomain.pem'

view all signed requests.
[root@foreman ~]# puppet cert list --all
+ "foreman.localdomain"        (SHA256) 46:E4:30:5E:70:1A:2D:3A:CC:F4:13:03:C4:2C:78:DE:36:A2:23:74:89:D4:B0:51:C8:94:B8:3F:63:39:A0:5B (alt names: "DNS:foreman.localdomain", "DNS:puppet", "DNS:puppet.localdomain")
+ "puppet-agent01.localdomain" (SHA256) CA:DB:E1:82:10:B8:41:D5:06:BE:51:55:E5:9D:A3:81:CE:7F:AC:0A:DA:5B:C2:C5:6F:82:17:8F:1A:91:3B:90

Go to the foreman GUI ( https:// <foreman IP> )
You will find the client via HOSTS -> All hosts




You can sing client cert via GUI.
Infrastructure -> “foreman.localdomain”, clieck Certificates


[ install puppet agent on Ubuntu 14.04 ]

install puppet agent via apt-get.

root@ubuntu1404-puppet-agent01:~# apt-get install puppet

edit /etc/puppet/puppet.conf
root@ubuntu1404-puppet-agent01:~# grep -v '#' /etc/puppet/puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post

[master]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY

[agent]
server = foreman.localdomain

run puppet agent
root@ubuntu1404-puppet-agent01:~# service puppet restart
* Restarting puppet agent                                               [ OK ]

on the foreman GUI, go to Infrastructure -> smart proxies
sign the cert request.



list signed requests via CLI.
on the foreman CLI
[root@foreman ~]# puppet cert list --all
+ "foreman.localdomain"                   (SHA256) 46:E4:30:5E:70:1A:2D:3A:CC:F4:13:03:C4:2C:78:DE:36:A2:23:74:89:D4:B0:51:C8:94:B8:3F:63:39:A0:5B (alt names: "DNS:foreman.localdomain", "DNS:puppet", "DNS:puppet.localdomain")
+ "puppet-agent01.localdomain"            (SHA256) CA:DB:E1:82:10:B8:41:D5:06:BE:51:55:E5:9D:A3:81:CE:7F:AC:0A:DA:5B:C2:C5:6F:82:17:8F:1A:91:3B:90
+ "ubuntu1404-puppet-agent01.localdomain" (SHA256) 8D:0B:BA:60:12:68:F8:87:A7:1E:77:6D:2F:71:E3:60:AC:CC:AE:D5:61:61:70:A1:18:BF:C5:01:03:D6:59:C9

Fedora 21 : configure static IP addresses with nmcli

Reference
http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html/Networking_Guide/sec-Connecting_to_a_Network_Using_nmcli.html

Here are some examples of nmcli command.

show current configuration
[root@puppet-agent01 ~]# nmcli g hostname     
puppet-agent01.localdomain
[root@puppet-agent01 ~]#

[root@puppet-agent01 ~]# nmcli g status  
STATE      CONNECTIVITY  WIFI-HW  WIFI     WWAN-HW  WWAN    
connected  full          enabled  enabled  enabled  enabled
[root@puppet-agent01 ~]#

[root@puppet-agent01 ~]# nmcli c
NAME        UUID                                  TYPE            DEVICE
有線接続 2  8caa837f-af49-469b-b9ba-a7b74ac76c9f  802-3-ethernet  eth1   
有線接続 1  ce127401-9483-4a07-a0a6-fc1026384d81  802-3-ethernet  eth0   
eth0        5f24daa3-5de2-45bd-99e0-3c8480bd8be8  802-3-ethernet  --     
[root@puppet-agent01 ~]#

[root@puppet-agent01 ~]# nmcli d
DEVICE  TYPE      STATE      CONNECTION
eth0    ethernet  connected  有線接続 1
eth1    ethernet  connected  有線接続 2
lo      loopback  unmanaged  --         
[root@puppet-agent01 ~]#

[root@puppet-agent01 ~]#
[root@puppet-agent01 ~]# nmcli d show eth0
GENERAL.DEVICE:                         eth0
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         52:54:00:58:41:74
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     有線接続 1
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/0
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         ip = 192.168.122.234/24, gw = 192.168.122.1
IP4.DNS[1]:                             192.168.122.1
IP6.ADDRESS[1]:                         ip = fe80::5054:ff:fe58:4174/64, gw = ::


configure static IP

at first, add a new connection ( in my case, my-eth0 ), and then apply that(my-eth0) to eth0
[root@puppet-agent01 ~]# nmcli con add con-name my-eth0 ifname eth0 type ethernet ip4 192.168.122.233 gw4 192.168.122.1
Connection 'my-eth0' (49e87994-c320-4f69-b2e9-6e83f3500d8f) successfully added.


[root@puppet-agent01 ~]# nmcli c show
NAME        UUID                                  TYPE            DEVICE
有線接続 2  8caa837f-af49-469b-b9ba-a7b74ac76c9f  802-3-ethernet  eth1   
有線接続 1  ce127401-9483-4a07-a0a6-fc1026384d81  802-3-ethernet  eth0   
eth0        5f24daa3-5de2-45bd-99e0-3c8480bd8be8  802-3-ethernet  --     
my-eth0     49e87994-c320-4f69-b2e9-6e83f3500d8f  802-3-ethernet  --   


[root@puppet-agent01 ~]#
[root@puppet-agent01 ~]# nmcli con mod my-eth0 ipv4.dns "8.8.4.4 8.8.8.8"

[root@puppet-agent01 ~]# nmcli -p c show my-eth0
===============================================================================
                    Connection profile details (my-eth0)
===============================================================================
connection.id:                          my-eth0
connection.uuid:                        49e87994-c320-4f69-b2e9-6e83f3500d8f
connection.interface-name:              eth0
connection.type:                        802-3-ethernet
connection.autoconnect:                 yes
connection.timestamp:                   0
connection.read-only:                   no
connection.permissions:                 
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.secondaries:                 
connection.gateway-ping-timeout:        0
-------------------------------------------------------------------------------
802-3-ethernet.port:                    --
802-3-ethernet.speed:                   0
802-3-ethernet.duplex:                  --
802-3-ethernet.auto-negotiate:          yes
802-3-ethernet.mac-address:             --
802-3-ethernet.cloned-mac-address:      --
802-3-ethernet.mac-address-blacklist:   
802-3-ethernet.mtu:                     auto
802-3-ethernet.s390-subchannels:        
802-3-ethernet.s390-nettype:            --
802-3-ethernet.s390-options:            
-------------------------------------------------------------------------------
ipv4.method:                            manual
ipv4.dns:                               8.8.4.4, 8.8.8.8
ipv4.dns-search:                        
ipv4.addresses:                         { ip = 192.168.122.233/32, gw = 192.168.122.1 }
ipv4.routes:                            
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.never-default:                     no
ipv4.may-fail:                          yes
-------------------------------------------------------------------------------
ipv6.method:                            auto
ipv6.dns:                               
ipv6.dns-search:                        
ipv6.addresses:                         
ipv6.routes:                            
ipv6.ignore-auto-routes:                no
ipv6.ignore-auto-dns:                   no
ipv6.never-default:                     no
ipv6.may-fail:                          yes
ipv6.ip6-privacy:                       -1 (unknown)
ipv6.dhcp-hostname:                     --
-------------------------------------------------------------------------------
[root@puppet-agent01 ~]#

bring up eth0 with the connection “my-eth0”
[root@puppet-agent01 ~]# nmcli -p con up "my-eth0" ifname eth0

[root@puppet-agent01 ~]# nmcli d
デバイス  タイプ    状態      接続       
eth0      ethernet  接続済み  my-eth0    
eth1      ethernet  接続済み  有線接続 2
lo        loopback  管理無し  --      

[root@puppet-agent01 ~]# nmcli d show eth0
GENERAL.デバイス:                       eth0
GENERAL.タイプ:                         ethernet
GENERAL.HWADDR:                         52:54:00:58:41:74
GENERAL.MTU:                            1500
GENERAL.状態:                           100 (接続済み)
GENERAL.接続:                           my-eth0
GENERAL.CON パス:                       /org/freedesktop/NetworkManager/ActiveConnection/0
WIRED-PROPERTIES.キャリア:              オン
IP4.アドレス[1]:                        ip = 192.168.122.233/32, gw = 192.168.122.1
IP4.DNS[1]:                             8.8.4.4
IP4.DNS[2]:                             8.8.8.8
IP6.アドレス[1]:                        ip = fe80::5054:ff:fe58:4174/64, gw = ::