lost and found ( for me ? )

install Foreman all in one node on CentOS7

Here are trial and error logs when installing foreman on CentOS7.


I am newbie to foreman and puppet. just followed the instructions.

[root@foreman ~]# cat /etc/centos-release
CentOS Linux release 7.0.1406 (Core)

install foreman
  68  rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
  69  yum -y install epel-release http://yum.theforeman.org/releases/1.7/el7/x86_64/foreman-release.rpm
  70  yum -y install foreman-installer

configure foreman
[root@foreman ~]# foreman-installer
Output of 'facter fqdn' is different from 'hostname -f'
Make sure above command gives the same output. If needed, change the hostname permanently via 'hostname' command and editing
appropriate configuration file.
(e.g. on Red Hat systems /etc/sysconfig/network).

If 'hostname -f' still returns unexpected result, check /etc/hosts and put
hostname entry in the correct order, for example: full.hostname.com full
Fully qualified hostname must be the first entry on the line
Your system does not meet configuration criteria

needs to configure hostname with fully qualified domain name.
edit /etc/hosts and /etc/hostname.
[root@foreman ~]# cat /etc/hosts   foreman.localdomain foreman localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         foreman.localdomain foreman localhost localhost.localdomain localhost6 localhost6.localdomain6

[root@foreman ~]# cat /etc/hostname

[root@foreman ~]# hostname -f

[root@foreman ~]# foreman-installer

Installing             Done                                               [100%]Installing             Done                                               [100%] []
 * Foreman is running at https://foreman.localdomain
     Initial credentials are admin / 7J3PpPpjTnqGQXnx
 * Foreman Proxy is running at https://foreman.localdomain:8443
 * Puppetmaster is running at port 8140
 The full log is at /var/log/foreman-installer/foreman-installer.log

I have installed three components in one node, foreman, smart proxy and puppet master.

clear iptables rule so that I can access to foreman(HTTP 443)
[root@foreman ~]# iptables -F

run puppet agent on the foreman box.
[root@foreman ~]# puppet agent --test
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 400 on SERVER: Failed to find foreman.localdomain via exec: Execution of '/etc/puppet/node.rb foreman.localdomain' returned 1:
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for foreman.localdomain
Info: Applying configuration version '1419360152'
Notice: Finished catalog run in 0.13 seconds

puppet agent sent puppet reports to foreman.
foreman automatically the reports into its database.

You will find the host.

download puppet module.
[root@foreman ~]# puppet module install -i /etc/puppet/environments/production/modules saz/ntp
Notice: Preparing to install into /etc/puppet/environments/production/modules ...
Notice: Downloading from https://forgeapi.puppetlabs.com ...
Notice: Installing -- do not interrupt ...
└── saz-ntp (v2.3.0)

[root@foreman ~]# ls /etc/puppet/environments/production/modules/ntp/
Gemfile  README.md  checksums.json  metadata.json  templates
LICENSE  Rakefile   manifests       spec           tests

GUI -> Puppet classes -> Import from ..

ntp class will appear
select ntp and click “Update”

configure ntp server.
Puppet classes -> ntp -> smart class parameter -> server_list
change ntp server and click “Submit”

apply this class to puppet agent.
HOSTS  -> hostname(in my case, foreman.localdomain) -> Edit -> Puppet class -> ntp
add this and click Submit.

run puppet agent.
[root@foreman ~]# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for foreman.localdomain
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
  (at /usr/share/ruby/vendor_ruby/puppet/type/package.rb:430:in `block (3 levels) in <module:Puppet>')
Info: Applying configuration version '1419362024'
Notice: /Stage[main]/Ntp/Package[ntp]/ensure: created
Notice: /Stage[main]/Ntp/File[/etc/ntp.conf]/content:
--- /etc/ntp.conf 2014-12-20 11:33:10.000000000 +0900
+++ /tmp/puppet-file20141224-7838-16ei0z1 2014-12-24 04:14:08.345000000 +0900
@@ -1,58 +1,16 @@
-# For more information about this file, see the man pages
-# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
+# file is managed by puppet
driftfile /var/lib/ntp/drift
-# Permit time synchronization with our time source, but do not
-# permit the source to query or modify the service on this system.
-restrict default nomodify notrap nopeer noquery
-# Permit all access over the loopback interface.  This could
-# be tightened as well, but to do so would effect some of
-# the administrative functions.
-restrict ::1
-# Hosts on local network are less restricted.
-#restrict mask nomodify notrap
-# Use public servers from the pool.ntp.org project.
-# Please consider joining the pool (http://www.pool.ntp.org/join.html).
-server 0.centos.pool.ntp.org iburst
-server 1.centos.pool.ntp.org iburst
-server 2.centos.pool.ntp.org iburst
-server 3.centos.pool.ntp.org iburst
-#broadcast autokey # broadcast server
-#broadcastclient # broadcast client
-#broadcast autokey # multicast server
-#multicastclient # multicast client
-#manycastserver # manycast server
-#manycastclient autokey # manycast client
-# Enable public key cryptography.
-includefile /etc/ntp/crypto/pw
-# Key file containing the keys and key identifiers used when operating
-# with symmetric key cryptography.
-keys /etc/ntp/keys
-# Specify the key identifiers which are trusted.
-#trustedkey 4 8 42
-# Specify the key identifier to use with the ntpdc utility.
-#requestkey 8
-# Specify the key identifier to use with the ntpq utility.
-#controlkey 8
-# Enable writing of statistics records.
-#statistics clockstats cryptostats loopstats peerstats
-# Disable the monitoring facility to prevent amplification attacks using ntpdc
-# monlist command when default restrict does not include the noquery flag. See
-# CVE-2013-5211 for more details.
-# Note: Monitoring will not be disabled with the limited restriction flag.
-disable monitor
+server clock.redhat.com
+# by default act only as a basic NTP client
+restrict -4 default nomodify nopeer noquery notrap
+restrict -6 default nomodify nopeer noquery notrap
+# Local users may interrogate the ntp server more closely.
+restrict ::1

Info: Computing checksum on file /etc/ntp.conf
Info: /Stage[main]/Ntp/File[/etc/ntp.conf]: Filebucketed /etc/ntp.conf to puppet with sum dc9e5754ad2bb6f6c32b954c04431d0a
Notice: /Stage[main]/Ntp/File[/etc/ntp.conf]/content: content changed '{md5}dc9e5754ad2bb6f6c32b954c04431d0a' to '{md5}49f0cd4ccf5b44ab3799ad12e5c22bfd'
Info: /Stage[main]/Ntp/File[/etc/ntp.conf]: Scheduling refresh of Service[ntpd]
Notice: /Stage[main]/Ntp/File[/etc/sysconfig/ntpd]/content:
--- /etc/sysconfig/ntpd 2014-12-20 11:33:10.000000000 +0900
+++ /tmp/puppet-file20141224-7838-bbl7hv 2014-12-24 04:14:08.442000000 +0900
@@ -1,2 +1,4 @@
-# Command line options for ntpd
+# file is managed by puppet
+# Drop root to id 'ntp:ntp' by default.
+OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -g"

Info: Computing checksum on file /etc/sysconfig/ntpd
Info: /Stage[main]/Ntp/File[/etc/sysconfig/ntpd]: Filebucketed /etc/sysconfig/ntpd to puppet with sum 48eae7fef92ce98217b36195e7f6b3e0
Notice: /Stage[main]/Ntp/File[/etc/sysconfig/ntpd]/content: content changed '{md5}48eae7fef92ce98217b36195e7f6b3e0' to '{md5}3489d89153bb9734a4e9555eae755c7c'
Notice: /Stage[main]/Ntp/Service[ntpd]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Ntp/Service[ntpd]: Unscheduling refresh on Service[ntpd]
Notice: Finished catalog run in 21.79 seconds
[root@foreman ~]#

confirm ntp server has been configured via puppet.
[root@foreman ~]# grep clock.redhat.com /etc/ntp.conf
server clock.redhat.com

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.