Here are trial and error logs when installing foreman on CentOS7.
Reference
I am newbie to foreman and puppet. just followed the instructions.
[root@foreman ~]# cat /etc/centos-release
CentOS Linux release 7.0.1406 (Core)
|
install foreman
68 rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
69 yum -y install epel-release http://yum.theforeman.org/releases/1.7/el7/x86_64/foreman-release.rpm
70 yum -y install foreman-installer
|
configure foreman
[root@foreman ~]# foreman-installer
Output of 'facter fqdn' is different from 'hostname -f'
Make sure above command gives the same output. If needed, change the hostname permanently via 'hostname' command and editing
appropriate configuration file.
(e.g. on Red Hat systems /etc/sysconfig/network).
If 'hostname -f' still returns unexpected result, check /etc/hosts and put
hostname entry in the correct order, for example:
1.2.3.4 full.hostname.com full
Fully qualified hostname must be the first entry on the line
Your system does not meet configuration criteria
|
needs to configure hostname with fully qualified domain name.
edit /etc/hosts and /etc/hostname.
[root@foreman ~]# cat /etc/hosts
127.0.0.1 foreman.localdomain foreman localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 foreman.localdomain foreman localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@foreman ~]# cat /etc/hostname
foreman.localdomain
[root@foreman ~]# hostname -f
foreman.localdomain
|
[root@foreman ~]# foreman-installer
Installing Done [100%]Installing Done [100%] []
Success!
* Foreman is running at https://foreman.localdomain
Initial credentials are admin / 7J3PpPpjTnqGQXnx
* Foreman Proxy is running at https://foreman.localdomain:8443
* Puppetmaster is running at port 8140
The full log is at /var/log/foreman-installer/foreman-installer.log
|
I have installed three components in one node, foreman, smart proxy and puppet master.
clear iptables rule so that I can access to foreman(HTTP 443)
[root@foreman ~]# iptables -F
|
run puppet agent on the foreman box.
[root@foreman ~]# puppet agent --test
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 400 on SERVER: Failed to find foreman.localdomain via exec: Execution of '/etc/puppet/node.rb foreman.localdomain' returned 1:
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for foreman.localdomain
Info: Applying configuration version '1419360152'
Notice: Finished catalog run in 0.13 seconds
|
puppet agent sent puppet reports to foreman.
foreman automatically the reports into its database.
GUI -> HOSTS
You will find the host.
download puppet module.
[root@foreman ~]# puppet module install -i /etc/puppet/environments/production/modules saz/ntp
Notice: Preparing to install into /etc/puppet/environments/production/modules ...
Notice: Downloading from https://forgeapi.puppetlabs.com ...
Notice: Installing -- do not interrupt ...
/etc/puppet/environments/production/modules
└── saz-ntp (v2.3.0)
[root@foreman ~]# ls /etc/puppet/environments/production/modules/ntp/
Gemfile README.md checksums.json metadata.json templates
LICENSE Rakefile manifests spec tests
|
GUI -> Puppet classes -> Import from ..
ntp class will appear
select ntp and click “Update”
configure ntp server.
Puppet classes -> ntp -> smart class parameter -> server_list
change ntp server and click “Submit”
apply this class to puppet agent.
HOSTS -> hostname(in my case, foreman.localdomain) -> Edit -> Puppet class -> ntp
add this and click Submit.
run puppet agent.
[root@foreman ~]# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for foreman.localdomain
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type/package.rb:430:in `block (3 levels) in <module:Puppet>')
Info: Applying configuration version '1419362024'
Notice: /Stage[main]/Ntp/Package[ntp]/ensure: created
Notice: /Stage[main]/Ntp/File[/etc/ntp.conf]/content:
--- /etc/ntp.conf 2014-12-20 11:33:10.000000000 +0900
+++ /tmp/puppet-file20141224-7838-16ei0z1 2014-12-24 04:14:08.345000000 +0900
@@ -1,58 +1,16 @@
-# For more information about this file, see the man pages
-# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
+# file is managed by puppet
driftfile /var/lib/ntp/drift
-# Permit time synchronization with our time source, but do not
-# permit the source to query or modify the service on this system.
-restrict default nomodify notrap nopeer noquery
-
-# Permit all access over the loopback interface. This could
-# be tightened as well, but to do so would effect some of
-# the administrative functions.
-restrict 127.0.0.1
-restrict ::1
-# Hosts on local network are less restricted.
-#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
-# Use public servers from the pool.ntp.org project.
-# Please consider joining the pool (http://www.pool.ntp.org/join.html).
-server 0.centos.pool.ntp.org iburst
-server 1.centos.pool.ntp.org iburst
-server 2.centos.pool.ntp.org iburst
-server 3.centos.pool.ntp.org iburst
-
-#broadcast 192.168.1.255 autokey # broadcast server
-#broadcastclient # broadcast client
-#broadcast 224.0.1.1 autokey # multicast server
-#multicastclient 224.0.1.1 # multicast client
-#manycastserver 239.255.254.254 # manycast server
-#manycastclient 239.255.254.254 autokey # manycast client
-
-# Enable public key cryptography.
-#crypto
-
-includefile /etc/ntp/crypto/pw
-
-# Key file containing the keys and key identifiers used when operating
-# with symmetric key cryptography.
-keys /etc/ntp/keys
-
-# Specify the key identifiers which are trusted.
-#trustedkey 4 8 42
-
-# Specify the key identifier to use with the ntpdc utility.
-#requestkey 8
-
-# Specify the key identifier to use with the ntpq utility.
-#controlkey 8
-
-# Enable writing of statistics records.
-#statistics clockstats cryptostats loopstats peerstats
-
-# Disable the monitoring facility to prevent amplification attacks using ntpdc
-# monlist command when default restrict does not include the noquery flag. See
-# CVE-2013-5211 for more details.
-# Note: Monitoring will not be disabled with the limited restriction flag.
-disable monitor
+server clock.redhat.com
+
+# by default act only as a basic NTP client
+restrict -4 default nomodify nopeer noquery notrap
+restrict -6 default nomodify nopeer noquery notrap
+
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1
+
Info: Computing checksum on file /etc/ntp.conf
Info: /Stage[main]/Ntp/File[/etc/ntp.conf]: Filebucketed /etc/ntp.conf to puppet with sum dc9e5754ad2bb6f6c32b954c04431d0a
Notice: /Stage[main]/Ntp/File[/etc/ntp.conf]/content: content changed '{md5}dc9e5754ad2bb6f6c32b954c04431d0a' to '{md5}49f0cd4ccf5b44ab3799ad12e5c22bfd'
Info: /Stage[main]/Ntp/File[/etc/ntp.conf]: Scheduling refresh of Service[ntpd]
Notice: /Stage[main]/Ntp/File[/etc/sysconfig/ntpd]/content:
--- /etc/sysconfig/ntpd 2014-12-20 11:33:10.000000000 +0900
+++ /tmp/puppet-file20141224-7838-bbl7hv 2014-12-24 04:14:08.442000000 +0900
@@ -1,2 +1,4 @@
-# Command line options for ntpd
-OPTIONS="-g"
+# file is managed by puppet
+
+# Drop root to id 'ntp:ntp' by default.
+OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -g"
Info: Computing checksum on file /etc/sysconfig/ntpd
Info: /Stage[main]/Ntp/File[/etc/sysconfig/ntpd]: Filebucketed /etc/sysconfig/ntpd to puppet with sum 48eae7fef92ce98217b36195e7f6b3e0
Notice: /Stage[main]/Ntp/File[/etc/sysconfig/ntpd]/content: content changed '{md5}48eae7fef92ce98217b36195e7f6b3e0' to '{md5}3489d89153bb9734a4e9555eae755c7c'
Notice: /Stage[main]/Ntp/Service[ntpd]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Ntp/Service[ntpd]: Unscheduling refresh on Service[ntpd]
Notice: Finished catalog run in 21.79 seconds
[root@foreman ~]#
|
confirm ntp server has been configured via puppet.
[root@foreman ~]# grep clock.redhat.com /etc/ntp.conf
server clock.redhat.com
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.