Attachment 15090 Details for Bug 48307 – Шаги установки и настройки Foreman

Шаги установки и настройки Foreman

fm_install.txt (text/plain), 5.71 KB, created by pav@altlinux.org on 2023-11-21 13:14:19 MSK

(hide)

Description:

Filename:

MIME Type:

Creator: pav@altlinux.org

Created: 2023-11-21 13:14:19 MSK

Size: 5.71 KB

patch

obsolete

># Ð ÐµÐ³Ð¸ÑÑÑÐ¸ÑÑÐµÐ¼ Ð¸Ð¼Ñ ÑÐ¾ÑÑÐ° Ð² /etc/hosts
>hostnamectl set-hostname foreman-test.domain.alt && echo "$(hostname -i) foreman-test.domain.alt" >>/etc/hosts
># ÐÐ±Ð½Ð¾Ð²Ð»ÑÐµÐ¼ ÑÐ¸ÑÑÐµÐ¼Ñ
>apt-get update && apt-get dist-upgrade -y  && reboot
>
># Ð£ÑÑÐ°Ð½Ð¾Ð²ÐºÐ° Ð¿Ð°ÐºÐµÑÐ¾Ð² postgresql puppet puppetserver foreman
>apt-get install postgresql15-server puppet puppetserver java-17-openjdk foreman puppet-theforeman-foreman puppet-puppetserver-foreman -y
>
># ÐÐ½Ð¸ÑÐ¸Ð°Ð»Ð¸Ð·Ð°ÑÐ¸Ñ Ð¸ Ð·Ð°Ð¿ÑÑÐº postgresql
>/etc/init.d/postgresql initdb && systemctl enable --now postgresql && sleep 5
>
>
># ÐÐ°ÑÑÑÐ¾Ð¹ÐºÐ° puppet
>touch /etc/puppet/autosign.conf ; chmod 664 /etc/puppet/autosign.conf
>
>cat > /etc/puppet/auth.conf <<EOF
>path /puppet/v3/environment_classes
>method find
>allow *
>EOF
>
>cat > /etc/puppet/foreman.yaml <<EOF
>---
># Update for your Foreman and Puppet master hostname(s)
>:url: "https://foreman-test.domain.alt:2345"
>:ssl_ca: "/etc/puppet/ssl/certs/ca.pem"
>:ssl_cert: "/etc/puppet/ssl/certs/foreman-test.domain.alt.pem"
>:ssl_key: "/etc/puppet/ssl/private_keys/foreman-test.domain.alt.pem"
># Advanced settings
>#:puppetdir: "/opt/puppetlabs/server/data/puppetserver"
>:puppetdir: "/var/lib/puppetserver"
>:puppetuser: "puppet"
>:facts: true
>:timeout: 10
>:threads: null
>EOF
>
>#ÐÐ°Ð¿ÑÑÐº puppetserver Ð¸ puppet
>systemctl enable puppetserver; systemctl start puppetserver
>systemctl enable puppet; systemctl start puppet
>
># ÐÐ°Ð¿ÑÑÐº puppet Ð°Ð³ÐµÐ½ÑÐ°
>puppet agent -t
>
># ÐÐ°Ð¿ÑÑÐº Ð½Ð°ÑÑÑÐ¾Ð¹ÐºÐ¸ ÐºÐ¾Ð½ÑÐ¸Ð³ÑÑÐ°ÑÐ¸Ð¸ foreman
>railsctl setup foreman || echo "ÐÑÐ¸Ð±ÐºÐ° Ð¿Ð¾Ð´Ð³Ð¾ÑÐ¾Ð²ÐºÐ¸"
>
>
># Ð Ð°ÑÑÐ¸ÑÐµÐ½Ð¸Ðµ ÑÐ°Ð¹Ð»Ð° ÐºÐ¾Ð½ÑÐ¸Ð³ÑÑÐ°ÑÐ¸Ð¸ foreman
>cat >> /etc/foreman/settings.yml <<EOF
>:trusted_hosts: [foreman-test.domain.alt,localhost]
>:host_details_ui: false
>:restrict_registered_smart_proxies: false
>EOF
>
># ÐÐ°Ð¿ÑÑÐº foremfn
>systemctl enable --now foreman
>
>
>#Ð£ÑÑÐ°Ð½Ð¾Ð²ÐºÐ° smart-proxy
>apt-get install smart-proxy -y
>
># ÐÐ°ÑÑÑÐ¾Ð¹ÐºÐ° Ð¿Ð»Ð°Ð³Ð¸Ð½Ð¾Ð² smart-proxy
>cat > /etc/smart-proxy/config/settings.d/puppet.yml <<EOF
>---
># Can be true, false, or http/https to enable just one of the protocols
>:enabled: true
># valid providers:
>#   puppet_proxy_mcollective (uses mco puppet)
>#   puppet_proxy_ssh         (run puppet over ssh)
>#   puppet_proxy_salt        (uses salt puppet.run)
>#   puppet_proxy_customrun   (calls a custom command with args)
>#:use_provider: puppet_proxy_customrun
>:puppet_version: $(rpm -q --qf '%{VERSION}' puppet)
>EOF
>
>cat > /etc/smart-proxy/config/settings.d/puppet_proxy_puppet_api.yml <<EOF
>---
>#
># URL of the puppet master itself for API requests.
>:puppet_url: https://foreman-test.domain.alt:8140
>#
># SSL certificates used to access the CA API.
>:puppet_ssl_ca: /etc/puppet/ssl/certs/ca.pem
>:puppet_ssl_cert: /etc/puppet/ssl/certs/foreman-test.domain.alt.pem
>:puppet_ssl_key: /etc/puppet/ssl/private_keys/foreman-test.domain.alt.pem
># Smart Proxy api timeout when Puppet's environment classes api is used and classes cache is disabled
>:api_timeout: 30
>EOF
>
>cat > /etc/smart-proxy/config/settings.d/puppetca.yml <<EOF
>---
>#
># PuppetCA management
># Can be true, false, or http/https to enable just one of the protocols
>#
>:enabled: true
># valid providers:
>#   - puppetca_hostname_whitelisting (verify CSRs based on a hostname whitelist)
>#   - puppetca_token_whitelisting (verify CSRs based on a token whitelist)
>:use_provider: puppetca_hostname_whitelisting
># Puppet version used
>:puppet_version: $(rpm -q --qf '%{VERSION}' puppet)
>EOF
>cat > /etc/smart-proxy/config/settings.d/puppetca_http_api.yml <<EOF
>---
>#
># URL of the puppet master itself for API requests.
>:puppet_url: https://foreman-test.domain.alt:8140
>#
># SSL certificates used to access the CA API.
>:puppet_ssl_ca: /etc/puppet/ssl/certs/ca.pem
>:puppet_ssl_cert: /etc/puppet/ssl/certs/foreman-test.domain.alt.pem
>:puppet_ssl_key: /etc/puppet/ssl/private_keys/foreman-test.domain.alt.pem
>EOF
>
>cat > /etc/smart-proxy/config/settings.d/puppetca_hostname_whitelisting.yml <<EOF
>---
>#
># Configuration of the PuppetCA hostname_whitelisting provider
>#
>:autosignfile: /etc/puppet/autosign.conf
>EOF
>
>cat > /etc/smart-proxy/config/settings.d/facts.yml <<EOF
>---
># Can be true, false, or http/https to enable just one of the protocols
>:enabled: true
>EOF
>
>cat > /etc/smart-proxy/config/settings.d/logs.yml <<EOF
>---
># Can be true, false, or http/https to enable just one of the protocols
>:enabled: true
>
># Log buffer configuration is in core file (settings.yml)
>EOF
>
>cat >> /etc/smart-proxy/config/settings.yml <<EOF
>:trusted_hosts: [foreman-test.domain.alt,localhost]
>:foreman_url: https://foreman-test.domain.alt:2345
>:foreman_ssl_ca: /etc/foreman/ssl_key.pem
>:foreman_ssl_cert: /etc/foreman/ssl_cert.pem
>:foreman_ssl_key: /etc/foreman/ssl_key.pem
>EOF
>
># ÐÐ°Ð¿ÑÑÐºÐ°ÐµÐ¼ ÑÐµÑÐ²Ð¸Ñ smart-proxy
>
>systemctl enable --now smart-proxy && sleep 5
>
># Ð§ÐµÑÐµÐ· ÐÐµÐ± Ð¸Ð½ÑÐµÑÑÐµÐ¹Ñ Ð´Ð¾Ð±Ð°Ð²Ð»ÑÐµÐ¼ smart-proxy Ð² foreman
># Ð°Ð´ÑÐµÑ smart-proxy http://foreman-test.domain.alt:8000
># ÐÐ¾ÑÐ»Ðµ ÑÐµÐ³Ð¾ ÑÑÐµÐ±ÑÐµÑÑÑ Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð´Ð»Ñ ÑÐ¾Ð³Ð»Ð°ÑÐ¾Ð²Ð°Ð½Ð¸Ñ puppet Ð¸ foreman
>
>cat >> /etc/puppet/puppet.conf <<EOF
>[master]
>   autosign = /etc/puppet/autosign.conf { mode = 0664 }
>   ca = true
>   certname = foreman-test.domain.alt
>   logdir = /var/log/puppetserver
>   parser = current
>   rundir = /var/run/puppetserver
>   ssldir = /etc/puppet/ssl
>   strict_variables = false
>   vardir = /var/lib/puppetserver/server_data
>   external_nodes = /usr/lib/puppet-modules/theforeman-puppetserver-foreman/files/enc.rb
>   node_terminus = exec
>   report = true
>EOF
>
># ÐÐµÑÐµÐ·Ð°Ð¿ÑÑÐºÐ°ÐµÐ¼ ÑÐ²ÑÐ·Ð°Ð½Ð½ÑÐµ Ñ foreman ÑÐµÑÐ²Ð¸ÑÑ Ð¸ Ð¿ÑÐ¾Ð²ÐµÑÑÐµÐ¼ Ð¸Ñ ÑÑÐ°ÑÑÑ
>systemctl restart puppetserver puppet foreman smart-proxy && systemctl status puppetserver puppet foreman smart-proxy
>

Actions: View

Attachments on bug 48307: 14956 | 14957 | 15090