Tuesday, January 16, 2018

How to Install and Configure Foreman 1.16 on Debian 9 / Ubuntu 16.04 Server

https://www.linuxtechi.com/install-configure-foreman-1-16-debian-9-ubuntu-16-04

Foreman is a free and open source Configuration and provisioning tool which can be installed on Red Hat, CentOS, Scientific Linux, Debian and Ubuntu Systems. With Forman tool we can easily provision Virtual machines and bare metal servers and then configure the installed systems using the configuration tools like Puppet and Ansible. Whenever we install Foreman server then it automatically installs Puppet master on it.
With help of Foreman GUI, system administrators can apply specific puppet modules to the registered servers to do the repetitive tasks and can also easily automate day to day operations tasks.
In this tutorial, we will walk through the installation steps of Foreman 1.16 on Debian 9 and Ubuntu 16.04 Server.
Following are the Minimum System Requirements for Foreman server:
  • 4 GB RAM (When Puppet Master is installed on same foreman Server)
  • 2 Core CPU
  • Freshly installed Debian 9 / Ubuntu 16.04
Beneath is the my lab setup details for foreman Server
  • IP address of Foreman Server is “192.168.1.20”
  • Hostname of Foreman Server “foreman.linuxtechi.com”
  • Puppet Master 5 will be installed on Foreman server
  • OS : Debian 9 / Ubuntu 16.04 LTS Server
Let’s login to Debian 9 / Ubuntu 16.04 LTS system

Step:1) Configure Hostname and update its entries in hosts file

Use systemctl command to configure hostname of your system.
$ sudo hostnamectl set-hostname "foreman.linuxtechi.com"
$ exec bash
Update your’s system hostname entries in /etc/hosts file.
192.168.1.20  foreman.linuxtechi.com foreman

Step:2) Enable required repositories for Foreman & Puppet

For Debian 9 system:
Enable Puppet 5 Repositories using below commands
linuxtechi@foreman:~$ sudo apt-get -y install ca-certificates
linuxtechi@foreman:~$ wget https://apt.puppetlabs.com/puppet5-release-stretch.deb
linuxtechi@foreman:~$ sudo dpkg -i puppet5-release-stretch.deb
Enable Foreman 1.16 repositories using below commands
linuxtechi@foreman:~$ echo "deb http://deb.theforeman.org/ stretch 1.16" | sudo tee /etc/apt/sources.list.d/foreman.list 
linuxtechi@foreman:~$ echo "deb http://deb.theforeman.org/ plugins 1.16" | sudo tee -a /etc/apt/sources.list.d/foreman.list
linuxtechi@foreman:~$ wget -q https://deb.theforeman.org/pubkey.gpg -O- | sudo apt-key add -
OK
linuxtechi@foreman:~$
For Ubuntu 16.04 LTS system
Enable Puppet 5 Repositories
linuxtechi@foreman:~$ sudo  apt-get -y install ca-certificates
linuxtechi@foreman:~$ wget https://apt.puppetlabs.com/puppet5-release-xenial.deb
linuxtechi@foreman:~$ sudo  dpkg -i puppet5-release-xenial.deb
Enable Foreman 1.16 repositories
linuxtechi@foreman:~$ echo "deb http://deb.theforeman.org/ xenial 1.16" | sudo tee /etc/apt/sources.list.d/foreman.list
linuxtechi@foreman:~$ echo "deb http://deb.theforeman.org/ plugins 1.16" | sudo tee -a /etc/apt/sources.list.d/foreman.list
linuxtechi@foreman:~$ wget -q https://deb.theforeman.org/pubkey.gpg -O- | sudo apt-key add -
OK
linuxtechi@foreman:~$

Step:3) Download ‘foreman-installer’ using apt-get command

Run the beneath command to install foreman-installer,
linuxtechi@foreman:~$ sudo apt-get update && sudo apt-get -y install foreman-installer
Foreman-installer is the installation tool for foreman.

Step:4) Install Foreman using ‘foreman-installer’

Run the foreman-installer command to install foreman server, by default foreman installer will install and configure following components:
  • Foreman Web UI ( Apache HTTP with SSL)
  • Smart Proxy
  • Puppet Master
  • Puppet agent
  • TFTP Server
linuxtechi@foreman:~$ sudo foreman-installer --foreman-admin-username admin --foreman-admin-password "Foreman@123#"
Once the installation is completed successfully, we will get output something like below:
Foreman-Installation-Completed-Debain9
In case OS firewall is enabled and running on your system then open the followings ports for foreman server
linuxtechi@foreman:~$ sudo ufw allow 53/tcp
Rule added
Rule added (v6)
linuxtechi@foreman:~$ sudo ufw allow 67:69/tcp
Rule added
Rule added (v6)
linuxtechi@foreman:~$ sudo ufw allow 80/tcp
Rule added
Rule added (v6)
linuxtechi@foreman:~$ sudo ufw allow 443/tcp
Rule added
Rule added (v6)
linuxtechi@foreman:~$ sudo ufw allow 3000/tcp
Rule added
Rule added (v6)
linuxtechi@foreman:~$ sudo ufw allow 3306/tcp
Rule added
Rule added (v6)
linuxtechi@foreman:~$ sudo ufw allow 5910:5930/tcp
Rule added
Rule added (v6)
linuxtechi@foreman:~$ sudo ufw allow 5432/tcp
Rule added
Rule added (v6)
linuxtechi@foreman:~$ sudo ufw allow 8140/tcp
Rule added
Rule added (v6)
linuxtechi@foreman:~$ sudo ufw allow 8443/tcp
Rule added
Rule added (v6)
linuxtechi@foreman:~$
Note: In my case while installing foreman, I was getting this error “Error executing SQL; psql returned pid 32532 exit 1: ‘ERROR:  invalid locale name: “en_US.utf8”, I resolved this error by executing the below command:
linuxtechi@foreman:~$ sudo dpkg-reconfigure locales
Configure-locales-Debian9
Select “en_US.UTF-8 UTF-8” and then select OK and reboot the machine and then re-run the foreman-installer command.

Step:5) Access Foreman Web UI

We can access Foreman Web UI using the following url:
https://{Foreman_Server_IP}
or
https://{Hostname_Foreman_Server}
Use the user name as “admin” and password that we specify in foreman-installer command,
Foreman-Dashboard-Debian9
Foreman-Web-UI-Debian9
Go to Hosts Tab –> Click on “All Hosts
All-Hosts-Foreman-GUI-Debian9
As of now, only one host is registered i.e our foreman server. Whenever we register new servers to the foreman then those servers will listed here. Apart from this, production environment is also created by default and all the servers will be registered to the default env. You can create your environments that suits to your organization from Foreman UI.

Download and Import NTP puppet module on Foreman Server

Use the below command to download ntp puppet module  from “forge.puppet.com”
linuxtechi@foreman:~$ sudo su -
root@foreman:~# puppet module install puppetlabs-ntp -i /etc/puppetlabs/code/modules/
We will get the output something like below:
Puppet-Module-Install-Debian9
Import the installed NTP module into the foreman dashboard
From the dashboard go to Configure Tab –> Select Puppet –> Classes , Click on Import
Debian9-PuppetClasses-Dashboard
Select the environments that you want to attach this module,  in my case I am going to attach it to Production and development.
Modules-Assigned-environments-foreman-debian9
Click on Update,
We will get the next window something like below:
Puppet-Classes-Environments-Foreman-Dashboard
Let’s register a CentOS 7 host to foreman dashboard and then we will attach ntp module to it,

Registering a CentOS 7 Server

Login to the system and enable puppetlabs yum repository and then install puppet package
[root@mx2 ~]# yum install https://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm -y
[root@mx2 ~]# yum install puppet -y
Note: In case you don’t have the DNS server, then add entries in the hosts file, In my case I have added the following lines in /etc/hosts file
192.168.1.20  foreman.linuxtechi.com
192.168.1.2    mx2.linuxtechi.com
Run the below command from your centos 7 server to register this machine in puppet master & foreman dashboard.
[root@mx2 ~]# /opt/puppetlabs/bin/puppet agent -td --server=foreman.linuxtechi.com
You will get the output of command something like below:
……………………………………………………
Debug: Finishing transaction 22347940
Info: Creating a new SSL key for mx2.linuxtechi.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for mx2.linuxtechi.com
Info: Certificate Request fingerprint (SHA256): A4:D3:15:0D:8D:10:48:93:96:1D:E4:61:5F:F7:F6:B4:CB:C2:01:F4:4C:02:99:37:03:2C:9E:24:0E:30:CF:CC
Debug: Using cached certificate for ca
Info: Caching certificate for ca
Debug: Using cached certificate_request for mx2.linuxtechi.com
Debug: Using cached certificate for ca
Debug: Using cached certificate for ca
Exiting; no certificate found and waitforcert is disabled
[root@mx2 ~]#
It means we have to manually sign the certificate of CentOS 7 server from foreman machine. To sign the certificate from foreman dashboard, refer the below steps
From the Infrastructure Tab –> Select Smart Proxies and then click on Edit option and select “Certificates
Foreman-Smart-Proxies-Certificates
Now sign the certificate of the machine whose state is pending, example is shown below:
Sign-certificates-Foreman-Dashboard
Click on sign
Refer the below steps To Configure Autosign
From the Infrastructure Tab –> Select Smart Proxies and then click on Edit option and select “Autosign
Create a autosign entry and specify the domain name for which we want foreman should autosign the certificates
AutoSign-entry-foreman-Server
Click on Save. Next time whenever any server from domain “linuxtechi.com” is registered to Foreman server then it will automatically signed,
Now again go to CentOS 7 server and re-run the puppet agent command, this time command  should be executed successfully,
[root@mx2 ~]# /opt/puppetlabs/bin/puppet agent -td --server=foreman.linuxtechi.com
Verify the host from Dashboard, From Hosts Tab –> Select “All Hosts“, there we will our newly registered host ( CentOS 7 Server)
CentOs7-Host-Foreman-Dashboard
Let’s attach the NTP module to the newly registered Server (mx2.linuxtechi.com), Select the host and Click on Edit, then go to “Puppet Classes” Tab
Click on ‘+’ sign in front of ntp to add the module and then click on ‘Submit
Add-NTP-Class-Host-Foreman
Go to CentOS7 Server and re-run the puppet agent command, this time it will configure ntp on your CentOS 7 server.
[root@mx2 puppet]# /opt/puppetlabs/bin/puppet agent -td --server=foreman.linuxtechi.com
Output of above command will be something like below:
Puppet-Agent-command-CentOS7-Server
This confirms that CentOS 7 server has registered and configured successfully via foreman Server. It also concludes the article as well, please do share your comments in the comments section below.
Read more on “Bare metal and Virtual Machine Provisioning through Foreman Server

No comments:

Post a Comment