As I continue Building out my Homelab and the number of servers grow, managing the environment manually is going to get harder and harder. With this in mind this guide covers how to install Foreman

What am I using this for?

While Foreman is a capable tool for the full life-cycle management of your servers my purpose is more of a mundane one where i'm looking for a GUI to put over Puppet 6, which I can ensure puppet runs are working, what puppet files I have running are managed correctly and basically give myself a pretty web GUI to look at at the moment.

This no doubt will change over time, and no doubt i'll blog about that then. However right now, this covers some of the gotchas I had installing Foreman 2.0 and the puppet agent on OpenSUSE Leap

Installing Foreman

The install guide on the foreman site is pretty well written, however over the years there always seem to be one little thing not covered which trips me up

https://theforeman.org/manuals/2.0/quickstart_guide.html

Setup

I'm installing this on a fresh Ubuntu 18.04 install, updated with 2 CPU, 4Gb ram and 50Gb HDD

Server IP: 192.168.20.21

Pre Install

Set the correct locale

When I first ran the Forum install the postgres install was complaining i uesnet using EN_US,8UTF

To get round this

sudo dpkg-reconfigure locales

Scroll down until you find en_US,UTF-8 UTF-8 and select it

Select OK

Select en_US,UTF-8 in the resulting dialog box

Again select OK

Once the resulting config change has completed reboot the box

sudo reboot

Log back into the box and run

sudo locale -a

should output

C
C.UTF-8
en_US.utf8
eo_US.utf8 
POSIX

Set the correct hostname

Ensure that ping $(hostname -f) shows the real IP address, not 127.0.1.1. Change or remove this entry from /etc/hosts if present.

To resolve this, and an issue later on with puppet, i'm making use of /etc/hosts on the servers because of the way my home DNS is setup (Google Wifi)

sudo vi /etc/hosts

Add the following lines (use your own server IP) to /etc/hosts

127.0.0.1 localhost
192.168.20.21 foreman.lan foreman
192.168.20.21 puppet

ping $(hostname -f)
PING foreman.lan (192.168.86.21) 56(84) bytes of data.
64 bytes from foreman.lan (192.168.86.21): icmp_seq=1 ttl=64 time=0.046 ms
64 bytes from foreman.lan (192.168.86.21): icmp_seq=2 ttl=64 time=0.047 ms

the order of the foreman.lan and foreman are important otherwise you'll get an error telling you that the facter fqdn command sees a different hostname to hostname -f

Try the ping again

ping $(hostname -f)

PING foreman.lan (192.168.20.21) 56(84) bytes of data.
64 bytes from foreman.lan (192.168.20.21): icmp_seq=1 ttl=64 time=0.046 ms
64 bytes from foreman.lan (192.168.20.21): icmp_seq=2 ttl=64 time=0.047 ms

Now its time to start the install

Install

Install Puppet 6

sudo apt-get -y install ca-certificates
cd /tmp && wget https://apt.puppet.com/puppet6-release-bionic.deb
sudo dpkg -i /tmp/puppet6-release-bionic.deb

Enable the Foreman Repo

echo "deb http://deb.theforeman.org/ bionic 2.0" | sudo tee /etc/apt/sources.list.d/foreman.list

echo "deb http://deb.theforeman.org/ plugins 2.0" | sudo tee -a /etc/apt/sources.list.d/foreman.list

sudo apt-get -y install ca-certificates

wget -q https://deb.theforeman.org/pubkey.gpg -O- | sudo apt-key add -

Download the installer

sudo apt-get update && sudo apt-get -y install foreman-installer

Run the foreman installer with a -v to give you verbose mode, the standard output is very slow in some areas and looks like your install might have hung, but hasn't

sudo foreman-installer -v

Once complete you should get a screen which looks like this

  * Foreman is running at https://foreman.lan
  Initial credentials are admin / 3ekw5xtyXCoXxS29
  * Foreman Proxy is running at https://foreman.lan:8443
  * Puppetmaster is running at port 8140
  The full log is at /var/log/foreman-installer/foreman-installer.log

Now head to the URL and login

Setup First Puppet Node

Setting up Foreman as the first puppet node is pretty simple

On the Foreman server run

sudo /opt/puppetlabs/bin/puppet agent --test

This will autosign itself and display under the Hosts Page in the Web GUI

Setup Puppet Agent for OpenSUSE Leap

Took a little digging on where to get the Puppet 6 binaries for OpenSUSE from and the SLES 15 ones work just fine. There isn't a single page defining how to do this as there is with CentOS or Ubuntu, the following commands worked for me.

Installing the Puppet Agent

OpenSUSE Leap

Download and install the Repo RPM

wget https://yum.puppet.com/puppet6-release-sles-15.noarch.rpm
sudo zypper in puppet6-release-sles-15.noarch.rpm

Install the Puppet 6 Agent

sudo zypper in puppet-agent

Ubuntu 18.04

Download and install the Repo DEB

wget https://apt.puppetlabs.com/puppet6-release-bionic.deb
sudo dpkg -i puppet6-release-bionic.deb
sudo apt update

Install the Puppet 6 Agent

sudo apt install -y puppet-agent

Setup the Puppet Agent

On the Puppet Client

These commands can be run on either OpenSUSE or Ubuntu once the Puppet software is installed.

Update the /etc/hosts file

sudo vi /etc/hosts

add the line

192.168.20.21   puppet

Run the puppet agent test to generate the certificates

sudo /opt/puppetlabs/bin/puppet agent --test

This will generate an error because I have not enabled autosigning of the Puppet certificates on the Foreman Server

On the Foreman Server

We need to check that the Puppet server has seen the certificate request and then sign the certificate to the puppet agent can securely talk to the foreman puppet server

You will also notice that googling through, most of the pages use the old puppet command line puppet, not the new puppetserver command.

List the certificates

sudo /opt/puppetlabs/bin/puppetserver ca list --all
**Requested Certificates**:opensuse10.lan       (SHA256)  BD:70:E2:6C:9B:DF:7D:4F:E9:E8:89:1A:61:D6:C0:2F:7D:2E:23:74:3C:8C:D6:AC:C7:03:5C:DB:ED:8A:16:50

Sign the certificate

sudo /opt/puppetlabs/bin/puppetserver ca sign --certname opensuse10.la

Check the certificate has been signed

sudo /opt/puppetlabs/bin/puppetserver ca list --al
**Signed Certificates**:opensuse10.lan       (SHA256)  F0:79:5B:EB:FE:5A:48:70:9D:5A:CA:F1:9D:0B:44:C9:E1:4F:A9:37:44:7F:B0:CD:60:61:D5:6B:20:64:B1:CB

Back on the Client

Run the puppet agent test command again

sudo /opt/puppetlabs/bin/puppet agent --test

This time the agent should run through the process

It may throw an error on the first run

IgnoreWarning: Unable to fetch my node definition, but the agent run will continue:Warning: Error 500 on SERVER: Server Error: Failed to find opensuse10.lan via exec: Execution of '/etc/puppetlabs/puppet/node.rb opensuse10.lan' returned 1:

Run the command again, and the error won't display

The last thing to do is enable the puppet service

sudo systemctl enable puppet
sudo systemctl start puppet
sudo systemctl status puppet

Repeat this on all Puppet client boxes

Note:

I'm sure this signing can probably be done in the Foreman WebGUI however this worked fine as when I Login to the forum WebGUI i can see the following.

Foreman Web Gui

Dashboard

Hosts

Next Steps

The next steps are to get the basic Puppet modules installed and git managed for the servers.

How To Install Puppet 6.x On Ubuntu 18.04 / Ubuntu 16.04 & Debian 9