更新
sudo yum -y update && sudo yum -y upgrade
修改/etc/hosts
vim /etc/hosts
127.0.0.1 localhost
IP daniel-foreman.example.com
關閉selinx
sudo sed 's/SELINUX=enforcing/SELINUX=disabled/' -i /etc/sysconfig/selinux
sudo sed 's/SELINUX=enforcing/SELINUX=disabled/' -i /etc/selinux/config
關閉IPv6
Method 1
sudo vim /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
sudo sysctl -p
Method 2
sudo echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.d/disableipv6.conf
sudo echo 'net.ipv6.conf.default.disable_ipv6 = 1' >> /etc/sysctl.d/disableipv6.conf
sudo reboot
Method 3
sudo echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
sudo echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6
開放相對應的防火牆
PORT | PROTOCOL | REQUIRED FOR |
53 | TCP & UCP | DNS Server |
67,68 | UDP | DHCP Server |
69 | UDP | *TFTP Server |
80, 443 | TCP | * HTTP & HTTPS access to Foreman web UI – using Apache + Passenger |
3000 | TCP | HTTP access to Foreman web UI – using standalone WEBrick service |
3306 | TCP | Separate MySQL database |
5432 | TCP | Separate PostgreSQL database |
5910 – 5930 | TCP | Server VNC Consoles |
8140 | TCP | * Puppet Master |
8443 | TCP | * Smart Proxy, open only to Foreman |
firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=67-69/udp
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --permanent --add-port=3000/tcp
firewall-cmd --permanent --add-port=3306/tcp
firewall-cmd --permanent --add-port=5910-5930/tcp
firewall-cmd --permanent --add-port=5432/tcp
firewall-cmd --permanent --add-port=8140/tcp
firewall-cmd --permanent --add-port=8443/tcp
firewall-cmd --reload
前置作業都做好了,現在就來安裝要使用套件的Repositories
Puppet Repo
sudo rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
EPEL Repo
sudo yum -y install epel-release http://yum.theforeman.org/releases/1.11/el7/x86_64/foreman-release.rpm
安裝Foreman-installer
sudo yum -y install foreman-installer
進入互動模式安裝,關閉Configure puppet
,啟用foreman_plugin_ansible
sudo foreman-installer -i
Ready to start? (y/n) y
預設如下
Main Config Menu
1. [✓] Configure foreman
2. [✓] Configure foreman_cli
3. [✓] Configure foreman_proxy
4. [✓] Configure puppet
5. [✗] Configure foreman_plugin_ansible
6. [✗] Configure foreman_plugin_bootdisk
7. [✗] Configure foreman_plugin_chef
8. [✗] Configure foreman_plugin_cockpit
9. [✗] Configure foreman_plugin_default_hostgroup
10. [✗] Configure foreman_plugin_dhcp_browser
11. [✗] Configure foreman_plugin_digitalocean
12. [✗] Configure foreman_plugin_discovery
13. [✗] Configure foreman_plugin_docker
14. [✗] Configure foreman_plugin_hooks
15. [✗] Configure foreman_plugin_memcache
16. [✗] Configure foreman_plugin_openscap
17. [✗] Configure foreman_plugin_ovirt_provision
18. [✗] Configure foreman_plugin_puppetdb
19. [✗] Configure foreman_plugin_remote_execution
20. [✗] Configure foreman_plugin_salt
21. [✓] Configure foreman_plugin_setup
22. [✗] Configure foreman_plugin_tasks
23. [✗] Configure foreman_plugin_templates
24. [✗] Configure foreman_compute_ec2
25. [✗] Configure foreman_compute_gce
26. [✗] Configure foreman_compute_libvirt
27. [✗] Configure foreman_compute_openstack
28. [✗] Configure foreman_compute_ovirt
29. [✗] Configure foreman_compute_rackspace
30. [✗] Configure foreman_compute_vmware
31. [✗] Configure foreman_proxy_plugin_abrt
32. [✗] Configure foreman_proxy_plugin_chef
33. [✗] Configure foreman_proxy_plugin_discovery
34. [✗] Configure foreman_proxy_plugin_dns_powerdns
35. [✗] Configure foreman_proxy_plugin_dynflow
36. [✗] Configure foreman_proxy_plugin_openscap
37. [✗] Configure foreman_proxy_plugin_pulp
38. [✗] Configure foreman_proxy_plugin_remote_execution_ssh
39. [✗] Configure foreman_proxy_plugin_salt
40. Display current config
41. Save and run
42. Cancel run without Saving
Choose an option from the menu...
選4
,關閉Configure puppet
Module puppet configuration
1. Enable/disable puppet module, current value: true
2. Set version, current value: present
3. Set user, current value: puppet
4. Set group, current value: puppet
5. Set dir, current value: /etc/puppet
6. Set codedir, current value: /etc/puppet
7. Set vardir, current value: /var/lib/puppet
8. Set logdir, current value: /var/log/puppet
9. Set rundir, current value: /var/run/puppet
10. Set ssldir, current value: /var/lib/puppet/ssl
11. Set sharedir, current value: /usr/share/puppet
12. Set manage_packages, current value: true
13. Set package_provider, current value:
14. Set package_source, current value:
15. Set port, current value: 8140
16. Set listen, current value: false
17. Set listen_to, current value: []
18. Set pluginsync, current value: true
19. Set splay, current value: false
20. Set splaylimit, current value: 1800
21. Set runinterval, current value: 1800
22. Set autosign, current value: $confdir/autosign.conf { mode = 664 }
23. Set usecacheonfailure, current value: true
24. Set runmode, current value: service
25. Set unavailable_runmodes, current value: []
26. Set cron_cmd, current value:
27. Set systemd_cmd, current value:
28. Set show_diff, current value: false
29. Set module_repository, current value:
30. Set configtimeout, current value: 120
31. Set ca_server, current value:
32. Set ca_port, current value:
33. Set dns_alt_names, current value: []
34. Set classfile, current value: $statedir/classes.txt
35. Set hiera_config, current value: $confdir/hiera.yaml
36. Set syslogfacility, current value:
37. Set auth_template, current value: puppet/auth.conf.erb
38. Set nsauth_template, current value: puppet/namespaceauth.conf.erb
39. Set main_template, current value: puppet/puppet.conf.erb
40. Set use_srv_records, current value: false
41. Set srv_domain, current value: example.com
42. Set pluginsource, current value: puppet:///plugins
43. Set pluginfactsource, current value: puppet:///pluginfacts
44. Set additional_settings, current value: {}
45. Configure puppet::agent parameters
46. Configure puppet::server parameters
47. Back to main menu
Choose an option from the menu...
選1
Module puppet configuration
1. Enable/disable puppet module, current value: false
2. Back to main menu
Choose an option from the menu...
選2
Main Config Menu
1. [✓] Configure foreman
2. [✓] Configure foreman_cli
3. [✓] Configure foreman_proxy
4. [✗] Configure puppet
5. [✗] Configure foreman_plugin_ansible
6. [✗] Configure foreman_plugin_bootdisk
7. [✗] Configure foreman_plugin_chef
8. [✗] Configure foreman_plugin_cockpit
9. [✗] Configure foreman_plugin_default_hostgroup
10. [✗] Configure foreman_plugin_dhcp_browser
11. [✗] Configure foreman_plugin_digitalocean
12. [✗] Configure foreman_plugin_discovery
13. [✗] Configure foreman_plugin_docker
14. [✗] Configure foreman_plugin_hooks
15. [✗] Configure foreman_plugin_memcache
16. [✗] Configure foreman_plugin_openscap
17. [✗] Configure foreman_plugin_ovirt_provision
18. [✗] Configure foreman_plugin_puppetdb
19. [✗] Configure foreman_plugin_remote_execution
20. [✗] Configure foreman_plugin_salt
21. [✓] Configure foreman_plugin_setup
22. [✗] Configure foreman_plugin_tasks
23. [✗] Configure foreman_plugin_templates
24. [✗] Configure foreman_compute_ec2
25. [✗] Configure foreman_compute_gce
26. [✗] Configure foreman_compute_libvirt
27. [✗] Configure foreman_compute_openstack
28. [✗] Configure foreman_compute_ovirt
29. [✗] Configure foreman_compute_rackspace
30. [✗] Configure foreman_compute_vmware
31. [✗] Configure foreman_proxy_plugin_abrt
32. [✗] Configure foreman_proxy_plugin_chef
33. [✗] Configure foreman_proxy_plugin_discovery
34. [✗] Configure foreman_proxy_plugin_dns_powerdns
35. [✗] Configure foreman_proxy_plugin_dynflow
36. [✗] Configure foreman_proxy_plugin_openscap
37. [✗] Configure foreman_proxy_plugin_pulp
38. [✗] Configure foreman_proxy_plugin_remote_execution_ssh
39. [✗] Configure foreman_proxy_plugin_salt
40. Display current config
41. Save and run
42. Cancel run without Saving
Choose an option from the menu...
啟用foreman_plugin_ansible
,選5
Module foreman_plugin_ansible configuration
1. Enable/disable foreman_plugin_ansible module, current value: false
2. Back to main menu
Choose an option from the menu... 1
Enable foreman_plugin_ansible module? (y/n) y
選1
,再選y
Module foreman_plugin_ansible configuration
1. Enable/disable foreman_plugin_ansible module, current value: true
2. Back to main menu
Choose an option from the menu...
選2
Main Config Menu
1. [✓] Configure foreman
2. [✓] Configure foreman_cli
3. [✓] Configure foreman_proxy
4. [✗] Configure puppet
5. [✓] Configure foreman_plugin_ansible
6. [✗] Configure foreman_plugin_bootdisk
7. [✗] Configure foreman_plugin_chef
8. [✗] Configure foreman_plugin_cockpit
9. [✗] Configure foreman_plugin_default_hostgroup
10. [✗] Configure foreman_plugin_dhcp_browser
11. [✗] Configure foreman_plugin_digitalocean
12. [✗] Configure foreman_plugin_discovery
13. [✗] Configure foreman_plugin_docker
14. [✗] Configure foreman_plugin_hooks
15. [✗] Configure foreman_plugin_memcache
16. [✗] Configure foreman_plugin_openscap
17. [✗] Configure foreman_plugin_ovirt_provision
18. [✗] Configure foreman_plugin_puppetdb
19. [✗] Configure foreman_plugin_remote_execution
20. [✗] Configure foreman_plugin_salt
21. [✓] Configure foreman_plugin_setup
22. [✗] Configure foreman_plugin_tasks
23. [✗] Configure foreman_plugin_templates
24. [✗] Configure foreman_compute_ec2
25. [✗] Configure foreman_compute_gce
26. [✗] Configure foreman_compute_libvirt
27. [✗] Configure foreman_compute_openstack
28. [✗] Configure foreman_compute_ovirt
29. [✗] Configure foreman_compute_rackspace
30. [✗] Configure foreman_compute_vmware
31. [✗] Configure foreman_proxy_plugin_abrt
32. [✗] Configure foreman_proxy_plugin_chef
33. [✗] Configure foreman_proxy_plugin_discovery
34. [✗] Configure foreman_proxy_plugin_dns_powerdns
35. [✗] Configure foreman_proxy_plugin_dynflow
36. [✗] Configure foreman_proxy_plugin_openscap
37. [✗] Configure foreman_proxy_plugin_pulp
38. [✗] Configure foreman_proxy_plugin_remote_execution_ssh
39. [✗] Configure foreman_proxy_plugin_salt
40. Display current config
41. Save and run
42. Cancel run without Saving
Choose an option from the menu...
確定如上面這樣後,就選41
,就會進行安裝了
Could not start Service[foreman-proxy]: Execution of '/bin/systemctl start foreman-proxy' returned 1: Job for foreman-proxy.service failed because the control process exited with error code. See "systemctl status foreman-proxy.service" and "journalctl -xe" for details.
/Stage[main]/Foreman_proxy::Service/Service[foreman-proxy]/ensure: change from stopped to running failed: Could not start Service[foreman-proxy]: Execution of '/bin/systemctl start foreman-proxy' returned 1: Job for foreman-proxy.service failed because the control process exited with error code. See "systemctl status foreman-proxy.service" and "journalctl -xe" for details.
Could not start Service[httpd]: Execution of '/bin/systemctl start httpd' returned 1: Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
/Stage[main]/Apache::Service/Service[httpd]/ensure: change from stopped to running failed: Could not start Service[httpd]: Execution of '/bin/systemctl start httpd' returned 1: Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[daniel-foreman.example.com]: Failed to call refresh: Proxy daniel-foreman.example.com cannot be registered (Could not load data from https://daniel-foreman.example.com
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[daniel-foreman.example.com]: Proxy daniel-foreman.example.com cannot be registered (Could not load data from https://daniel-foreman.example.com
Installing Done [100%] [............................................................................................................................................................................................]
Something went wrong! Check the log for ERROR-level output
* Foreman is running at https://daniel-foreman.example.com
Initial credentials are admin / EWWaLugGTdqT4na3
* Foreman Proxy is running at https://daniel-foreman.example.com:8443
* Puppetmaster is running at port 8140
The full log is at /var/log/foreman-installer/foreman.log
安裝完後會出現登入 Foreman
的資訊,請勿必要記下來,並更改 admin
的密碼,同時你也會看到有報錯誤,就開始進行修復
sudo systemctl status foreman-proxy.service
smart-proxy[3493]: Errors detected on startup, see log for details. Exiting: No such file or directory - /var/lib/puppet/ssl/private_keys/daniel-foreman.example.com.pem
如上面的錯誤訊息得知,找不到 /var/lib/puppet/ssl/private_keys/daniel-foreman.example.com.pem
這個檔案,所以我們需要建立 daniel-foreman.example.com.pem
解法:
puppet cert --generate daniel-foreman.example.com
Notice: Signed certificate request for ca
Notice: daniel-foreman.example.com.pem has a waiting certificate request
Notice: Signed certificate request for daniel-foreman.example.com.pem
Notice: Removing file Puppet::SSL::CertificateRequest daniel-foreman.example.com.pem at '/var/lib/puppet/ssl/ca/requests/daniel-foreman.example.com.pem'
INotice: Removing file Puppet::SSL::CertificateRequest daniel-foreman.example.com.pem at '/var/lib/puppet/ssl/certificate_requests/daniel-foreman.example.com.pem'
systemctl status httpd.service
May 16 14:53:06 daniel-foreman.example.com httpd[3840]: AH00526: Syntax error on line 30 of /etc/httpd/conf.d/05-foreman-ssl.conf:
May 16 14:53:06 daniel-foreman.example.com httpd[3840]: SSLCertificateFile: file '/var/lib/puppet/ssl/certs/daniel-foreman.example.com.pem' does not exist or is empty
如上面的錯誤訊息得知,第一個是 語法錯誤
,第二個是 /var/lib/puppet/ssl/certs/daniel-foreman.example.com.pem
找不到
vim /etc/httpd/conf.d/05-foreman-ssl.conf
SSLCertificateFile "/var/lib/puppet/ssl/certs/daniel-foreman.example.com.pem"
SSLCertificateKeyFile "/var/lib/puppet/ssl/private_keys/daniel-foreman.example.com.pem"
結果也發現,原來也是SSL的錯誤,但因為我們剛剛在解上一個問題時,就也順帶解決了這個問題,此時可以確認一下
ls -la /var/lib/puppet/ssl/certs/daniel-foreman.example.com.pem
-rw-r--r--. 1 puppet puppet 2057 May 16 17:50 /var/lib/puppet/ssl/certs/daniel-foreman.example.com.pem
ls -la /var/lib/puppet/ssl/private_keys/daniel-foreman.example.com.pem
-rw-r-----. 1 puppet puppet 3247 May 16 17:50 /var/lib/puppet/ssl/private_keys/daniel-foreman.example.com.pem
很明顯都有存在,所以真的確定解決了,接下來就是將這二個給服務給重啟
sudo systemctl start foreman-proxy.service
sudo systemctl start httpd.service
Reference: