Chef
將 Foreman 1.7.1 與 Chef12 集成
我正在嘗試將新的 Foreman 1.7.1 與新的 Chef 12 伺服器集成。
我已經安裝了它們,我希望將其集成(https://www.youtube.com/watch?v=mtR0mCeisbs將是我的靈感)。
我找不到任何關於安裝和配置流程的好的操作指南或文件。
我現在可以訪問我的工頭 WebUI,但看起來工頭代理不正確,我不知道我需要做什麼:(
執行 forema-installer 後,我可以看到
"Could not find a suitable provider for foreman_smartproxy"消息和我的工頭代理日誌說
"No client SSL certificate supplied"。我已經執行了“puppet cert generate”命令,但沒有成功。更多資訊:
[root@***** tmp]# gem list | grep foreman /usr/local/lib/ruby/1.9.1/yaml.rb:84:in `<top (required)>': It seems your ruby installation is missing psych (for YAML output). To eliminate this warning, please install libyaml and reinstall your ruby. foreman (0.77.0) foreman-tasks (0.6.12) foreman_chef (0.1.1) [root@***** tmp]# rpm -qa | grep foreman rubygem-hammer_cli_foreman-0.1.3-1.el6.noarch foreman-compute-1.7.2-1.el6.noarch ruby193-rubygem-foreman-mco-0.0.1-3.el6.noarch foreman-selinux-1.7.2-1.el6.noarch foreman-proxy-1.7.2-1.el6.noarch foreman-1.7.2-1.el6.noarch ruby193-rubygem-foreman_setup-2.1.1-1.el6.noarch ruby193-rubygem-foreman_column_view-0.2.0-1.el6.noarch foreman-release-scl-1-1.el6.x86_64 foreman-cli-1.7.2-1.el6.noarch foreman-vmware-1.7.2-1.el6.noarch ruby193-rubygem-foreman_templates-1.4.0-2.el6.noarch ruby193-rubygem-foreman-tasks-0.6.12-2.el6.noarch ruby193-rubygem-foreman_simplify-0.0.5-1.el6.noarch ruby193-rubygem-foreman_custom_parameters-0.0.2-1.el6.noarch foreman-installer-1.7.2-1.el6.noarch ruby193-rubygem-foreman_bootdisk-4.0.2-1.el6.noarch ruby193-rubygem-foreman_chef-doc-0.1.1-1.el6.noarch foreman-postgresql-1.7.2-1.el6.noarch ruby193-rubygem-foreman_discovery-2.0.0-0.1.rc2.el6.noarch ruby193-rubygem-foreman_default_hostgroup-3.0.0-1.el6.noarch foreman-release-1.7.2-1.el6.noarch ruby193-rubygem-foreman_chef-0.1.1-1.el6.noarch ruby193-rubygem-foremancli-1.0-6.el6.noarch [root@***** tmp]# ruby -v ruby 1.9.3p551 (2014-11-13 revision 48407) [x86_64-linux]和工頭配置yaml:
--- foreman: foreman_url: "https://foreman*.BLAH.BLAH" unattended: true authentication: true passenger: true passenger_scl: passenger_ruby: /usr/bin/ruby193-ruby passenger_ruby_package: ruby193-rubygem-passenger-native use_vhost: true servername: foreman*.BLAH.BLAH ssl: true custom_repo: true repo: stable configure_epel_repo: true configure_scl_repo: true configure_brightbox_repo: false selinux: gpgcheck: true version: present db_manage: true db_type: postgresql db_adapter: db_host: db_port: db_database: db_username: foreman db_password: ***** db_sslmode: app_root: /usr/share/foreman user: foreman group: foreman user_groups: - puppet environment: production puppet_home: /var/lib/puppet locations_enabled: false organizations_enabled: false passenger_interface: "" server_ssl_ca: /var/lib/puppet/ssl/certs/ca.pem server_ssl_chain: /var/lib/puppet/ssl/certs/ca.pem server_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem server_ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem oauth_active: true oauth_map_users: false oauth_consumer_key: **** oauth_consumer_secret: "****" passenger_prestart: true passenger_min_instances: "1" passenger_start_timeout: "600" admin_username: admin admin_password: ****** admin_first_name: admin_last_name: admin_email: initial_organization: initial_location: ipa_authentication: false http_keytab: /etc/httpd/conf/http.keytab pam_service: foreman configure_ipa_repo: false ipa_manage_sssd: true websockets_encrypt: true websockets_ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem websockets_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem foreman_proxy: repo: stable gpgcheck: true custom_repo: true version: present port: 8443 dir: /usr/share/foreman-proxy user: foreman-proxy log: /var/log/foreman-proxy/proxy.log ssl: true ssl_ca: /var/lib/puppet/ssl/certs/ca.pem ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem trusted_hosts: - foreman*.BLAH.BLAH manage_sudoersd: true use_sudoersd: true puppetca: true ssldir: /var/lib/puppet/ssl puppetdir: /etc/puppet autosign_location: /etc/puppet/autosign.conf puppetca_cmd: "/usr/bin/puppet cert" puppet_group: puppet puppetrun: true puppetrun_cmd: "/usr/bin/puppet kick" puppetrun_provider: "" customrun_cmd: /bin/false customrun_args: "-ay -f -s" puppetssh_sudo: false puppetssh_command: "/usr/bin/puppet agent --onetime --no-usecacheonfailure" puppetssh_user: root puppetssh_keyfile: /etc/foreman-proxy/id_rsa puppetssh_wait: false puppet_user: root puppet_url: "https://foreman*.BLAH.BLAH:8140" puppet_ssl_ca: /var/lib/puppet/ssl/certs/ca.pem puppet_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem puppet_ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem puppet_use_environment_api: tftp: true tftp_syslinux_root: /usr/share/syslinux tftp_syslinux_files: - pxelinux.0 - menu.c32 - chain.c32 - memdisk tftp_root: /var/lib/tftpboot/ tftp_dirs: - /var/lib/tftpboot//pxelinux.cfg - /var/lib/tftpboot//boot tftp_servername: "*.*.*.*." dhcp: false dhcp_managed: true dhcp_interface: eth0 dhcp_gateway: "*.*.100.1" dhcp_range: false dhcp_nameservers: default dhcp_vendor: isc dhcp_config: /etc/dhcp/dhcpd.conf dhcp_leases: /var/lib/dhcpd/dhcpd.leases dhcp_key_name: "" dhcp_key_secret: "" dns: false dns_managed: true dns_provider: nsupdate dns_interface: eth0 dns_zone: BLAH.BLAH dns_reverse: "100.168.192.in-addr.arpa" -- press enter/return to continue or q to stop -- dns_server: "127.0.0.1" dns_ttl: "86400" dns_tsig_keytab: /etc/foreman-proxy/dns.keytab dns_tsig_principal: "foremanproxy/foreman*.BLAH.BLAH@BLAH.CO.IL" dns_forwarders: [] virsh_network: default bmc: false bmc_default_provider: ipmitool realm: false realm_provider: freeipa realm_keytab: /etc/foreman-proxy/freeipa.keytab realm_principal: "realm-proxy@EXAMPLE.COM" freeipa_remove_dns: true keyfile: /etc/rndc.key register_in_foreman: true foreman_base_url: "https://foreman*.BLAH.BLAH" registered_name: foreman*.BLAH.BLAH registered_proxy_url: "https://foreman*.BLAH.BLAH:8443" oauth_effective_user: admin oauth_consumer_key: **************** oauth_consumer_secret: "******" puppet: false foreman_cli: foreman_url: manage_root_config: true username: password: refresh_cache: false request_timeout: 120 foreman_plugin_bootdisk: {} foreman_plugin_chef: {} foreman_plugin_default_hostgroup: false foreman_plugin_discovery: version: latest source: "http://downloads.theforeman.org/discovery/releases/latest/" initrd: foreman-discovery-image-latest.el6.iso-img kernel: foreman-discovery-image-latest.el6.iso-vmlinuz install_images: false foreman_plugin_ovirt_provision: false foreman_plugin_tasks: false foreman_plugin_hooks: false foreman_plugin_puppetdb: false foreman_plugin_setup: {} foreman_plugin_templates: {} foreman_compute_ec2: false foreman_compute_gce: false foreman_compute_libvirt: false foreman_compute_openstack: false foreman_compute_ovirt: false foreman_compute_rackspace: false foreman_compute_vmware: {} foreman_proxy_plugin_pulp: false謝謝大家!
邁克爾。
首先是一個小警告,Foreman 1.7 和 Chef 集成可能有點難以設置並且存在限制(例如,您不能使用 https 進行 Foreman 和 Foreman 代理之間的通信)。這在大約 RC1 階段的 1.8 中會簡單得多。因此,如果可以選擇,也許從 Foreman nightly builds 開始會讓你更容易。
如果您仍想使用 1.7,請確保您擁有最新的 1.7 次要版本,目前為 1.7.2。然後使用 foreman-installer 安裝 foreman_chef 外掛(看起來你已經這樣做了)。現在應該遵循幾個手動步驟:
1)安裝 smart_proxy_chef 外掛(取決於您的平台,它是 rubygem-smart_proxy_chef rpm 或 ruby-smart-proxy-chef deb(僅在夜間儲存庫中,但適用於 1.7)
2)設置 smart_proxy_chef 外掛打開 /etc/foreman-proxy/settings.d/chef.yml 並根據您的需要調整設置,確保啟用設置為 true
3)重新啟動智能代理
- 刷新 Foreman 中的智能代理功能,您現在應該在功能中看到 Chef
如上所述,智能代理在 1.7 中無法使用 https 與 Foreman 通信,除非您還安裝了 puppet(以及該代理的客戶端證書)。因此,如果是這種情況,請確保您的 Foreman url 是 http 並且您在 Foreman 設置中的受信任主機之間有智能代理。
好消息是我正在編寫文件,該文件應涵蓋使用 Foreman 1.8 和 Chef 12 進行安裝。
希望這可以幫助
編輯:我提到的文件發佈在http://www.theforeman.org/plugins/foreman_chef/0.1/