我正在尝试将新的Foreman 1.7.1与新的Chef 12服务器整合在一起。
我已经安装了他们,我希望将其整合( https://www.youtube.com/watch?v=mtR0mCeisbs将是我的灵感)。
我找不到任何有关安装和configurationstream程的好方法或文档。
我现在可以访问我的工头WebUI,但它看起来像工头代理是不正确的,我不知道我需要做什么:(
运行forema-installer后,我可以看到一个
"Could not find a suitable provider for foreman_smartproxy" 消息和我的工头代理日志说"No client SSL certificate supplied" 。 我已经跑了“木偶证书生成”命令,但没有任何伎俩。
更多信息:
[root@***** tmp]# gem list | grep foreman /usr/local/lib/ruby/1.9.1/yaml.rb:84:in `<top (required)>': It seems your ruby installation is missing psych (for YAML output). To eliminate this warning, please install libyaml and reinstall your ruby. foreman (0.77.0) foreman-tasks (0.6.12) foreman_chef (0.1.1) [root@***** tmp]# rpm -qa | grep foreman rubygem-hammer_cli_foreman-0.1.3-1.el6.noarch foreman-compute-1.7.2-1.el6.noarch ruby193-rubygem-foreman-mco-0.0.1-3.el6.noarch foreman-selinux-1.7.2-1.el6.noarch foreman-proxy-1.7.2-1.el6.noarch foreman-1.7.2-1.el6.noarch ruby193-rubygem-foreman_setup-2.1.1-1.el6.noarch ruby193-rubygem-foreman_column_view-0.2.0-1.el6.noarch foreman-release-scl-1-1.el6.x86_64 foreman-cli-1.7.2-1.el6.noarch foreman-vmware-1.7.2-1.el6.noarch ruby193-rubygem-foreman_templates-1.4.0-2.el6.noarch ruby193-rubygem-foreman-tasks-0.6.12-2.el6.noarch ruby193-rubygem-foreman_simplify-0.0.5-1.el6.noarch ruby193-rubygem-foreman_custom_parameters-0.0.2-1.el6.noarch foreman-installer-1.7.2-1.el6.noarch ruby193-rubygem-foreman_bootdisk-4.0.2-1.el6.noarch ruby193-rubygem-foreman_chef-doc-0.1.1-1.el6.noarch foreman-postgresql-1.7.2-1.el6.noarch ruby193-rubygem-foreman_discovery-2.0.0-0.1.rc2.el6.noarch ruby193-rubygem-foreman_default_hostgroup-3.0.0-1.el6.noarch foreman-release-1.7.2-1.el6.noarch ruby193-rubygem-foreman_chef-0.1.1-1.el6.noarch ruby193-rubygem-foremancli-1.0-6.el6.noarch [root@***** tmp]# ruby -v ruby 1.9.3p551 (2014-11-13 revision 48407) [x86_64-linux]
和工头configurationyaml:
--- foreman: foreman_url: "https://foreman*.BLAH.BLAH" unattended: true authentication: true passenger: true passenger_scl: passenger_ruby: /usr/bin/ruby193-ruby passenger_ruby_package: ruby193-rubygem-passenger-native use_vhost: true servername: foreman*.BLAH.BLAH ssl: true custom_repo: true repo: stable configure_epel_repo: true configure_scl_repo: true configure_brightbox_repo: false selinux: gpgcheck: true version: present db_manage: true db_type: postgresql db_adapter: db_host: db_port: db_database: db_username: foreman db_password: ***** db_sslmode: app_root: /usr/share/foreman user: foreman group: foreman user_groups: - puppet environment: production puppet_home: /var/lib/puppet locations_enabled: false organizations_enabled: false passenger_interface: "" server_ssl_ca: /var/lib/puppet/ssl/certs/ca.pem server_ssl_chain: /var/lib/puppet/ssl/certs/ca.pem server_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem server_ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem oauth_active: true oauth_map_users: false oauth_consumer_key: **** oauth_consumer_secret: "****" passenger_prestart: true passenger_min_instances: "1" passenger_start_timeout: "600" admin_username: admin admin_password: ****** admin_first_name: admin_last_name: admin_email: initial_organization: initial_location: ipa_authentication: false http_keytab: /etc/httpd/conf/http.keytab pam_service: foreman configure_ipa_repo: false ipa_manage_sssd: true websockets_encrypt: true websockets_ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem websockets_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem foreman_proxy: repo: stable gpgcheck: true custom_repo: true version: present port: 8443 dir: /usr/share/foreman-proxy user: foreman-proxy log: /var/log/foreman-proxy/proxy.log ssl: true ssl_ca: /var/lib/puppet/ssl/certs/ca.pem ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem trusted_hosts: - foreman*.BLAH.BLAH manage_sudoersd: true use_sudoersd: true puppetca: true ssldir: /var/lib/puppet/ssl puppetdir: /etc/puppet autosign_location: /etc/puppet/autosign.conf puppetca_cmd: "/usr/bin/puppet cert" puppet_group: puppet puppetrun: true puppetrun_cmd: "/usr/bin/puppet kick" puppetrun_provider: "" customrun_cmd: /bin/false customrun_args: "-ay -f -s" puppetssh_sudo: false puppetssh_command: "/usr/bin/puppet agent --onetime --no-usecacheonfailure" puppetssh_user: root puppetssh_keyfile: /etc/foreman-proxy/id_rsa puppetssh_wait: false puppet_user: root puppet_url: "https://foreman*.BLAH.BLAH:8140" puppet_ssl_ca: /var/lib/puppet/ssl/certs/ca.pem puppet_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem puppet_ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem puppet_use_environment_api: tftp: true tftp_syslinux_root: /usr/share/syslinux tftp_syslinux_files: - pxelinux.0 - menu.c32 - chain.c32 - memdisk tftp_root: /var/lib/tftpboot/ tftp_dirs: - /var/lib/tftpboot//pxelinux.cfg - /var/lib/tftpboot//boot tftp_servername: "*.*.*.*." dhcp: false dhcp_managed: true dhcp_interface: eth0 dhcp_gateway: "*.*.100.1" dhcp_range: false dhcp_nameservers: default dhcp_vendor: isc dhcp_config: /etc/dhcp/dhcpd.conf dhcp_leases: /var/lib/dhcpd/dhcpd.leases dhcp_key_name: "" dhcp_key_secret: "" dns: false dns_managed: true dns_provider: nsupdate dns_interface: eth0 dns_zone: BLAH.BLAH dns_reverse: "100.168.192.in-addr.arpa" -- press enter/return to continue or q to stop -- dns_server: "127.0.0.1" dns_ttl: "86400" dns_tsig_keytab: /etc/foreman-proxy/dns.keytab dns_tsig_principal: "foremanproxy/foreman*[email protected]" dns_forwarders: [] virsh_network: default bmc: false bmc_default_provider: ipmitool realm: false realm_provider: freeipa realm_keytab: /etc/foreman-proxy/freeipa.keytab realm_principal: "[email protected]" freeipa_remove_dns: true keyfile: /etc/rndc.key register_in_foreman: true foreman_base_url: "https://foreman*.BLAH.BLAH" registered_name: foreman*.BLAH.BLAH registered_proxy_url: "https://foreman*.BLAH.BLAH:8443" oauth_effective_user: admin oauth_consumer_key: **************** oauth_consumer_secret: "******" puppet: false foreman_cli: foreman_url: manage_root_config: true username: password: refresh_cache: false request_timeout: 120 foreman_plugin_bootdisk: {} foreman_plugin_chef: {} foreman_plugin_default_hostgroup: false foreman_plugin_discovery: version: latest source: "http://downloads.theforeman.org/discovery/releases/latest/" initrd: foreman-discovery-image-latest.el6.iso-img kernel: foreman-discovery-image-latest.el6.iso-vmlinuz install_images: false foreman_plugin_ovirt_provision: false foreman_plugin_tasks: false foreman_plugin_hooks: false foreman_plugin_puppetdb: false foreman_plugin_setup: {} foreman_plugin_templates: {} foreman_compute_ec2: false foreman_compute_gce: false foreman_compute_libvirt: false foreman_compute_openstack: false foreman_compute_ovirt: false foreman_compute_rackspace: false foreman_compute_vmware: {} foreman_proxy_plugin_pulp: false
谢谢大家!
迈克尔。
首先是一个小小的警告,Foreman 1.7和厨师的整合可能有点难以设置,并且有限制(例如你不能使用https进行Foreman和Foreman代理之间的通信)。 在RC1阶段的1.8中这将会简单得多。 所以,如果这是一个选项,那么也许从Foreman的每晚构build开始会让你更容易。
如果你仍然想使用1.7,确保你有最新的1.7次要版本,目前1.7.2。 然后使用foreman-installer安装foreman_chef插件(看起来你已经做到了)。 现在应该有几个手动步骤:
1)安装smart_proxy_chef插件(取决于你的平台,它可以是rubygem-smart_proxy_chef rpm或ruby-smart-proxy-chef deb(只在夜间版本库中,但是适用于1.7)
2)设置smart_proxy_chef插件打开/etc/foreman-proxy/settings.d/chef.yml并根据需要调整设置,确保启用设置为true
3)重新启动智能代理
4)刷新Foreman中的智能代理function,你应该看到现在的function之间的厨师
如上所述,智能代理不能使用HTTPS在1.7中与Foreman进行通信,除非您还安装了木偶(并且已为该代理准备了客户端证书)。 所以,如果是这样的话,请确保您的工头url是http,并且您在Foreman设置中的受信任主机中拥有智能代理。
好消息是,我正在处理与Foreman 1.8和Chef 12安装相关的文档。
希望这可以帮助
编辑:我提到的文档发布在http://www.theforeman.org/plugins/foreman_chef/0.1/