Installing and configuring Foreman on Ubuntu Focal

• Foreman
• puppet
• Ubuntu-Focal
• puppet

Foreman is a tool that helps system administrators manage servers throughout their lifecycle, from provisioning and configuration to orchestration and monitoring. In short, it is a complete lifecycle management tool for physical and virtual servers. Foreman, available as open source software, becomes even more powerful when integrated with other open source projects such as Puppet, Chef, Salt, and Ansible.

Foreman helps to automatize the OS installation. After that – through its very good integration with puppet – the new system will be configured towards the desired state. Finally, Puppet will send facts about the system to Foreman which helps to monitor the whole system over its complete lifecycle. With a discovery plugin Foreman can also discover new machines in the network based on their mac address.

This tutorial assumes that Foreman is being installed on a fresh Instance, which will also act as the Puppet primary server.

Before you start

To complete the actions presented below, you must have:

• A Scaleway account logged into the console

• Owner status or IAM permissions allowing you to perform actions in the intended Organization

• An SSH key

• An Instance running on Ubuntu Focal Fossa (20.04) or later

• Root access to all the servers you want to manage

• A reachable port 8140 on the Puppet primary Instance

• A working Puppet installation to perform the configuration management of hosts

  Note

  We recommend running Foreman on a machine with at least 8 GB of RAM for optimal performances.

Creating your Foreman server

The installation tool is a collection of Puppet modules that installs everything required for a full working Foreman setup.

The Foreman installer uses Puppet (> 3.x required) to install the software.

1. Connect to the Instance using SSH:

   ssh root@SERVER_IP
   

To retrieve the Instance’s IP, list your exiting servers using scw ps (Scaleway CLI). For more information on the Scaleway CLI, refer to the tutorial on the Scaleway Command Line Interface.

The Instance’s IP can also be retrieved from the Scaleway console. Once logged in, check the IP addresses in the Instances tab of the left menu. 2. Check your Instance’s full hostname to ensure the hostname is set to a valid FQDN.

hostname

You should see the complete hostname of your Instance (e.g. foreman.example.com). If this is the case, skip the remaining steps and jump directly to the next section. 3. (Optional) In case a short name is returned (e.g. foreman), configure the complete hostname. To do so, edit the hosts file in a text editor:

sudo nano /etc/hosts

4. (Optional) Add the FQDN before the short hostname.

   foreman.example.com foreman
   

5. Save and exit nano.
6. Edit the hostname file:

   sudo nano /etc/hostname
   

7. Change the entry in the file to the Instances FQDN, e.g. foreman.example.com. Then save and exit the editor.
8. Run the following command to reconfigure the Instance’s hostname according to the changes made in the previous steps:

   sudo hostname --file /etc/hostname
   

Installing Foreman on Ubuntu Focal

The fastest way to install Foreman is by using the installer, which installs and configures automatically all the required components to run Foreman, these include:

• Foreman
• Puppet primary/agent
• The Apache Web Server with SSL and Passenger modules

1. Install Puppet 6.x from the Puppetlabs repository as follows:

   apt-get -y install ca-certificates
   wget https://apt.puppetlabs.com/puppet6-release-focal.deb
   sudo dpkg -i puppet6-release-focal.deb
   

2. Add the Foreman repository to the APT package manager sources list:

   echo "deb http://deb.theforeman.org/ focal 3.1" | sudo tee /etc/apt/sources.list.d/foreman.list
   echo "deb http://deb.theforeman.org/ plugins 3.1" | sudo tee -a /etc/apt/sources.list.d/foreman.list
   sudo apt-get -y install ca-certificates
   wget -q https://deb.theforeman.org/pubkey.gpg -O- | sudo apt-key add -
   

3. Download the installer via APT:

   sudo apt-get update && sudo apt-get -y install foreman-installer
   

4. Run the Foreman Installer by typing the following command:

   foreman-installer
   

   The command returns the following output:

   Installing             Done                                               [100%] [..]
     Success!
     * Foreman is running at https://foreman.example.com
         Initial credentials are admin / 6fHtmSWpqNbGo7nn
     * Foreman Proxy is running at https://foreman.example.com:8443
     * Puppetprimary is running at port 8140
     The full log is at /var/log/foreman-installer/foreman.log
   

Managing Puppet

During installation, the installation wizard sets up a puppet primary on the host, which is fully integrated with Foreman. Run the Puppet agent on the Instance to send the first Puppet report to Foreman, This creates the host automatically in Foremans database.

1. Install puppet-agent with the following command:

   apt-get install puppet-agent
   

2. Add the host to Foreman’s database by running the puppet agent command:

   sudo puppet agent --test
   

   This adds the local Foreman host as the first Puppet agent node, managed by Foreman.

The Foreman web interface

The web interface of Foreman can be accessed on the public IP address of your Instance. By default, Foreman uses Puppets self-signed certificates, which are probably not trusted by your browser. Accept the notification about the certificate and proceed.

You can log in to Foreman using the credentials that were returned once it was installed.

• Username: admin
• Password: random

Foreman dashboard

After login, the Foreman dashboard displays an overview of your Puppet environment.

A summary of “Host Configuration Status” displays, with the amount of Puppet agent nodes and their statuses. Upon first connection, one single Instance should be visible in the “good host” section.

Changing the admin password

Before doing anything else, change the admin user password for security reasons.

1. Go to Admin User and select My Account
2. In the User section, fill in the current password and set a new password in the password and verify tabs.
3. Click Submit

Adding NTP module to Foreman

Puppet requires accurate time-keeping, therefore the NTP service runs on the Foreman host (which acts also as Puppet primary).

1. Install NTP and Stdlib on the Puppet primary:

   puppet module install -i /etc/puppet/environments/production/modules puppetlabs/ntp
   

   The command returns

   Notice: Created target directory /etc/puppet/environments/production/modules
   Notice: Downloading from https://forgeapi.puppet.com ...
   Notice: Installing -- do not interrupt ...
   /etc/puppet/environments/production/modules
   └─┬ puppetlabs-ntp (v7.2.0)
     └── puppetlabs-stdlib (v4.25.1)
   

   The module requires to be added to Foreman before being usable.

2. When connected to the Foreman web UI, click Configure> Puppet> Classes:

   

3. Click the Import environments from foreman.example.com button.

   

   This imports the environment and displays the Changed environments panel.

4. Tick the ntp checkbox next to the item and click Update to import the ntp module.

   

Overriding default NTP pool

Update the settings and configure the NTP module to use the French NTP pool by default.

1. In the Puppet Classes screen, click ntp class to edit it.
2. Click the Smart Class Parameter tab.
3. Scroll down to find the servers item in the left sidebar, and select it.
   
4. Tick the Override checkbox. In the Parameter type menu, choose array and change the Default value from the default NTP pool to the desired one:

   ["0.fr.pool.ntp.org","1.fr.pool.ntp.org","2.fr.pool.ntp.org","3.fr.pool.ntp.org"]
   

5. Click Submit to update the configuration and to use the French NTP pool as default.

Configuring Foreman host to use NTP module

Configure the NTP module to manage NTP on the Foreman host.

1. Click Hosts on the side menu and select All hosts.

2. Click Edit on the far right of your Foreman host.

   

3. Click the Puppet Classes tab. Within the Available Classes section, click the ntp class, then click the plus sign next to “ntp”:

   

   The ntp class is being moved to the Included Classes section. The next time the Puppet agent checks in, it will have this module applied to it.

   

4. Click Submit to activate the configuration.

Viewing Puppet configuration

After editing Foreman host’s configuration, a redirection to Foreman host’s summary page applies.

Click the YAML button, to see the information provided to Puppet when an agent node checks in.

Running the Puppet agent

Run the Puppet agent on the Foreman instance to apply all the changes that were made above.

sudo puppet agent --test

The command returns the following output:

root@foreman:~# puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Notice: /File[/opt/puppetlabs/puppet/cache/locales/ja/puppetlabs-ntp.po]/ensure: defined content as '{md5}7265ff57e178feb7a65835f7cf271e2c'
Info: Loading facts
Info: Caching catalog for foreman.example.com
Info: Applying configuration version '1533720851'
Notice: Applied catalog in 0.42 seconds

In the web UI, go back to the Foreman host and click the Reports button.

A new report entry indicates that some changes were applied, and a service was restarted. Click the report. Several notices indicate that the NTP service was installed, configured, and restarted.