RLabs: Foreman and Katello installation

Let´s install The Foreman with the Katello plugin.

Proceed only if you have your lab up and running and will start with Foreman now.

Prepare for installation

You will need a CentOS (preferred) or RedHat host with 8Gb of ram (12Gb recommended) and two vCpus, at least.
If using LVM, you can start with 20Gb of space and grow it later if needed. You can get recommended partitioning settings at the official site .

In all RLabs tutorials I´ll be using RLabs specs for network configuration. Adapt to your environment.

Network configuration

You should configure your network interface as follow (for the rlabs purposes):
Hostname: foreman.ext.dc1.lab
NOTE: You can use the nmtui command to configure the network and hostname.

You should have a working DNS on resolving foreman.ext.dc1.lab to and also resolving recursive queries.
NOTE: we will setup two DNS servers later, with the DNS zone managed as code and etc, but for now you can install any DNS server for this purpose.

Edit /etc/hosts and make sure you have an IP->hostname entry:

echo " foreman.ext.dc1.lab foreman" >> /etc/hosts


Provisioning network

If you want to test/use features like bare metal provisioning (even on vmware) and/or server discovery, you should use a second network interface that will be referred as the provisioning network from now on.

If you won´t need these features, ignore all the provisioning network related stuff.

No gateway and no DNS

Enable ip forwarding (as in the lab Foreman will also be the gateway of this network):

echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf && sysctl -p

Create a masquerade nat rule (assuming that your primary interface is ens192):

echo 'iptables -t nat -A POSTROUTING -o ens192 -j MASQUERADE' >> /etc/rc.local && chmod +x /etc/rc.d/rc.local && . /etc/rc.local

In a production environment your firewall will be the gateway for the provisioning network, not the Foreman host.



Go to https://theforeman.org/plugins/katello/ and click on the latest stable release on the right pane.

Click on the link Installation/Katello on the left pane and follow the instructions.
YES – That´s it. Follow the instructions.

I won´t paste here the instructions to force you to always use the official procedures on the official site, and then I won´t need to update this post everytime a new release is lauched.

You can follow the instructions until you have to run the foreman-installer command.


The foreman-installer command

Create a foreman directory wherever you want to put Foreman related scripts so you can run them later if you want.

Create a file named foreman-installer.sh with your foreman-installer command and options. You are saving this script because you should run it everytime you upgrade Foreman.
NOTE: You should adjust options as needed like removing the compute resources you won´t use.

WITHOUT the provisioning network (should take aroung 25 min):

foreman-installer --scenario katello \
  --foreman-admin-password adminadmin \
  --enable-foreman-proxy-plugin-ansible \
  --enable-foreman-plugin-ansible \
  --enable-foreman-compute-vmware \
  --enable-foreman-compute-ec2 \
  --enable-foreman-compute-gce \
  --enable-foreman-plugin-remote-execution \
  --enable-foreman-proxy-plugin-remote-execution-ssh \
  --foreman-initial-location dc1 \
  --foreman-initial-organization RLabs \

WITH the provisioning network (should take around 30 min):

foreman-installer --scenario katello \
  --foreman-admin-password adminadmin \
  --enable-foreman-proxy-plugin-ansible \
  --enable-foreman-plugin-ansible \
  --enable-foreman-compute-vmware \
  --enable-foreman-compute-ec2 \
  --enable-foreman-compute-gce \
  --enable-foreman-plugin-remote-execution \
  --enable-foreman-proxy-plugin-remote-execution-ssh \
  --foreman-initial-location dc1 \
  --foreman-initial-organization RLabs \
  --foreman-proxy-dns=false \
  --foreman-proxy-tftp=true \
  --foreman-proxy-tftp-servername= \
  --foreman-proxy-dhcp=true \
  --foreman-proxy-dhcp-interface=ens224 \
  --foreman-proxy-dhcp-gateway= \
  --foreman-proxy-dhcp-nameservers="" \
  --foreman-proxy-dhcp-range="" \
  --enable-foreman-plugin-discovery \
  --enable-foreman-proxy-plugin-discovery \
  --foreman-proxy-plugin-discovery-install-images true

Save it and run it.



Install aditional plugins


This plugin allows you to add extra columns on the host list page.
Useful to add information like IP address and uptime.

To install column_view plugin:

yum install tfm-rubygem-foreman_column_view

Edit /etc/foreman/plugins/foreman_column_view.yaml as follow:

    :title: IP_Address
    :after: last_report
    :content: facts_hash['ipaddress']
    :title: Uptime
    :after: ipaddress
    :content: facts_hash['uptime']

And restart the web server:

service httpd restart 

Post-install configuration


You should run the Puppet Agent so it will report to the Foreman server:

. /etc/profile && puppet agent -t

If your foreman server is reacheabe only by the internal networks (like it should be), you can accept any new puppet agent registration doing this:

echo "*" >> /etc/puppetlabs/puppet/autosign.conf

Foreman CLI

You can configure foreman entirely on the Web Interface, but you can do most of the things using the Foreman CLI, hammer.

It is very important for you to know how to do it all on the web interface. I suggest you to try doing everything for the first time using the web interface, and use the hammer cli described here only for things you already know how to do it on the web interface.

I created some scripts in this repo to do the configuration in RLabs.


Configure DNS domains and subnets (01 script)

The ext.dc1.lab domain is created upon the Foreman host register itself on Puppet, but since it is not assigned to any organization, you should update the domain to configure organization and location.

Try to do that on the web interface: Infrastructure->Domains and setting both organization and location to any.

Using hammer:

hammer domain update --name ext.dc1.lab --organizations RLabs --locations dc1

The external subnet is not created yet, so you must create it (and passing parameters as we´ll use on RLabs):

hammer subnet create --name ext.dc1.lab --network --mask --gateway --boot-mode Static --from --to --domains ext.dc1.lab --dns-primary --ipam 'Internal DB' --organizations RLabs --locations dc1

IF using a provisioning network, also create the provisioning domain and subnet:

hammer domain create --name prov.dc1.lab --organizations RLabs --locations dc1
hammer subnet create --name prov.dc1.lab --network --mask --gateway --boot-mode DHCP --from --to --domains prov.dc1.lab --ipam DHCP --organizations RLabs --locations dc1

Foreman settings (02 script)

Configure the following settings:

hammer settings set --name "entries_per_page" --value "1000"
hammer settings set --name "puppet_server" --value "foreman.ext.dc1.lab"
hammer settings set --name "remote_execution_connect_by_ip" --value "true"


Global variables

Set the following global parameters:

hammer global-parameter set --name "disable-firewall" --value "true"
hammer global-parameter set --name "enable-puppetlabs-pc1-repo" --value "true"
hammer global-parameter set --name "kt_activation_keys" --value "CentOS7"
hammer global-parameter set --name "selinux-mode" --value "disabled"
hammer global-parameter set --name "runinterval" --value "600"

All set up

Now you should be able to see the foreman host itself on the list, but since it is not assigned to any location nor organization, you need to set the organization and location filtering on the top bar to any.

Log in to your foreman server: https://foreman.ext.dc1.lab as admin password adminadmin.

Go to Hosts->All hosts and set both organization and location to any.

You should see this:

Screenshot 2018-09-27 11.58.31.png


Congratulations, Foreman is installed.