将Foreman1.7.1与Chef12集成
将Foreman1.7.1与Chef12集成
提问于 2015-02-04 08:47:49
我正在尝试集成一个新的领班1.7.1与一个新的主厨12服务器。
我已经安装了它们,我希望集成它们(https://www.youtube.com/watch?v=mtR0mCeisbs将是我的灵感)。
我找不到关于安装和配置流的任何好的说明或文档。
我现在可以访问我的Foreman WebUI了,但是看起来这个foreman是不正确的,我不知道我需要做什么:
在运行了forema-installer之后,我可以看到
"Could not find a suitable provider for foreman_smartproxy"消息和我的工头代理日志都说"No client SSL certificate supplied"。我已经运行了“傀儡证书生成”命令,但是没有什么能使这个把戏。
更多信息:
[root@***** tmp]# gem list | grep foreman
/usr/local/lib/ruby/1.9.1/yaml.rb:84:in `<top (required)>':
It seems your ruby installation is missing psych (for YAML output).
To eliminate this warning, please install libyaml and reinstall your ruby.
foreman (0.77.0)
foreman-tasks (0.6.12)
foreman_chef (0.1.1)
[root@***** tmp]# rpm -qa | grep foreman
rubygem-hammer_cli_foreman-0.1.3-1.el6.noarch
foreman-compute-1.7.2-1.el6.noarch
ruby193-rubygem-foreman-mco-0.0.1-3.el6.noarch
foreman-selinux-1.7.2-1.el6.noarch
foreman-proxy-1.7.2-1.el6.noarch
foreman-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_setup-2.1.1-1.el6.noarch
ruby193-rubygem-foreman_column_view-0.2.0-1.el6.noarch
foreman-release-scl-1-1.el6.x86_64
foreman-cli-1.7.2-1.el6.noarch
foreman-vmware-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_templates-1.4.0-2.el6.noarch
ruby193-rubygem-foreman-tasks-0.6.12-2.el6.noarch
ruby193-rubygem-foreman_simplify-0.0.5-1.el6.noarch
ruby193-rubygem-foreman_custom_parameters-0.0.2-1.el6.noarch
foreman-installer-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_bootdisk-4.0.2-1.el6.noarch
ruby193-rubygem-foreman_chef-doc-0.1.1-1.el6.noarch
foreman-postgresql-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_discovery-2.0.0-0.1.rc2.el6.noarch
ruby193-rubygem-foreman_default_hostgroup-3.0.0-1.el6.noarch
foreman-release-1.7.2-1.el6.noarch
ruby193-rubygem-foreman_chef-0.1.1-1.el6.noarch
ruby193-rubygem-foremancli-1.0-6.el6.noarch
[root@***** tmp]# ruby -v
ruby 1.9.3p551 (2014-11-13 revision 48407) [x86_64-linux]和Foreman配置yaml:
---
foreman:
foreman_url: "https://foreman*.BLAH.BLAH"
unattended: true
authentication: true
passenger: true
passenger_scl:
passenger_ruby: /usr/bin/ruby193-ruby
passenger_ruby_package: ruby193-rubygem-passenger-native
use_vhost: true
servername: foreman*.BLAH.BLAH
ssl: true
custom_repo: true
repo: stable
configure_epel_repo: true
configure_scl_repo: true
configure_brightbox_repo: false
selinux:
gpgcheck: true
version: present
db_manage: true
db_type: postgresql
db_adapter:
db_host:
db_port:
db_database:
db_username: foreman
db_password: *****
db_sslmode:
app_root: /usr/share/foreman
user: foreman
group: foreman
user_groups:
- puppet
environment: production
puppet_home: /var/lib/puppet
locations_enabled: false
organizations_enabled: false
passenger_interface: ""
server_ssl_ca: /var/lib/puppet/ssl/certs/ca.pem
server_ssl_chain: /var/lib/puppet/ssl/certs/ca.pem
server_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem
server_ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem
oauth_active: true
oauth_map_users: false
oauth_consumer_key: ****
oauth_consumer_secret: "****"
passenger_prestart: true
passenger_min_instances: "1"
passenger_start_timeout: "600"
admin_username: admin
admin_password: ******
admin_first_name:
admin_last_name:
admin_email:
initial_organization:
initial_location:
ipa_authentication: false
http_keytab: /etc/httpd/conf/http.keytab
pam_service: foreman
configure_ipa_repo: false
ipa_manage_sssd: true
websockets_encrypt: true
websockets_ssl_key:
/var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem
websockets_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem
foreman_proxy:
repo: stable
gpgcheck: true
custom_repo: true
version: present
port: 8443
dir: /usr/share/foreman-proxy
user: foreman-proxy
log: /var/log/foreman-proxy/proxy.log
ssl: true
ssl_ca: /var/lib/puppet/ssl/certs/ca.pem
ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem
ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem
trusted_hosts:
- foreman*.BLAH.BLAH
manage_sudoersd: true
use_sudoersd: true
puppetca: true
ssldir: /var/lib/puppet/ssl
puppetdir: /etc/puppet
autosign_location: /etc/puppet/autosign.conf
puppetca_cmd: "/usr/bin/puppet cert"
puppet_group: puppet
puppetrun: true
puppetrun_cmd: "/usr/bin/puppet kick"
puppetrun_provider: ""
customrun_cmd: /bin/false
customrun_args: "-ay -f -s"
puppetssh_sudo: false
puppetssh_command: "/usr/bin/puppet agent --onetime --no-usecacheonfailure"
puppetssh_user: root
puppetssh_keyfile: /etc/foreman-proxy/id_rsa
puppetssh_wait: false
puppet_user: root
puppet_url: "https://foreman*.BLAH.BLAH:8140"
puppet_ssl_ca: /var/lib/puppet/ssl/certs/ca.pem
puppet_ssl_cert: /var/lib/puppet/ssl/certs/foreman*.BLAH.BLAH.pem
puppet_ssl_key: /var/lib/puppet/ssl/private_keys/foreman*.BLAH.BLAH.pem
puppet_use_environment_api:
tftp: true
tftp_syslinux_root: /usr/share/syslinux
tftp_syslinux_files:
- pxelinux.0
- menu.c32
- chain.c32
- memdisk
tftp_root: /var/lib/tftpboot/
tftp_dirs:
- /var/lib/tftpboot//pxelinux.cfg
- /var/lib/tftpboot//boot
tftp_servername: "*.*.*.*."
dhcp: false
dhcp_managed: true
dhcp_interface: eth0
dhcp_gateway: "*.*.100.1"
dhcp_range: false
dhcp_nameservers: default
dhcp_vendor: isc
dhcp_config: /etc/dhcp/dhcpd.conf
dhcp_leases: /var/lib/dhcpd/dhcpd.leases
dhcp_key_name: ""
dhcp_key_secret: ""
dns: false
dns_managed: true
dns_provider: nsupdate
dns_interface: eth0
dns_zone: BLAH.BLAH
dns_reverse: "100.168.192.in-addr.arpa"
-- press enter/return to continue or q to stop --
dns_server: "127.0.0.1"
dns_ttl: "86400"
dns_tsig_keytab: /etc/foreman-proxy/dns.keytab
dns_tsig_principal: "foremanproxy/foreman*.BLAH.BLAH@BLAH.CO.IL"
dns_forwarders: []
virsh_network: default
bmc: false
bmc_default_provider: ipmitool
realm: false
realm_provider: freeipa
realm_keytab: /etc/foreman-proxy/freeipa.keytab
realm_principal: "realm-proxy@EXAMPLE.COM"
freeipa_remove_dns: true
keyfile: /etc/rndc.key
register_in_foreman: true
foreman_base_url: "https://foreman*.BLAH.BLAH"
registered_name: foreman*.BLAH.BLAH
registered_proxy_url: "https://foreman*.BLAH.BLAH:8443"
oauth_effective_user: admin
oauth_consumer_key: ****************
oauth_consumer_secret: "******"
puppet: false
foreman_cli:
foreman_url:
manage_root_config: true
username:
password:
refresh_cache: false
request_timeout: 120
foreman_plugin_bootdisk: {}
foreman_plugin_chef: {}
foreman_plugin_default_hostgroup: false
foreman_plugin_discovery:
version: latest
source: "http://downloads.theforeman.org/discovery/releases/latest/"
initrd: foreman-discovery-image-latest.el6.iso-img
kernel: foreman-discovery-image-latest.el6.iso-vmlinuz
install_images: false
foreman_plugin_ovirt_provision: false
foreman_plugin_tasks: false
foreman_plugin_hooks: false
foreman_plugin_puppetdb: false
foreman_plugin_setup: {}
foreman_plugin_templates: {}
foreman_compute_ec2: false
foreman_compute_gce: false
foreman_compute_libvirt: false
foreman_compute_openstack: false
foreman_compute_ovirt: false
foreman_compute_rackspace: false
foreman_compute_vmware: {}
foreman_proxy_plugin_pulp: false谢谢大家!
迈克尔。
回答 1
Server Fault用户
回答已采纳
发布于 2015-02-24 17:58:49
首先,一个小小的警告,Foreman1.7和厨师集成可能有点难设置,并且有限制(例如,您不能使用https进行Foreman和Foreman代理之间的通信)。在大约RC1阶段的1.8中,这将简单得多。因此,也许从Foreman夜间构建开始,如果它是一种选择,它将使您更容易。
如果您仍然想使用1.7,请确保您有最新的1.7小版本,即当前的1.7.2。然后使用foreman_chef安装foreman_chef插件(似乎您已经安装了)。现在应该执行几个手动步骤:
1)安装smart_proxy_chef插件(取决于您的平台,它要么是ruby宝石-smart_proxy_厨师rpm,要么是红宝石智能代理-厨师deb (仅在夜间存储库中使用,但适用于1.7)
2)设置smart_proxy_chef插件open /etc/foreman/setings.d/chef.yml,并根据需要调整设置,确保已启用
3)重新启动智能代理。
4)刷新Foreman中的智能代理功能,您现在应该可以在功能中看到Chef
如前所述,智能代理不能在1.7中使用https与Foreman通信,除非您还安装了傀儡(以及该代理的客户端证书)。因此,如果是这样的话,请确保Foreman是http,并且在Foreman设置中有可信主机中的智能代理。
好消息是,我正在工作的文档,应该包括安装与Foreman1.8和厨师12。
希望这能有所帮助
编辑:我提到的文档是在http://www.theforeman.org/plugins/foreman_厨师/0.1/上发布的
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/664856
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号