thulium_drake.foreman
Foreman Configuration with Ansible
This guide explains how to set up a Foreman or Satellite server using Ansible. It helps create an organization and manage content.
Requirements
You need the following Ansible Collections for this to work:
- theforeman.foreman version 3.4.0 or higher
- ansible.utils version 2.6.0 or higher
- ansible.posix version 1.4.0 or higher
Tested with Ansible version 2.12 and later. This setup supports Foreman 3.2 / Katello 4.4 or Red Hat Satellite 6.11 and later.
Additional Requirements
You also need python-netaddr for tasks related to subnets.
Check the example inventory and playbooks for guidance or read my blog post.
Offline Installation of Satellite
If you plan to install Satellite using the Offline Installation ISO, make sure you configure the RHEL repositories from the Installation ISO or a mirror.
Content Views and Publishing
When creating new content views and composite content views (COVs), this strategy is used:
- Content views are named after the product.
- Newly created repositories will synchronize automatically.
- New COVs will be promoted to all lifecycle environments in the organization.
This ensures COVs are linked with clients, and base content views remain in the Library.
All created COVs have auto-publish enabled. Sample playbooks to tag and publish new versions are available.
Host Discovery
To allow the discovery service to report to the right server, register these DNS records:
For Foreman servers:
_x-foreman._tcp.dev.example.com 600 IN SRV 0 5 443 foreman.dev.example.com
For Foreman Smart Proxies:
_x-foreman._tcp.dev.example.com 600 IN SRV 0 5 8443 fm-proxy.dev.example.com
If these records don't work, you can set foreman_discovery_image_autodetect to false to use Foreman’s default settings, but that may not work well with Smart Proxies.
Installing Smart Proxies
Since Smart Proxies share some settings with the Foreman server, the following inventory structure is recommended:
[foreman]
foreman.infra.example.com
[foreman_proxies]
fm-proxy.dev.example.com
[foreman_infra]
[foreman_infra:children]
foreman
foreman_proxies
Global settings for Foreman should go in the group_vars for foreman_infra, so they're available to both the Server and the Proxies. You can create unique settings for each Foreman system (Server or Proxy) in host_vars.
Troubleshooting
If the installer can't complete the configuration, follow these steps:
- Run
foreman-installermanually (no arguments needed) to get direction. - Check logs at
/var/log/foreman-installer. - Restart Foreman services. This can sometimes reset things and allow the installer to finish.
Deployment, Discovery, and Boot Options
Testing has shown that certain settings affect whether a host can boot from the network. We've tested the following setups:
KVM
- BIOS: Works with default settings; compatible with iPXE.
- UEFI: May have issues loading FDI from PXE; iPXE works fine.
HyperV
- Gen1 (BIOS): Works with default settings; can use iPXE.
- Gen2 (UEFI): Requires iPXE and Secure Boot must be disabled.
To enable iPXE, set foreman_deploy_ipxe: true and use pxe_loader: 'None' for your OSes.
Known Issues
- Error Creating OSes: Remove all OS entries from Hosts -> Operating systems.
- Resource Passwords Always Change: Password fields can’t be compared, causing them to always update.
- Host Groups Limitations: Host Groups will use the first partition table in the list; customization is limited.
Example for a specific partition table layout:
foreman_partition_tables:
- name: 'Kickstart default first disk only'
os_family: 'Redhat'
layout: |
zerombr
clearpart --all --initlabel
ignoredisk --use-only=sda
autopart <%= host_param('autopart_options') %>
foreman_operating_systems:
- name: 'CentOS'
major_version: 7
arch:
- 'x86_64'
os_family: 'Redhat'
kickstart: true
kickstart_repo: 'CentOS7-Base'
partitions:
- 'Kickstart default first disk only'
root_pass: 'some_password'
parameters:
- name: 'autopart_options'
value: '--nohome'
ansible-galaxy install thulium_drake.foreman