sean797.foreman_installer
foreman_installer
Role to work with foreman-installer
Requirements
None
Role Variables
vars:
foreman_installer:
foreman_installer_pkg: # Package for foreman installer. Use "foreman-installer" or "katello".
foreman_installer_verbose: # Run the installer with -v option for more details.
foreman_installer_scenario: # Scenario name. This is required.
foreman_installer_scenarios_answers: # Dictionary of custom answers for your scenario. See [FAQs](https://github.com/sean797/ansible-role-foreman_installer#faqs).
foreman_installer_options: [] # Extra options to use when running the installer.
foreman_installer_generate_proxy_certs_from: # Ansible host to generate certificates for a Katello Smart Proxy.
foreman_installer_katello_ca: # Custom CA cert for Katello and its Smart Proxy.
foreman_installer_katello_cert: # Custom cert for Katello.
foreman_installer_katello_key: # Custom key for Katello.
foreman_installer_katello_csr: # Custom CSR for Katello.
foreman_installer_katello_proxy_cert: # Custom cert for Katello Smart Proxy.
foreman_installer_katello_proxy_key: # Custom key for Katello Smart Proxy.
foreman_installer_katello_proxy_csr: # Custom CSR for Katello Smart Proxy.
foreman_installer_katello_certs_dir: # Directory to store certificates.
foreman_installer_update_certs: False # Set to True to force certificate updates.
foreman_installer_update_certs_tar: False # Set to True to regenerate proxy certificates.
# Advanced Options
foreman_installer_patches: # Array of dictionaries for patches to installer files. Check defaults/main.yml for examples.
foreman_installer_encryption_key: # Encryption key for /etc/foreman/encryption_key.rb. Must be the same across a Foreman cluster.
foreman_installer_katello_cluster_group: # Name of the inventory group for all Katello servers. Requires specific issue tracking.
Example Playbook
Basic Foreman Scenario:
- hosts:
- foreman.example.com
roles:
- role: foreman_installer
foreman_installer_scenario: foreman
foreman_installer_scenarios_answers:
foreman:
admin_password: changeme
Katello Scenario with Custom Certificates:
- hosts:
- katello.example.com
var_files:
- group_vars/vault_certs.yml
roles:
- role: foreman_installer
foreman_installer_pkg: katello
foreman_installer_scenario: katello
foreman_installer_scenarios_answers:
foreman:
admin_password: changeme
foreman_installer_katello_ca: "{{ vault_foreman_installer_katello_ca }}"
foreman_installer_katello_cert: "{{ vault_katello_cert }}"
foreman_installer_katello_key: "{{ vault_foreman_installer_katello_key }}"
foreman_installer_katello_csr: "{{ vault_foreman_installer_katello_csr }}"
Katello Proxy Scenario with Supplied Certificates Tar:
- hosts:
- foreman-proxy.example.com
roles:
- role: foreman_installer
foreman_installer_pkg: foreman-proxy-content
foreman_installer_scenario: foreman-proxy-content
foreman_installer_scenarios_answers:
foreman_proxy_content:
certs_tar: /root/foreman-proxy.example.com-certs.tar # Must already be available.
pulp_oauth_secret: <generated secret>
parent_fqdn: katello.example.com
foreman_proxy:
oauth_consumer_key: <generated key>
oauth_consumer_secret: <generated secret>
foreman_base_url: https://katello.example.com
trusted_hosts:
- katello.example.com
- "{{ ansible_fqdn }}"
Katello Proxy Scenario without Supplied Certificates Tar:
- hosts:
- foreman-proxy.example.com
roles:
- role: foreman_installer
foreman_installer_pkg: foreman-proxy-content
foreman_installer_scenario: foreman-proxy-content
foreman_installer_generate_proxy_certs_from: katello.example.com
foreman_installer_katello_proxy_cert: "{{ vault_proxy1_cert }}"
foreman_installer_katello_proxy_key: "{{ vault_proxy1_key }}"
foreman_installer_katello_proxy_csr: "{{ vault_proxy1_csr }}"
foreman_installer_katello_ca: "{{ vault_foreman_installer_katello_ca }}"
foreman_installer_scenarios_answers:
foreman_proxy_content:
parent_fqdn: katello.example.com
foreman_proxy:
foreman_base_url: https://katello.example.com
trusted_hosts:
- katello.example.com
Katello Cluster with Custom Certificates:
Important notes:
- All keys and passwords must match across the cluster. Don't use example values.
foreman_installer_patchesused to backport fixes.
- hosts:
- katello1.example.com
- katello2.example.com
var_files:
- group_vars/vault_certs.yml
roles:
- role: foreman_installer
foreman_installer_pkg: katello
foreman_installer_scenario: katello
foreman_installer_scenarios_answers:
foreman_proxy_content:
pulp_oauth_secret: uC2qfoQfPVhdFTBEbS89ykZWQz6BVpcu
foreman:
db_password: KmVzXiWuVWCUZrn4kWF8PRsFG4H4ecqo
initial_location: Global
initial_organization: AMCE
admin_password: changeme
servername: katello.example.com
foreman_url: https://katello.example.com
oauth_consumer_key: xmi95B9qNQoX6owdg4MT8WMCBNhgudYy
oauth_consumer_secret: x6TheD8Z9ZBtgdgBUrqSbPR2rh6k7UQE
foreman_proxy:
registered_name: katello.example.com
registered_proxy_url: https://katello.example.com:9090
oauth_consumer_key: xmi95B9qNQoX6owdg4MT8WMCBNhgudYy
oauth_consumer_secret: x6TheD8Z9ZBtgdgBUrqSbPR2rh6k7UQE
foreman_base_url: https://katello.example.com
trusted_hosts:
- katello.example.com
- katello1.example.com
- katello2.example.com
katello:
oauth_secret: uC2qfoQfPVhdFTBEbS89ykZWQz6BVpcu
foreman_installer_custom_hiera:
candlepin::db_password: L45DkebcvWdgXG9ryzWkfavSvQ23dw8U
foreman_installer_encryption_key: dfc6799e4d722a4e86c786cb0fc96cbbae0151f6
foreman_installer_katello_cluster_group: katello-servers
foreman_installer_katello_ca: "{{ vault_foreman_installer_katello_ca }}"
foreman_installer_katello_cert: "{{ vault_katello_cert }}" # Certificate must include all cluster Hostnames and VIP hostname.
foreman_installer_katello_key: "{{ vault_foreman_installer_katello_key }}"
foreman_installer_katello_csr: "{{ vault_foreman_installer_katello_csr }}"
foreman_installer_patches:
- { src: files/katello_certs_tools.patch, basedir: /usr/lib/python2.7/site-packages/ }
- { src: files/puppet-certs.patch, basedir: /usr/share/katello-installer-base/modules/certs/ }
Foreman Proxy Cluster Connected to a Katello Cluster with Custom Certificates:
Each proxy can be accessed individually, but a client can use a VIP address for packages.
- hosts:
- foreman-proxy1.example.com
- foreman-proxy2.example.com
roles:
- role: foreman_installer
foreman_installer_pkg: foreman-proxy-content
foreman_installer_scenario: foreman-proxy-content
foreman_installer_generate_proxy_certs_from: katello1.example.com
foreman_installer_katello_proxy_cert: "{{ vault_proxy1_cert }}"
foreman_installer_katello_proxy_key: "{{ vault_proxy1_key }}"
foreman_installer_katello_proxy_csr: "{{ vault_proxy1_csr }}"
foreman_installer_katello_ca: "{{ vault_foreman_installer_katello_ca }}"
foreman_installer_scenarios_answers:
foreman_proxy_content:
parent_fqdn: katello.example.com
foreman_proxy:
foreman_base_url: https://katello.example.com
trusted_hosts:
- katello1.example.com
- katello2.example.com
- katello.example.com
- foreman-proxy1.example.com
- foreman-proxy2.example.com
- foreman-proxy.example.com
FAQs
How do I know what to put in foreman_installer_scenarios_answers?
Check the file located at /etc/foreman-installer/scenarios.d/{{ foreman_installer_scenario }}-answers.yaml. Using this method helps manage changes effectively.
How do I remove options from foreman_installer_scenarios_answers?
Set the value to null.
foreman_installer_scenarios_answers:
foreman:
admin_password: changeme
admin_last_name: null
How do I enable or disable a plug-in?
To enable, use an empty hash. To disable, set the value to false.
foreman_installer_scenarios_answers:
foreman:
admin_password: changeme
admin_last_name: null
"foreman::plugin::remote_execution": {}
"foreman::plugin::discovery": false
Informazioni sul progetto
Interacts with foreman-installer/satellite-installer to build Foreman, Katello, Satllite 6, Capsules or Smart Proxies.
Installa
ansible-galaxy install sean797.foreman_installerLicenza
gpl-3.0
Download
1.2k
Proprietario