sean797.foreman_installer
foreman_installer 
与 foreman-installer 交互的角色
需求
无
角色变量
vars:
foreman_installer:
foreman_installer_pkg: # foreman 安装包。您可能想要使用 "foreman-installer" 或 "katello"。
foreman_installer_verbose: # 使用 -v 选项运行安装程序
foreman_installer_scenario: # 情景。必填
foreman_installer_scenarios_answers: # 针对您的情景的自定义答案字典。请参见 [常见问题](https://github.com/sean797/ansible-role-foreman_installer#faqs)。
foreman_installer_options: [] # 传递给安装程序的额外选项数组
foreman_installer_generate_proxy_certs_from: # 包含 ansible 主机的字符串,用于为 Katello 智能代理生成证书
foreman_installer_katello_ca: # 包含自定义 CA 证书的字符串。仅适用于 Katello 和 Katello 智能代理。
foreman_installer_katello_cert: # 包含自定义证书的字符串。仅适用于 Katello。
foreman_installer_katello_key: # 包含自定义密钥的字符串。仅适用于 Katello。
foreman_installer_katello_csr: # 包含自定义 CSR 的字符串。仅适用于 Katello。
foreman_installer_katello_proxy_cert: # 包含自定义证书的字符串。仅适用于 Katello 智能代理。
foreman_installer_katello_proxy_key: # 包含自定义密钥的字符串。仅适用于 Katello 智能代理。
foreman_installer_katello_proxy_csr: # 包含自定义 CSR 的字符串。仅适用于 Katello 智能代理。
foreman_installer_katello_certs_dir: # 存储证书的目录
foreman_installer_update_certs: False # 设置为 True 强制更新证书。
foreman_installer_update_certs_tar: False # 设置为 True 强制生成并应用新的代理证书 tar。
# 高级选项
foreman_installer_patches: # 允许对安装程序文件进行补丁的字典数组。请参见 defaults/main.yml 中的示例。
foreman_installer_encryption_key: # 放入 /etc/foreman/encryption_key.rb 的加密密钥。在 Foreman 集群中必须相同。
foreman_installer_katello_cluster_group: # 包含所有 Katello 服务器的清单组名称。需要 http://projects.theforeman.org/issues/20021
示例播放书
基本 Foreman 情景:
- hosts:
- foreman.example.com
roles:
- role: foreman_installer
foreman_installer_scenario: foreman
foreman_installer_scenarios_answers:
foreman:
admin_password: changeme
带自定义证书的 Katello 情景:
- hosts:
- katello.example.com
var_files:
- group_vars/vault_certs.yml
roles:
- role: foreman_installer
foreman_installer_pkg: katello
foreman_installer_scenario: katello
foreman_installer_scenarios_answers:
foreman:
admin_password: changeme
foreman_installer_katello_ca: "{{ vault_foreman_installer_katello_ca }}"
foreman_installer_katello_cert: "{{ vault_katello_cert }}"
foreman_installer_katello_key: "{{ vault_foreman_installer_katello_key }}"
foreman_installer_katello_csr: "{{ vault_foreman_installer_katello_csr }}"
带有提供的证书 tar 的 Katello 代理情景:
- hosts:
- foreman-proxy.example.com
roles:
- role: foreman_installer
foreman_installer_pkg: foreman-proxy-content
foreman_installer_scenario: foreman-proxy-content
foreman_installer_scenarios_answers:
foreman_proxy_content:
certs_tar: /root/foreman-proxy.example.com-certs.tar # 必须已经存在于磁盘上
pulp_oauth_secret: <生成证书 tar 时输出>
parent_fqdn: katello.example.com
foreman_proxy:
oauth_consumer_key: <生成证书 tar 时输出>
oauth_consumer_secret: <生成证书 tar 时输出>
foreman_base_url: https://katello.example.com
trusted_hosts:
- katello.example.com
- "{{ ansible_fqdn }}"
不带提供的证书 tar 的 Katello 代理情景:
- hosts:
- foreman-proxy.example.com
roles:
- role: foreman_installer
foreman_installer_pkg: foreman-proxy-content
foreman_installer_scenario: foreman-proxy-content
foreman_installer_generate_proxy_certs_from: katello.example.com
foreman_installer_katello_proxy_cert: "{{ vault_proxy1_cert }}"
foreman_installer_katello_proxy_key: "{{ vault_proxy1_key }}"
foreman_installer_katello_proxy_csr: "{{ vault_proxy1_csr }}"
foreman_installer_katello_ca: "{{ vault_foreman_installer_katello_ca }}"
foreman_installer_scenarios_answers:
foreman_proxy_content:
parent_fqdn: katello.example.com
foreman_proxy:
foreman_base_url: https://katello.example.com
trusted_hosts:
- katello.example.com
带自定义证书的 Katello 集群:
注意事项:
- 所有密钥、密码及答案必须在集群内一致。请不要使用示例中的数值。
foreman_installer_patches选项仅用于将 http://projects.theforeman.org/issues/20021 回溯到我的 Katello 版本。
- hosts:
- katello1.example.com
- katello2.example.com
var_files:
- group_vars/vault_certs.yml
roles:
- role: foreman_installer
foreman_installer_pkg: katello
foreman_installer_scenario: katello
foreman_installer_scenarios_answers:
foreman_proxy_content:
pulp_oauth_secret: uC2qfoQfPVhdFTBEbS89ykZWQz6BVpcu
foreman:
db_password: KmVzXiWuVWCUZrn4kWF8PRsFG4H4ecqo
initial_location: Global
initial_organization: AMCE
admin_password: changeme
servername: katello.example.com
foreman_url: https://katello.example.com
oauth_consumer_key: xmi95B9qNQoX6owdg4MT8WMCBNhgudYy
oauth_consumer_secret: x6TheD8Z9ZBtgdgBUrqSbPR2rh6k7UQE
foreman_proxy:
registered_name: katello.example.com
registered_proxy_url: https://katello.example.com:9090
oauth_consumer_key: xmi95B9qNQoX6owdg4MT8WMCBNhgudYy
oauth_consumer_secret: x6TheD8Z9ZBtgdgBUrqSbPR2rh6k7UQE
foreman_base_url: https://katello.example.com
trusted_hosts:
- katello.example.com
- katello1.example.com
- katello2.example.com
katello:
oauth_secret: uC2qfoQfPVhdFTBEbS89ykZWQz6BVpcu
foreman_installer_custom_hiera:
candlepin::db_password: L45DkebcvWdgXG9ryzWkfavSvQ23dw8U
foreman_installer_encryption_key: dfc6799e4d722a4e86c786cb0fc96cbbae0151f6
foreman_installer_katello_cluster_group: katello-servers
foreman_installer_katello_ca: "{{ vault_foreman_installer_katello_ca }}"
foreman_installer_katello_cert: "{{ vault_katello_cert }}" # 证书必须使用 dns-alt-names,包括所有集群主机名和 VIP 主机名。
foreman_installer_katello_key: "{{ vault_foreman_installer_katello_key }}"
foreman_installer_katello_csr: "{{ vault_foreman_installer_katello_csr }}"
foreman_installer_patches:
- { src: files/katello_certs_tools.patch, basedir: /usr/lib/python2.7/site-packages/ }
- { src: files/puppet-certs.patch, basedir: /usr/share/katello-installer-base/modules/certs/ }
Foreman 代理集群连接到带自定义证书的 Katello 集群:
每个代理都是 Foreman 中的独立代理,但客户端可以使用 VIP 地址连接到任一代理来获取软件包。
- hosts:
- foreman-proxy1.example.com
- foreman-proxy2.example.com
roles:
- role: foreman_installer
foreman_installer_pkg: foreman-proxy-content
foreman_installer_scenario: foreman-proxy-content
foreman_installer_generate_proxy_certs_from: katello1.example.com
foreman_installer_katello_proxy_cert: "{{ vault_proxy1_cert }}" # 证书必须使用 dns-alt-names,包括所有集群主机名和 VIP 主机名。
foreman_installer_katello_proxy_key: "{{ vault_proxy1_key }}"
foreman_installer_katello_proxy_csr: "{{ vault_proxy1_csr }}"
foreman_installer_katello_ca: "{{ vault_foreman_installer_katello_ca }}"
foreman_installer_scenarios_answers:
foreman_proxy_content:
parent_fqdn: katello.example.com
foreman_proxy:
foreman_base_url: https://katello.example.com
trusted_hosts:
- katello1.example.com
- katello2.example.com
- katello.example.com
- foreman-proxy1.example.com
- foreman-proxy2.example.com
- foreman-proxy.example.com
常见问题
如何知道在 foreman_installer_scenarios_answers 变量中放入什么选项?
您需要检查 /etc/foreman-installer/scenarios.d/{{ foreman_installer_scenario }}-answers.yaml 文件。像这样存储答案使角色具有幂等性,如果您使用 foreman_installer_options,我们将在每次运行期间运行安装程序,以确保其应用。而这种方法允许我们管理答案文件,并在发生变化时作为处理程序运行安装程序。
如何从 foreman_installer_scenarios_answers 变量中移除选项?
您需要将值设置为 null。
foreman_installer_scenarios_answers:
foreman:
admin_password: changeme
admin_last_name: null
如何启用或禁用插件?
要启用,将值设置为一个空哈希。要禁用,将值设置为 false。
foreman_installer_scenarios_answers:
foreman:
admin_password: changeme
admin_last_name: null
"foreman::plugin::remote_execution": {}
"foreman::plugin::discovery": false
关于项目
Interacts with foreman-installer/satellite-installer to build Foreman, Katello, Satllite 6, Capsules or Smart Proxies.
安装
ansible-galaxy install sean797.foreman_installer许可证
gpl-3.0
下载
1.2k
拥有者