Re: [foreman-users] Re: Please help - upgrade Foreman 1.10 to 1.13 has failed.
Thanks a lot, Greg - I will try. On Tuesday, October 25, 2016 at 12:54:17 PM UTC-7, Greg Sutcliffe wrote: > > On 25 October 2016 at 20:05, Evgeny Vasilchenko > wrote: > >> I'm sure situation is not that bad - Foreman even sends audit email me to >> once a day. >> Need to figure out what can be done to database if anything. >> > > Its not the actual database thats the issue, its that the code is too new > (the first pending migration is in 1.11 - see [1]). > > One possibility is to grab a new VM, install 1.11 and point it at the > production db and then run `foreman-rake db:migrate`. If that works, you > can do the same with a 1.12 setup, and then run the 1.13 migrations on your > production box. > > Good luck! > Greg > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] Re: Southern California - Meetup interest?
I liked it so much I just stole your idea for my area. ;) On Monday, October 24, 2016 at 11:33:46 AM UTC-4, Ashton Davis wrote: > > Hey all, > > I'm wondering how many people here are from the SoCal area (Let's say the > Mexico Border up to Burbank and out to the Inland Empire? Whatever you > consider yourself!) and if anyone would be interested in a quarterly meetup > somewhere. I'd love to have a place for foreman users to bounce idea off of > each other and socialize for a bit outside of #theforeman > > Please let me know! > > Ashton Davis > *Account Solutions Architect - US West* > Red Hat, Inc. > Email ash...@redhat.com > Cell +1 619 512 3517 > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] DMV Meetup Interest?
Completely stole this from Ashton and his Southern California Meetup thread. But who here lives in the DMV (District of Columbia, Virginia, Maryland) area that would be interested in doing some sort of meetup? We could share ideas and war stories and maybe help each other out a bit. I could host at my company with pizza and beer or there is a small little bar where I know the bartenders that we can get some reserved booths. -Chris IRC: discr33t -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] Re: Generating SSL keys for foreman/ access to Foreman proxies in an "HA" setup
Tim, Are your smart-proxies clustered as well? If so are you putting the same certificate on each smart-proxy and referencing a url such as puppetserver.domain.com or puppetca.domain.com? Also how are you handling your SSL? Are you offloading at the load balancer or doing passthrough to the backend server? -Chris IRC: discr33t On Tuesday, October 25, 2016 at 3:00:42 PM UTC-4, a.non.e@gmail.com wrote: > > Hi, > > I'm working on moving from a standalone Foreman host to a clustered setup > similar to > https://theforeman.org/2015/12/journey_to_high_availability.html and with > the help of the docs have got most things working with clustered Postgres, > Foreman hosts communicating with memached, Foreman machines behind haproxy, > common keys for database and cookies and so on. > > Foreman-installer command used below for info. > > I'm having trouble working out how to generate SSL certificates for the > Foreman servers to communicate with the proxies without running into "alert > unknown CA" and similar problems. > > I've tried generating certs on the first foreman server for the other > hosts with >puppet cert generate [fqdn] > and pushing the ca.pem and the generated certs and private keys to the > other hosts. > > I seem to be missing a step - the machine where the certs were generated > can talk to the locally install smart proxy but communication with the > smart proxy installed on the other hosts fails with unknown CA errors. > > Testing with >openssl s_client > > -connect $(hostname -f):443 \ > > -cert /var/lib/puppet/ssl/certs/$(hostname -f).pem \ > > -key /var/lib/puppet/ssl/private_keys/$(hostname -f).pem \ > > -CAfile /var/lib/puppet/ssl/certs/ca.pem > to try to get some more info tells gives "Verify return code: 19 (self > signed cert in certificate chain)" - but I see this on the machine which > can talk to its smart proxy too :( > > Is the best way to generate the certs documented anywhere (whether with > puppet, certtool or openssl)? > > Is it best practice to use the same cert for Apache for all of the > machines behind haproxy and to use separate keys for foreman-proxy and to > specify them with --foreman-client-ssl-* and --foreman-proxy-ssl-*? > > Many thanks for any pointers, > Tim > > ** Current foreman-installer command > > foreman-installer -v \ > > --enable-foreman \ > > --enable-foreman-cli \ > > --enable-foreman-proxy \ > > --foreman-proxy-trusted-hosts="foreman.example.com" \ > > --foreman-proxy-trusted-hosts="foreman-01.example.com" \ > > --foreman-proxy-trusted-hosts="foreman-02.example.com" \ > > --foreman-proxy-trusted-hosts="foreman-03.example.com" \ > > --foreman-proxy-trusted-hosts="foreman-04.example.com" \ > > --foreman-admin-password="foo" \ > > --foreman-oauth-consumer-key="foo" \ > > --foreman-oauth-consumer-secret="foo" \ > > --enable-foreman-plugin-bootdisk \ > > --enable-foreman-plugin-chef \ > > --enable-foreman-plugin-discovery \ > > --enable-foreman-plugin-hooks \ > > --enable-foreman-plugin-host-extra-validator \ > > --enable-foreman-plugin-memcache \ > > --foreman-plugin-memcache-hosts="memcached-01.example.com" \ > > --foreman-plugin-memcache-hosts="memcached-02.example.com" \ > > --foreman-plugin-memcache-hosts="memcached-03.example.com" \ > > --foreman-plugin-memcache-hosts="memcached-04.example.com" \ > > --enable-foreman-plugin-remote-execution \ > > --enable-foreman-plugin-salt \ > > --enable-foreman-plugin-setup \ > > --enable-foreman-plugin-tasks \ > > --enable-foreman-plugin-templates \ > > --enable-foreman-compute-openstack \ > > --enable-foreman-compute-vmware \ > > --foreman-db-database="foo" \ > > --foreman-db-host="foo" \ > > --foreman-db-manage="false" \ > > --foreman-db-password="foo" \ > > --foreman-db-port="4344" \ > > --foreman-db-type="postgresql" \ > > --foreman-db-username="foo" > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] libvirt provisioning shortcomings.
On 10/25/2016 03:23 PM, Alexander Rilik wrote: On Monday, September 12, 2016 at 10:40:24 AM UTC+2, Lukas Zapletal wrote: Unless you get your hands dirty, chances are low. I haven't heard of many users of libvirt-nonKVM in our community. I would like to jump into this since I'm in a similar situation to Alvin. We recently started experimenting with LXD, a Canonical product that extends on top of LXC. After some initial lack of enthusiasm I rapidly found myself literally loving this tool: the technology is easy to understand, capable and solid, at the point that I'm planning to convert most of our VMs to this container technology. LXD is unfortunately lacking a pre-made orchestration frontend and I see Foreman as the perfect candidate to complete the puzzle: 1. select container profile (network/cpu/disk constraints, OS, etc.) 2. deploy 3. eventually destroy if short lived The big advantage compared to docker lies in the functionality of LX(C)/LXD: while Docker is a process-oriented container technology, LXC is an OS oriented one, hence it could be an almost 1-to-1 replacement for fatter and more resource intensive full VMs while incrementing the density on the host tenfold. If only I had the programming skills I'd start working on such a plugin since I see real benefits. I can understand it's not so widespread, hence the lack of support. Nicola Libvirt does claim to support LXC so extending foreman is a possiblity. I guess the thing for me is that I have a bunch of things on the go and I can help to code and test parts of the changes to fog to support xen and others but I am not in a position to build up a whole foreman development environment. -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] Re: API issues with override_values
Hi Jack, Also see: https://bugzilla.redhat.com/show_bug.cgi?id=1192549 and http://projects.theforeman.org/issues/17087. We now run the param through to_json (we're using ruby) then post that. We are doing a lot of this. Also, as a gotcha, I see you're trying do a match, note that values you want to match against must be in override_value_order (hostgroup is by default). Thanks, Andrew -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] katello centos-base repo not syncing
It seems the pulp-streaming service stopped running. After restarting it I was able to kill the sync tasks and restart them, but they still don't actually download any packages for Centos-base or -updates repos. On Mon, Oct 24, 2016 at 1:35 PM, steved0ca wrote: > I tried all three options without any luck. > > After restarting the host, I tried to sync again with the 'background' > option and a manual sync and now I have an endless 'Result: Pending' > spinning circle for both the centos-base repo, and another repo that was > previously working. > > Here is the foreman production.log but I don't see anything helpful. > https://drive.google.com/file/d/0B7s4TFC-GYcAdVM1MHNaOWZfR3c/view?usp= > sharing > > On Monday, 24 October 2016 01:12:12 UTC-7, Klaas Demter wrote: >> >> Hi, >> try to change the download policy to "Immediate", I have had problems >> with "On demand" for some repositories. >> >> Greetings >> Klaas >> >> >> >> - Ursprüngliche Mail - >> Von: "steved0ca" >> An: "Foreman users" >> Gesendet: Sonntag, 23. Oktober 2016 21:03:59 >> Betreff: [foreman-users] katello centos-base repo not syncing >> >> I have successfully synced other repos ie 'epel' without any difficulty. >> >> I've created a product 'centos-base' with a repo called 'centos-base' and >> attempted to sync the repo but no packages will sync. Same problem with >> centos-updates. Not sure where to start troubleshooting this, the foreman >> production.log doesn't have any obvious errors. >> >> The content host does display the repo including package count: >> # yum repolist >> ... >> repo id >> >> repo name status >> *!Default_Organization_CentOS-Base_CentOS-Base >> >> CentOS-Base9,007* >> !Default_Organization_CentOS-Gluster-3_7_CentOS-Gluster-3_7 >> >> CentOS-Gluster-3.714 >> !Default_Organization_CentOS-Updates_CentOS-Updates >> >> CentOS-Updates 2,548 >> !Default_Organization_epel_epel >> >> epel 11,215 >> !Default_Organization_filebeat_filebeat >> >> filebeat 44 >> !Default_Organization_glusterfs-nagios-epel_glusterfs-nagios-epel >> >> glusterfs-nagios-epel 10 >> !Default_Organization_katello-agent_katello-agent >> >> katello-agent 15 >> !Default_Organization_pcic_internal_pcic_internal >> >> pcic_internal 13 >> base/7/x86_64 >> >> CentOS-7 - Base*9,007* >> epel/x86_64 >> >> Extra Packages for Enterprise Linux 7 - x86_6410,751 >> extras/7/x86_64 >> >> CentOS-7 - Extras393 >> updates/7/x86_64 >> >> CentOS-7 - Updates 2,548 >> repolist: 45,565 >> >> >> Katello version 3.1 >> Foreman 1.12.3 >> Foreman OS CentOS 7.2 >> >> pulp journal: >> Oct 23 11:45:03 foreman.my.domain.name pulp[12865]: >> kombu.transport.qpid:INFO: Connected to qpid with SASL mechanism >> ANONYMOUS >> Oct 23 11:45:04 foreman.my.domain.name pulp[299]: >> celery.worker.strategy:INFO: Received task: >> pulp.server.async.tasks._queue_reserved_task[060c2ae6-44a4-483f-ad90-be54e872ffec] >> >> Oct 23 11:45:04 foreman.my.domain.name pulp[322]: >> celery.worker.strategy:INFO: Received task: >> pulp.server.managers.repo.sync.sync[a3070bfa-6723-40c4-971e-2781746212c5] >> >> Oct 23 11:45:04 foreman.my.domain.name pulp[322]: >> celery.worker.strategy:INFO: Received task: >> pulp.server.async.tasks._release_resource[1f2bfee7-af00-4b0c-adb5-6dae94460415] >> >> Oct 23 11:45:04 foreman.my.domain.name pulp[648]: >> pulp_rpm.plugins.importers.yum.sync:INFO: Downloading metadata from >> http://mirror.it.ubc.ca/centos/7.2.1511/os/x86_64/. >> Oct 23 11:45:04 foreman.my.domain.name pulp[299]: >> celery.worker.job:INFO: >> Task >> pulp.server.async.tasks._queue_reserved_task[060c2ae6-44a4-483f-ad90-be54e872ffec] >> >> succeeded in 0.0428758189082s: None >> Oct 23 11:45:04 foreman.my.domain.name pulp[648]: >> requests.packages.urllib3.connectionpool:INFO: Starting new HTTP >> connection >> (1): mirror.it.ubc.ca >> Oct 23 11:45:05 foreman.my.domain.name pulp[648]: >> pulp_rpm.plugins.importers.yum.sync:INFO: Parsing metadata. >> Oct 23 11:45:05 foreman.my.domain.name pulp[648]: >> pulp_rpm.plugins.importers.yum.sync:INFO: Downloading metadata from >> http://mirror.it.ubc.ca/centos/7.2.1511/os/x86_64/. >> Oct 23 11:45:05 foreman.my.domain.name pulp[648]: >> requests.packages.urllib3.connectionpool:INFO: Starting new HTTP >> connection >> (1): mirror.it.ubc.ca >> Oct 23 11:45:06 foreman.my.domain.name pulp[648]: >> pulp_rpm.plugins.importers.yum.sync:INFO: Parsing metadata. >> Oct 23 11:45:06 foreman.my.domain.name pulp[648]:
[foreman-users] Re: API issues with override_values
After some more testing, I found that taking the quotes out of the inside
hash and placing the quotes around the entire hash works:
"value": "{some: thing}"
That works.
The problem is that that's not how it gets reported from the API, if you
query for that information, it quotes in inside hash key and value. I'm
essentially trying to migrate massive amounts of parameter overrides from
one foreman server to another for a server migration and I can't see an
easy way to do that if the json the API spits out on one server cannot be
accepted in that form on the new server.
Does anyone have any experience in importing/exporting parameter overrides
between servers?
Thanks.
On Monday, October 24, 2016 at 1:24:11 PM UTC-7, Jack Watroba wrote:
>
> I'm attempting to create smart parameter overrides via the API (version
> 1.13) and I'm having some issues.
>
> Posting to: /api/smart_class_parameters/{paramID}/override_values
>
> JSON being posted:
>
> {
> "override_value": {
> "match": "hostgroup=somehostgroup",
> "value": {"some": "thing"}
> }
> }
>
>
> I receive this message back from the API: "error": {"message":"Validation
> failed: Value can't be blank"}
>
> The parameter is set to be a hash and I'm passing it a hash, so I can't
> figure out why it's reporting the value is blank.
>
> Any ideas?
>
> Thanks.
>
--
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Provisioning Bridge-based VMs with libvirt/kvm
On 25 October 2016 at 20:10, Alexander Rilik wrote: > Hello, > > Is it possible to provision VMs so they are attached to a Linux bridge? > Absolutely We are running some core services (DHCP, DNS, LDAP) inside dedicated VMs > and we need them to be reachable from the network. Unless I'm missing > something, this is not easily achievable when they are natted and behind > dnsmasq. > You are not missing anything :) > Right now the deployment is done via puppet by means of a custom module > that makes use of virt-install, with the vms defined on the host Puppet > nodefile. When puppet is run, it creates the missing VMs. Being this non > scalable and sorta ugly I'd be happy to change approach, if necessary. > I do this myself here at home - I have a RaspberryPi that runs the house infra (DNS/DHCP/TFTP) and a beefy libvirt host which runs a bridged network for the guests. As you would expect, the VMs correctly boot and get PXE from the RPi. You do need to ensure that you specify the bridge name in the network interface modal (on the Host new/edit page) but otherwise it should just work as normal, from Foreman's perspective. Greg -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Re: Please help - upgrade Foreman 1.10 to 1.13 has failed.
On 25 October 2016 at 20:05, Evgeny Vasilchenko < evgeny.vasilche...@gmail.com> wrote: > I'm sure situation is not that bad - Foreman even sends audit email me to > once a day. > Need to figure out what can be done to database if anything. > Its not the actual database thats the issue, its that the code is too new (the first pending migration is in 1.11 - see [1]). One possibility is to grab a new VM, install 1.11 and point it at the production db and then run `foreman-rake db:migrate`. If that works, you can do the same with a 1.12 setup, and then run the 1.13 migrations on your production box. Good luck! Greg -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] libvirt provisioning shortcomings.
On Monday, September 12, 2016 at 10:40:24 AM UTC+2, Lukas Zapletal wrote: > > Unless you get your hands dirty, chances are low. I haven't heard of > many users of libvirt-nonKVM in our community. > I would like to jump into this since I'm in a similar situation to Alvin. We recently started experimenting with LXD, a Canonical product that extends on top of LXC. After some initial lack of enthusiasm I rapidly found myself literally loving this tool: the technology is easy to understand, capable and solid, at the point that I'm planning to convert most of our VMs to this container technology. LXD is unfortunately lacking a pre-made orchestration frontend and I see Foreman as the perfect candidate to complete the puzzle: 1. select container profile (network/cpu/disk constraints, OS, etc.) 2. deploy 3. eventually destroy if short lived The big advantage compared to docker lies in the functionality of LX(C)/LXD: while Docker is a process-oriented container technology, LXC is an OS oriented one, hence it could be an almost 1-to-1 replacement for fatter and more resource intensive full VMs while incrementing the density on the host tenfold. If only I had the programming skills I'd start working on such a plugin since I see real benefits. I can understand it's not so widespread, hence the lack of support. Nicola -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] Provisioning Bridge-based VMs with libvirt/kvm
Hello, Is it possible to provision VMs so they are attached to a Linux bridge? We are running some core services (DHCP, DNS, LDAP) inside dedicated VMs and we need them to be reachable from the network. Unless I'm missing something, this is not easily achievable when they are natted and behind dnsmasq. Right now the deployment is done via puppet by means of a custom module that makes use of virt-install, with the vms defined on the host Puppet nodefile. When puppet is run, it creates the missing VMs. Being this non scalable and sorta ugly I'd be happy to change approach, if necessary. Thanks! -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Re: Please help - upgrade Foreman 1.10 to 1.13 has failed.
We have no back up of this VM due to stupid coincidence of various factors. A backup did exists, but was accidentally overwritten by a newer version. :( I'm sure situation is not that bad - Foreman even sends audit email me to once a day. Need to figure out what can be done to database if anything. I just have no time to fix this now, but company is okay to hire an expert and try to fix it. I can deploy 1.13 from scratch, but just recovering all customization done in Foreman is a bit of pain. Thanks! On Tuesday, October 25, 2016 at 11:08:25 AM UTC-7, Greg Sutcliffe wrote: > > On 24 October 2016 at 18:06, Evgeny Vasilchenko > wrote: > >> Please anyone? Any suggestions beside of 1.10 backup restore? >> > > I think there's a few points here: > > 1) Oracle Linux isn't officially supported - that's probably not the > problem, but it's worth remembering > 2) If the system crashed during a db:migrate (which is called by the > packages during upgrade) then it's could well be in an inconsistent state > 3) Direct upgrades skipping major releases are known to break - the > migrations care what version of the code they invoke. > > Of these, I suspect (3) is your issue. A undefined method suggests that > you've skipped a major version - assuming you have backups, your best > option is a rollback followed by a 1.10->1.11->1.12->1.13 upgrade. > > Good luck! > Greg > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Provisioning from a dedicated tftp+dhcp host
On Tuesday, October 25, 2016 at 9:46:06 AM UTC+2, Dominic Cleal wrote: > > > Yes, don't use the provisioning setup. It's a plugin that's only > designed to help set up provisioning first time from the Foreman server > itself with the installer. > Thank you, that was indeed the case and I'm now up and running! Nicola -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] Generating SSL keys for foreman/ access to Foreman proxies in an "HA" setup
Hi, I'm working on moving from a standalone Foreman host to a clustered setup similar to https://theforeman.org/2015/12/journey_to_high_availability.html and with the help of the docs have got most things working with clustered Postgres, Foreman hosts communicating with memached, Foreman machines behind haproxy, common keys for database and cookies and so on. Foreman-installer command used below for info. I'm having trouble working out how to generate SSL certificates for the Foreman servers to communicate with the proxies without running into "alert unknown CA" and similar problems. I've tried generating certs on the first foreman server for the other hosts with puppet cert generate [fqdn] and pushing the ca.pem and the generated certs and private keys to the other hosts. I seem to be missing a step - the machine where the certs were generated can talk to the locally install smart proxy but communication with the smart proxy installed on the other hosts fails with unknown CA errors. Testing with openssl s_client -connect $(hostname -f):443 \ -cert /var/lib/puppet/ssl/certs/$(hostname -f).pem \ -key /var/lib/puppet/ssl/private_keys/$(hostname -f).pem \ -CAfile /var/lib/puppet/ssl/certs/ca.pem to try to get some more info tells gives "Verify return code: 19 (self signed cert in certificate chain)" - but I see this on the machine which can talk to its smart proxy too :( Is the best way to generate the certs documented anywhere (whether with puppet, certtool or openssl)? Is it best practice to use the same cert for Apache for all of the machines behind haproxy and to use separate keys for foreman-proxy and to specify them with --foreman-client-ssl-* and --foreman-proxy-ssl-*? Many thanks for any pointers, Tim ** Current foreman-installer command foreman-installer -v \ --enable-foreman \ --enable-foreman-cli \ --enable-foreman-proxy \ --foreman-proxy-trusted-hosts="foreman.example.com" \ --foreman-proxy-trusted-hosts="foreman-01.example.com" \ --foreman-proxy-trusted-hosts="foreman-02.example.com" \ --foreman-proxy-trusted-hosts="foreman-03.example.com" \ --foreman-proxy-trusted-hosts="foreman-04.example.com" \ --foreman-admin-password="foo" \ --foreman-oauth-consumer-key="foo" \ --foreman-oauth-consumer-secret="foo" \ --enable-foreman-plugin-bootdisk \ --enable-foreman-plugin-chef \ --enable-foreman-plugin-discovery \ --enable-foreman-plugin-hooks \ --enable-foreman-plugin-host-extra-validator \ --enable-foreman-plugin-memcache \ --foreman-plugin-memcache-hosts="memcached-01.example.com" \ --foreman-plugin-memcache-hosts="memcached-02.example.com" \ --foreman-plugin-memcache-hosts="memcached-03.example.com" \ --foreman-plugin-memcache-hosts="memcached-04.example.com" \ --enable-foreman-plugin-remote-execution \ --enable-foreman-plugin-salt \ --enable-foreman-plugin-setup \ --enable-foreman-plugin-tasks \ --enable-foreman-plugin-templates \ --enable-foreman-compute-openstack \ --enable-foreman-compute-vmware \ --foreman-db-database="foo" \ --foreman-db-host="foo" \ --foreman-db-manage="false" \ --foreman-db-password="foo" \ --foreman-db-port="4344" \ --foreman-db-type="postgresql" \ --foreman-db-username="foo" -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Re: Please help - upgrade Foreman 1.10 to 1.13 has failed.
On 24 October 2016 at 18:06, Evgeny Vasilchenko < evgeny.vasilche...@gmail.com> wrote: > Please anyone? Any suggestions beside of 1.10 backup restore? > I think there's a few points here: 1) Oracle Linux isn't officially supported - that's probably not the problem, but it's worth remembering 2) If the system crashed during a db:migrate (which is called by the packages during upgrade) then it's could well be in an inconsistent state 3) Direct upgrades skipping major releases are known to break - the migrations care what version of the code they invoke. Of these, I suspect (3) is your issue. A undefined method suggests that you've skipped a major version - assuming you have backups, your best option is a rollback followed by a 1.10->1.11->1.12->1.13 upgrade. Good luck! Greg -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] Re: Please help - upgrade Foreman 1.10 to 1.13 has failed.
Ok... I realize that everyone are busy - so, I'll rephrase my request:
We would like to* urgently hire a Foreman expert *to recover a crashed
instance of Foreman 13.x
Please contact me via email or +1 (778) 328-7592
Thank you!
On Monday, October 24, 2016 at 10:06:03 AM UTC-7, Evgeny Vasilchenko wrote:
>
> Please anyone? Any suggestions beside of 1.10 backup restore?
>
> On Friday, October 21, 2016 at 5:03:45 PM UTC-7, Evgeny Vasilchenko wrote:
>>
>> *foreman-rake db:seed*
>>
>> You have 32 pending migrations:
>> 20151104100257 AddHostsCountToHostgroup
>> 20151120153254 DeleteBootableInterface
>> 20151210143537 AddTypeToMailNotification
>> 20151220093801 RemoveSpacesFromSmartVariableKey
>> 20160201131211 AddExpiredLogsToSmartProxy
>> 20160203110216 AddDefaultValueForBookmarkPublicField
>> 20160215143900 AddSubnetDomainRelationConstraints
>> 20160225115638 RemoveDefaultUserRole
>> 20160225131917 RenameAnonymousRole
>> 20160228140111 UpdateParamsPriority
>> 20160307120453 RemoveHostgroupsCountFromPuppetclasses
>> 20160308102459 RemovePermissionsFromRoles
>> 20160317070258 AddViewParamsToFiltersWithEdit
>> 20160404074723 DowncaseDisplayTypes
>> 20160414063050 AddStiToSubnets
>> 20160415134454 AddIpv6ToHosts
>> 20160415135858 AddIpv6Subnet
>> 20160516070529 DivideLookupKeyPermissions
>> 20160527093031 LimitOsDescription
>> 20160609092110 RemoveNilFromMergeOverride
>> 20160616074718 RemoveHostCounterCache
>> 20160626085636 RemovePuppetCounters
>> 20160715131352 SetRoleBuiltinDefault
>> 20160717125402 UnifyPermissions
>> 20160719081324 ChangeTemplatesTypeDefault
>> 20160719095445 ChangeTemplateTaxableTaxonomiesType
>> 20160719100624 ChangeTemplateAuditsType
>> 20160725142557 AddPxeLoaderToHost
>> 20160727142242 AddPxeLoaderToHostgroup
>> 20160817125655 ResetOverrideParams
>> 20160818091420 AddOverrideFlagToFilter
>> 20160914125418 UpdateParameterPriorities
>>
>>
>> On Friday, October 21, 2016 at 5:03:09 PM UTC-7, Evgeny Vasilchenko wrote:
>>>
>>> The OS
>>>
>>>- Oracle Linux 7 :3.8.13-118.13.2.el7uek.x86_64 #2 SMP Wed Oct 5
>>>11:03:41 PDT 2016 x86_64 x86_64 x86_64 GNU/Linux
>>>- All latest updates as of today
>>>
>>> The 'yum update' was successful - i.e. NO yum errors, etc..but then host
>>> was accidentally rebooted.
>>>
>>> After reboot Wbe GUI did not start and below migrate step has failed.
>>>
>>> *# foreman-rake db:migrate*
>>>
>>> == 20151104100257 AddHostsCountToHostgroup: migrating
>>> =
>>> -- add_column(:hostgroups, :hosts_count, :integer, {:default=>0})
>>> -> 0.0086s
>>> rake aborted!
>>> StandardError: An error has occurred, this and all later migrations
>>> canceled:
>>>
>>>
>>> undefined method `counter_cache_column' for
>>> nil:NilClass/opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/counter_cache.rb:38:in
>>>
>>> `block in reset_counters'
>>> /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/counter_cache.rb:22:in
>>>
>>> `each'
>>> /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/counter_cache.rb:22:in
>>>
>>> `reset_counters'
>>> /usr/share/foreman/db/migrate/20151104100257_add_hosts_count_to_hostgroup.rb:5:in
>>>
>>> `block in up'
>>> /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/relation/delegation.rb:46:in
>>>
>>> `each'
>>> /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/relation/delegation.rb:46:in
>>>
>>> `each'
>>> /usr/share/foreman/db/migrate/20151104100257_add_hosts_count_to_hostgroup.rb:4:in
>>>
>>> `up'
>>> /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/migration.rb:611:in
>>>
>>> `exec_migration'
>>> /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/migration.rb:592:in
>>>
>>> `block (2 levels) in migrate'
>>> /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/migration.rb:591:in
>>>
>>> `block in migrate'
>>> /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:292:in
>>>
>>> `with_connection'
>>> /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/migration.rb:590:in
>>>
>>> `migrate'
>>> /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/migration.rb:768:in
>>>
>>> `migrate'
>>> /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/migration.rb:998:in
>>>
>>> `block in execute_migration_in_transaction'
>>> /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/migration.rb:1044:in
>>>
>>> `block in ddl_transaction'
>>> /opt/rh/sclo-ror42/root/usr/share/gems/gems/activerecord-4.2.5.1/lib/active_record/connection_adapters/abstract/database_statements.rb:213:in
>>>
>>> `bloc
Re: [foreman-users] Provisioning from a dedicated tftp+dhcp host
On 24/10/16 20:13, Nicola V wrote: > Hello, > > I setup a few hosts as tftp + dhcp servers and correctly connected them > to the Foreman instance via the smart proxies. This architecture allows > some distribution of roles. > I proceeded with the "provisioning setup" section and am presented with > the pre-requisites step, plus a subnet dropdown. All is fine but I can't > seem to be able to select a different "provisioning host": the wizard > assumes I want to provision stuff from the foreman master: > > ✓ Found registered host fm-master.local > ✓ Found registered smart proxy fm-master.local > ✓ Host fm-master.local has at least one network interface > > Clicking next and filling the configuration values takes me to the > foreman-installer copy-pastable commands, and I can notice the > --foreman-proxy-tftp-servername parameter pointing at the foreman master > itself. I would like to be allowed to use whatever tftp server I have > registered, instead of the foreman instance. Is this even possible (and > would it make sense, instead of using foreman as the tftp)? Yes, don't use the provisioning setup. It's a plugin that's only designed to help set up provisioning first time from the Foreman server itself with the installer. Set up the smart proxies as you wish (manually or using the installer), register them in Foreman and then under Infrastructure > Subnets, assign them to the subnets. -- Dominic Cleal domi...@cleal.org -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] 10GBs NIC PXE Boot not working?
Hi, I just can't get our servers (IBM X3650 M5) to PXE boot. It works fine with the 1GBs nics but not with the 10Gbs. I enabled debugging on the tftp server but it looks like the server is not even reaching it. During boot I can see that both NICS register with DHCP and that's it. I wonder if it is a setting on the 10GBs switch like DHCP helper adress? Cheers Oli -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
