Lab 3.

1: Prepare Installation

Objective:

In this lab you prepare the installation of Foreman.

Steps:

Start the virtual machine "foreman.localdomain" and connect via SSH

You can start the virtual machine "foreman.localdomain" with Virt-Manager from the Systemtools and
connect via SSH as 'root' so you can copy and paste to the console.
Make Puppet vendor repository available
Install the release package provided by the Puppet vendor repository to make it available for package
installation of open source version of Puppet. We will use Puppet 5.
URL: http://yum.puppet.com/puppet5

Make EPEL repository available

Install the release package provided by the EPEL repository to make it available for package installation
required as dependency.
URL: http://fedoraproject.org/wiki/EPEL
Command: yum install epel-release
Make Foreman repository available
Install the release package provided by the Foreman repository to make it available for package installation
of Foreman and its components.
URL: http://yum.theforeman.org
Install foreman-installer
Install the package "foreman-installer" from the now available repositories.

Notes:

The host firewall allows traffic between virtual machines in the same network and forwards traffic from the
virtual machine network to the host so no configuration is required.

Expected result:

The Foreman installer is installed and "foreman-installer --help" could be run from command line.

1 © NETWAYS
Lab 3.2: Install an All-in-one setup

Objective:

In this lab we will install an All-in-one setup of Foreman with DNS and DHCP

Steps:

Run foreman-installer with additional parameters

Notes:

DNS should be enabled and configured with the following parameters:

interface=eth0

zone=localdomain

reverse=0.10.in-addr.arpa

forwarders=8.8.8.8,8.8.4.4
DHCP should be enabled and configured with the following parameters:
interface=eth0

gateway=10.0.0.1

range=10.0.0.100-10.0.0.200

nameserver=10.0.0.2

Expected result:

The Foreman installer runs successfully and provides login credentials to login to
'https://foreman.localdomain'.
You can find your provided parameters in the answer file created in '/etc/foreman/foreman-installer-
answers.yaml'.

2 © NETWAYS
Lab 3.3: Add DNS configuration to Foreman

Objective:

Foreman will be configured to know about the DNS domain 'localdomain'

Steps:

Login to Foreman

Navigate to 'Infrastructure > Domains'

Add the domain 'localdomain' and associate Smart proxy 'foreman.localdomain'

Notes:

If the Puppet agent on the Foreman server has already run the domain will already be created but not
associated.

3 © NETWAYS
Lab 3.4: Add DHCP configuration to Foreman

Objective:

Foreman will be configured to know about the DHCP subnet

Steps:

Navigate to 'Infrastructure > Smart proxies'

Add the subnet 'foreman' by importing from the Smart Proxy

Adjust additional settings via 'Infrastructure > Subnets'

Notes:

We will use the complete DHCP range the DHCP server provides.

4 © NETWAYS
Lab 4.1: Prepare PXE installation of CentOS

Objective:

Prepare the installation of CentOS using PXE

Steps:

Change the Installation media "CentOS mirror" to the local repo

Associate the PXELinux template "Kickstart default PXELinux" with CentOS

Associate the Provision template "Kickstart default" with CentOS

Associate the operating system with the Partition table "Kickstart default", Installation media "CentOS
mirror", select the Templates and set parameter "enable-puppetlabs-puppet5-repo" to "true"

5 © NETWAYS
Lab 4.2: Prepare PXE installation of Debian

Objective:

Prepare the installation of Debian using PXE

Steps:

Change the Installation media "Debian mirror" to the local repo

Create the Operating system "Debian" with Major version "9", Description "Debian stretch", Family
"Debian", Release name "stretch"

Associate the PXELinux template "Preseed default PXELinux" with Debian

Associate the Provision template "Preseed default" with Debian

Associate the finish template "Preseed default finish" with Debian

Associate the operating system with the Templates and set Architecture "x86_64", Partition table
"Preseed custom LVM" and "Preseed default", Installation media "Debian mirror" and set parameter
"enable-puppetlabs-puppet5-repo" to "true"

6 © NETWAYS
Lab 4.3: Create a virtual machine "pxe"

Objective:

Create a virtual machine "pxe" for PXE installation

Steps:

Open "Virtual Machine Manager" application

Select "New virtual machine" from the menu or by pressing the button

Select PXE boot

Select "Linux" and "Red Hat Enterprise Linux 7.5" for CentOS or "Debian Stretch" for Debian according
to your preferences

Keep the minimum requirements for RAM, CPU and Disk

Name your VM "pxe" and select the network "foreman"

Create the VM and immediately pause it so in the next lab the required configuration in Foreman can
be created

7 © NETWAYS
Lab 4.4: Configure the system "pxe" in Foreman

Objective:

Configure the system "pxe" in Foreman and start installation

Steps:

Open Foreman's host dialog using "Host > Create Host"

On the Host tab name it "pxe" and select the Environment "production", Puppet CA
"foreman.localdomain" and Puppet Master "foreman.localdomain"

On the Operating system tab select the Architecture "x86_64", Operating System, Media, Partition table
depending on your choice earlier and set a Root password of your choice

On the Interface tab click edit to configure the interface with the MAC address of the system created
before, identifier "eth0", select Domain "localdomain" and Subnet "foreman" and keep the suggested IP
address

Unpause the virtual machine

8 © NETWAYS
Lab 4.5: Prepare Compute resource libvirt

Objective:

Prepare Compute resource libvirt

Steps:

Install the Compute resource using the Foreman installer

Create a passphraseless ssh-key for user foreman using ssh-keygen

Copy the public key to the root account of the host "host.localdomain" using ssh-copy-id

Configure the Compute resource in Foreman Web GUI

9 © NETWAYS
Lab 4.6: Create the virtual machine "compute" from Foreman

Objective:

Create the virtual machine "compute" from Foreman Web GUI and start unattended installation

Steps:

Open Foreman's host dialog using "Host > Create Host"

On the Host tab name it "compute" and select to deploy on the Compute resource, the Environment,
Puppet CA and Master

On the Virtual Machine tab change the Storage type to "QCOW2"

On the Operating system tab select the Architecture, Operating System, Media, Partition table and set
a Root password.

On the Interface tab click edit to configure the interface with identifier "eth0", select Domain and
Subnet and keep the suggested IP address, for the Libvirt options choose the virtual network
"foreman"

10 © NETWAYS
Lab 4.7: Install and configure the Discovery plugin

Objective:

Install and configure the Discovery plugin

Steps:

Run the Foreman installer to install the Discovery plugin for Foreman and the Smart Proxy and
download the image

Adjust and deploy the PXE default configuration

Enable the discovery widget in the dashboard

11 © NETWAYS
Lab 4.8: Create a virtual machine "discovery"

Objective:

Create a virtual machine "discovery" for PXE installation

Steps:

Open "Virtual Machine Manager" application

Select "New virtual machine" from the menu or by pressing the button

Select PXE boot

Select "Linux" and "Red Hat Enterprise Linux 7.5" for CentOS or "Debian Stretch" for Debian according
to your preferences

Keep the minimum requirements for RAM, CPU and Disk

Name your virtual machine "discovery" and select the network "foreman"

Create the virtual machine and when the PXE menu appears select "Foreman Discovery Image"

Expected result:

The Discovery images boots, reports status "SUCCESS" on the console and appears in the Foreman Web
GUI in the "Discovery widget".

12 © NETWAYS
Lab 4.9: Configure the system "discovery" in Foreman

Objective:

Configure the system "discovery" in Foreman and start installation

Steps:

Select the newly discovered host form the widget

On the Discovered host view select the action "Provision" and then "Customize Host"

On the Host tab name it "discovery" and select the Environment, Puppet CA and Master

On the Operating system tab select the Architecture, Operating System, Media, Partition table and set
a Root password

On the Interface tab click edit to configure the interface add the Domain "localdomain"

Submit to start the installation

13 © NETWAYS
Lab 4.10: Install and configure the Bootdisk plugin

Objective:

Install and configure the Bootdisk plugin

Steps:

Run the Foreman installer to install the Bootdisk plugin

Associate iPXE template for operating systems

14 © NETWAYS
Lab 4.11: Reinstall the virtual machine "pxe"

Objective:

Reinstall the virtual machine "pxe" from a host image

Steps:

Set the Host "pxe" in "Build" mode and download the host image

Configure virtual machine to boot from image by adding a "CDROM" device and selecting it as boot
media

Boot and reinstall the virtual machine

15 © NETWAYS
Lab 5.1: Import of Puppet classes

Objective:

Make Puppet code available to Puppet and Foreman

Steps:

Place Puppet modules found in "/home/training" on host.localdomain into

"/etc/puppetlabs/code/environments/production" on foreman.localdomain

Import the Puppet classes in Foreman using "Configure > Classes"

Optional:

Configure Foreman to ignore the classes from stdlib module by creating

"/usr/share/foreman/config/ignored_environments.yml"

Expected result:

Class "training::user" is available in the WebGUI and can be assigned to hosts and hostgroups

16 © NETWAYS
Lab 5.2: Parameterize and assign Puppet classes

Objective:

Parameterize and assign Puppet classes to at least one host

Steps:

Set defaults to the Smart class parameters provided by the imported class

Assign the Puppet class in the host menu to one host

17 © NETWAYS
Lab 5.3: Trigger Puppet agent run and inspect the report

Objective:

Trigger an Puppet agent run and inspect the report

Steps:

Run the Puppet agent in test mode on the host you assigned the class

Inspect the report of the Puppet agent run

18 © NETWAYS
Lab 5.4: Configure Ansible Callback

Objective:

Install Ansible and configure the callback plugin for Foreman

Steps:

Install Ansible using yum

Ansible is available from centos-extras repository, the callback plugin also requires python-requests.

Configure callback plugin

The callback plugin is part of Ansible since 2.2, so only needs to be enabled in the configuration. The
plugin itself requires environment variables to be set for configuration.

Add your host to the inventory

We will use the static configuration for now, dynamic inventory will be introduced later.

Create and distribute a SSH key

Use ssh-keygen and ssh-copy-id .

Download the role "reallyenglish.ntpd"

Ansible roles can be downloaded from Ansible Galaxy using the CLI.
Create a playbook and run it
The playbook only requires an array of hosts and roles.

Expected result:

Playbook is played successfully and report is uploaded to Foreman.

19 © NETWAYS
Lab 5.5: Configure Ansible Dynamic Inventory

Objective:

Configure Ansible Dynamic Inventory

Steps:

Download Dynamic Inventory and sample configuration

Dynamic Inventory scripts are not included in the package, but available at Github:
https://github.com/ansible/ansible/tree/devel/contrib/inventory

Adjust configuration
Configuration has to include Foreman url, user and password.
Test Dynamic Inventory
You can run the script directly to the output and use it with the parameter -i during playbook runs.

20 © NETWAYS
Lab 5.6: Configure Graphical Integration

Objective:

Configure Foreman Plugin and Smart Proxy Plugin

Steps:

Install Foreman Plugin and Smart Proxy Plugin using foreman-installer

Import roles and assign them

Prepare Smart proxy to play roles

Smart Proxy needs a SSH key to play roles.

Play roles using the webinterface

21 © NETWAYS
Lab 6.1: LDAP Authentication

Objective:

Allow the administrative accounts from the LDAP to work as Foreman admins

Steps:

Configure the LDAP authentication including group synchronisation

Add a administrative group to grant the administrative accounts from the LDAP privileges

Optional: Add a photo to the administrator account via ldapmodify

Expected result:

Login with the account "administrator" of the group "admins" with password "netways" to grant
administrative privileges

Details on the LDAP server:

Server: foreman.localdomain
Protocol: LDAP (Port 389/tcp)
Schema: POSIX
Base DN: dc=localdomain
User DN: ou=users,dc=localdomain
Group DN: ou=groups,dc=localdomain

22 © NETWAYS
Lab 6.2: Add unprivileged users

Objective:

Grant access and privileges for some unprivileged users

Steps:

Assign the role "Viewer" to the user "viewer"

Create a role "Selfservice" to allow creation of new hosts and management of own hosts

Assign the new role "Selfservice" to the user "selfservice"

Expected result:

Login with the account "viewer" and password "netways" grants read-only privileges

Login with the account "selfservice" and password "netways" allows to created new hosts

23 © NETWAYS
Lab 7.1: Templates

Objective:

Import the Community templates

Steps:

Install the Foreman Plugin Templates using the foreman-installer

Run the synchronisation job with an API call

Optional:

Change settings to add a prefix during import

Expected result:

Additional templates are available in the WebGUI.

24 © NETWAYS
Lab 7.2: DHCP Browser

Objective:

Inspect DHCP reservations

Steps:

Install the Foreman Plugin DHCP Browser using the foreman-installer

Inspect DHCP reservations of the subnet "foreman"

Expected result:

You will find one reservation for every host created earlier.

25 © NETWAYS
Lab 7.3: Column View

Objective:

Add Architecture and Uptime to the "All Hosts" view

Steps:

Install the Foreman Plugin Column View using the package "tfm-rubygem-foreman_column_view"

Configure it to show the facts for architecture and uptime and restart the service

Expected result:

Additional columns are showing the values of the facts for architecture and uptime on all hosts which
reported a Puppet run.

26 © NETWAYS
Lab 7.4: OpenSCAP

Objective:

Inspect the Security compliance of your system

Steps:

Install the Foreman and Smart Proxy Plugin OpenSCAP using the foreman-installer

Make the Puppet Module "foreman_scap_client" available

Create a Policy for CentOS 7 and assign it to a host

Initiate a Puppet agent run on the host

Create a report on the host and upload it to the Smart proxy

Upload the report from the Smart proxy to the Foreman

Optional:

Customize the Policy with a tailor file created with SCAP workbench

Expected result:

Compliance Report is available in the Foreman WebGUI.

27 © NETWAYS
Lab 7.5: Cockpit

Objective:

Inspect your system using Cockpit integrated in the Foreman

Steps:

Install Cockpit and enable the Cockpit websocket

Install the Foreman Plugin Cockpit using the foreman-installer

Expected result:

Cockpit action menu shows up in the Host detail view and allows to inspect the system.

28 © NETWAYS
Lab 7.6: Remote Execution

Objective:

Initiate a Puppet run on a remote system

Steps:

Install the Foreman Plugin Remote Execution using the Foreman Installer

Bring out the SSH key

Initiate the Puppet run

Optional:

Run OpenSCAP scan

Expected result:

Puppet run is executed on the remote system and report is uploaded

29 © NETWAYS
Lab 7.7: Remote Execution - Job Template

Objective:

Create a Job Template "ping" to run the ping command on remote hosts

Steps:

Create a Job Template to run ping with default values for count and target and input field for target

Run it without input and inspect the output

Run it with input and inspect the output

30 © NETWAYS
Lab 7.8: Expire Hosts

Objective:

Set a host to expire

Steps:

Install the Foreman Plugin Expire Hosts using the Foreman Installer

Configure notifications in the settings menu

Set a host to expire on its "Additional Information" tab

Expected result:

Host would be expired on the date set

31 © NETWAYS
Lab 7.9: Monitoring Integration

Objective:

Integrate Monitoring into Foreman

Steps:

Install Foreman plugin and Smart proxy plugin using foreman-installer

Active Icinga 2 and Icinga Web 2 Director provider.
Configure Smart proxy to communicate with Icinga 2 and Icinga Web 2 Director

Configure Foreman default actions for monitoring

Active integration for one host

Verify monitoring integration at http://monitoring.localdomain/icingaweb2

Credentials are icinga:icinga.

32 © NETWAYS
Lab 8.1: Working with the API

Objective:

Use the API to query, create and update objects

Steps:

Query the API for all subnets using the URL endpoint "/api/subnets"

Query the API for all Debian hosts using the URL endpoint "/api/hosts" and the search "os=Debian" or
"facts.osfamily=Debian"

Create a hostgroup "training" using the API with valid defaults

Change the root password for the hostgroup "training" using the API

33 © NETWAYS
Lab 8.2: Working with the CLI

Objective:

Use the CLI to prepare a new Operatingsystem entry

Steps:

Make sure to provide the correct credentials.

Create the new Operatingsystem entry for "CentOS 6.8"

Associate the template "Kickstart default PXELinux" and set it as default template

Associate the template "Kickstart default" and set it as default template

34 © NETWAYS