Foreman+Puppet and Foreman Proxy Installation on Debian

This is just a very short walk through how to install foreman on a Debian System and (if needed) a foreman proxy onto another System.
Its also possible to install the Proxy on the same System but in our case the networks are different which is why we need a “distant” Foreman Proxy.
In this Setup we will use puppet 3 instead of the Puppet 2 which is currently in Debian Stable. Therefore we have to add the puppetlabs DEB Repository first.

wget --no-check-certificate
dpkg -i puppetlabs-release-wheezy.deb

To get foreman we also have to add the “theforeman” Repository.

echo "deb wheezy 1.4" > /etc/apt/sources.list.d/foreman.list
wget -q -O- | apt-key add -

Now its easy to install foreman-installer and with it foreman on our system.
This will fetch puppet, foreman and all needed dependencies like postgresql, apache etc.

apt-get update && apt-get install foreman-installer

After the Installation you can login with admin/changeme

I’ve setup LDAP in my puppet server with our Microsoft Domain.
Just set the host, baseDN, user + pass according to your infrastructure.
if you have Active directory you can set the third page like in this screenshot.


And your Foreman powered Puppet is ready to go.


Now lets install our remote foreman proxy (with a fresh installed debian system)
again install the foreman deb sources as mentioned above. (but leave the puppet sources)
One way would be to just install the package and configure the proxy yourself. (add it in the Master Foreman)

apt-get install foreman-proxy

But my prefered way is to again let it be done by foreman-installer. (with *some* Options)

Prepare the rndc key so the proxy can update the bind daemon running on the master foreman.
Just create the directory /etc/foreman-proxy and put the *rndc.key* file in there.

To use the installer for the proxy we have to fetch some infos from our foreman server.
hostname should be correct of course and we have to get the oauth Keys.
The Keys is hidden Foreman Server – Manage – Settings – Auth (copy oauth_consumer_key & oauth_consumer_secret)

i’ve also pre created the Cert for the Fmproxy on the puppet master

puppet cert generate fmproxy.mycompany.local

copy /var/lib/puppet/ssl/certs/fmproxy.mycompany.local.pem and
/var/lib/puppet/ssl/private_keys/fmproxymycompany.local.pem /var/lib/puppet/ssl/certs/ca_crt.pem onto the new server into
/etc/foreman-proxy/private_keys and ssl/certs.

foreman-installer --no-enable-foreman --enable-foreman-proxy --foreman-proxy-dhcp true --foreman-proxy-tftp true --foreman-proxy-dns  true  --foreman-foreman-url=https://puppet01.mycompany.local  --foreman-proxy-foreman-base-url=https://puppet01.mycompany.local --foreman-proxy-oauth-consumer-key=sb8fZvY4Sfu4zpsjzcx7eh7MuHuXCqKq --foreman-proxy-oauth-consumer-secret=vc8QkxEhmqXcRVJdhvKQZZmcQP9BNHVi --foreman-proxy-ssl-key=/etc/foreman-proxy/ssl/private_keys/fmproxy.mycompany.local.pem --foreman-proxy-ssl-cert=/etc/foreman-proxy/ssl/certs/fmproxy.mycompany.local.pem  --foreman-proxy-puppetca false --foreman-proxy-ssl-ca=/etc/foreman-proxy/ssl/ca/ca_crt.pem  --foreman-proxy-dns-server=puppet01.mycompany.local --foreman-proxy-dns-zone=ops.mycompany.local --foreman-proxy-keyfile=/etc/foreman-proxy/rndc.key

If we are lucky foreman-proxy should be installed 😉 (it wasnt for me therefore i executed this command in various forms multiple times)
It also has registered itself in the foreman master server.

The Setup is not yet completely usable because some settings are not yet correctly.


update the routers setting accordingly to your network setup. ( which foreman entered is not correct most of the time)
dont forget to restart your dhcpd server after changing the settings (/etc/init.d/isc-dhcp-server restart)

This should be enough to install/provision your servers via foreman. hfgl