Trying to reproduce puppet-foreman_proxy and puppet-foreman with Chef cookbooks.
Installs and configures Foreman and Foreman-smartproxy.
It can:
- Install and configure Foreman Web ui
- Install and configure a Foreman Smartproxy with dhcp, bmc, tftp, ...
- Register smartproxies
This cookbook depends on theses external cookbooks:
- apt
- apache2
- ark
- bind
- database
- dhcp
- git
- hostname
- hostsfile
- mysql
- postgresql
- tftp
and requires:
- Chef > 12
- Ruby > 1.9
Currently testing on Ubuntu, Debian.
include_recipe 'foreman'
Don't forget to edit attributes to be sure oauth have the same parameters and value as the foreman.
include_recipe 'foreman::proxy'
Key | Type | Description | Default |
---|---|---|---|
['foreman']['path'] | String | Foreman installation path | /usr/share/foreman |
['foreman']['version'] | String | Foreman version | stable |
['foreman']['config_path'] | String | Configuration path | /etc/foreman |
['foreman']['config']['init'] | String | Init config path | /etc/default/foreman |
['foreman']['config']['init_tpl'] | String | Init config template | foreman.default.erb |
['foreman']['use_repo'] | Boolean | Use Foreman repository | true |
['foreman']['repo']['uri'] | String | Repository uri | http://deb.theforeman.org/ |
['foreman']['repo']['components'] | Array | Repository components | [stable] |
['foreman']['repo']['key'] | String | Repository key | http://deb.theforeman.org/foreman.asc |
['foreman']['plugins'] | Array | Plugins installed via the package manager | [foreman-libvirt, ruby-foreman-chef] |
['foreman']['server_name'] | String | Server name to use for apache and fqdn | foreman.example |
['foreman']['environment'] | String | Foreman environment | production |
['foreman']['admin']['username'] | String | Admin username | admin |
['foreman']['admin']['password'] | String | Admin password | changeme |
['foreman']['admin']['first_name'] | String | Admin first name | nil |
['foreman']['admin']['last_name'] | String | Admin last name | nil |
['foreman']['admin']['email'] | String | Admin email | nil |
['foreman']['initial_organisation'] | String | Admin organisation | nil |
['foreman']['initial_location'] | String | Admin location | nil |
['foreman']['user'] | String | System user | foreman |
['foreman']['group'] | String | System group | foreman |
['foreman']['group_users'] | Array | System groups for foreman user | [] |
['foreman']['db']['manage'] | Boolean | Manage the database | true |
['foreman']['db']['install'] | Boolean | Install the database | true |
['foreman']['db']['host'] | String | Database host | nil |
['foreman']['db']['port'] | String | Database port | nil |
['foreman']['db']['adapter'] | String | Database adapter | postgresql |
['foreman']['db']['real_adapter'] | String | Ruby adapter name | postgresql |
['foreman']['db']['ssl_mode'] | Boolean | Database in ssl | nil |
['foreman']['db']['database'] | String | Database name | foreman |
['foreman']['db']['username'] | String | Database username | foreman |
['foreman']['passenger']['install'] | Boolean | Install apache passenger mod | true |
['foreman']['passenger']['high_performance'] | Boolean | Mod passenger high performance | true |
['foreman']['passenger']['rack_autodetect'] | Boolean | Mod passenger rack autodetect | false |
['foreman']['passenger']['max_pool_size'] | Integer | Mod passenger max pool size | nil |
['foreman']['passenger']['pool_idle_time'] | Integer | Mod passenger pool idle time | nil |
['foreman']['passenger']['max_requests'] | Integer | Mod passenger max requests | nil |
['foreman']['passenger']['stat_throttle_rate'] | Integer | Mod passenger stat throttle rate | nil |
['foreman']['passenger']['use_global_queue'] | Boolean | Mod passenger global queue | nil |
['foreman']['passenger']['default_ruby'] | String | Mod passenger default ruby | nil |
['foreman']['passenger']['prestart'] | Boolean | Mod passenger prestart | true |
['foreman']['passenger']['min_instances'] | Integer | Mod passenger minimum instances | 1 |
['foreman']['passenger']['start_timeout'] | Integer | Mod passenger start tiemout | 600 |
['foreman']['passenger']['ruby'] | String | Mod passenger ruby path | /usr/bin/ruby |
['foreman']['passenger']['package'] | String | Mod passenger package | libapache2-mod-passenger |
['foreman']['ssl'] | Boolean | Foreman in Ssl | true |
['foreman']['ssl'] | Boolean | Foreman in Ssl | true |
['foreman']['ssl_dir'] | String | Ssl directory | /etc/foreman/certs |
['foreman']['ssl_ca_file'] | String | Ssl ca file | /etc/foreman/certs/ca.crt |
['foreman']['ssl_ca_key_file'] | String | Ssl ca key file | /etc/foreman/certs/ca.key |
['foreman']['ssl_cert_file'] | String | Ssl cert file | /etc/foreman/certs/server.crt |
['foreman']['ssl_cert_key_file'] | String | Ssl cert key file | /etc/foreman/certs/server.key |
['foreman']['ssl_cert_csr_file'] | String | Ssl cert csr file | /etc/foreman/certs/server.csr |
['foreman']['unattended'] | Boolean | Foreman unattented | true |
['foreman']['authentication'] | Boolean | Foreman authentication | true |
['foreman']['locations_enabled'] | Boolean | Foreman enable locations | false |
['foreman']['organizations_enabled'] | Boolean | Foreman enable organizations | false |
['foreman']['oauth_active'] | Boolean | Foreman oauth | true |
['foreman']['oauth_map_users'] | Boolean | Foreman oauth map users | false |
['foreman']['oauth_consumer_key'] | String | Foreman oauth consumer key | Random string |
['foreman']['oauth_consumer_secret'] | String | Foreman oauth consumer secret | Random string |
['foreman']['websockets_encrypt'] | Boolean | Foreman encrypt websockets | true |
['foreman']['websockets_ssl_key'] | Boolean | Foreman websockets ssl key | /etc/ssl/certs/foreman.example.pem |
['foreman']['websockets_ssl_cert'] | Boolean | Foreman websockets ssl cert | /etc/ssl/privates_keys/foreman.example.pem |
Key | Type | Description | Default |
---|---|---|---|
['foreman-proxy']['version'] | String | Foreman proxy version | stable |
['foreman-proxy']['register'] | Boolean | Register foreman proxy in foreman | true |
['foreman-proxy']['config_path'] | String | Foreman proxy config path | /etc/foreman-proxy |
['foreman-proxy']['daemon'] | Boolean | Foreman proxy daemon | true |
['foreman-proxy']['user'] | String | Foreman proxy user | foreman-proxy |
['foreman-proxy']['group'] | String | Foreman proxy group | foreman-proxy |
['foreman-proxy']['group_users'] | Array | System groups for foreman-proxy user | [] |
['foreman-proxy']['plugins'] | Array | Plugins installed via the package manager for the smartproxy | [ruby-smart-proxy-chef] |
['foreman-proxy']['log_file'] | String | Log file | /var/log/foreman-proxy/proxy.log |
['foreman-proxy']['log_level'] | String | Log level | ERROR |
['foreman-proxy']['puppetrun'] | Boolean | Puppetrun | false |
['foreman-proxy']['puppetrun_listen_on'] | String | Puppetrun listen on | https |
['foreman-proxy']['puppetca'] | Boolean | Puppetca | false |
['foreman-proxy']['puppetca_listen_on'] | String | Puppetca listen on | https |
['foreman-proxy']['puppet'] | Boolean | Puppet | false |
['foreman-proxy']['puppet_home'] | String | Puppet home directory | /var/lib/puppet |
['foreman-proxy']['puppet_url'] | String | Puppet url | https://foreman.example:8140 |
['foreman-proxy']['puppet_use_environement_api'] | Boolean | Puppet environment api | nil |
['foreman-proxy']['puppet_autosign_location'] | String | Puppet autosign location | /etc/puppet/autosign.conf |
['foreman-proxy']['puppet_group'] | String | Puppet group | puppet |
['foreman-proxy']['puppet_ssl_dir'] | String | Puppet ssl directory | /var/lib/puppet/ssl |
['foreman-proxy']['puppetssh_sudo'] | Boolean | Puppet ssh use sudo | false |
['foreman-proxy']['puppetssh_command'] | String | Puppet ssh command | /usr/bin/puppet agent --ontine --no-usecacheonfailure |
['foreman-proxy']['puppetssh_user'] | String | Puppet ssh user | root |
['foreman-proxy']['puppetssh_keyfile'] | String | Puppet ssh key file | /etc/foreman-proxy/id_rsa |
['foreman-proxy']['puppetssh_wait'] | Boolean | Puppet ssh wait | false |
['foreman-proxy']['http'] | Boolean | Foreman http | false |
['foreman-proxy']['http_port'] | String | Foreman http port | 8000 |
['foreman-proxy']['ssl'] | Boolean | Foreman use ssl | true |
['foreman-proxy']['https_port'] | String | Foreman ssl port | 8443 |
['foreman-proxy']['ssl_ca_file'] | String | Foreman ssl ca file | /etc/foreman/certs/ca.crt |
['foreman-proxy']['ssl_cert_file'] | String | Foreman ssl cert file | /etc/foreman/certs/server.crt |
['foreman-proxy']['ssl_cert_key_file'] | String | Foreman ssl cert key file | /etc/foreman/certs/server.key |
['foreman-proxy']['registered_name'] | String | Foreman proxy registered name | foreman.example |
['foreman-proxy']['registered_proxy_url'] | String | Foreman proxy registered url | https://foreman.example:8443 |
['foreman-proxy']['foreman_base_url'] | String | Foreman base url | https://foreman.example |
['foreman-proxy']['foreman_ssl_ca'] | String | Foreman ssl ca | /etc/foreman/certs/ca.crt |
['foreman-proxy']['foreman_ssl_cert'] | String | Foreman ssl cert | /etc/foreman/certs/server.crt |
['foreman-proxy']['foreman_ssl_key'] | String | Foreman ssl key | /etc/foreman/certs/server.key |
['foreman-proxy']['trusted_hosts'] | Array | Foreman proxy trusted hosts | [foreman.example] |
['foreman-proxy']['api_package'] | String | Apipie bindings ruby package | ruby-apipie-bindings |
['foreman-proxy']['dns'] | Boolean | Install dns server | true |
['foreman-proxy']['dns_listen_on'] | String | Dns listen on | https |
['foreman-proxy']['dns_managed'] | Boolean | Dns is managed by Chef | true |
['foreman-proxy']['dns_provider'] | String | Dns provider | nsupdate |
['foreman-proxy']['dns_interface'] | String | Dns interface | eth0 |
['foreman-proxy']['dns_ttl'] | String | Dns ttl | 86400 |
['foreman-proxy']['dns_server'] | String | Dns server | 127.0.0.1 |
['foreman-proxy']['dns_realm'] | String | Dns realm | FOREMAN.EXAMPLE |
['foreman-proxy']['dns_tsig_keytab'] | String | Dns tsig keytab | /etc/foreman-proxy/dns.keytab |
['foreman-proxy']['dns_tsig_principal'] | String | Dns tsig princial | foremanproxy/[email protected] |
['foreman-proxy']['dns_keyfile'] | String | Dns key file | /etc/bind/rndc.key |
['foreman-proxy']['dns_nsupdate'] | String | Dns nsupdate | dnsutils |
['foreman-proxy']['dhcp'] | Boolean | Proxy use dhcp | true |
['foreman-proxy']['dhcp_managed'] | Boolean | Install dhcp server | true |
['foreman-proxy']['dhcp_key_name'] | String | Dhcp key name | nil |
['foreman-proxy']['dhcp_key_secret'] | String | Dhcp key secret | nil |
['foreman-proxy']['dhcp_vendor'] | String | Dhcp vendor | isc |
['foreman-proxy']['dhcp_config'] | String | Dhcp config file | node['dhcp']['config_file'] |
['foreman-proxy']['dhcp_leases'] | String | Dhcp leases files | /var/lib/dhcp/dhcpd.leases |
['foreman-proxy']['dhcp_interface'] | String | Dhcp interface | eth0 |
['foreman-proxy']['dhcp_subnet'] | String | Dhcp subnet | Ohai subnet |
['foreman-proxy']['dhcp_netmask'] | String | Dhcp netmask | Ohai netmask |
['foreman-proxy']['dhcp_broadcast'] | String | Dhcp broadcast | Ohai broadcast |
['foreman-proxy']['dhcp_range'] | Array | Dhcp range | [] |
['foreman-proxy']['dhcp_routers'] | Array | Dhcp routers | [Ohai router] |
['foreman-proxy']['dhcp_options'] | Array | Dhcp options | ... |
['foreman-proxy']['virsh_network'] | String | Virsh network | default |
['foreman-proxy']['bmc'] | Boolean | As bmc | false |
['foreman-proxy']['bmc_listen_on'] | String | Bmc listen on | https |
['foreman-proxy']['bmc_default_provider'] | String | Bmc default provider | ipmitool |
['foreman-proxy']['syslinux']['version'] | String | Syslinux version | 6.03 |
['foreman-proxy']['syslinux']['url'] | String | Syslinux url | ... |
['foreman-proxy']['tftp'] | Boolean | As TFTP | true |
['foreman-proxy']['tftp_listen_on'] | String | TFTP listen on | https |
['foreman-proxy']['tftp_syslinux_root'] | String | TFTP syslinux root | nil |
['foreman-proxy']['tftp_root'] | String | TFTP root | node['tftp']['directory'] |
['foreman-proxy']['tftp_dirs'] | Array | TFTP directories | [pxelinux.cfg, boot] |
['foreman-proxy']['servername'] | String | TFTP servername | nil |
['foreman-proxy']['realm'] | Boolean | As Realm | false |
['foreman-proxy']['real_listen_on'] | String | Realm listen on | https |
['foreman-proxy']['real_provider'] | String | Realm provider | freeipa |
['foreman-proxy']['real_keytab'] | String | Realm keytab | /etc/foreman-proxy/freeipa.keytab |
['foreman-proxy']['real_principal'] | String | Realm principal | [email protected] |
['foreman-proxy']['freeipa_remove_dns'] | Boolean | Freeipa remove dns | true |
['foreman-proxy']['oauth_effective_user'] | String | Oauth effective user | admin |
['foreman-proxy']['oauth_effective_user'] | String | Oauth effective user | admin |
['foreman-proxy']['oauth_consumer_key'] | String | Oauth consumer key | Random password |
['foreman-proxy']['oauth_consumer_secret'] | String | Oauth consumer secret | Random password |
['foreman-proxy']['templates'] | Boolean | As templates | false |
['foreman-proxy']['templates_listen_on'] | String | Templates listen on | https |
['foreman-proxy']['chef'] | Boolean | As Chef | true |
['foreman-proxy']['chef_authenticate_nodes'] | Boolean | Use Chef authenticate nodes | true |
['foreman-proxy']['chef_server_url'] | String | Chef server url | https://chef.example.net |
['foreman-proxy']['chef_smartproxy_clientname'] | String | Chef client name | host.example.net |
['foreman-proxy']['chef_smartproxy_privatekey'] | String | Chef client private key | /etc/chef/client.pem |
['foreman-proxy']['chef_ssl_verify'] | Boolean | Verify chef ssl connection | true |
['foreman-proxy']['chef_ssl_pem_file'] | String | Chef ssl pem file | /etc/chef/chef.example.com.pem |
This LWRP provides and easy way to register or unregister a smartproxy into foreman.
:create
, register the smartproxy:remove
, unregister the smartproxy
smartproxy_name
: Name of the smartproxybase_url
: Base url of foreman web apieffective_user
: Foreman userconsumer_key
: Oauth keyconsumer_secret
: Oauth secreturl
: Url of the smartproxytimeout
: Request timeout
This LWRP reproduces the foreman-rake
cli command.
:run
, run foreman-rake command
rake_task
: Rake task nameenvironement
: Environement variablestimeout
: Request timeout
This LWRP enable or disable proxy settings files.
:enable
, enable setting file:disable
, disable setting file
module
: Module namelisten_on
: Module listen on which protocolcookbook
: Cookbook where is stored the template filepath
: Path where the file will be createdowner
: File ownergroup
: File groupmode
: File modetemplate_path
: Template file path
This project exists thanks to all the people who contribute.
Thank you to all our backers!
Support this project by becoming a sponsor. Your logo will show up here with a link to your website.