Skip to content

Instantly share code, notes, and snippets.

View foreman.md
yum -y install https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm; \
yum -y install http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm; \
yum -y install https://yum.theforeman.org/releases/1.15/el7/x86_64/foreman-release.rpm; \
yum -y install foreman-release-scl; \
yum -y install foreman-installer; \
export IP=`nmcli -f IP4.ADDRESS device show ens33 | tr -s ' ' | cut -d ' ' -f 2 | cut -d '/' -f 1`; \
echo $IP foreman1.test.local foreman1 >> /etc/hosts; \
nmcli con mod "ens33" ipv4.dns-search "test.local"; \
nmcli general hostname foreman1; \
@genadipost
genadipost / foreman_haproxy_web_ca.md
Created Jun 24, 2017
Foreman haproxy config for web SSL certificate with trusted CA (non puppet CA)
View foreman_haproxy_web_ca.md
  • Port 4000 is dedicated for browser trusted CA
  • Port 5000 is dedicated for Foreman various components SSL client authentication via their puppet-ca certificates
  • If Hproxy is running on a dedicated server, 443 (browser) and 4443 (Foreman components) ports can be used.
global
  user root
  group root

defaults
@genadipost
genadipost / foreman-dns-alt-names.md
Last active Jun 24, 2017
foreman add Subject Alternative Name
View foreman-dns-alt-names.md
  • This script will add web-foreman.test.local SAN to the generated certificate
  • When --puppet-dns-alt-names is used, puppet and puppet.test.local SAN are not added to the web certificate, which will cause foreman deployment issues
  • Therefore puppet and puppet.test.local SAN's also added with --puppet-dns-alt-names
foreman-installer --puppet-dns-alt-names=puppet \
                  --puppet-dns-alt-names=puppet.test.local \
                  --puppet-dns-alt-names=web-foreman.test.local