Skip to content

Instantly share code, notes, and snippets.

@genadipost
genadipost / foreman_haproxy_web_ca.md
Created Jun 24, 2017
Foreman haproxy config for web SSL certificate with trusted CA (non puppet CA)
View foreman_haproxy_web_ca.md
  • Port 4000 is dedicated for browser trusted CA
  • Port 5000 is dedicated for Foreman various components SSL client authentication via their puppet-ca certificates
  • If Hproxy is running on a dedicated server, 443 (browser) and 4443 (Foreman components) ports can be used.
global
  user root
  group root

defaults
@genadipost
genadipost / foreman-dns-alt-names.md
Last active Jun 24, 2017
foreman add Subject Alternative Name
View foreman-dns-alt-names.md
  • This script will add web-foreman.test.local SAN to the generated certificate
  • When --puppet-dns-alt-names is used, puppet and puppet.test.local SAN are not added to the web certificate, which will cause foreman deployment issues
  • Therefore puppet and puppet.test.local SAN's also added with --puppet-dns-alt-names
foreman-installer --puppet-dns-alt-names=puppet \
                  --puppet-dns-alt-names=puppet.test.local \
                  --puppet-dns-alt-names=web-foreman.test.local
@genadipost
genadipost / foreman_ad_sso.md
Last active Dec 12, 2019
Foreman and Active Directory integration (Kerberos Single Sign-On)
View foreman_ad_sso.md

This script installs and configures Foreman with Active Directory integration

What the script does:

  • Configures Active Directory as its name resolver
  • Using sssd and realmd the rhel server joins the AD domain (DNS record, computer account, host SPN created in the AD)
  • Using samba, HTTP spn is created in AD and a keytab that contains the HTTP principal
  • Foreman is installed with IPA/AD support, SSO is configured

Sources