Skip to content

Instantly share code, notes, and snippets.

genadipost /
Created Jun 24, 2017
Foreman haproxy config for web SSL certificate with trusted CA (non puppet CA)
  • Port 4000 is dedicated for browser trusted CA
  • Port 5000 is dedicated for Foreman various components SSL client authentication via their puppet-ca certificates
  • If Hproxy is running on a dedicated server, 443 (browser) and 4443 (Foreman components) ports can be used.
  user root
  group root

genadipost /
Last active Jun 24, 2017
foreman add Subject Alternative Name
  • This script will add web-foreman.test.local SAN to the generated certificate
  • When --puppet-dns-alt-names is used, puppet and puppet.test.local SAN are not added to the web certificate, which will cause foreman deployment issues
  • Therefore puppet and puppet.test.local SAN's also added with --puppet-dns-alt-names
foreman-installer --puppet-dns-alt-names=puppet \
                  --puppet-dns-alt-names=puppet.test.local \
genadipost /
Last active Dec 12, 2019
Foreman and Active Directory integration (Kerberos Single Sign-On)

This script installs and configures Foreman with Active Directory integration

What the script does:

  • Configures Active Directory as its name resolver
  • Using sssd and realmd the rhel server joins the AD domain (DNS record, computer account, host SPN created in the AD)
  • Using samba, HTTP spn is created in AD and a keytab that contains the HTTP principal
  • Foreman is installed with IPA/AD support, SSO is configured