Foreman Automation

Posted byaardvark
Photo by eskay lim on Unsplash

Here are some little tidbits for integrating your hosts into puppet.

This is a set of bash lines we use to configure a new host:

rpm -Uvh https://yum.puppet.com/puppet7-release-el-9.noarch.rpm
dnf install puppet-agent -y
/opt/puppetlabs/bin/puppet config set server puppetmaster.example.com
/opt/puppetlabs/bin/puppet config set environment common
mkdir -p /etc/puppetlabs/code/environments/common
/opt/puppetlabs/bin/puppet agent -t && /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true

You would then typically be on the GUI and sign the certificate. But if you are on an internal LAN you can have the certificate request autosigned.

File /etc/puppetlabs/puppet/autosign.conf:

*.example.com

Thats it.

You can then use the GUI to put it in a Host group, but you can use hammer command line that foreman has:

hammer host update \
--name myhost.example.com\
--hostgroup "EL10_DEV" \
--location "Default Location" \
--organization "Default Organization" \
--puppet-proxy "puppetmaster.example.com \
--puppet-ca-proxy "puppetmaster.example.com"

You can put these type of things in ansible:

---
- name: Install and configure Puppet agent
  hosts: "{{ target_hosts }}"
  become: yes
  vars:
    puppet_server: puppetmaster.example.com
    puppet_environment: common
    puppet_server_ip:192.168.1.1

  tasks:
    - name: Verify Rocky Linux 9 or 10
      fail:
        msg: "This playbook is only supported on Rocky Linux 9 or 10"
      when:
        - ansible_distribution != "Rocky"
        - ansible_distribution_major_version not in ["9", "10"]

    - name: Install Puppet 7 repository
      dnf:
        name: https://yum.puppet.com/puppet7-release-el-9.noarch.rpm
        state: present
        disable_gpg_check: yes

    - name: Install puppet-agent package
      dnf:
        name: puppet-agent
        state: present

    - name: Configure puppet.conf with server and environment
      blockinfile:
        path: /etc/puppetlabs/puppet/puppet.conf
        block: |
          server = {{ puppet_server }}
          environment = {{ puppet_environment }}
        marker: "# {mark} ANSIBLE MANAGED BLOCK"


    - name: Create puppet environments directory
      file:
        path: /etc/puppetlabs/code/environments/{{ puppet_environment }}
        state: directory
        mode: '0755'
        recurse: yes

    - name: Run puppet agent test
      command: /opt/puppetlabs/bin/puppet agent -t
      register: puppet_test_result
      failed_when: false
      changed_when: puppet_test_result.rc == 0

    - name: Enable and start puppet service
      service:
        name: puppet
        state: started

That playbook is odd because there is no EL10 puppet packages yet but Rocky9 EL9 packages work fine.

You would run that playbook like this:

ansible-playbook -e target_hosts=mynewhost puppet-rocky9-rocky10-setup.yaml -kK