Foreman Automation

~ aardvark
Photo by eskay lim on Unsplash

Here are some little tidbits for integrating your hosts into puppet.

This is a typical set of bash lines you can use to configure a new host:

rpm -Uvh https://yum.puppet.com/puppet7-release-el-9.noarch.rpm
dnf install puppet-agent -y
sed -i -e '$a\
server = puppetmaster.example.com\
environment = common'  /etc/puppetlabs/puppet/puppet.conf
hostname |grep la &&  sed -i=.bak -e '$a\192.168.1.1 puppetmaster.example.com' /etc/hosts 
mkdir -p /etc/puppetlabs/code/environments/common
/opt/puppetlabs/bin/puppet agent -t && /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true

You would then typically be on the GUI and sign the certificate. But if you are on an internal LAN you can have the certificate request autosigned.

File /etc/puppetlabs/puppet/autosign.conf:

*.example.com

Thats it.

You can then use the GUI to put it in a Host group, but you can use hammer command line that foreman has:

hammer host update \
–name myhost.example.com\
–hostgroup “EL10_DEV” \
–location “Default Location” \
–organization “Default Organization” \
–puppet-proxy “puppetmaster.example.com \
–puppet-ca-proxy “puppetmaster.example.com”

You can put these type of things in ansible:

---
- name: Install and configure Puppet agent
  hosts: "{{ target_hosts }}"
  become: yes
  vars:
    puppet_server: puppetmaster.example.com
    puppet_environment: common
    puppet_server_ip:192.168.1.1

  tasks:
    - name: Verify Rocky Linux 9 or 10
      fail:
        msg: "This playbook is only supported on Rocky Linux 9 or 10"
      when:
        - ansible_distribution != "Rocky"
        - ansible_distribution_major_version not in ["9", "10"]

    - name: Install Puppet 7 repository
      dnf:
        name: https://yum.puppet.com/puppet7-release-el-9.noarch.rpm
        state: present
        disable_gpg_check: yes

    - name: Install puppet-agent package
      dnf:
        name: puppet-agent
        state: present

    - name: Configure puppet.conf with server and environment
      blockinfile:
        path: /etc/puppetlabs/puppet/puppet.conf
        block: |
          server = {{ puppet_server }}
          environment = {{ puppet_environment }}
        marker: "# {mark} ANSIBLE MANAGED BLOCK"

    - name: Check if hostname contains 'la'
      shell: hostname | grep -q la
      register: hostname_check
      failed_when: false
      changed_when: false

    - name: Add Puppet server to hosts file for 'la' hostnames
      lineinfile:
        path: /etc/hosts
        line: "{{ puppet_server_ip }} {{ puppet_server }}"
        backup: yes
      when: hostname_check.rc == 0

    - name: Create puppet environments directory
      file:
        path: /etc/puppetlabs/code/environments/{{ puppet_environment }}
        state: directory
        mode: '0755'
        recurse: yes

    - name: Run puppet agent test
      command: /opt/puppetlabs/bin/puppet agent -t
      register: puppet_test_result
      failed_when: false
      changed_when: puppet_test_result.rc == 0

    - name: Enable and start puppet service
      service:
        name: puppet
        state: started

That playbook is odd because there is no EL10 puppet packages yet but Rocky9 EL9 packages work fine.

You would run that playbook like this:

ansible-playbook -e target_hosts=mynewhost puppet-rocky9-rocky10-setup.yaml -kK

Leave a Reply

Your email address will not be published. Required fields are marked *