How to Deploy Puppet Foreman on RHEL6 manually

From FedoraProject

Jump to: navigation, search

The manual installation walks you through components deployments. This is helpful for:

  • Understanding what's happening without going through the details of Puppet modules used by the automated installation
  • Might help for other OpenStack deployment scenarios
  • Help for troubleshooting purposes

This approach provides:

  • Puppet Master
  • HTTP service with Webrick
  • Foreman Proxy (Smart-proxy) and Foreman
  • SELinux
Please note
  • The manual installation doesn't describe Apache/SSL/Passenger components yet.

Before starting, make sure the Common Core definitions How_to_Deploy_Openstack_on_RHEL6_using_Foreman#RHEL_Core:_Common_definitions have been applied.


Puppet Master

Once the core components must have prepared, the we can install the Puppet master and Git. Git will be used to get the Puppet modules specific for OpenStack:

yum install -y git puppet-server policycoreutils-python
Initial Puppet Master configuration

We need to customise the Puppet Master configuration file /etc/puppet/puppet.conf.

First we activate puppet plugins (modules custom types & facts)

augtool -s set /files/etc/puppet/puppet.conf/main/pluginsync true

Then we add Puppet a default Production environment. You might want to extend it by adding other environments such as development, test, staging.

mkdir -p /etc/puppet/modules/production
mkdir /etc/puppet/modules/common
augtool -s set /files/etc/puppet/puppet.conf/production/modulepath \ /etc/puppet/modules/production:/etc/puppet/modules/common

The Puppet autosign feature allows to filter whose certificate requests will automatically be signed:

augtool -s set /files/etc/puppet/puppet.conf/master/autosign \$confdir/autosign.conf { mode = 664 }

In order to have SELinux enforced on the Management host, we need to:

  • Set the SELinux type for /etc/puppet:
semanage fcontext -a -t puppet_etc_t '/etc/puppet(/.*)?'
  • Make sure the configuration files type gets applied when file are touched:
echo “/etc/puppet/*” >> /etc/selinux/restorecond.conf
  • Allow Puppet Master to use the Database:
setsebool -P puppetmaster_use_db true

Foreman Installation

Get Foreman packages from the yum repo:

yum install -y
yum install -y foreman foreman-proxy foreman-mysql foreman-mysql2 rubygem-redcarpet
External Node Classification

For Puppet ENC we rely on project and fetch the node.rb script from it:

git clone git:// /tmp/puppet-foreman
cp /tmp/puppet-foreman/templates/external_node.rb.erb /etc/puppet/node.rb

We need to edit the variables defined at the head of the file, /etc/puppet/node.rb.

We are doing this using “sed” command in order to script it for later:

sed -i "s/<%= @foreman_url %>/http:\/\/$(hostname):3000/" \ /etc/puppet/node.rb
sed -i 's/<%= @puppet_home %>/\/var\/lib\/puppet/' /etc/puppet/node.rb
sed -i 's/<%= @facts %>/true/' /etc/puppet/node.rb
sed -i 's/<%= @storeconfigs %>/false/' /etc/puppet/node.rb
chmod 755 /etc/puppet/node.rb

Anyway the result should look like this (extract of the modified section):

:url => "",
:puppetdir => "/var/lib/puppet",
:facts => true,
:storeconfigs => true,
:timeout => 3,

Finally we tell Puppet Master to use ENC:

augtool -s set /files/etc/puppet/puppet.conf/master/external_nodes /etc/puppet/node.rb
augtool -s set /files/etc/puppet/puppet.conf/master/node_terminus exec

Foreman Reports

We use the foreman report form project downloaded earlier:

cp /tmp/puppet-foreman/templates/foreman-report.rb.erb \ /usr/lib/ruby/site_ruby/1.8/puppet/reports/foreman.rb
augtool -s set /files/etc/puppet/puppet.conf/master/reports foreman
Enable Foreman-proxy features
sed -i -r 's/(:puppetca:).*/\1 true/' /etc/foreman-proxy/settings.yml
sed -i -r 's/(:puppet:).*/\1 true/' /etc/foreman-proxy/settings.yml
Activate & run services
chkconfig foreman-proxy on
service foreman-proxy start
chkconfig foreman on
service foreman start

Foreman should be accessible at

The default user is “admin” and with the password “changeme”.