Automating The ICCLab: Part Two

In [the previous post](http://www.cloudcomp.ch/2012/06/automating-the-icclab-part-two/) we looked at getting Foreman setup and installed. In this post we’ll run through how you can provision bare metal hosts using Foreman. The first thing that we’ll need to do is configuring Foreman for provisioning! Don’t forget [a VM in which all of this is setup is available](http://www.cloudcomp.ch/wp-content/uploads/2012/06/ForemanV.ova).

## Configuring Foreman to Provision Bare Metal

You will now need to configure Foreman. To do this you need to create the following pieces of information:

0. **Architectures**

Here, if they are not already populated, you need to enter in the OS hardware architectures that are required for your infrastructure fleet. Common architectures include ‘i386’ and ‘x86_64’.

1. **Smart Proxies**

Smart proxies are the entities that interact with the core infrastructural services like DNS, DHCP, TFTP etc. When setting up your Foreman instance you need to tell Foreman where its location is by creating a new Smart Proxy entry and supplying its URL.

2. **Domains**

Here you need to enter in the domain name system information. All that is needed is the top level domain name (e.g. mydomain.com) and an identifier (e.g. “the main TLD”). If your smart proxy has DNS enabled then ensure the DNS value is populated. This value specifies what smart proxy DNS service to use when adding new DNS entries.

Once the smart proxy and DNS entries are entered, go back to the Smart Proxies section and click on ‘Import Subnets’. This will populate Foreman with the required networking information needed to allocate IP addresses against a newly provisioned machine.

3. **Subnets**

If you carried out the auto-import of subnets when setting up your smart proxy you shouldn’t need to change this, unless you want to add more or modify subnets.

4. **Environments**

Environments specify a group of puppet modules that can be applied against a newly provisioned host. To import default ones, `cd /usr/share/foreman` and execute `rake puppet:import:puppet_classes[batch] RAILS_ENV=production`. See the [Foreman wiki page](http://theforeman.org/projects/foreman/wiki/External_Nodes) for further details. You can also import existing environments, along with their associated classes, by navigating to the ‘Puppet Classes’ section and clicking on ‘Import new puppet classes and environments’.

5. **Installation Media**

To install an operating system you need to specify the location of where the source files will come from. Foreman supplies you with some installation media locations to begin with and you can add more either remote or local ones. A suggested minor edit with the default Foreman installation media is to change the mirrors that are closest to you.

**Tip**: Setup a caching server to cache all your downloaded operating system files (e.g. apt-cacher NG for Debian based systems; [puppet module here](https://github.com/lelutin/puppet-apt-cacher-ng)), otherwise you can install from local media locations, say, distributed over HTTP.

6. **Operating Systems**

In the case that you want to deploy Operating Systems to hosts, you will need to define the operating systems that you support. To do this create an operating system entry. Once done go to the Provisioning Template section.

7. **Provisioning Template**

The provisioning templates are key in the TFTP and DHCP boot process of your new host. These specify, depending on the OS automation suite (e.g. preseed, kickstart etc.), how the OS should be installed on the new host, how disk partitions should be setup, what OS packages should be installed etc.

An **important thing to do** here is to create a ‘Default PXE Menu’. This will allow for PXE boots with a fall back of boot by local disk, should a host have an OS already installed.

You need to specify the template for the appropriate operating systems you are supporting. In the case of Ubuntu OS’s you will need to go to each ‘Preseed’ entry and ensure that it is associated to the Ubuntu Operating systems. Once done go back to the Operating Systems entries and ensure that they are associated with the correct templates.

**Note**: A modification to the Ubuntu Default disk partition needs to be made to that a user prompt is avoided. To do this navigate to ‘Partition Tables’, select the ‘Ubuntu default’ and then add the following as a replacement:

[gist id=2888536]

8. **Host Group**

You can think of a Host Group as a profile or policy that is applied to a new host or group of hosts that is/are provisioned. Here selected puppet modules can be enforced on associated hosts to the Host Group. An example Host Group would be, say, an OpenStack Compute (Nova) Host Group. Any host associated with this group would assume the role of providing virtual machines for an OpenStack installation.

With the above items created you are now ready to create a Foreman/puppet managed node! Click on ‘Hosts’ and ‘New Host’. Most parameters will be pre-populated. The only parameter you need to supply is the new host’s MAC address.

### Potential Issues

1. If you come across this DNS related issue when creating a node:

[gist id=2888540]

First check the permissions of your `/etc/bind/rndc.key`. The foreman process needs to have read permissions to this. This is best done by adding the `foreman-proxy` user to the `bind` group (Thanks to Andreas N for [the suggestion](https://groups.google.com/forum/?fromgroups#!topic/foreman-users/TzmrYhoFKFI)!). E.g. on Ubuntu:

[gist id=2888549]

Secondly, a work around, although not elegant, is to disable the dynamic DNS functionality. To do this:

1. Go to ‘Domains’ and clear the value for ‘Dns’ and then save.
2. Edit `/etc/puppet/modules/common/foreman_proxy/manifests/params.pp` and set `$dns = false`.

2. If when provisioning a new host and the PXE boot process complains that it cannot download the pre-configuration file (say in the case of Ubuntu) and the URL is malformed (e.g. http://foreman:3000.mydomain.net), then ensure that you are accessing the Foreman front-end via the fully qualified hostname (e.g. http://foreman.mydomain.net:3000) and not just the host name (e.g. http://foreman:3000).

3. If you come across the following issue when creating a node:

[gist id=2888551]

The first solution is to [apply the changes that are present in this diff](http://theforeman.org/projects/foreman/repository/revisions/a7ad2c1c5e128347fea66478614d8784b222c2d9) that fixes [Foreman issue 1541](http://theforeman.org/issues/1451).
The last resort work around is to install the 0.5 `nightly` release of Foreman. You can select what release of Foreman to install by editing `/etc/puppet/modules/common/foreman/manifests/params.pp` and changing `$package_source`. 0.5 appears to be relatively stable with many [people in the Foreman IRC room](http://theforeman.org/projects/foreman/wiki/Support) using it.

## Integrating Physical Nodes with Foreman & Puppet
For Foreman to use puppet, puppet needs to send reports to Foreman. To do this a script is registered with puppet. Thankfully this is looked after by the previous install steps above. If you want to check the script out, it can be [found at the Foreman repository](https://github.com/theforeman/puppet-foreman/blob/master/templates/foreman-report.rb.erb) or just look in `/usr/lib/ruby/1.8/puppet/reports/foreman.rb`. The other step that the install looks after is registering the report with puppet via the puppet configuration file (`/etc/puppet/puppet.conf`).

At this stage you should have Foreman up and running and acting as not just a puppet master but as an ENC (External Node Classifier). This is looked after (this setup is automated) by yet another simple script (`/etc/puppet/node.rb`) that is registered with puppet. This script supplies node information from Puppet to Foreman.

## Possible Issues on Provisioned Nodes

1. If you are seeing **”hostname was not match with the server certificate”** in `/var/log/syslog` on your provisioned host then [please see this page](http://docs.puppetlabs.com/guides/troubleshooting.html). Normally you need to adjust the `server` parameter in the `/etc/puppet/puppet.conf` file.
2. If you see **”Error 400 on SERVER: Could not find nodeā€¦”** in `/var/log/syslog` then you will likely have to adjust the variable `url` in `/etc/puppet/node.rb` and `$foreman_url` in `/usr/lib/ruby/1.8/puppet/reports/foreman.rb`.
3. If you see:

[gist id=2888556]

then check out [this article on disabling factsync](http://serverfault.com/questions/66124/puppet-0-25-0-problems-with-access-control-how-can-i-fix-them).

## Next up
The next post in this series will look into deploying OpenStack using puppet in a distributed (multiple nodes scenario) and then followed up with integration with Foreman. Stay tuned!

Leave a Reply

Your email address will not be published. Required fields are marked *