Feature #1822: Puppetize host feature -- auto install puppet on new or legacy host - Foreman

Custom queries

3.13.1 release DONE
3.13.1 release TODO
3.14.1 release DONE
3.14.1 release TODO
3.15.0 release DONE
3.15.0 release TODO
All bugs by votes
All issues closed in the last 3 weeks
Easy and Trivial Issues
Easy Issues (only)
Foreman - new open issues in last 10 days
Good first issues - Foreman core
high prio open bugs
Host registration [open]
Mine
My issues closed in the last 3 weeks
old bugs
Open with target version set (aka blockers)
registration
taken-none
Team Atlas untriaged bugs
templates
Trivial Issues
Untriaged and opened in the past two weeks

Actions

Copy link

Feature #1822

open

Puppetize host feature -- auto install puppet on new or legacy host

Added by Corey Osman over 12 years ago. Updated over 12 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Target version:

Difficulty:

Triaged:

Bugzilla link:

Pull request:

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

In the past I used ssh and a for loop to install puppet on hosts that don't have puppet.

I had written a bash script to perform the initial puppet install for my particular environment but since everyone's environment will be different this feature will need to be highly customizable via the foreman "script library".

Essentially what I am after is a button on the new host page that says "puppetize" which uses ssh to login to the box and installs puppet via a script defined by the user (or provided for environments that fit a particular model). All that would be required to enter a new host is:

1. ip address
2. ssh credentials or keys (one time use, don't store)
3. custom puppetize script or default puppetize script

Once this puppetize script runs and installs on the newly created puppetnode, it should create the host automatically in forman via puppet with all the necessary details provided.

Additionally, most folks will also elect to use this feature in batch operation to install puppet on a number of hosts. This batch operation would need to be capable of parsing a csv file that contains all the hosts and other useful info (credentials?, name of puppetize script, ...)

I can also envision this feature being placed inside the foremancli as well. Where one could write their own parser and batch mode operations or create a cli batch mode puppetize feature.

History
Notes

Actions

Copy link

Updated by Brian Gupta over 12 years ago

Ok, first let me say my initial reaction to this is that I feel that this it is out of scope. (Perhaps I am misunderstanding the use case.)

A couple of thoughts, elaborating:

1) For new hosts, I think the "correct" Foreman pattern is to use a provisioning template that installs and bootstraps puppet
2) For existing hosts, unless we institute a script runner system like Rundeck, (which already can integrate with Foreman) then this is out of scope for foreman itself, especially if the script pulls it's metadata out of a CSV file?

If I needed to install puppet on a bunch of foreman hosts today, I would use capistrano, fabric, m-collective or ssh-in-a-for-loop, to iterate over a list of hosts either queried directly from the API, or in the case of a shell script wrapping ssh I would escape out to foremancli to generate a hostlist.

Also why a CSV file? Wouldn't you get your metadata directly from foreman?

-Brian

P.S. - Long term, I do believe running commands via ssh is in scope for the foreman cli tooling, but I think it will assume that the hosts are already under some sort of configuration management.

Actions

Copy link

Updated by Corey Osman over 12 years ago

Brian,

IMHO, most companies will already have an existing infrastructure that does not have puppet installed anywhere. So if you can imagine 1000 nodes that don't have puppet and were not original provisioned by foreman the only way to install puppet to to use a script and ssh.

What I am suggesting is a "tool" to automate this mandatory procedure. This procedure is something everyone will eventually do for "legacy nodes". Why make users reinvent the wheel everytime? Why can't foreman provide a mechanism to puppetize a node with procedures that are known to work and have been tested for other users?

Say for instance that a new hire comes along and asks how do I install puppet? Which answer would you prefer to provide? (Click puppetize or run ssh script on host you don't have access to yet using fabric, capistrano, or other tool which you will have to learn). The goal here is to provide a tool that assists in the initial rollout of puppet and foreman.

Imagine the cli tool doing this (find and install): where the cli scans the network and compares hosts not in foreman

foremancli --installpuppet  `foremancli --nonpuppethosts`

or provide a list and don't perform scan

foremancli --installpuppet `cat nonpuppethosts.csv`

Example script I wrote that suited my environment and auto-installed puppet via ssh and for loop:

#!/bin/bash
SSLDELETE=removessl
ARCH=`uname -i`
rpm -qa puppet > /dev/null

VERS="poison" 
linuxversion=`lsb_release -r | cut -f2 |cut -f1 -d.`    

function setuppuppet () {
    cat > /etc/puppet/namespaceauth.conf << EOF
[puppetrunner]
        allow puppetprod1.mycompany.corp

EOF

    cat >> /etc/puppet/puppet.conf << EOF
        listen=true
        report=true

EOF

    cat >> /etc/sysconfig/puppet << EOF
PUPPET_SERVER=puppetprod1.mycompany.corp
PUPPET_EXTRA_OPTS=--waitforcert=500
EOF
    /sbin/service puppet restart

}

# Function routine for install yum if it doesn't exist
function installyum (){

rpm -ivh http://download.fedora.redhat.com/pub/epel/4/x86_64/python-elementtree-1.2.6-0.6.el4.x86_64.rpm
rpm -ivh http://download.fedora.redhat.com/pub/epel/4/x86_64/sqlite-3.3.6-0.3.el4.x86_64.rpm
rpm -ivh http://download.fedora.redhat.com/pub/epel/4/x86_64/python-sqlite-1.1.7-0.1.2.2.el4.x86_64.rpm
rpm -ivh http://download.fedora.redhat.com/pub/epel/4/x86_64/python-urlgrabber-2.9.8-0.3.el4.noarch.rpm
rpm -ivh http://download.fedora.redhat.com/pub/epel/4/x86_64/yum-2.4.3-0.5.el4.noarch.rpm

echo "[main]" > /etc/yum.conf
echo "cachedir=/var/cache/yum" >> /etc/yum.conf
echo "keepcache=0" >> /etc/yum.conf
echo "debuglevel=2" >> /etc/yum.conf
echo "logfile=/var/log/yum.log" >> /etc/yum.conf
echo "distroverpkg=redhat-release" >> /etc/yum.conf
echo "tolerant=1" >> /etc/yum.conf
echo "exactarch=1" >> /etc/yum.conf
echo "obsoletes=1" >> /etc/yum.conf
echo "gpgcheck=1" >> /etc/yum.conf
echo "plugins=1" >> /etc/yum.conf

echo "# Note: yum-RHN-plugin doesn't honor this." >> /etc/yum.conf
echo "#metadata_expire=1h" >> /etc/yum.conf

echo "# Default." >> /etc/yum.conf
echo "# installonly_limit = 3" >> /etc/yum.conf

echo "# PUT YOUR REPOS HERE OR IN separate files named file.repo" >> /etc/yum.conf
echo "# in /etc/yum.repos.d" >> /etc/yum.conf
}
function installrepo() {

    echo "Installing new repo  ${filesum}" 
    if [ -f /etc/yum.repos.d/internalcompany.repo ]; then
        rm -f /etc/yum.repos.d/internalcompany.repo
    fi

}
function installpuppet {
# Lets make sure puppet is installed and configured properly 
if [  "${VERS}" == "0" ]; then
        echo "puppet already installed" 
        # Lets make sure puppet 
        setuppuppet
        /sbin/service puppet restart
        exit 0
fi
# Lets find out which version of Linux were running (4.6, 5.5, 4.8, ...)
if [ $linuxversion -ge 6 ]; then
# Configure for RHEL6
    if [ "${ARCH}" == "i386" ]; then
       echo "i386 puppet installing on $linuxversion" 
       wget "http://10.0.20.130/cblr/svc/op/yum/profile/centos6.1-i386" --output-document=/etc/yum.repos.d/cobbler-config.repo
       rpm -Uvh http://download.fedora.redhat.com/pub/epel/6/i386/epel-release-5-4.noarch.rpm
    else
        echo "x86_64 puppet installing $linuxversion" 
        wget "http://10.0.20.130/cblr/svc/op/yum/profile/RHEL6-x86_64" --output-document=/etc/yum.repos.d/cobbler-config.repo
        rpm -Uvh http://download.fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm 
    fi
    wget "http://10.0.20.130/repos/internalcompany-rhel5.repo" --output-document=/etc/yum.repos.d/internalcompany.repo    

elif [ $linuxversion -ge 5 ]; then
# Configure for RHEL5
    if [ "${ARCH}" == "i386" ]; then
       echo "i386 puppet installing on $linuxversion" 
       wget "http://10.0.20.130/cblr/svc/op/yum/profile/centos5.3-i386" --output-document=/etc/yum.repos.d/cobbler-config.repo
       rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
    else
        echo "x86_64 puppet installing $linuxversion" 
        wget "http://10.0.20.130/cblr/svc/op/yum/profile/RHEL5.7-x86_64" --output-document=/etc/yum.repos.d/cobbler-config.repo
        rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
    fi
    wget "http://10.0.20.130/repos/internalcompany-rhel5.repo" --output-document=/etc/yum.repos.d/internalcompany.repo    

else
# Configure for RHEL4
    if [ "${ARCH}" == "i386" ]; then
       echo "i386 puppet installing" 
       wget "http://10.0.20.130/cblr/svc/op/yum/profile/RHEL4.8-i386" --output-document=/etc/yum.repos.d/cobbler-config.repo
       rpm -Uvh http://download.fedora.redhat.com/pub/epel/4/i386/epel-release-4-10.noarch.rpm
    else
        echo "x86_64 puppet installing" 
        wget "http://10.0.20.130/cblr/svc/op/yum/profile/RHEL4.8-x86_64" --output-document=/etc/yum.repos.d/cobbler-config.repo
       rpm -Uvh http://download.fedora.redhat.com/pub/epel/4/x86_64/epel-release-4-10.noarch.rpm
    fi
    wget "http://10.0.20.130/repos/internalcompany-rhel4.repo" --output-document=/etc/yum.repos.d/internalcompany.repo    

fi

echo "Installing puppet" 
    yum -y install ruby
    if [ "${SSLDELETE}" == "removessl" ]; then
        rm -rf /var/lib/puppet/ssl
    fi
    yum clean metadata
    rpm -e puppet
    rpm -e facter
    yum -y install puppet facter
    /sbin/chkconfig puppet on
    setuppuppet

}
# Install Yum if not present
if [ ! -f /etc/yum.conf ]; then
        echo "Installing Yum" 
        installyum
fi
# Lets get the updated internalcompanyrepo
installrepo
installpuppet

Actions

Copy link

Updated by Ohad Levy over 12 years ago

I could see a way to import a non managed node to foreman.
e.g you have a host that is not running puppet, but you want it to show up in a host list (maybe not the default host list) and you want to collect its inventory (assuming you could install something like facter).

when you install a new host, you could have a way to select an existing non managed host and reinstall it, or enter all details manually.

it would then be easy to ask foreman api to return the list of hosts which are non managed by puppet using the regular search conditions etc.

does that make sense?

Actions

Copy link