Create Organization and Location

  1. On the top left, hover over the "Any Context" tab and select "Manage Organizations".
  2. Select "Default Organization", rename it and submit the changes.
  3. Select the drop-down next "Edit" on the organization you made and select "Assign the 1 host with no organization to [organization]"
  4. Hover over the box that has your organization in the top left and select "Manage locations"
  5. Edit the location and submit the changes.
  6. Select the drop-down next "Edit" on the location created select "Assign the 1 host with no location to [location]."

Create Lifecycle Environments

  1. The first step is to create a lifecycle environment for provisioned machines, the first one created will be production.
  2. Under the "Content" dropdown, select "Lifecycle Environments"
  3. Select "Create environment path" to create a new path.
  4. Name the path "Production", the label will be automatically generated. Give the path a short description if you wish.

Import GPG Keys

  1. Next, we will import GPG keys in order to allow yum installations during the provisioning process.
  2. Under "Content" go to "GPG Keys" and select "Create GPG Key"
  3. Name the GPG key "CentOS_7_GPG" and paste the contents from the following link into the block.
    1. http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7
  4. Repead steps 2 and 3 with the following link to apply the EPEL GPG key.
    1. https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7

Adding Content and Repositories

  1. Under the "Content" tab, select "Products" and then select "Create Product"
  2. Name the product "CentOS_7" and select the CentOS 7 GPG key created earlier.
  3. Under the Repositories tab under the product created, select "New Repository".
  4. Name the repository "OS_x86_64" and for the "type" choose "yum".
  5. Use the following URL where it asks for the URL http://mirror.centos.org/centos-7/7/os/x86_64/.
  6. Choose "Immediate" under the "Download Policy" option and then select the CentOS 7 GPG key created earlier.
  7. Repeat steps 3-6 with the "Extras", "Updates", and "EPEL" repos which are the following links.
    1. http://mirror.centos.org/centos-7/7/extras/x86_64/
    2. http://mirror.centos.org/centos-7/7/updates/x86_64/
    3. https://dl.fedoraproject.org/pub/epel/7/x86_64/
  8. Select the repositories added to the product and select "Sync Now", this step may take awhile.

Creating Content View (CV)

  1. In order to create a content view, head over to "Content View" under the "Content" tab.
  2. Select "Create New View" and name it CentOS.
  3. Under the new Content View, go to the "Yum Content" tab and select "Add".
  4. Select the repositories you wish to add to this content view and select "Add repositories".
  5. Select "Publish New Version", give it a short description, and then save it.
  6. Select "Promote" then select the environment you wish this content view to be placed under and then select "Promote Version"

Creating an Activation Key

  1. An activation key is what allows provisioned hosts to update their repositories list to the local ones created in foreman.
  2. Once the content view is created, head over to "Activation Keys" under the "Content" tab.
  3. Select "Create Activation Key"
  4. Give the activation key a name and place it in the environment you wish, select the content view you wish to associate with this activation key and select save.
  5. Once the activation key is created, select the subscriptions tab and select "Add".
  6. Add the repositories you with to use with this activation key and and select "Add Selected" to confirm.

Configure Smart proxies

  1. On the web console, select "Smart Proxies" under the "Infrastructure" tab.
  2. Select the dropdown on the right of the host and select "Autosign"
  3. Select "New: and enter the following to automatically sign every host requesting to be signed under your domain.
    1. *.domain.com

Modify Puppet environment

  1. Under "Configure" select "Environments" and then select "production" to edit the puppet environment.
  2. Under the "Locations" and "Organizations" tab, select the organization and location you wish to associate with this environment.

Setting up Network Provisioning

  1. Under the "Infrastructure" tab, select "Subnets" and then "Create Subnet"
  2. Fill in the information requested ensuring that the "boot mode" option is set to "Static"
  3. Under the "domains" tab, select "mb2.prod.variantyx.com" and then submit the Subnet.
  4. Run the following command on the foreman/katello server. Replacing the details for this specific setup. The oauth-consumer-key and secret can be found under "Administer --> Settings --> Authentication" on the foreman web server.
  5. After the installation is completed, click on the subnet on the web console, and under "Proxies", fill in the values with the suggested values.
foreman-installer \
  --enable-foreman-proxy \
  --foreman-proxy-tftp=true \
  --foreman-proxy-tftp-servername=192.168.1.100 \
  --foreman-proxy-dhcp=true \
  --foreman-proxy-dhcp-interface=ens192 \
  --foreman-proxy-dhcp-gateway=192.168.1.1 \
  --foreman-proxy-dhcp-range="192.168.1.101 192.168.1.200" \
  --foreman-proxy-dhcp-nameservers="192.168.1.2" \
  --foreman-proxy-dns=true \
  --foreman-proxy-dns-interface=ens192 \
  --foreman-proxy-dns-zone=domain.com \
  --foreman-proxy-dns-reverse=1.168.192.in-addr.arpa \
  --foreman-proxy-dns-forwarders=192.168.1.2 \
  --foreman-proxy-foreman-base-url=https://foreman.domain.com \
  --foreman-proxy-oauth-consumer-key=kF4dZtgcaaTqHxgqcFXrUfbZrHrMNq97 \
  --foreman-proxy-oauth-consumer-secret=tcd2bfaNBcJ4ezEyL8fYdTn5awwyUXJE

Creating a Host Group

  1. In order for a new node to be provisioned and using the repositories locally, it must be placed inside of a host group.
  2. Under "Configure" select "Host Groups" then select "Create Host Group"
  3. Give the host group a name, then select the correct options for all of the dropdowns under the "Host Group" tab.
  4. Under the "Puppet classes" tab, select the NTP module.
  5. Under the "Network" tab, select the domain created which is "mb2.prod.variantyx.com" and select the Subnet that you wish nodes under this group to be provisioned under.
  6. Under "Operating System" select "x86_64" under "Architecture", choose "CentOS 7" for "Operating System", and fill in the rest of the options with the default values.
  7. Under the "Activation Keys" tab, enter the activation key created earlier to associate with this host group.
  8. Select "Submit" to save.

Adding Subscription-Manager

  1. Under the "Hosts" tab, select "Provisioning templates" and then create a new template.
  2. Give the template a name of "subscription" and under the "Type" tab, select "Snippet"
  3. Under the "Template" tab, paste the following code. (change the foreman hostname to the correct local system)
    1. rpm -ivh http://foreman.domain.com/pulp/repos/Default_Organization/Library/custom/CentOS_7/OS_x86_64/Packages/python-dateutil-1.5-7.el7.noarch.rpm
    2. rpm -ivh http://foreman.domain.com/pulp/repos/Default_Organization/Library/custom/CentOS_7/OS_x86_64/Packages/libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
    3. rpm -ivh http://foreman.domain.com/pulp/repos/Default_Organization/Library/custom/CentOS_7/OS_x86_64/Packages/python-dmidecode-3.12.2-2.el7.x86_64.rpm
    4. rpm -ivh http://foreman.domain.com/pulp/repos/Default_Organization/Library/custom/CentOS_7/OS_x86_64/Packages/libnl-1.1.4-3.el7.x86_64.rpm
    5. rpm -ivh http://foreman.domain.com/pulp/repos/Default_Organization/Library/custom/CentOS_7/OS_x86_64/Packages/python-ethtool-0.8-5.el7.x86_64.rpm
    6. rpm -ivh http://foreman.domain.com/pulp/repos/Default_Organization/Library/custom/CentOS_7/OS_x86_64/Packages/python-inotify-0.9.4-4.el7.noarch.rpm
    7. rpm -ivh http://foreman.domain.com/pulp/repos/Default_Organization/Library/custom/CentOS_7/OS_x86_64/Packages/python-six-1.9.0-2.el7.noarch.rpm
    8. rpm -ivh http://foreman.domain.com/pulp/repos/Default_Organization/Library/custom/CentOS_7/OS_x86_64/Packages/usermode-1.111-5.el7.x86_64.rpm
    9. rpm -ivh http://foreman.domain.com/pulp/repos/Default_Organization/Library/custom/CentOS_7/OS_x86_64/Packages/subscription-manager-rhsm-certificates-1.20.11-1.el7.centos.x86_64.rpm
    10. rpm -ivh http://foreman.domain.com/pulp/repos/Default_Organization/Library/custom/CentOS_7/OS_x86_64/Packages/subscription-manager-rhsm-1.20.11-1.el7.centos.x86_64.rpm
    11. rpm -ivh http://foreman.domain.com/pulp/repos/Default_Organization/Library/custom/CentOS_7/OS_x86_64/Packages/subscription-manager-1.20.11-1.el7.centos.x86_64.rpm
    12. Search for "Katello Kickstart Default" in the search bar and then select clone.
    13. Edit the new clone created and add the following code, refer to the picture for location on where to place it.
      1. <%= snippet "subscription" %>


Extra Applications

  1. After the "Subscription" snippet call, place the following line in the "Katello Kickstart Default Clone" template.
    1. rm -f /etc/yum.repos.d/CentOS-*
  2. After the "yum -t -y -e 0 update" command, place the following command to install extra applications needed.
    1. yum -t -y -e 0 install vim net-tools ntp net-snmp-utils curl screen bind-utils rsync tree htop iptraf ipmitool
  3. Under the "Association" tab, associate this template with "CentOS 7" and save the template.
  4. Select the original "Katello Kickstart Default" template, and remove the association from "CentOS 7" from it and save it.
  5. Under the "Hosts" tab, select "Operating Systems" and then select "CentOS 7". Under "Templates" change the "Provisioning Template" to be the new clone just created.

Modifying Partition Tables

  1. Under the "Hosts" tab, select "Partition Tables" and then search for the "Kickstart Default" table.
  2. Edit the code of the template to look like the following.
#Dynamic - this line tells Foreman this is a script rather then a static layout
#This snippets define the swap partition size, it would generate a partition twice the size of the memory if your physical memory is up to 2GB
#or will create a swap partition with your memory size + 2GB.
#get the actual memory installed on the system and divide by 1024 to get it in MB
act_mem=$((`grep MemTotal: /proc/meminfo | sed 's/^MemTotal: *//'|sed 's/ .*//'` / 1024))
#check if the memory is less than 2GB then swap is double the memory else it is memory plus 2 GB
if [ "$act_mem" -gt 2048 ]; then
vir_mem=$(($act_mem + 2048))
else
vir_mem=$(($act_mem * 2))
fi
#copy all the HDD partitions to the temp file for execution
cat <<EOF > /tmp/diskpart.cfg
zerombr
clearpart --all --initlabel
part swap --size "$vir_mem" 
part biosboot --size 1
part /boot --fstype xfs --size 1000 --asprimary
part / --fstype ext4 --size 50000
part /home --fstype ext4 --size 10000 --grow 
EOF

Creating a New Host

  1. Under the "Hosts" tab, select "Create Host"
  2. Give the host a name, and then select the corresponding host group created earlier. Select a location for the new host.
  3. Under the "Interfaces" tab, edit the existing interface and provide the MAC address of the device and choose an IP address for the new machine.
  4. Under the "Operating System" tab, provide a root password for the new machine then click submit.

Adding a new subnet

  1. In order to add a new subnet, change the dhcpd.conf file.
    1. vim /etc/dhcp/dhcpd.conf
  2. Add the following to the bottom of the file. 
subnet 192.168.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.1.1;
}

  1. Restart the dhcpd service.
    1. systemctl restart dhcpd
  2. On the web console, under "Infrastructure" select "Smart Proxies"
  3. Select "Import IPv4 subnets" under the dropdown next to the foreman host.
  4. Fill in the necessary boxes and select "Submit"
  5. Under the "Domain" tab which is located under "Infrastructure", create a new domain for the framingham hosts.
    1. The DNS Proxy may be left as the foreman host.
  6. Under the "Subnets" tab which is located under "Infrastructure", select the new subnet created to edit.
    1. Under "Domain" choose the new domain created.
    2. Under "Proxies", fill in the proxies with the foreman host.
  7. On the foreman host, add the following under the "/etc/named/zones.conf" files.
zone "domain.com" {
    type master;
    file "/var/named/dynamic/db.domain.com";
    update-policy {
          grant rndc-key zonesub ANY;
    };
};
 zone "1.168.192.in-addr.arpa" {
    type master;
    file "/var/named/dynamic/db.1.168.192.in-addr.arpa";
    update-policy {
            grant rndc-key zonesub ANY;
    };

};

  1. Restart the bind service.
      1. systemctl restart named

Allowing TFTP over VPN

  1. Because the VPN does not allow an MTU above 1400, we have to change the TFTP settings to create a smaller blocksize.
  2. Edit the TFTP settings file for Xinetd
    1. vim /etc/xinetd.d/tftp
  3. Edit the "server_args" line to include the following at the end.
    1. -B 1424 -r blksize
  4. The full line should look like this
    1. server_args = -v -s /var/lib/tftpboot -m /etc/tftpd.map -B 1424 -r blksize
  5. Restart the Xinetd application
    1. systemctl restart xinetd