#### foreman架構的引入3-安裝Foreman1.5.3架構（all-in-one） **注意：**本實驗是在離線情況下安裝的，所以需要在本地創建自己的yum倉庫，創建方法可參考《[如何根據版本制作屬于自己的puppet yum源](http://kisspuppet.com/2014/01/26/puppet_create_repo/)》，如何你實在是比較懶或者搞不定rpm包之間的依賴關系，那就去我的github上下載吧：[https://github.com/kisspuppet/foreman-repo](https://github.com/kisspuppet/foreman-repo) 更多安裝細節請參考官網：[http://theforeman.org/manuals/1.5/index.html#Releasenotesfor1.5.4](http://theforeman.org/manuals/1.5/index.html#Releasenotesfor1.5.4) 以下all-in-one安裝方式跟官方安裝的有所區別，官方安裝可能只需要一條命令就可以安裝成功，在我測試下來發現會出現有時候成功，有時候不成功的現象，所以改成了以下方式安裝，而且每次都能成功，條例也比較清晰，為后面拆分puppetmaster能夠提供很好的幫助。 ### 1、軟件包的選型如下： - **puppet-server 3.6.2** - **puppet 3.6.2** - **facter 2.0.2** - **mcollective 2.2.4** - **rabbitmq-server 3.2.4** - **foreman 1.5.3** - **foreman-proxy 1.5.4** ### 2、系統環境準備 **系統版本：** ~~~ [root@foreman02 yum.repos.d]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.5 (Santiago) ~~~ **網絡參數：** ~~~ [root@foreman02 yum.repos.d]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:50:56:a6:5c:70 brd ff:ff:ff:ff:ff:ff inet 192.168.10.159/24 brd 192.168.10.255 scope global eth0 inet6 fe80::250:56ff:fea6:5c70/64 scope link valid_lft forever preferred_lft forever ~~~ **主機名稱：** ~~~ [root@foreman02 yum.repos.d]# hostname -f foreman02.kisspuppet.com [root@foreman02 yum.repos.d]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.159 foreman02.kisspuppet.com foreman02 ~~~ **平臺環境：** ~~~ [root@foreman02 yum.repos.d]# uname -r 2.6.32-431.el6.x86_64 ~~~ **yum倉庫：** ~~~ [root@foreman02 yum.repos.d]# cat foreman153.repo [foreman] name=Foreman baseurl=ftp://192.168.10.254/blog/foreman enabled=1 gpgcheck=0 [puppet] name=puppet baseurl=ftp://192.168.10.254/blog/puppet-el6 enabled=1 gpgcheck=0 [rhel] name=RHEL baseurl=ftp://192.168.10.254/rhel6.5 enabled=1 gpgcheck=0 ~~~ **網絡安全環境：** ~~~ [root@foreman02 ~]# /etc/init.d/iptables status iptables: Firewall is not running. [root@foreman02 ~]# getenforce Disabled ~~~ ### 3、安裝Foreman **3.1、安裝puppetmaster，并生成CA和證書** ~~~ [root@foreman02 ~]# yum install foreman-installer [root@foreman02 ~]# yum install puppet-server puppet facter [root@foreman02 ~]# vim /etc/puppet/puppet.conf [master] certname = foreman02.kisspuppet.com [root@foreman02 ~]# /etc/init.d/puppetmaster start Starting puppetmaster: [ OK ] [root@foreman02 ~]# puppet cert --list --all + "foreman02.kisspuppet.com" (SHA256) 1D:7E:90:F5:16:7D:01:67:77:37:EE:31:3F:46:AD:0A:47:80:B6:DF:6A:5E:25:A8:DE:BA:78:45:C9:09:D6:BD (alt names: "DNS:foreman02.kisspuppet.com", "DNS:puppet", "DNS:puppet.kisspuppet.com") [root@foreman02 ~]# /etc/init.d/puppetmaster stop Stopping puppetmaster: [ OK ] ~~~ **3.2、安裝foreman及依賴包** ~~~ [root@foreman02 ~]# yum install foreman mod_passenger mod_ssl ruby193-rubygem-passenger-native mysql mysql-server foreman-mysql2 ~~~ **3.3、通過foreman-installer安裝foreman** foreman默認安裝選擇的數據庫為postgresql，這里選用mysql進行安裝。 ~~~ [root@foreman02 ~]# foreman-installer --foreman-db-adapter mysql2 --foreman-db-type mysql --no-enable-puppet --no-enable-foreman-proxy --foreman-configure-epel-repo=false Installing Done [100%] [...................] Success! * Foreman is running at https://foreman02.kisspuppet.com Default credentials are 'admin:changeme' The full log is at /var/log/foreman-installer/foreman-installer.log ~~~ 安裝完成之后，通過火狐或者谷歌瀏覽器訪問看是否安裝成功[https://192.168.10.159](https://192.168.10.159) **3.4、安裝foreman-proxy及依賴包** ~~~ [root@foreman02 ~]# yum install tftp-server syslinux foreman-proxy ~~~ **3.5、安裝foreman-proxy，并通過foreman-installer重新安裝foreman和puppetmaster** **注意：**以下方式是安裝后會代理TFTP, DNS, DHCP, Puppet, and Puppet CA，并且puppetmaster會以apache+passenger的方式安裝運行。 ~~~ [root@foreman02 ~]# foreman-installer --enable-foreman --enable-foreman-proxy --enable-puppet --puppet-server=true --foreman-proxy-puppetrun=true --foreman-proxy-puppetca=true --foreman-proxy-dhcp=true --foreman-proxy-tftp=true --foreman-proxy-dns=true --foreman-proxy-dns-interface=eth0 --foreman-proxy-dns-zone=kisspuppet.com --foreman-proxy-dns-reverse=10.168.192.in-addr.arpa --foreman-proxy-dns-forwarders=8.8.8.8 --foreman-proxy-dns-forwarders=8.8.4.4 --foreman-configure-epel-repo=false --foreman-proxy-register-in-foreman=false Installing Done [100%] [...................] Success! * Foreman is running at https://foreman02.kisspuppet.com Default credentials are 'admin:changeme' * Foreman Proxy is running at https://foreman02.kisspuppet.com:8443 * Puppetmaster is running at port 8140 The full log is at /var/log/foreman-installer/foreman-installer.log ~~~ 如果只代理puppet和puppetCA，可以通過以下方式安裝 ~~~ [root@foreman02 ~]# foreman-installer --enable-foreman --enable-foreman-proxy --enable-puppet --puppet-server=true --foreman-proxy-puppetrun=true --foreman-proxy-puppetca=true --foreman-configure-epel-repo=false --foreman-proxy-register-in-foreman=false ~~~ ### 4、檢查foreman、foreman-proxy、puppetmaster是否安裝成功 ~~~ [root@foreman02 ~]# /etc/init.d/httpd status httpd (pid 25433) is running... [root@foreman02 ~]# /etc/init.d/foreman-proxy status foreman-proxy (pid 25605) is running... [root@foreman02 ~]# netstat -naltp | grep 8443 tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 25605/ruby [root@foreman02 ~]# netstat -naltp | grep 80 tcp 0 0 :::80 :::* LISTEN 25433/httpd [root@foreman02 ~]# netstat -naltp | grep 8140 tcp 0 0 :::8140 :::* LISTEN 25433/httpd ~~~ ### 5、在Foreman上注冊foreman-proxy 如果要管理puppet、puppetca等軟件，是需要通過foreman-proxy去代理才能夠正常使用的，關于代理的開啟和關閉可以修改它的配置文件`/etc/foreman-proxy/settings.yml`