This example will walk us through the process of adding a standalone Puppet host to Foreman for the purpose of managing the host through Puppet. In this instance we are going to create a standalone-hostgroup for the server.
Note that the Foreman server must be able listening on ports 8140, and 6163 (according to Puppet documentation). My RHEL7 Foreman host was listening on these ports, but the firewall was blocking any inbound connections. I corrected this with the commands shown below.
First I needed to determine my default firewalld zone.
# firewall-cmd –get-default-zone
Then I ran the commands below to punch a hole in the firewall to allow the required traffic. I also reloaded firewald.
Now we add an entry for the puppet server in /etc/puppet/puppet.conf in section [agent], where <PUPPETSERVER-FQDN> is the FQDN of your Foreman Server
server = <PUPPETSERVER-FQDN>
Now save the file.
Then on the Puppet client run the following command.
# puppet agent -t waitforcert 60
Log into Foreman WebUI. Navigate to => “Infrastructure” => “Smart Proxies” => “Certificates”
In the list located the new puppet client and click on sign to accept the key for the new host. The host that I am adding is osd01.lab.localdomain.
NOTE: Once you have accepted the key you need to run the puppet client again (puppet agent -t) on the client. Otherwise the client will not appear in on the “All hosts” page
Now Lets create a new Host Group to use for this server. Come on, its will be a blast.
Navigate to => “Configure” => “Host groups“. Select the green “New Host Group” button and then add your host group. Here I have added a host group called “Standalone Hosts”. See below.
Now we need to add our new client to this new host group. We do so by navigating to => “Hosts” => “All hosts“. Then select “Edit” to the left of the host.
Click “Submit” an the bottom of the page and you are good to go.
Setting a server’s hostname used to be as simple as running the ‘hostname’ command and adding a “HOSTNAME” entry in /etc/sysconfig/network. However things have changed quite a bit in RHEL7. Apparently, systemd now controls setting a server’s hostname. The ‘hostname‘ command no longer works to set your hostname, however the command is still available just to confuse you.
Now in RHEL 7 you use the command ‘hostnamectl‘. Below is an example of how it works.
Here I have logged into my a RHEL 7.1 VM. You can see that the system appears to have the hostname of node1.
[root@node1 ~]# hostname
node1
However upon further inspection, I find that this is not the case. Rather, the server has a static hostname of localhost.localdomain.
Unless you have been using Firewalld in the last few releases of Fedora, as some out there have, then you probably could probably use a few pointers to get you started on your way to configuring your Linux firewalls the “new-fangled fancy way”. This is especially the case if you plan on moving to RHEL7 anytime soon — as Firewalld is the default there. So put on your big boy (or girl) pants and say goodbye to your old friend IPTABLES.
“The dynamic firewall daemon firewalld provides a dynamically managed firewall with support for network “zones” to assign a level of trust to a network and its associated connections and interfaces. It has support for IPv4 and IPv6 firewall settings. It supports Ethernet bridges and has a separation of runtime and permanent configuration options. It also has an interface for services or applications to add firewall rules directly”
Wow, how fancy. So how do we use it? Well let’s take a stab at enabling HTTP access to our Fedora21 workstation.
First thing first, lets figure out what our default done is on our workstation.
Ok, thats a bit strange, in RHEL you should expect PUBLIC to be your default zone. Now that we know what zone we need to mess with let’s make sure that its applied to the proper interfaces.
