diff --git a/_config.yml b/_config.yml index c96a32ef32..43b3001496 100644 --- a/_config.yml +++ b/_config.yml @@ -87,6 +87,7 @@ plugins: foreman_versions: - nightly + - "3.13" - "3.12" - "3.11" - "3.10" diff --git a/_includes/manuals/3.13/1.1_architecture.md b/_includes/manuals/3.13/1.1_architecture.md new file mode 100644 index 0000000000..8185cd1b61 --- /dev/null +++ b/_includes/manuals/3.13/1.1_architecture.md @@ -0,0 +1,17 @@ + +## Foreman Architecture + +A Foreman installation will always contain a central Foreman instance +that is responsible for providing the Web based GUI, node +configurations, initial host configuration files, etc. However, if the +Foreman installation supports unattended installations, then other +operations need to be performed to fully automate this process. The +Smart Proxy manages remote services and is generally installed with all +Foreman installations to manage TFTP, DHCP, DNS, Puppet, Puppet CA, +Ansible, and Salt. + +## Smart-Proxy + +A [Smart-Proxy](manuals/{{page.version}}/index.html#4.3SmartProxies) is located on or near a machine that performs a specific function and helps Foreman orchestrate the process of commissioning a new host. Placing the Smart Proxy on or near to the actual service will also help reduce latency in large distributed organizations. + +![Foreman Architecture](/static/images/foreman_architecture.png) diff --git a/_includes/manuals/3.13/1.2_release_notes.md b/_includes/manuals/3.13/1.2_release_notes.md new file mode 100644 index 0000000000..95fa10b5e4 --- /dev/null +++ b/_includes/manuals/3.13/1.2_release_notes.md @@ -0,0 +1,32 @@ +## Release notes for {{page.version}} + +This section will be updated prior to the next release. + +### Headline features + +#### Running Foreman on Debian 12 (Bookworm) + +Foreman now supports running on Debian 12 (Bookworm). + +### Upgrade warnings + +#### Running Foreman on Ubuntu 20.04 (Focal) is not supported anymore + +Foreman supports running on Ubuntu 22.04 LTS (Jammy Jellyfish) since 3.11. +Running Foreman on Ubuntu 20.04 LTS has been deprecated since 3.12. +Support for running Foreman on Ubuntu 20.04 LTS has been removed. + +Note this is for running Foreman itself. +Clients will remain supported. + +### Deprecations + +### Release Notes + +### Contributors + +We'd like to thank the following people who contributed to the Foreman {{page.version}} release: + + + +As well as all users who helped test releases, report bugs and provide feedback on the project. diff --git a/_includes/manuals/3.13/2.1_quickstart_installation.md b/_includes/manuals/3.13/2.1_quickstart_installation.md new file mode 100644 index 0000000000..1532a6f767 --- /dev/null +++ b/_includes/manuals/3.13/2.1_quickstart_installation.md @@ -0,0 +1,193 @@ +[The Foreman installer](/manuals/{{page.version}}/index.html#3.2ForemanInstaller) uses Puppet **(6 or later required)** to install Foreman. This guide assumes that you have a newly installed operating system, on which the installer will setup Foreman, a Puppet server, and the [Smart Proxy](/manuals/{{page.version}}/index.html#4.3SmartProxies) by default. It's **not advisable** to follow the steps below on an existing system, since the installer will affect the configuration of several components. + +
+ Enable Puppet's 8.x repository: +
+ +{% highlight bash %} +sudo dnf -y install https://yum.puppet.com/puppet8-release-el-8.noarch.rpm +{% endhighlight %} ++ Enable Puppet's 8.x repository: +
+ +{% highlight bash %} +sudo dnf -y install https://yum.puppet.com/puppet8-release-el-9.noarch.rpm +{% endhighlight %} +Enable the Foreman repositories:
+ +{% highlight bash %} +sudo dnf -y install https://yum.theforeman.org/releases/{{page.version}}/el8/x86_64/foreman-release.rpm +{% endhighlight %} +Enable the Foreman repositories:
+ +{% highlight bash %} +sudo dnf -y install https://yum.theforeman.org/releases/{{page.version}}/el9/x86_64/foreman-release.rpm +{% endhighlight %} +Enable the Foreman module:
+ +{% highlight bash %} +sudo dnf -y module enable foreman:el8 +{% endhighlight %} ++ Enable Puppet's 8.x repository: +
+ +{% highlight bash %} +sudo apt-get -y install ca-certificates +cd /tmp && wget https://apt.puppet.com/puppet8-release-bullseye.deb +sudo apt-get install /tmp/puppet8-release-bullseye.deb +{% endhighlight %} + +Enable the Foreman repositories:
+ +{% highlight bash %} +sudo wget https://deb.theforeman.org/foreman.asc -O /etc/apt/trusted.gpg.d/foreman.asc +echo "deb http://deb.theforeman.org/ bullseye {{page.version}}" | sudo tee /etc/apt/sources.list.d/foreman.list +echo "deb http://deb.theforeman.org/ plugins {{page.version}}" | sudo tee -a /etc/apt/sources.list.d/foreman.list +{% endhighlight %} ++ Enable Puppet's 8.x repository: +
+ +{% highlight bash %} +sudo apt-get -y install ca-certificates +cd /tmp && wget https://apt.puppet.com/puppet8-release-bookworm.deb +sudo apt-get install /tmp/puppet8-release-bookworm.deb +{% endhighlight %} + +Enable the Foreman repositories:
+ +{% highlight bash %} +sudo wget https://deb.theforeman.org/foreman.asc -O /etc/apt/trusted.gpg.d/foreman.asc +echo "deb http://deb.theforeman.org/ bookworm {{page.version}}" | sudo tee /etc/apt/sources.list.d/foreman.list +echo "deb http://deb.theforeman.org/ plugins {{page.version}}" | sudo tee -a /etc/apt/sources.list.d/foreman.list +{% endhighlight %} ++ Enable Puppet's 8.x repository: +
+ +{% highlight bash %} +sudo apt-get -y install ca-certificates +cd /tmp && wget https://apt.puppet.com/puppet8-release-jammy.deb +sudo apt-get install /tmp/puppet8-release-jammy.deb +{% endhighlight %} + +Enable the Foreman repositories:
+ +{% highlight bash %} +sudo wget https://deb.theforeman.org/foreman.asc -O /etc/apt/trusted.gpg.d/foreman.asc +echo "deb http://deb.theforeman.org/ jammy {{page.version}}" | sudo tee /etc/apt/sources.list.d/foreman.list +echo "deb http://deb.theforeman.org/ plugins {{page.version}}" | sudo tee -a /etc/apt/sources.list.d/foreman.list +{% endhighlight %} +ping $(hostname -f)
shows the real IP address, not 127.0.1.1. Change or remove this entry from /etc/hosts if present.
+Puppet version | +Foreman installer (AIO) | +Foreman installer (non-AIO) | +Smart Proxy | +
---|---|---|---|
0.x-5.x | +Not supported | +Not supported | +Not supported | +
6.x | +Not supported | +Not supported | +Deprecated | +
7.x | +Supported | +Untested | +Supported | +
Port | +Protocol | +Required For | +
---|---|---|
53 | +TCP & UDP | +DNS Server | +
67, 68 | +UDP | +DHCP Server | +
69 | +UDP | +TFTP Server | +
80, 443 | +TCP | +* HTTP & HTTPS access to Foreman web UI / provisioning templates - using Apache | +
3000 | +TCP | +HTTP access to Foreman web UI / provisioning templates - using standalone WEBrick service | +
5910 - 5930 | +TCP | +Server VNC Consoles | +
5432 | +TCP | +Separate PostgreSQL database | +
8140 | +TCP | +* Puppet server | +
8443 | +TCP | +Smart Proxy, open only to Foreman | +
Option | +Description | +
---|---|
--[no-]enable-apache-mod-status | +Enable 'apache_mod_status' puppet module | +
--[no-]enable-foreman | +Enable 'foreman' puppet module | +
--[no-]enable-foreman-cli | +Enable 'foreman_cli' puppet module | +
--[no-]enable-foreman-cli-ansible | +Enable 'foreman_cli_ansible' puppet module | +
--[no-]enable-foreman-cli-azure | +Enable 'foreman_cli_azure' puppet module | +
--[no-]enable-foreman-cli-discovery | +Enable 'foreman_cli_discovery' puppet module | +
--[no-]enable-foreman-cli-google | +Enable 'foreman_cli_google' puppet module | +
--[no-]enable-foreman-cli-kubevirt | +Enable 'foreman_cli_kubevirt' puppet module | +
--[no-]enable-foreman-cli-openscap | +Enable 'foreman_cli_openscap' puppet module | +
--[no-]enable-foreman-cli-puppet | +Enable 'foreman_cli_puppet' puppet module | +
--[no-]enable-foreman-cli-remote-execution | +Enable 'foreman_cli_remote_execution' puppet module | +
--[no-]enable-foreman-cli-ssh | +Enable 'foreman_cli_ssh' puppet module | +
--[no-]enable-foreman-cli-tasks | +Enable 'foreman_cli_tasks' puppet module | +
--[no-]enable-foreman-cli-templates | +Enable 'foreman_cli_templates' puppet module | +
--[no-]enable-foreman-cli-webhooks | +Enable 'foreman_cli_webhooks' puppet module | +
--[no-]enable-foreman-proxy | +Enable 'foreman_proxy' puppet module | +
--[no-]enable-puppet | +Enable 'puppet' puppet module | +
--[no-]enable-foreman-plugin-acd | +Enable 'foreman_plugin_acd' puppet module (foreman_acd) | +
--[no-]enable-foreman-plugin-ansible | +Enable 'foreman_plugin_ansible' puppet module (foreman_ansible) | +
--[no-]enable-foreman-plugin-azure | +Enable 'foreman_plugin_azure' puppet module (foreman_azure) | +
--[no-]enable-foreman-plugin-bootdisk | +Enable 'foreman_plugin_bootdisk' puppet module (foreman_bootdisk) | +
--[no-]enable-foreman-plugin-default-hostgroup | +Enable 'foreman_plugin_default_hostgroup' puppet module (foreman_default_hostgroup) | +
--[no-]enable-foreman-plugin-dhcp-browser | +Enable 'foreman_plugin_dhcp_browser' puppet module (foreman_dhcp_browser) | +
--[no-]enable-foreman-plugin-discovery | +Enable 'foreman_plugin_discovery' puppet module (foreman_discovery) | +
--[no-]enable-foreman-plugin-dlm | +Enable 'foreman_plugin_dlm' puppet module (foreman_dlm) | +
--[no-]enable-foreman-plugin-expire-hosts | +Enable 'foreman_plugin_expire_hosts' puppet module (foreman_expire_hosts) | +
--[no-]enable-foreman-plugin-git-templates | +Enable 'foreman_plugin_git_templates' puppet module (foreman_git_templates) | +
--[no-]enable-foreman-plugin-google | +Enable 'foreman_plugin_google' puppet module (foreman_google) | +
--[no-]enable-foreman-plugin-host-extra-validator | +Enable 'foreman_plugin_host_extra_validator' puppet module (foreman_host_extra_validator) | +
--[no-]enable-foreman-plugin-kubevirt | +Enable 'foreman_plugin_kubevirt' puppet module (foreman_kubevirt) | +
--[no-]enable-foreman-plugin-leapp | +Enable 'foreman_plugin_leapp' puppet module (foreman_leapp) | +
--[no-]enable-foreman-plugin-monitoring | +Enable 'foreman_plugin_monitoring' puppet module (foreman_monitoring) | +
--[no-]enable-foreman-plugin-netbox | +Enable 'foreman_plugin_netbox' puppet module (foreman_netbox) | +
--[no-]enable-foreman-plugin-omaha | +Enable 'foreman_plugin_omaha' puppet module (foreman_omaha) | +
--[no-]enable-foreman-plugin-openscap | +Enable 'foreman_plugin_openscap' puppet module (foreman_openscap) | +
--[no-]enable-foreman-plugin-ovirt-provision | +Enable 'foreman_plugin_ovirt_provision' puppet module (ovirt_provision_plugin) | +
--[no-]enable-foreman-plugin-proxmox | +Enable 'foreman_plugin_proxmox' puppet module (foreman_proxmox) | +
--[no-]enable-foreman-plugin-puppet | +Enable 'foreman_plugin_puppet' puppet module (foreman_puppet) | +
--[no-]enable-foreman-plugin-puppetdb | +Enable 'foreman_plugin_puppetdb' puppet module (puppetdb_foreman) | +
--[no-]enable-foreman-plugin-remote-execution | +Enable 'foreman_plugin_remote_execution' puppet module (foreman_remote_execution) | +
--[no-]enable-foreman-plugin-remote-execution-cockpit | +Enable 'foreman_plugin_remote_execution_cockpit' puppet module (foreman_remote_execution_cockpit) | +
--[no-]enable-foreman-plugin-rescue | +Enable 'foreman_plugin_rescue' puppet module (foreman_rescue) | +
--[no-]enable-foreman-plugin-salt | +Enable 'foreman_plugin_salt' puppet module (foreman_salt) | +
--[no-]enable-foreman-plugin-snapshot-management | +Enable 'foreman_plugin_snapshot_management' puppet module (foreman_snapshot_management) | +
--[no-]enable-foreman-plugin-statistics | +Enable 'foreman_plugin_statistics' puppet module (foreman_statistics) | +
--[no-]enable-foreman-plugin-tasks | +Enable 'foreman_plugin_tasks' puppet module (foreman_tasks) | +
--[no-]enable-foreman-plugin-templates | +Enable 'foreman_plugin_templates' puppet module (foreman_templates) | +
--[no-]enable-foreman-plugin-vault | +Enable 'foreman_plugin_vault' puppet module (foreman_vault) | +
--[no-]enable-foreman-plugin-webhooks | +Enable 'foreman_plugin_webhooks' puppet module (foreman_webhooks) | +
--[no-]enable-foreman-plugin-wreckingball | +Enable 'foreman_plugin_wreckingball' puppet module (foreman_wreckingball) | +
--[no-]enable-foreman-compute-ec2 | +Enable 'foreman_compute_ec2' puppet module | +
--[no-]enable-foreman-compute-libvirt | +Enable 'foreman_compute_libvirt' puppet module | +
--[no-]enable-foreman-compute-openstack | +Enable 'foreman_compute_openstack' puppet module | +
--[no-]enable-foreman-compute-ovirt | +Enable 'foreman_compute_ovirt' puppet module | +
--[no-]enable-foreman-compute-vmware | +Enable 'foreman_compute_vmware' puppet module | +
--[no-]enable-foreman-proxy-plugin-acd | +Enable 'foreman_proxy_plugin_acd' puppet module (smart_proxy_acd) | +
--[no-]enable-foreman-proxy-plugin-ansible | +Enable 'foreman_proxy_plugin_ansible' puppet module (smart_proxy_ansible) | +
--[no-]enable-foreman-proxy-plugin-dhcp-infoblox | +Enable 'foreman_proxy_plugin_dhcp_infoblox' puppet module (smart_proxy_dhcp_infoblox) | +
--[no-]enable-foreman-proxy-plugin-dhcp-remote-isc | +Enable 'foreman_proxy_plugin_dhcp_remote_isc' puppet module (smart_proxy_dhcp_remote_isc) | +
--[no-]enable-foreman-proxy-plugin-discovery | +Enable 'foreman_proxy_plugin_discovery' puppet module (smart_proxy_discovery) | +
--[no-]enable-foreman-proxy-plugin-dns-infoblox | +Enable 'foreman_proxy_plugin_dns_infoblox' puppet module (smart_proxy_dns_infoblox) | +
--[no-]enable-foreman-proxy-plugin-dns-powerdns | +Enable 'foreman_proxy_plugin_dns_powerdns' puppet module (smart_proxy_dns_powerdns) | +
--[no-]enable-foreman-proxy-plugin-dns-route53 | +Enable 'foreman_proxy_plugin_dns_route53' puppet module (smart_proxy_dns_route53) | +
--[no-]enable-foreman-proxy-plugin-dynflow | +Enable 'foreman_proxy_plugin_dynflow' puppet module (smart_proxy_dynflow) | +
--[no-]enable-foreman-proxy-plugin-monitoring | +Enable 'foreman_proxy_plugin_monitoring' puppet module (smart_proxy_monitoring) | +
--[no-]enable-foreman-proxy-plugin-omaha | +Enable 'foreman_proxy_plugin_omaha' puppet module (smart_proxy_omaha) | +
--[no-]enable-foreman-proxy-plugin-openscap | +Enable 'foreman_proxy_plugin_openscap' puppet module (smart_proxy_openscap) | +
--[no-]enable-foreman-proxy-plugin-remote-execution-script | +Enable 'foreman_proxy_plugin_remote_execution_script' puppet module (smart_proxy_remote_execution_script) | +
--[no-]enable-foreman-proxy-plugin-salt | +Enable 'foreman_proxy_plugin_salt' puppet module (smart_proxy_salt) | +
--[no-]enable-foreman-proxy-plugin-shellhooks | +Enable 'foreman_proxy_plugin_shellhooks' puppet module (smart_proxy_shellhooks) | +
Option | +Description | +
---|---|
--apache-mod-status-extended-status | +Determines whether to track extended status information for each request, via the ExtendedStatus directive. | +
--apache-mod-status-requires | +A Variant type that can be: - String with: - '' or 'unmanaged' - Host auth control done elsewhere - 'ip <List of IPs>>' - Allowed IPs/ranges - 'host <List of names>' - Allowed names/domains - 'all [granted|denied]' - Array of strings with ip or host as above - Hash with following keys: - 'requires' - Value => Array as above - 'enforce' - Value => String 'Any', 'All' or 'None' This encloses "Require" directives in " |
+
--apache-mod-status-status-path | +Path assigned to the Location directive which defines the URL to access the server status. | +
--foreman-apache | +Configure Apache as a reverse proxy for the Foreman server | +
--foreman-client-ssl-ca | +Defines the SSL CA used to communicate with Foreman Proxies | +
--foreman-client-ssl-cert | +Defines the SSL certificate used to communicate with Foreman Proxies | +
--foreman-client-ssl-key | +Defines the SSL private key used to communicate with Foreman Proxies | +
--foreman-cors-domains | +List of domains that show be allowed for Cross-Origin Resource Sharing | +
--foreman-db-database | +Database 'production' database (e.g. foreman) | +
--foreman-db-host | +Database 'production' host | +
--foreman-db-manage | +If enabled, will install and configure the database server on this host | +
--foreman-db-manage-rake | +if enabled, will run rake jobs, which depend on the database | +
--foreman-db-password | +Database 'production' password, default is randomly generated | +
--foreman-db-pool | +Database 'production' size of connection pool. If the value is not set, it will be set by default to the amount of puma threads + 4 (for internal system threads) | +
--foreman-db-port | +Database 'production' port | +
--foreman-db-root-cert | +Root cert used to verify SSL connection to postgres | +
--foreman-db-sslmode | +Database 'production' ssl mode | +
--foreman-db-username | +Database 'production' user (e.g. foreman) | +
--foreman-dynflow-manage-services | +Whether to manage the dynflow services | +
--foreman-dynflow-orchestrator-ensure | +The state of the dynflow orchestrator instance | +
--foreman-dynflow-redis-url | +If set, the redis server is not managed and we use the defined url to connect | +
--foreman-dynflow-worker-concurrency | +How many concurrent jobs to handle per worker instance | +
--foreman-dynflow-worker-instances | +The number of worker instances that should be running | +
--foreman-email-delivery-method | +Email delivery method | +
--foreman-email-reply-address | +Email reply address for emails that Foreman is sending | +
--foreman-email-sendmail-arguments | +The arguments to pass to the sendmail binary. Unused when SMTP delivery is used. | +
--foreman-email-sendmail-location | +The location of the binary to call when sendmail is the delivery method. Unused when SMTP delivery is used. | +
--foreman-email-smtp-address | +SMTP server hostname, when delivery method is SMTP | +
--foreman-email-smtp-authentication | +SMTP authentication method | +
--foreman-email-smtp-domain | +SMTP HELO domain | +
--foreman-email-smtp-password | +Password for SMTP server auth, if authentication is enabled | +
--foreman-email-smtp-port | +SMTP port | +
--foreman-email-smtp-user-name | +Username for SMTP server auth, if authentication is enabled | +
--foreman-email-subject-prefix | +Prefix to add to all outgoing email | +
--foreman-foreman-service-puma-threads-max | +Maximum number of threads for every Puma worker | +
--foreman-foreman-service-puma-threads-min | +Minimum number of threads for every Puma worker. If no value is specified, this defaults to setting min threads to maximum threads. Setting min threads equal to max threads has been shown to alleviate memory leaks and in some cases produce better performance. | +
--foreman-foreman-service-puma-workers | +Number of workers for Puma. If not set, the value is dynamically calculated based on available number of CPUs and memory. | +
--foreman-foreman-url | +URL on which foreman is going to run | +
--foreman-gssapi-local-name | +Whether to enable GssapiLocalName when using mod_auth_gssapi | +
--foreman-hsts-enabled | +Should HSTS enforcement in https requests be enabled | +
--foreman-http-keytab | +Path to keytab to be used for Kerberos authentication on the WebUI. If left empty, it will be automatically determined. | +
--foreman-initial-admin-email | +Initial E-mail address of the admin user | +
--foreman-initial-admin-first-name | +Initial first name of the admin user | +
--foreman-initial-admin-last-name | +Initial last name of the admin user | +
--foreman-initial-admin-locale | +Initial locale (= language) of the admin user | +
--foreman-initial-admin-password | +Initial password of the admin user, default is randomly generated | +
--foreman-initial-admin-timezone | +Initial timezone of the admin user | +
--foreman-initial-admin-username | +Initial username for the admin user account, default is admin | +
--foreman-initial-location | +Name of an initial location | +
--foreman-initial-organization | +Name of an initial organization | +
--foreman-ipa-authentication | +Enable configuration for external authentication via IPA | +
--foreman-ipa-authentication-api | +Enable configuration for external authentication via IPA for API | +
--foreman-ipa-manage-sssd | +If ipa_authentication is true, should the installer manage SSSD? You can disable it if you use another module for SSSD configuration | +
--foreman-ipa-sssd-default-realm | +If ipa_manage_sssd is true, set default_domain_suffix option in sssd configuration to this value to allow logging in without having to provide the domain name. | +
--foreman-keycloak | +Enable Keycloak support. Note this is limited to configuring Apache and still relies on manually running keycloak-httpd-client-install | +
--foreman-keycloak-app-name | +The app name as passed to keycloak-httpd-client-install | +
--foreman-keycloak-realm | +The realm as passed to keycloak-httpd-client-install | +
--foreman-loggers | +Enable or disable specific loggers, e.g. {"sql" => true} | +
--foreman-logging-layout | +Logging layout of the Foreman application | +
--foreman-logging-level | +Logging level of the Foreman application | +
--foreman-logging-type | +Logging type of the Foreman application | +
--foreman-oauth-active | +Enable OAuth authentication for REST API | +
--foreman-oauth-consumer-key | +OAuth consumer key | +
--foreman-oauth-consumer-secret | +OAuth consumer secret | +
--foreman-oauth-effective-user | +User to be used for REST interaction | +
--foreman-oauth-map-users | +Should Foreman use the foreman_user header to identify API user? | +
--foreman-pam-service | +PAM service used for host-based access control in IPA | +
--foreman-plugin-version | +Foreman plugins package version, it's passed to ensure parameter of package resource can be set to 'installed', 'latest', 'present' only | +
--foreman-provisioning-ct-location | +The location of the binary to call when transpiling CoreOS templates. | +
--foreman-provisioning-fcct-location | +The location of the binary to call when transpiling Fedora CoreOS templates. | +
--foreman-rails-cache-store | +Set rails cache store | +
--foreman-register-in-foreman | +Register host in Foreman | +
--foreman-server-port | +Defines Apache port for HTTP requests | +
--foreman-server-ssl-ca | +Defines Apache mod_ssl SSLCACertificateFile setting in Foreman vhost conf file. | +
--foreman-server-ssl-cert | +Defines Apache mod_ssl SSLCertificateFile setting in Foreman vhost conf file. | +
--foreman-server-ssl-chain | +Defines Apache mod_ssl SSLCertificateChainFile setting in Foreman vhost conf file. | +
--foreman-server-ssl-crl | +Defines the Apache mod_ssl SSLCARevocationFile setting in Foreman vhost conf file. | +
--foreman-server-ssl-key | +Defines Apache mod_ssl SSLCertificateKeyFile setting in Foreman vhost conf file. | +
--foreman-server-ssl-port | +Defines Apache port for HTTPS requests | +
--foreman-server-ssl-protocol | +Defines the Apache mod_ssl SSLProtocol setting in Foreman vhost conf file. | +
--foreman-server-ssl-verify-client | +Defines the Apache mod_ssl SSLVerifyClient setting in Foreman vhost conf file. | +
--foreman-serveraliases | +Server aliases of the VirtualHost in the webserver | +
--foreman-servername | +Server name of the VirtualHost in the webserver | +
--foreman-ssl | +Enable and set require_ssl in Foreman settings (note: requires Apache, SSL does not apply to kickstarts) | +
--foreman-telemetry-logger-enabled | +Enable telemetry logs - useful for telemetry debugging | +
--foreman-telemetry-logger-level | +Telemetry debugging logs level | +
--foreman-telemetry-prefix | +Prefix for all metrics | +
--foreman-telemetry-prometheus-enabled | +Enable prometheus telemetry | +
--foreman-telemetry-statsd-enabled | +Enable statsd telemetry | +
--foreman-telemetry-statsd-host | +Statsd host in format ip:port, do not use DNS | +
--foreman-telemetry-statsd-protocol | +Statsd protocol one of 'statsd', 'statsite' or 'datadog' - currently only statsd is supported | +
--foreman-trusted-proxies | +List of trusted IPs / networks. Default: IPv4 and IPV6 localhost addresses. If overwritten, localhost addresses (127.0.0.1/8, ::1) need to be in trusted_proxies IP list again. More details: https://api.rubyonrails.org/classes/ActionDispatch/RemoteIp.html | +
--foreman-unattended | +Should Foreman manage host provisioning as well | +
--foreman-unattended-url | +URL hosts will retrieve templates from during build (normally http as many installers don't support https) | +
--foreman-version | +Foreman package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc. | +
--foreman-websockets-encrypt | +Whether to encrypt websocket connections | +
--foreman-websockets-ssl-cert | +SSL certificate file to use when encrypting websocket connections | +
--foreman-websockets-ssl-key | +SSL key file to use when encrypting websocket connections | +
--foreman-cli-foreman-url | +URL on which Foreman runs | +
--foreman-cli-manage-root-config | +Whether to manage /root/.hammer configuration. | +
--foreman-cli-password | +Password for authentication | +
--foreman-cli-refresh-cache | +Check API documentation cache status on each request | +
--foreman-cli-request-timeout | +API request timeout, set -1 for infinity | +
--foreman-cli-ssl-ca-file | +Path to SSL certificate authority | +
--foreman-cli-use-sessions | +Enable using sessions | +
--foreman-cli-username | +Username for authentication | +
--foreman-cli-version | +foreman-cli package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc. | +
--foreman-proxy-autosignfile | +Hostname-Whitelisting only: Location of puppets autosign.conf | +
--foreman-proxy-bind-host | +Host to bind ports to, e.g. *, localhost, 0.0.0.0 | +
--foreman-proxy-bmc | +Enable BMC feature | +
--foreman-proxy-bmc-default-provider | +BMC default provider. | +
--foreman-proxy-bmc-listen-on | +BMC proxy to listen on https, http, or both | +
--foreman-proxy-bmc-redfish-verify-ssl | +BMC Redfish verify ssl. | +
--foreman-proxy-bmc-ssh-key | +BMC SSH key location. | +
--foreman-proxy-bmc-ssh-powercycle | +BMC SSH powercycle command. | +
--foreman-proxy-bmc-ssh-poweroff | +BMC SSH poweroff command. | +
--foreman-proxy-bmc-ssh-poweron | +BMC SSH poweron command. | +
--foreman-proxy-bmc-ssh-powerstatus | +BMC SSH powerstatus command. | +
--foreman-proxy-bmc-ssh-user | +BMC SSH user. | +
--foreman-proxy-dhcp | +Enable DHCP feature | +
--foreman-proxy-dhcp-additional-interfaces | +Additional DHCP listen interfaces (in addition to dhcp_interface). Note: as opposed to dhcp_interface *no* subnet will be provisioned for any of the additional DHCP listen interfaces. Please configure any additional subnets using `dhcp::pool` and related resource types (provided by the theforeman/puppet-dhcp module). | +
--foreman-proxy-dhcp-config | +DHCP config file path | +
--foreman-proxy-dhcp-failover-address | +Address for DHCP to listen for connections from its peer | +
--foreman-proxy-dhcp-failover-port | +Port for DHCP to listen & communicate with it DHCP peer | +
--foreman-proxy-dhcp-gateway | +DHCP pool gateway | +
--foreman-proxy-dhcp-interface | +DHCP listen interface | +
--foreman-proxy-dhcp-ipxe-bootstrap | +Enable or disable iPXE bootstrap(discovery) feature | +
--foreman-proxy-dhcp-ipxefilename | +iPXE DHCP "filename" value, If not specified, it's determined dynamically. When the templates feature is enabled, the template_url is used. | +
--foreman-proxy-dhcp-key-name | +DHCP key name | +
--foreman-proxy-dhcp-key-secret | +DHCP password | +
--foreman-proxy-dhcp-leases | +DHCP leases file | +
--foreman-proxy-dhcp-listen-on | +DHCP proxy to listen on https, http, or both | +
--foreman-proxy-dhcp-load-balance | +Cutoff after which load balancing is disabled | +
--foreman-proxy-dhcp-load-split | +Split leases between Primary and Secondary. 255 means Primary is chiefly responsible. 0 means Secondary is chiefly responsible. | +
--foreman-proxy-dhcp-manage-acls | +Whether to manage DHCP directory ACLs. This allows the Foreman Proxy user to access even if the directory mode is 0750. | +
--foreman-proxy-dhcp-managed | +The DHCP daemon is managed by this module | +
--foreman-proxy-dhcp-max-response-delay | +Seconds after it will assume that connection has failed to DHCP peer | +
--foreman-proxy-dhcp-max-unacked-updates | +How many BNDUPD messages DHCP can send before it receives a BNDACK from the local system | +
--foreman-proxy-dhcp-mclt | +Seconds for which a lease may be renewed by either failover peer without contacting the other | +
--foreman-proxy-dhcp-nameservers | +DHCP nameservers, comma-separated | +
--foreman-proxy-dhcp-netmask | +DHCP server netmask value, defaults otherwise to value based on IP of dhcp_interface | +
--foreman-proxy-dhcp-network | +DHCP server network value, defaults otherwise to value based on IP of dhcp_interface | +
--foreman-proxy-dhcp-node-type | +DHCP node type | +
--foreman-proxy-dhcp-omapi-port | +DHCP server OMAPI port | +
--foreman-proxy-dhcp-option-domain | +DHCP use the dhcpd config option domain-name | +
--foreman-proxy-dhcp-peer-address | +The other DHCP servers address | +
--foreman-proxy-dhcp-ping-free-ip | +Perform ICMP and TCP ping when searching free IPs from the pool. This makes sure that active IP address is not suggested as free, however in locked down network environments this can cause no free IPs. | +
--foreman-proxy-dhcp-provider | +DHCP provider for the DHCP module | +
--foreman-proxy-dhcp-pxefilename | +DHCP "filename" value, defaults otherwise to pxelinux.0 | +
--foreman-proxy-dhcp-pxeserver | +DHCP "next-server" value, defaults otherwise to IP of dhcp_interface | +
--foreman-proxy-dhcp-range | +Space-separated DHCP pool range | +
--foreman-proxy-dhcp-search-domains | +DHCP search domains option | +
--foreman-proxy-dhcp-server | +Address of DHCP server to manage | +
--foreman-proxy-dhcp-subnets | +Subnets list to restrict DHCP management to | +
--foreman-proxy-dns | +Enable DNS feature | +
--foreman-proxy-dns-forwarders | +DNS forwarders | +
--foreman-proxy-dns-interface | +DNS interface | +
--foreman-proxy-dns-listen-on | +DNS proxy to listen on https, http, or both | +
--foreman-proxy-dns-managed | +The DNS daemon is managed by this module. Only supported for the nsupdate and nsupdate_gss DNS providers. | +
--foreman-proxy-dns-provider | +DNS provider | +
--foreman-proxy-dns-reverse | +DNS reverse zone name | +
--foreman-proxy-dns-server | +Address of DNS server to manage | +
--foreman-proxy-dns-tsig-keytab | +Kerberos keytab for DNS updates using GSS-TSIG authentication | +
--foreman-proxy-dns-tsig-principal | +Kerberos principal for DNS updates using GSS-TSIG authentication | +
--foreman-proxy-dns-ttl | +DNS default TTL override | +
--foreman-proxy-dns-zone | +DNS zone name | +
--foreman-proxy-ensure-packages-version | +control extra packages version, it's passed to ensure parameter of package resource | +
--foreman-proxy-foreman-base-url | +Base Foreman URL used for REST interaction | +
--foreman-proxy-foreman-ssl-ca | +SSL CA used to verify connections when accessing the Foreman API. When not specified, the ssl_ca is used instead. | +
--foreman-proxy-foreman-ssl-cert | +SSL client certificate used when accessing the Foreman API When not specified, the ssl_cert is used instead. | +
--foreman-proxy-foreman-ssl-key | +Corresponding key to a foreman_ssl_cert certificate When not specified, the ssl_key is used instead. | +
--foreman-proxy-freeipa-config | +Path to FreeIPA default.conf configuration file | +
--foreman-proxy-freeipa-remove-dns | +Remove DNS entries from FreeIPA when deleting hosts from realm | +
--foreman-proxy-groups | +Array of additional groups for the foreman proxy user | +
--foreman-proxy-http | +Enable HTTP | +
--foreman-proxy-http-port | +HTTP port to listen on (if http is enabled) | +
--foreman-proxy-httpboot | +Enable HTTPBoot feature. In most deployments this requires HTTP to be enabled as well. | +
--foreman-proxy-httpboot-listen-on | +HTTPBoot proxy to listen on https, http, or both | +
--foreman-proxy-keyfile | +DNS server keyfile path | +
--foreman-proxy-libvirt-connection | +Connection string of libvirt DNS/DHCP provider (e.g. "qemu:///system") | +
--foreman-proxy-libvirt-network | +Network for libvirt DNS/DHCP provider | +
--foreman-proxy-log | +Foreman proxy log file, 'STDOUT', 'SYSLOG' or 'JOURNAL' | +
--foreman-proxy-log-buffer | +Log buffer size | +
--foreman-proxy-log-buffer-errors | +Additional log buffer size for errors | +
--foreman-proxy-log-level | +Foreman proxy log level | +
--foreman-proxy-logs | +Enable Logs (log buffer) feature | +
--foreman-proxy-logs-listen-on | +Logs proxy to listen on https, http, or both | +
--foreman-proxy-manage-puppet-group | +Whether to ensure the $puppet_group exists. Also ensures group owner of ssl keys and certs is $puppet_group Not applicable when ssl is false. | +
--foreman-proxy-manage-service | +control the service, whether it should be started / enabled or not. useful, if the service should be managed by a cluster software e.g. corosync / pacemaker | +
--foreman-proxy-oauth-consumer-key | +OAuth key to be used for REST interaction | +
--foreman-proxy-oauth-consumer-secret | +OAuth secret to be used for REST interaction | +
--foreman-proxy-oauth-effective-user | +User to be used for REST interaction | +
--foreman-proxy-puppet | +Enable Puppet module for environment imports and Puppet runs | +
--foreman-proxy-puppet-api-timeout | +Timeout in seconds when accessing Puppet environment classes API | +
--foreman-proxy-puppet-group | +Groups of Foreman proxy user | +
--foreman-proxy-puppet-listen-on | +Protocols for the Puppet feature to listen on | +
--foreman-proxy-puppet-ssl-ca | +SSL CA used to verify connections when accessing the Puppet master API | +
--foreman-proxy-puppet-ssl-cert | +SSL certificate used when accessing the Puppet master API | +
--foreman-proxy-puppet-ssl-key | +SSL private key used when accessing the Puppet master API | +
--foreman-proxy-puppet-url | +URL of the Puppet master itself for API requests | +
--foreman-proxy-puppetca | +Enable Puppet CA feature | +
--foreman-proxy-puppetca-certificate | +Token-whitelisting only: Certificate to use when encrypting tokens (undef to use SSL certificate) | +
--foreman-proxy-puppetca-listen-on | +Protocols for the Puppet CA feature to listen on | +
--foreman-proxy-puppetca-provider | +Whether to use puppetca_hostname_whitelisting or puppetca_token_whitelisting | +
--foreman-proxy-puppetca-sign-all | +Token-whitelisting only: Whether to sign all CSRs without checking their token | +
--foreman-proxy-puppetca-token-ttl | +Token-whitelisting only: Fallback time (in minutes) after which tokens will expire | +
--foreman-proxy-puppetca-tokens-file | +Token-Whitelisting only: Location of the tokens.yaml | +
--foreman-proxy-puppetdir | +Puppet var directory | +
--foreman-proxy-realm | +Enable realm management feature | +
--foreman-proxy-realm-keytab | +Kerberos keytab path to authenticate realm updates | +
--foreman-proxy-realm-listen-on | +Realm proxy to listen on https, http, or both | +
--foreman-proxy-realm-principal | +Kerberos principal for realm updates | +
--foreman-proxy-realm-provider | +Realm management provider | +
--foreman-proxy-register-in-foreman | +Register proxy back in Foreman | +
--foreman-proxy-registered-name | +Proxy name which is registered in Foreman | +
--foreman-proxy-registered-proxy-url | +Proxy URL which is registered in Foreman | +
--foreman-proxy-registration | +Enable Registration feature | +
--foreman-proxy-registration-listen-on | +Registration proxy to listen on https, http, or both | +
--foreman-proxy-registration-url | +URL that hosts will connect to when registering | +
--foreman-proxy-ssl | +Enable SSL, ensure feature is added with "https://" protocol if true | +
--foreman-proxy-ssl-ca | +SSL CA to validate the client certificates used to access the proxy | +
--foreman-proxy-ssl-cert | +SSL certificate to be used to run the foreman proxy via https. | +
--foreman-proxy-ssl-disabled-ciphers | +List of OpenSSL cipher suite names that will be disabled from the default | +
--foreman-proxy-ssl-key | +Corresponding key to a ssl_cert certificate | +
--foreman-proxy-ssl-port | +HTTPS port to listen on (if ssl is enabled) | +
--foreman-proxy-ssldir | +Puppet CA SSL directory | +
--foreman-proxy-template-url | +URL a client should use for provisioning templates | +
--foreman-proxy-templates | +Enable templates feature | +
--foreman-proxy-templates-listen-on | +Templates proxy to listen on https, http, or both | +
--foreman-proxy-tftp | +Enable TFTP feature | +
--foreman-proxy-tftp-dirs | +Directories to be create in $tftp_root | +
--foreman-proxy-tftp-listen-on | +TFTP proxy to listen on https, http, or both | +
--foreman-proxy-tftp-manage-wget | +If enabled will install the wget package | +
--foreman-proxy-tftp-managed | +The TFTP daemon is managed by this module. | +
--foreman-proxy-tftp-replace-grub2-cfg | +Determines if grub2.cfg will be replaced | +
--foreman-proxy-tftp-root | +TFTP root directory | +
--foreman-proxy-tftp-servername | +Defines the TFTP Servername to use, overrides the name in the subnet declaration | +
--foreman-proxy-tls-disabled-versions | +List of TLS versions that will be disabled from the default | +
--foreman-proxy-trusted-hosts | +Only hosts listed will be permitted, empty array to disable authorization | +
--foreman-proxy-version | +foreman package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc. | +
--puppet-additional-settings | +A hash of additional main settings. | +
--puppet-agent | +Should a puppet agent be installed | +
--puppet-agent-additional-settings | +A hash of additional agent settings. Example: {stringify_facts => true} | +
--puppet-agent-default-schedules | +A boolean to enable/disable the default schedules | +
--puppet-agent-noop | +Run the agent in noop mode. | +
--puppet-agent-restart-command | +The command which gets excuted on puppet service restart | +
--puppet-agent-server-hostname | +Hostname of your puppetserver (server directive in puppet.conf) | +
--puppet-agent-server-port | +Override the port of the server we connect to. | +
--puppet-allow-any-crl-auth | +Allow any authentication for the CRL. This is needed on the puppet CA to accept clients from a the puppet CA proxy. | +
--puppet-auth-allowed | +An array of authenticated nodes allowed to access all catalog and node endpoints. default to ['$1'] | +
--puppet-autosign | +If set to a boolean, autosign is enabled or disabled for all incoming requests. Otherwise this has to be set to the full file path of an autosign.conf file or an autosign script. If this is set to a script, make sure that script considers the content of autosign.conf as otherwise Foreman functionality might be broken. | +
--puppet-autosign-content | +If set, write the autosign file content using the value of this parameter. Cannot be used at the same time as autosign_entries For example, could be a string, or file('another_module/autosign.sh') or template('another_module/autosign.sh.erb') | +
--puppet-autosign-entries | +A list of certnames or domain name globs whose certificate requests will automatically be signed. Defaults to an empty Array. | +
--puppet-autosign-mode | +mode of the autosign file/script | +
--puppet-autosign-source | +If set, use this as the source for the autosign file, instead of autosign_content. | +
--puppet-ca-crl-filepath | +Path to CA CRL file, dynamically resolves based on $::server_ca status. | +
--puppet-ca-port | +Puppet CA port | +
--puppet-ca-server | +Use a different ca server. Should be either a string with the location of the ca_server or 'false'. | +
--puppet-certificate-revocation | +Whether certificate revocation checking should be enabled, and what level of checking should be performed | +
--puppet-classfile | +The file in which puppet agent stores a list of the classes associated with the retrieved configuration. | +
--puppet-client-certname | +The node's certificate name, and the unique identifier it uses when requesting catalogs. | +
--puppet-client-package | +Install a custom package to provide the puppet client | +
--puppet-codedir | +Override the puppet code directory. | +
--puppet-cron-cmd | +Specify command to launch when runmode is set 'cron'. | +
--puppet-dir | +Override the puppet directory. | +
--puppet-dir-group | +Group of the base puppet directory, used when puppet::server is false. | +
--puppet-dir-owner | +Owner of the base puppet directory, used when puppet::server is false. | +
--puppet-dns-alt-names | +Use additional DNS names when generating a certificate. Defaults to an empty Array. | +
--puppet-environment | +Default environment of the Puppet agent | +
--puppet-group | +Override the name of the puppet group. | +
--puppet-hiera-config | +The hiera configuration file. | +
--puppet-http-connect-timeout | +The maximum amount of time an agent waits when establishing an HTTP connection. | +
--puppet-http-read-timeout | +The time an agent waits for one block to be read from an HTTP connection. If nothing is read after the elapsed interval then the connection will be closed. | +
--puppet-localconfig | +The localconfig setting. | +
--puppet-logdir | +Override the log directory. | +
--puppet-manage-packages | +Should this module install packages or not. Can also install only server packages with value of 'server' or only agent packages with 'agent'. | +
--puppet-module-repository | +Use a different puppet module repository | +
--puppet-package-install-options | +Flags that should be passed to the package manager during installation. Defaults to undef. May be a string, an array or a hash, see Puppet Package resource documentation for the provider matching your package manager | +
--puppet-package-provider | +The provider used to install the agent. Defaults to chocolatey on Windows Defaults to undef elsewhere | +
--puppet-package-source | +The location of the file to be used by the agent's package resource. Defaults to undef. If 'windows' or 'msi' are used as the provider then this setting is required. | +
--puppet-pluginfactsource | +URL to retrieve Puppet facts from during pluginsync | +
--puppet-pluginsource | +URL to retrieve Puppet plugins from during pluginsync | +
--puppet-postrun-command | +A command which gets excuted after each Puppet run | +
--puppet-prerun-command | +A command which gets excuted before each Puppet run | +
--puppet-puppetconf-mode | +The permissions for /etc/puppetlabs/puppet/puppet.conf default to '0644' and '0674' on windows | +
--puppet-report | +Send reports to the Puppet Master | +
--puppet-run-hour | +The hour at which to run the puppet agent when runmode is cron or systemd.timer. | +
--puppet-run-minute | +The minute at which to run the puppet agent when runmode is cron or systemd.timer. | +
--puppet-rundir | +Override the PID directory. | +
--puppet-runinterval | +Set up the interval (in seconds) to run the puppet agent. | +
--puppet-runmode | +Select the mode to setup the puppet agent. | +
--puppet-server | +Should a puppet server be installed as well as the client | +
--puppet-server-acceptor-threads | +This sets the number of threads that the webserver will dedicate to accepting socket connections for unencrypted HTTP traffic. If not provided, the webserver defaults to the number of virtual cores on the host divided by 8, with a minimum of 1 and maximum of 4. | +
--puppet-server-additional-settings | +A hash of additional settings. Example: {trusted_node_data => true, ordering => 'manifest'} | +
--puppet-server-admin-api-allowlist | +The allowlist of clients that can query the puppet-admin-api endpoint Defaults to [ '127.0.0.1', '::1', $::ipaddress ] | +
--puppet-server-allow-header-cert-info | +Enable client authentication over HTTP Headers Defaults to false, is also activated by the $server_http setting | +
--puppet-server-ca | +Provide puppet CA | +
--puppet-server-ca-allow-auth-extensions | +Allow CA to sign certificate requests that have authorization extensions Defaults to false | +
--puppet-server-ca-allow-auto-renewal | +Enable the auto renewal for client certificates Defaults to false | +
--puppet-server-ca-allow-auto-renewal-cert-ttl | +Set the auto renewal interval for client certificates Defaults to 60d | +
--puppet-server-ca-allow-sans | +Allow CA to sign certificate requests that have Subject Alternative Names Defaults to false | +
--puppet-server-ca-auth-required | +Whether client certificates are needed to access the puppet-admin api Defaults to true | +
--puppet-server-ca-client-allowlist | +The allowlist of client certificates that can query the certificate-status endpoint Defaults to [ '127.0.0.1', '::1', $::ipaddress ] | +
--puppet-server-ca-client-self-delete | +Adds a rule to auth.conf, that allows a client to delete its own certificate Defaults to false | +
--puppet-server-ca-crl-sync | +Sync puppet CA crl file to compilers, Puppet CA Must be the Puppetserver for the compilers. Defaults to false. | +
--puppet-server-ca-enable-infra-crl | +Enable the separate CRL for Puppet infrastructure nodes Defaults to false | +
--puppet-server-certname | +The name to use when handling certificates. | +
--puppet-server-check-for-updates | +Should the puppetserver phone home to check for available updates? Defaults to true | +
--puppet-server-cipher-suites | +List of SSL ciphers to use in negotiation Defaults to ['TLS_AES_128_GCM_SHA256', 'TLS_AES_256_GCM_SHA384', 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'] | +
--puppet-server-common-modules-path | +Common modules paths | +
--puppet-server-compile-mode | +Used to control JRuby's "CompileMode", which may improve performance. Defaults to undef (off). | +
--puppet-server-connect-timeout | +How long the server will wait for a response to a connection attempt | +
--puppet-server-crl-enable | +Turn on crl checking. Defaults to true when server_ca is true. Otherwise Defaults to false. Note unless you are using an external CA. It is recommended to set this to true. See $server_ca_crl_sync to enable syncing from CA Puppet Master | +
--puppet-server-custom-trusted-oid-mapping | +A hash of custom trusted oid mappings. Defaults to undef Example: { 1.3.6.1.4.1.34380.1.2.1.1 => { shortname => 'myshortname' } } | +
--puppet-server-default-manifest | +Toggle if default_manifest setting should be added to the [main] section | +
--puppet-server-default-manifest-content | +A string to set the content of the default_manifest If set to '' it will not manage the file | +
--puppet-server-default-manifest-path | +A string setting the path to the default_manifest | +
--puppet-server-dir | +Puppet configuration directory | +
--puppet-server-environment-class-cache-enabled | +Enable environment class cache in conjunction with the use of the environment_classes API. Defaults to false | +
--puppet-server-environment-timeout | +Timeout for cached compiled catalogs (10s, 5m, ...) | +
--puppet-server-environment-vars | +A hash of environment variables and their values which the puppetserver is allowed to see. To define literal values double quotes should be used: {'MYVAR': '"MYVALUE"'}. Omitting the inner quotes might lead to unexpected results since the HOCON format does not allow characters like $, curly/square brackets or = in unquoted strings. Multi line strings are also allowed as long as they are triple quoted: {'MYVAR': "\"\"\"MY\nMULTI\nLINE\nVALUE\"\"\""} To pass an existing variable use substitutions: {'MYVAR': '${MYVAR}'}. | +
--puppet-server-environments-group | +The group owning the environments directory | +
--puppet-server-environments-mode | +Environments directory mode. | +
--puppet-server-environments-owner | +The owner of the environments directory | +
--puppet-server-environments-recurse | +Should the environments directory be managed recursively | +
--puppet-server-envs-dir | +List of directories which hold puppet environments | +
--puppet-server-envs-target | +Indicates that $envs_dir should be a symbolic link to this target | +
--puppet-server-external-nodes | +External nodes classifier executable | +
--puppet-server-foreman | +Should foreman integration be installed | +
--puppet-server-foreman-facts | +Should foreman receive facts from puppet | +
--puppet-server-foreman-ssl-ca | +SSL CA of the Foreman server | +
--puppet-server-foreman-ssl-cert | +Client certificate for authenticating against Foreman server | +
--puppet-server-foreman-ssl-key | +Key for authenticating against Foreman server | +
--puppet-server-foreman-url | +Foreman URL | +
--puppet-server-git-branch-map | +Git branch to puppet env mapping for the default post receive hook | +
--puppet-server-git-repo | +Use git repository as a source of modules | +
--puppet-server-git-repo-group | +Git repository group | +
--puppet-server-git-repo-hook-mode | +Git repository hook mode | +
--puppet-server-git-repo-path | +Git repository path on disk | +
--puppet-server-git-repo-umask | +Umask used during git operations | +
--puppet-server-git-repo-user | +Git repository user | +
--puppet-server-group | +Group used for the puppetserver process | +
--puppet-server-http | +Should the puppet server listen on HTTP as well as HTTPS. Useful for load balancer or reverse proxy scenarios. | +
--puppet-server-http-port | +Puppet server HTTP port; defaults to 8139. | +
--puppet-server-idle-timeout | +How long the server will wait for a response on an existing connection | +
--puppet-server-ip | +Bind ip address of the puppetserver | +
--puppet-server-jolokia-metrics-allowlist | +The allowlist of clients that can query the jolokia /metrics/v2 endpoint | +
--puppet-server-jruby-gem-home | +Where jruby gems are located for puppetserver | +
--puppet-server-jvm-cli-args | +Java options to use when using puppetserver subcommands (eg puppetserver gem). | +
--puppet-server-jvm-config | +Specify the puppetserver jvm configuration file. | +
--puppet-server-jvm-extra-args | +Additional java options to pass through. This can be used for Java versions prior to Java 8 to specify the max perm space to use: For example: '-XX:MaxPermSize=128m'. | +
--puppet-server-jvm-java-bin | +Set the default java to use. If unspecified, it will be derived from the Puppet version. | +
--puppet-server-jvm-max-heap-size | +Specify the maximum jvm heap space. | +
--puppet-server-jvm-min-heap-size | +Specify the minimum jvm heap space. | +
--puppet-server-manage-user | +Whether to manage the server user resource | +
--puppet-server-max-active-instances | +Max number of active jruby instances. Defaults to processor count | +
--puppet-server-max-open-files | +Increase the max open files limit for Puppetserver. Defaults to undef | +
--puppet-server-max-queued-requests | +The maximum number of requests that may be queued waiting to borrow a JRuby from the pool. Defaults to 0 (disabled). | +
--puppet-server-max-requests-per-instance | +Max number of requests a jruby instances will handle. Defaults to 0 (disabled) | +
--puppet-server-max-retry-delay | +Sets the upper limit for the random sleep set as a Retry-After header on 503 responses returned when max-queued-requests is enabled. Defaults to 1800. | +
--puppet-server-max-threads | +This sets the maximum number of threads assigned to responding to HTTP and/or HTTPS requests for a single webserver, effectively changing how many concurrent requests can be made at one time. If not provided, the webserver defaults to 200. | +
--puppet-server-metrics-allowed | +Specify metrics to allow in addition to those in the default list Defaults to undef | +
--puppet-server-metrics-graphite-enable | +Enable or disable Graphite metrics reporter. Defaults to false | +
--puppet-server-metrics-graphite-host | +Graphite server host. Defaults to "127.0.0.1" | +
--puppet-server-metrics-graphite-interval | +How often to send metrics to graphite (in seconds) Defaults to 5 | +
--puppet-server-metrics-graphite-port | +Graphite server port. Defaults to 2003 | +
--puppet-server-metrics-jmx-enable | +Enable or disable JMX metrics reporter. Defaults to true | +
--puppet-server-metrics-server-id | +A server id that will be used as part of the namespace for metrics produced Defaults to $fqdn | +
--puppet-server-multithreaded | +Use multithreaded jruby. Defaults to false. | +
--puppet-server-package | +Custom package name for puppet server | +
--puppet-server-parser | +Sets the parser to use. Valid options are 'current' or 'future'. Defaults to 'current'. | +
--puppet-server-port | +Puppet server port | +
--puppet-server-post-hook-content | +Which template to use for git post hook | +
--puppet-server-post-hook-name | +Name of a git hook | +
--puppet-server-puppet-basedir | +Where is the puppet code base located | +
--puppet-server-puppetserver-auth-template | +Template for generating /etc/puppetlabs/puppetserver/conf.d/auth.conf | +
--puppet-server-puppetserver-dir | +The path of the puppetserver config dir | +
--puppet-server-puppetserver-experimental | +Enable the /puppet/experimental route? Defaults to true | +
--puppet-server-puppetserver-logdir | +The path of the puppetserver log dir | +
--puppet-server-puppetserver-metrics | +Enable puppetserver http-client metrics | +
--puppet-server-puppetserver-profiler | +Enable JRuby profiling. If set to false, compiler and function metrics will not be available, (eg. when enabling graphite metrics) | +
--puppet-server-puppetserver-rundir | +The path of the puppetserver run dir | +
--puppet-server-puppetserver-telemetry | +Enable Dropsonde telemetry. Undef means disabled while booleans are explicit opt-in or opt-out. This is different from Puppetserver's default values. | +
--puppet-server-puppetserver-trusted-agents | +Certificate names of puppet agents that are allowed to fetch *all* catalogs Defaults to [] and all agents are only allowed to fetch their own catalogs. | +
--puppet-server-puppetserver-trusted-certificate-extensions | +An array of hashes of certificate extensions and values to be used in auth.conf | +
--puppet-server-puppetserver-vardir | +The path of the puppetserver var dir | +
--puppet-server-puppetserver-version | +The version of puppetserver installed (or being installed) Unfortunately, different versions of puppetserver need configuring differently. The default is derived from the installed puppet version. Generally it's not needed to override this but when upgrading it might be. | +
--puppet-server-reports | +List of report types to include on the puppetserver | +
--puppet-server-request-timeout | +Timeout in node.rb script for fetching catalog from Foreman (in seconds). | +
--puppet-server-ruby-load-paths | +List of ruby paths | +
--puppet-server-selector-threads | +This sets the number of selectors that the webserver will dedicate to processing events on connected sockets for unencrypted HTTPS traffic. If not provided, the webserver defaults to the minimum of: virtual cores on the host divided by 2 or max-threads divided by 16, with a minimum of 1. | +
--puppet-server-ssl-acceptor-threads | +This sets the number of threads that the webserver will dedicate to accepting socket connections for encrypted HTTPS traffic. If not provided, defaults to the number of virtual cores on the host divided by 8, with a minimum of 1 and maximum of 4. | +
--puppet-server-ssl-chain-filepath | +Path to certificate chain for puppetserver Only used when $ca is true Defaults to "${ssl_dir}/ca/ca_crt.pem" | +
--puppet-server-ssl-dir | +SSL directory | +
--puppet-server-ssl-dir-manage | +Toggle if ssl_dir should be added to the [server] configuration section. This is necessary to disable in case CA is delegated to a separate instance | +
--puppet-server-ssl-key-manage | +Toggle if "private_keys/${::puppet::server::certname}.pem" should be created with default user and group. This is used in the default Forman setup to reuse the key for TLS communication. | +
--puppet-server-ssl-protocols | +Array of SSL protocols to use. Defaults to [ 'TLSv1.3', 'TLSv1.2' ] | +
--puppet-server-ssl-selector-threads | +This sets the number of selectors that the webserver will dedicate to processing events on connected sockets for encrypted HTTPS traffic. Defaults to the number of virtual cores on the host divided by 2, with a minimum of 1 and maximum of 4. The number of selector threads actually used by Jetty is twice the number of selectors requested. For example, if a value of 3 is specified for the ssl-selector-threads setting, Jetty will actually use 6 selector threads. | +
--puppet-server-storeconfigs | +Whether to enable storeconfigs | +
--puppet-server-strict-variables | +if set to true, it will throw parse errors when accessing undeclared variables. | +
--puppet-server-trusted-external-command | +The external trusted facts script to use. | +
--puppet-server-user | +Username used for the puppetserver process | +
--puppet-server-version | +Custom package version for puppet server | +
--puppet-server-versioned-code-content | +Contains the path to an executable script that Puppet Server invokes when on static_file_content requests. Defaults to undef | +
--puppet-server-versioned-code-id | +The path to an executable script that Puppet Server invokes to generate a code_id Defaults to undef | +
--puppet-server-web-idle-timeout | +Time in ms that Jetty allows a socket to be idle, after processing has completed. Defaults to 30000, using the Jetty default of 30s | +
--puppet-service-name | +The name of the puppet agent service. | +
--puppet-sharedir | +Override the system data directory. | +
--puppet-show-diff | +Show and report changed files with diff output | +
--puppet-splay | +Switch to enable a random amount of time to sleep before each run. | +
--puppet-splaylimit | +The maximum time to delay before runs. Defaults to being the same as the run interval. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). | +
--puppet-srv-domain | +Search domain for SRV records | +
--puppet-ssldir | +Override where SSL certificates are kept. | +
--puppet-syslogfacility | +Facility name to use when logging to syslog | +
--puppet-systemd-cmd | +Specify command to launch when runmode is set 'systemd.timer'. | +
--puppet-systemd-randomizeddelaysec | +Adds a random delay between 0 and this value (in seconds) to the timer. Only relevant when runmode is 'systemd.timer'. | +
--puppet-systemd-unit-name | +The name of the puppet systemd units. | +
--puppet-unavailable-runmodes | +Runmodes that are not available for the current system. This module will not try to disable these modes. Default is [] on Linux, ['cron', 'systemd.timer'] on Windows and ['systemd.timer'] on other systems. | +
--puppet-use-srv-records | +Whether DNS SRV records will be used to resolve the Puppet server | +
--puppet-usecacheonfailure | +Switch to enable use of cached catalog on failure of run. | +
--puppet-user | +Override the name of the puppet user. | +
--puppet-vardir | +Override the puppet var directory. | +
--puppet-version | +Specify a specific version of a package to install. The version should be the exact match for your distro. You can also use certain values like 'latest'. Note that when you specify exact versions you should also override $server_version since that defaults to $version. | +
--foreman-plugin-default-hostgroup-hostgroups | +An array of hashes of hostgroup names and facts to add to the configuration | +
--foreman-plugin-puppetdb-address | +Address of puppetdb API. | +
--foreman-plugin-puppetdb-api-version | +PuppetDB API version. | +
--foreman-plugin-puppetdb-ssl-ca-file | +CA certificate file which will be used to connect to the PuppetDB API. | +
--foreman-plugin-puppetdb-ssl-certificate | +Certificate file which will be used to connect to the PuppetDB API. | +
--foreman-plugin-puppetdb-ssl-private-key | +Private key file which will be used to connect to the PuppetDB API. | +
--foreman-plugin-remote-execution-cockpit-ensure | +Specify the package state, or absent to remove it | +
--foreman-plugin-remote-execution-cockpit-origins | +Specify additional Cockpit Origins to configure cockpit.conf. The $foreman_url is included by default. | +
--foreman-plugin-tasks-automatic-cleanup | +Enable automatic task cleanup using a cron job | +
--foreman-plugin-tasks-backup | +Enable creating a backup of cleaned up tasks in CSV format when automatic_cleanup is enabled | +
--foreman-plugin-tasks-cron-line | +Cron line defining when the cleanup cron job should run | +
--foreman-compute-ec2-version | +Package version to install, defaults to installed | +
--foreman-compute-libvirt-version | +Package version to install, defaults to installed | +
--foreman-compute-openstack-version | +Package version to install, defaults to installed | +
--foreman-compute-ovirt-version | +Package version to install, defaults to installed | +
--foreman-compute-vmware-version | +Package version to install, defaults to installed | +
--foreman-proxy-plugin-acd-enabled | +enables/disables the acd plugin | +
--foreman-proxy-plugin-acd-listen-on | +proxy feature listens on http, https, or both | +
--foreman-proxy-plugin-acd-version | +plugin package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc. | +
--foreman-proxy-plugin-ansible-ansible-dir | +Ansible directory to search for available roles | +
--foreman-proxy-plugin-ansible-callback | +The callback plugin to configure in ansible.cfg | +
--foreman-proxy-plugin-ansible-collections-paths | +Paths where to look for ansible collections | +
--foreman-proxy-plugin-ansible-enabled | +Enables/disables the ansible plugin | +
--foreman-proxy-plugin-ansible-host-key-checking | +Whether to ignore errors when a host is reinstalled so it has a different key in ~/.ssh/known_hosts If a host is not initially in 'known_hosts' setting this to True will result in prompting for confirmation of the key, which is not possible from non-interactive environments like Foreman Remote Execution or cron | +
--foreman-proxy-plugin-ansible-install-runner | +If true, installs ansible-runner package to support running ansible by ansible-runner | +
--foreman-proxy-plugin-ansible-listen-on | +Proxy feature listens on https, http, or both | +
--foreman-proxy-plugin-ansible-roles-path | +Paths where we look for ansible roles. | +
--foreman-proxy-plugin-ansible-runner-package-name | +The name of the ansible-runner package to install | +
--foreman-proxy-plugin-ansible-ssh-args | +The ssh_args parameter in ansible.cfg under [ssh_connection] | +
--foreman-proxy-plugin-ansible-working-dir | +A directory where the playbooks will be generated. A tmp directory will be created when left blank | +
--foreman-proxy-plugin-dhcp-infoblox-dns-view | +The DNS view to use | +
--foreman-proxy-plugin-dhcp-infoblox-network-view | +The network view to use | +
--foreman-proxy-plugin-dhcp-infoblox-password | +The password of the Infoblox user | +
--foreman-proxy-plugin-dhcp-infoblox-record-type | +Record type to manage | +
--foreman-proxy-plugin-dhcp-infoblox-used-ips-search-type | +The search type for used ips | +
--foreman-proxy-plugin-dhcp-infoblox-username | +The username of the Infoblox user | +
--foreman-proxy-plugin-dhcp-remote-isc-dhcp-config | +DHCP config file path | +
--foreman-proxy-plugin-dhcp-remote-isc-dhcp-leases | +DHCP leases file | +
--foreman-proxy-plugin-dhcp-remote-isc-key-name | +DHCP key name | +
--foreman-proxy-plugin-dhcp-remote-isc-key-secret | +DHCP password | +
--foreman-proxy-plugin-dhcp-remote-isc-omapi-port | +DHCP server OMAPI port | +
--foreman-proxy-plugin-discovery-enabled | +Whether the module is enabled or disabled. | +
--foreman-proxy-plugin-discovery-image-name | +tarball with images | +
--foreman-proxy-plugin-discovery-install-images | +Download and extract the discovery image | +
--foreman-proxy-plugin-discovery-listen-on | +When enabled, it's configured to listen on HTTPS (default), HTTP or both. | +
--foreman-proxy-plugin-discovery-source-url | +source URL to download from | +
--foreman-proxy-plugin-discovery-tftp-root | +TFTP root directory where extracted discovery image will be installed | +
--foreman-proxy-plugin-discovery-version | +The version to ensure | +
--foreman-proxy-plugin-dns-infoblox-dns-server | +The address of the Infoblox server | +
--foreman-proxy-plugin-dns-infoblox-dns-view | +The Infoblox DNS View | +
--foreman-proxy-plugin-dns-infoblox-password | +The password of the Infoblox user | +
--foreman-proxy-plugin-dns-infoblox-username | +The username of the Infoblox user | +
--foreman-proxy-plugin-dns-powerdns-rest-api-key | +The REST API key | +
--foreman-proxy-plugin-dns-powerdns-rest-url | +The REST API URL | +
--foreman-proxy-plugin-dns-route53-aws-access-key | +The Access Key ID of the IAM account | +
--foreman-proxy-plugin-dns-route53-aws-secret-key | +The Secret Access Key of the IAM account | +
--foreman-proxy-plugin-dynflow-console-auth | +Whether to enable trusted hosts and ssl for the dynflow console | +
--foreman-proxy-plugin-dynflow-database-path | +Path to the SQLite database file, set empty for in-memory sqlite | +
--foreman-proxy-plugin-dynflow-enabled | +Enables/disables the dynflow plugin | +
--foreman-proxy-plugin-dynflow-listen-on | +Proxy feature listens on https, http, or both | +
--foreman-proxy-plugin-dynflow-open-file-limit | +Limit number of open files - Only Red Hat Operating Systems with Software Collections. | +
--foreman-proxy-plugin-dynflow-ssl-disabled-ciphers | +Disable SSL ciphers. For example: ['NULL-MD5', 'NULL-SHA'] | +
--foreman-proxy-plugin-dynflow-tls-disabled-versions | +Disable TLS versions. Version 1.0 is always disabled. For example: ['1.1'] | +
--foreman-proxy-plugin-monitoring-collect-status | +collect monitoring status from monitoring solution | +
--foreman-proxy-plugin-monitoring-enabled | +enables/disables the monitoring plugin | +
--foreman-proxy-plugin-monitoring-listen-on | +proxy feature listens on http, https, or both | +
--foreman-proxy-plugin-monitoring-providers | +monitoring providers | +
--foreman-proxy-plugin-monitoring-version | +plugin package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc. | +
--foreman-proxy-plugin-omaha-contentpath | +Path where omaha content is stored | +
--foreman-proxy-plugin-omaha-distribution | +distribution type, it's passed to specify the distribution type. can be set to one of 'coreos' (default), 'flatcar' | +
--foreman-proxy-plugin-omaha-enabled | +enables/disables the omaha plugin | +
--foreman-proxy-plugin-omaha-http-proxy | +URL to a proxy server that should be used to retrieve omaha content, e.g. 'http://proxy.example.com:3128/' | +
--foreman-proxy-plugin-omaha-listen-on | +proxy feature listens on http, https, or both | +
--foreman-proxy-plugin-omaha-sync-releases | +How many of the latest releases should be synced | +
--foreman-proxy-plugin-omaha-version | +plugin package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc. | +
--foreman-proxy-plugin-openscap-ansible-module | +Ensure the Ansible module | +
--foreman-proxy-plugin-openscap-ansible-module-ensure | +The state of the Ansible module to ensure | +
--foreman-proxy-plugin-openscap-contentdir | +Directory where OpenSCAP content XML are stored So we will not request the XML from Foreman each time | +
--foreman-proxy-plugin-openscap-corrupted-dir | +Directory where corrupted OpenSCAP report XML are stored | +
--foreman-proxy-plugin-openscap-enabled | +enables/disables the openscap plugin | +
--foreman-proxy-plugin-openscap-failed-dir | +Directory where OpenSCAP report XML are stored In case sending to Foreman succeeded, yet failed to save to reportsdir | +
--foreman-proxy-plugin-openscap-listen-on | +Proxy feature listens on http, https, or both | +
--foreman-proxy-plugin-openscap-openscap-send-log-file | +Log file for the forwarding script | +
--foreman-proxy-plugin-openscap-proxy-name | +Proxy name to send to Foreman with parsed report Foreman matches it against names of registered proxies to find the report source | +
--foreman-proxy-plugin-openscap-puppet-module | +Ensure the Puppet module. This only makes sense if Puppetserver runs on the same machine. | +
--foreman-proxy-plugin-openscap-puppet-module-ensure | +The state of the Puppet module to ensure | +
--foreman-proxy-plugin-openscap-reportsdir | +Directory where OpenSCAP report XML are stored So Foreman can request arf xml reports | +
--foreman-proxy-plugin-openscap-spooldir | +Directory where OpenSCAP audits are stored before they are forwarded to Foreman | +
--foreman-proxy-plugin-openscap-timeout | +Timeout for sending ARF reports to foreman | +
--foreman-proxy-plugin-openscap-version | +plugin package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc. | +
--foreman-proxy-plugin-remote-execution-script-cockpit-integration | +Enables/disables Cockpit integration | +
--foreman-proxy-plugin-remote-execution-script-enabled | +Enables/disables the plugin | +
--foreman-proxy-plugin-remote-execution-script-generate-keys | +Automatically generate SSH keys | +
--foreman-proxy-plugin-remote-execution-script-install-key | +Automatically install generated SSH key to root authorized keys which allows managing this host through Remote Execution | +
--foreman-proxy-plugin-remote-execution-script-listen-on | +Proxy feature listens on https, http, or both | +
--foreman-proxy-plugin-remote-execution-script-local-working-dir | +Local working directory on the smart proxy | +
--foreman-proxy-plugin-remote-execution-script-mode | +Operation Mode of the plugin. | +
--foreman-proxy-plugin-remote-execution-script-mqtt-rate-limit | +Number of jobs that are allowed to run at the same time | +
--foreman-proxy-plugin-remote-execution-script-mqtt-resend-interval | +Time interval in seconds at which the notification should be re-sent to the host until the job is picked up or canceleld | +
--foreman-proxy-plugin-remote-execution-script-mqtt-ttl | +Time interval in seconds given to the host to pick up the job before considering the job undelivered. | +
--foreman-proxy-plugin-remote-execution-script-remote-working-dir | +Remote working directory on clients | +
--foreman-proxy-plugin-remote-execution-script-ssh-identity-dir | +Directory where SSH keys are stored | +
--foreman-proxy-plugin-remote-execution-script-ssh-identity-file | +Provide an alternative name for the SSH keys | +
--foreman-proxy-plugin-remote-execution-script-ssh-kerberos-auth | +Enable kerberos authentication for SSH | +
--foreman-proxy-plugin-remote-execution-script-ssh-keygen | +Location of the ssh-keygen binary | +
--foreman-proxy-plugin-remote-execution-script-ssh-log-level | +Configure ssh client LogLevel | +
--foreman-proxy-plugin-salt-api | +Use Salt API | +
--foreman-proxy-plugin-salt-api-auth | +Salt API auth mechanism | +
--foreman-proxy-plugin-salt-api-password | +Salt API password | +
--foreman-proxy-plugin-salt-api-url | +Salt API URL | +
--foreman-proxy-plugin-salt-api-username | +Salt API username | +
--foreman-proxy-plugin-salt-autosign-file | +File to use for salt autosign | +
--foreman-proxy-plugin-salt-autosign-key-file | +File to use for salt autosign via grains | +
--foreman-proxy-plugin-salt-enabled | +Enables/disables the salt plugin | +
--foreman-proxy-plugin-salt-group | +Group to run salt commands and access configuration files | +
--foreman-proxy-plugin-salt-listen-on | +Proxy feature listens on https, http, or both | +
--foreman-proxy-plugin-salt-saltfile | +Path to Saltfile | +
--foreman-proxy-plugin-salt-user | +User to run salt commands under | +
--foreman-proxy-plugin-shellhooks-directory | +Absolute path to directory with executables | +
--foreman-proxy-plugin-shellhooks-enabled | +enables/disables the shellhooks plugin | +
--foreman-proxy-plugin-shellhooks-listen-on | +proxy feature listens on http, https, or both | +
--foreman-proxy-plugin-shellhooks-version | +plugin package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc. | +
foreman-rake <task>
to run rake tasks, however when installed from source, replace this with bundle exec rake <task> RAILS_ENV=production
Setting | +Value | +
---|---|
Account | +DOMAIN\foreman |
+
Base DN | +CN=Users,DC=example,DC=COM |
+
Groups base DN | +CN=Users,DC=example,DC=com |
+
Login name attribute | +userPrincipalName |
+
First name attribute | +givenName |
+
Surname attribute | +sn |
+
Email address attribute | +mail |
+
Setting | +Value | +
---|---|
Account | +uid=foreman,cn=users,cn=accounts,dc=example,dc=com | +
Base DN | +cn=users,cn=accounts,dc=example,dc=com |
+
Groups base DN | +cn=groups,cn=accounts,dc=example,dc=com or cn=ng,cn=compat,dc=example,dc=com if you use netgroups |
+
Login name attribute | +uid |
+
First name attribute | +givenName |
+
Surname attribute | +sn |
+
Email address attribute | +mail |
+
Setting | +Value | +
---|---|
Account | +uid=foreman,dc=example,dc=com |
+
Base DN | +dc=example,dc=com |
+
Groups base DN | +dc=example,dc=com |
+
Login name attribute | +uid |
+
First name attribute | +givenName |
+
Surname attribute | +sn |
+
Email address attribute | +mail |
+
Permission | +Description | +
---|---|
Permissions for Architectures, Authentication providers, environments, External variables, Common parameters, Medias, Models, Operating systems, Partition tables, Puppet classes and User groups | +|
view | +The user is allowed to see this type of object when listing them on the index page | +
create | +The user is allowed to create this type of object | +
edit | +The user is allowed to edit this type of object | +
destroy | +The user is allowed to destroy this type of object | +
Permissions for Domains | +|
view | +The user is allowed to see a list of domains when viewing the index page | +
create | +The user is allowed to create a new domain and will also be able to create domain parameters | +
edit | +The user is allowed to edit a domain and will also be able to edit a domain's parameters. If they have domain filtering active in their profile then only these domains will be editable | +
destroy | +The user is allowed to destroy a domain and will also be able to destroy domain parameters. If they have domain filtering active in their profile then only these domains will be deletable | +
Permissions for Host groups | +|
view | +The user is allowed to see a list of host groups when viewing the index page | +
create | +The user is allowed to create a new host group and will also be able to create host group parameters | +
edit | +The user is allowed to edit a host group and will also be able to edit a host group's parameters. If they have host group filtering active in their profile then only these host groups will be editable | +
destroy | +The user is allowed to destroy a host group and will also be able to destroy host group parameters. If they have host group filtering active in their profile then only these host groups will be deletable | +
Permissions for Hosts | +|
view | +The user is allowed to see a list of hosts when viewing the index page. This list may be constrained by the user's host filters | +
create | +The user is allowed to create a new host. This operation may be constrained by the user's host filters | +
edit | +The user is allowed to edit a host. This operation may be constrained by the user's host filters | +
destroy | +The user is allowed to destroy a host. This operation may be constrained by the user's host filters | +
Permissions for Users | +|
view | +The user is allowed to see a list of users when viewing the index page. A user will always be able to see their own account even if they do not have this permission | +
create | +The user is allowed to create a new user | +
edit | +The user is allowed to edit existing users. A user will always be able to edit their own basic account settings and password | +
destroy | +The user is allowed to delete users from the system | +
Status value | +Maps to | +Description | +
---|---|---|
Error | +Error | +Error during configuration, e.g. Puppet run failed to install some package | +
Out of sync | +Warning | +A configuration report was not received within the expected interval, based on the outofsync_interval1 | +
No reports | +Warning / OK | +When there are no reports but the host uses configuration management system (e.g. Puppet proxy is associated) or always_show_configuration_status setting is set to true, it maps to Warning. Otherwise it is mapped to OK. | +
Active | +OK | +During last Puppet run, some resources were applied | +
Pending | +OK | +During last Puppet run, some resources would be applied but Puppet was configured to run in noop mode | +
No changes | +OK | +During last Puppet run, nothing has changed | +
Attribute type | +Should state a name = value relationship that Foreman use to match against the entries in the order list | +
Value | +What the parameter should be in the ENC, if this rule is matched | +
Omit | +Instead of providing a value, this parameter will not be supplied in the ENC output (use to prevent a default value being returned) - only for smart class parameters | +
Validator type | +A combobox of data types. The type applies to the next field, the validator. | +
Validator rule | +Used to enforce certain values for the parameter values. See below for examples. | +
Parameter | +target | +
Description | +The target server to talk to | +
Default Value | +server.foo | +
Type Validator | +string | +
Validator Constraint | ++ |
Order | +fqdn hostgroup os domain |
+
Attribute type | +fqdn = bob.domain.com | +
Value | +server2.bar | +
Parameter | +port | +
Description | +The port to use | +
Default Value | +80 | +
Type Validator | +list | +
Validator Constraint | +80,443,8080 | +
Order | +fqdn region hostgroup os domain |
+
Attribute type | +region = europe | +
Value | +8080 | +
Attribute type | +fqdn = foo.domain | +
Value | +67 | +
Parameter | +port | +
Description | +The port to use | +
Default Value | +80 | +
Type Validator | +list | +
Validator Constraint | +80,443,8080 | +
Order | +fqdn region, hostgroup, environment hostgroup environment domain |
+
Attribute type | +fqdn = foo.domain | +
Value | +67 | +
Attribute type | +region, hostgroup, environment = europe, "web servers", production | +
Value | +8080 | +
puppet parser validate example.pp
to validate the content of a manifest.Provider | +Package | +Unattended installation | +Image-based | +Console | +Power management | +Networking | +
---|---|---|---|---|---|---|
EC2 | +foreman-ec2 | +no | +yes | +read-only | +yes | +IPv4 | +
Google Compute Engine | +foreman-plugin-google | +no | +yes | +read-only | +yes | +IPv4 | +
Libvirt | +foreman-libvirt | +yes | +yes | +VNC or SPICE | +yes | +MAC | +
OpenStack Nova | +foreman-openstack | +no | +yes | +no | +yes | +IPv4 | +
oVirt / RHEV | +foreman-ovirt | +yes | +yes | +VNC or SPICE | +yes | +MAC | +
VMware | +foreman-vmware | +yes | +yes | +VNC | +yes | +MAC | +
Journald name | +JSON name | +Description | +
---|---|---|
USER_LOGIN | +["mdc"]["user_login"] | +User login name | +
ORG_ID | +["mdc"]["org_id"] | +Organization database ID | +
LOC_ID | +["mdc"]["loc_id"] | +Location database ID | +
REMOTE_IP | +["mdc"]["remote_ip"] | +Remote IP address of a client | +
REQUEST | +["mdc"]["request"] | +Request ID generated by ActionDispatch | +
SESSION | +["mdc"]["session"] | +Random ID generated per session or request for session-less request | +
EXCEPTION_MESSAGE | +["ndc"]["exception_message"] | +Exception message when error is logged | +
EXCEPTION_CLASS | +["ndc"]["exception_class"] | +Exception Ruby class when error is logged | +
EXCEPTION_BACKTRACE | +["ndc"]["exception_backtrace"] | +Exception backtrace as a multiline string when error is logged | +
TEMPLATE_NAME | +["ndc"]["template_name"] | +Template name (blob logger) | +
TEMPLATE_DIGEST | +["ndc"]["template_digest"] | +Digest (SHA256) of rendered template contents (blob logger) | +
TEMPLATE_HOST_NAME | +["ndc"]["template_host_name"] | +Host name for a rendered template if present (blob logger) | +
TEMPLATE_HOST_ID | +["ndc"]["template_host_id"] | +Host database ID for a rendered template if present (blob logger) | +
AUDIT_ACTION | +["ndc"]["audit_action"] | +Action performed (e.g. create/update/delete) | +
AUDIT_TYPE | +["ndc"]["audit"] | +Database model class or type, subject of an audit record (e.g. Hostgroup or Subnet) | +
AUDIT_ID | +["ndc"]["audit"] | +Record database ID of the audit subject | +
AUDIT_ATTRIBUTE | +["ndc"]["audit"] | +Attribute name or column an action was performed on (e.g. name or description) | +