Foreman is a data center automation tool to deploy, configure, and patch hosts. It relies on Katello for content management, which in turn relies on Pulp to manage repositories. See Manage content using Pulp Debian for more information.
Pulp offers many plugins for different content types, including RPM packages, Ansible roles and collections, PyPI packages, and deb content. The latter is called the pulp_deb plugin.
Content management in Foreman
The basic idea for providing content to hosts is to mirror repositories and provide content to hosts via either the Foreman server or attached Smart Proxies.
This tutorial is a step-by-step guide to adding deb content to Foreman and serving hosts running Debian 10. "Deb content" refers to software packages and errata for Debian-based Linux systems (e.g., Debian and Ubuntu). This article focuses on Debian 10 Buster but the instructions also work for Ubuntu 20.04 Focal Fossa, unless noted otherwise.
1. Create the operating system
1.1. Create an architecture
Navigate to Hosts > Architectures and create a new architecture (if the architecture where you want to deploy Debian 10 hosts is missing). This tutorial assumes your hosts run on the x86_64 architecture, as Foreman does.
1.2. Create an installation media
Navigate to Hosts > Installation Media and create new Debian 10 installation media. Use the upstream repository URL http://ftp.debian.org/debian/.
Select the Debian operating system family for either Debian or Ubuntu.
Alternatively, you can also use a Debian mirror. However, content synced via Pulp does not work for two reasons: first, the linux
and initrd.gz
files are not in the expected locations; second, the Release
file is not signed.
1.3. Create an operating system
Navigate to Hosts > Operating Systems and create a new operating system called Debian 10. Use 10 as the major version and leave the minor version field blank. For Ubuntu, use 20.04 as the major version and leave the minor version field blank.
Select the Debian operating system family for Debian or Ubuntu, and specify the release name (e.g., Buster for Debian 10 or Stretch for Debian 9). Select the default partition tables and provisioning templates, i.e., Preseed default *.
1.4. Adapt default Preseed templates (optional)
Navigate to Hosts > Partition Tables and Hosts > Provisioning Templates and adapt the default Preseed templates if necessary. Note that you need to clone locked templates before editing them. Cloned templates will not receive updates with newer Foreman versions. All Debian-based systems use Preseed templates, which are included with Foreman by default.
1.5. Associate the templates
Navigate to Hosts > Provisioning Templates and search for Preseed. Associate all desired provisioning templates to the operating system. Then, navigate to Hosts > Operating Systems and select Debian 10 as the operating system. Select the Templates tab and associate any provisioning templates that you want.
2. Synchronize content
2.1. Create content credentials for Debian upstream repositories and Debian client
Navigate to Content > Content Credentials and add the required GPG public keys as content credentials for Foreman to verify the deb packages' authenticity. To obtain the necessary GPG public keys, verify the Release file and export the corresponding GPG public key as follows:
- Debian 10 main:
wget http://ftp.debian.org/debian/dists/buster/Release && wget http://ftp.debian.org/debian/dists/buster/Release.gpg gpg --verify Release.gpg Release gpg --keyserver keys.gnupg.net --recv-key 16E90B3FDF65EDE3AA7F323C04EE7237B7D453EC gpg --keyserver keys.gnupg.net --recv-key 0146DC6D4A0B2914BDED34DB648ACFD622F3D138 gpg --keyserver keys.gnupg.net --recv-key 6D33866EDD8FFA41C0143AEDDCC9EFBF77E11517 gpg --armor --export E0B11894F66AEC98 DC30D7C23CBBABEE DCC9EFBF77E11517 > debian_10_main.txt
- Debian 10 security:
wget http://security.debian.org/debian-security/dists/buster/updates/Release && wget http://security.debian.org/debian-security/dists/buster/updates/Release.gpg gpg --verify Release.gpg Release gpg --keyserver keys.gnupg.net --recv-key 379483D8B60160B155B372DDAA8E81B4331F7F50 gpg --keyserver keys.gnupg.net --recv-key 5237CEEEF212F3D51C74ABE0112695A0E562B32A gpg --armor --export EDA0D2388AE22BA9 4DFAB270CAA96DFA > debian_10_security.txt
- Debian 10 updates:
wget http://ftp.debian.org/debian/dists/buster-updates/Release && wget http://ftp.debian.org/debian/dists/buster-updates/Release.gpg gpg --verify Release.gpg Release gpg --keyserver keys.gnupg.net --recv-key 16E90B3FDF65EDE3AA7F323C04EE7237B7D453EC gpg --keyserver keys.gnupg.net --recv-key 0146DC6D4A0B2914BDED34DB648ACFD622F3D138 gpg --armor --export E0B11894F66AEC98 DC30D7C23CBBABEE > debian_10_updates.txt
- Debian 10 client:
wget --output-document=debian_10_client.txt https://apt.atix.de/atix_gpg.pub
You can select the respective ASCII-armored TXT files to upload to your Foreman instance.
2.2. Create products called Debian 10 and Debian 10 client
Navigate to Content > Hosts and create two new products.
2.3. Create the necessary Debian 10 repositories
Navigate to Content > Products and select the Debian 10 product. Create three deb repositories:
- Debian 10 main:
- URL:
http://ftp.debian.org/debian/
- Releases:
buster
- Component:
main
- Architecture:
amd64
- URL:
- Debian 10 security:
- URL:
http://deb.debian.org/debian-security/
- Releases:
buster/updates
- Component:
main
- Architecture:
amd64
- URL:
If you want, you can add a self-hosted errata service: https://github.com/ATIX-AG/errata_server
and https://github.com/ATIX-AG/errata_parser
- Debian 10 updates:
- URL:
http://ftp.debian.org/debian/
- Releases:
buster-updates
- Component:
main
- Architecture:
amd64
- URL:
Select the content credentials that you created in step 2.1. Adjust the components and architecture as needed. Navigate to Content > Products and select the Debian 10 client product. Create a deb repository as follows:
- Debian 10 subscription-manager
- URL:
https://apt.atix.de/Debian10/
- Releases:
stable
- Component:
main
- Architecture:
amd64
- URL:
Select the content credentials you created in step 2.1. The Debian 10 client contains the subscription-manager package, which runs on each content host to receive content from the Foreman Server or an attached Smart Proxy. Navigate to apt.atix.de for further instructions.
2.4. Synchronize the repositories
If you want, you can create a sync plan to sync the Debian 10 and Debian 10 client products periodically. To sync the product once, click the Select Action > Sync Now button on the Products page.
2.5. Create content views
Navigate to Content > Content Views and create a content view called Debian 10 comprising the Debian upstream repositories created in the Debian 10 product and publish a new version. Do the same for the Debian 10 client repository of the Debian 10 client product.
2.6. Create a composite content view
Create a new composite content view called Composite Debian 10 comprising the previously published Debian 10 and Debian 10 client content views and publish a new version. You may optionally add other content views of your choice (e.g., Puppet).
2.7. Create an activation key
Navigate to Content > Activation Keys and create a new activation key called debian-10:
- Select the Library lifecycle environment and add the Composite Debian 10 content view.
- On the Details tab, assign the correct lifecycle environment and composite content view.
- On the Subscriptions tab, assign the necessary subscriptions, i.e., the Debian 10 and Debian 10 client products.
3. Deploy a host
3.1. Enable provisioning via Port 8000
Connect to your Foreman instance via SSH and edit the following file:
/etc/foreman-proxy/settings.yml
Search for :http_port: 8000
and make sure it is not commented out (i.e., the line does not start with a #
).
3.2. Create a host group
Navigate to Configure > Host Groups and create a new host group called Debian 10. Check out the Foreman documentation on creating host groups, and make sure to select the correct entries on the Operating System and Activation Keys tabs.
3.3. Create a new host
Navigate to Hosts > Create Host and either select the host group as described above or manually enter the identical information.
Tip: Deploying hosts running Ubuntu 20.04 is even easier, as you can use its official installation media ISO image and do offline installations. Check out orcharhino's Managing Ubuntu Systems Guide for more information.
ATIX has developed several Foreman plugins, and is an integral part of the Foreman open source ecosystem. The community's feedback on our contributions is passed back to our customers, as we continuously strive to improve our downstream product, orcharhino.
Comments are closed.