theforeman
Debian/Ubuntu install guides contain not working scenarios
@ekohl noticed that Installing on Ubunthu/Debian guides contain scenarios that do not work on those OSes. Here is his feedback:
- http://docs.theforeman.org/guides/build/doc-Installing_Proxy_on_Debian/index-foreman-deb.html#configuring-capsule-default-certificate_smart-proxy
Section 2.5. Configuring Smart Proxy server with a Default SSL Certificate in the Installing an External Smart Proxy Server on Debian guide does not work because the
foreman-proxy-certs-generatecommand does not exist on Debian. All other sections that describe how to configure Foreman and Proxy with certificates do not work as well and require reworking. - http://docs.theforeman.org/guides/build/doc-Installing_Proxy_on_Debian/index-foreman-deb.html#configuring-dns-dhcp-and-tftp_smart-proxy Rather than editing the service, you should really use --foreman-proxy-dhcp-interface and --foreman-proxy-dhcp-additional-interfaces. So pass --foreman-proxy-dhcp-additional-interfaces eth1 --foreman-proxy-dhcp-additional-interfaces eth2 in the procedure, drop 'Adding Multihomed DHCP details' entirely
- http://docs.theforeman.org/guides/build/doc-Installing_Proxy_on_Debian/index-foreman-deb.html#installing-capsule-server-packages_smart-proxy This section is also incorrect - you don't install a meta package, just the installer and the installer does everything so: apt-get install foreman-installe
- btw, the DHCP suggetion is also correct for Red Hat based instructions, both upstream and downstream
Hi @ekohl thanks so much for this.
with regards to the first point:
http://docs.theforeman.org/guides/build/doc-Installing_Proxy_on_Debian/index-foreman-deb.html#configuring-capsule-default-certificate_smart-proxy Section 2.5. Configuring Smart Proxy server with a Default SSL Certificate in the Installing an External Smart Proxy Server on Debian guide does not work because the foreman-proxy-certs-generate command does not exist on Debian. All other sections that describe how to configure Foreman and Proxy with certificates do not work as well and require reworking.
Could your blog about SSL certificates be used here? I might be completely off. I am just looking for a way to start with this. My knowledge of Debian installations is zero.
Could your blog about SSL certificates be used here?
Probably, but this is all covered in the official manual: https://theforeman.org/manuals/2.1/index.html#3.2.3InstallationScenarios
I am just looking for a way to start with this. My knowledge of Debian installations is zero.
Just know that anything that uses --scenario katello or --scenario foreman-proxy-content doesn't work on Debian. Only --scenario foreman exists there. The installer will automatically select a scenario if there is only one. That's why you never see --scenario in the vanilla Foreman documentation.
Looking at http://docs.theforeman.org/guides/build/doc-Installing_Proxy_on_Debian/index-foreman-deb.html#enabling-connections-to-capsule_smart-proxy there's more issues
- Port 5000 is Crane and part of Pulp 2. That also means it's not needed on vanilla Foreman (all distros), EL8 (doesn't support Pulp 2) and starting Katello 4.0 (drops Pulp 2).
- Port 5647 is qpid. Also part of Pulp 2 so the same story as above
- Port 9090 is the Katello port for Smart Proxy - not needed on vanilla Foreman (all distros)
http://docs.theforeman.org/guides/build/doc-Installing_Proxy_on_Debian/index-foreman-deb.html#supported-operating-systems_smart-proxy
We dropped support for Debian 9, only Debian 10 is covered. Ubuntu 16.04 is also gone.
I'd also say the system requirements are incorrect. A Smart Proxy without Puppetserver probably runs fine on 2GB RAM.
Another thing is that every example in http://docs.theforeman.org/guides/build/doc-Installing_Proxy_on_Debian/index-foreman-deb.html#performing-additional-configuration-on-capsule-server does list --no-enable-foreman but omits --no-enable-foreman-cli. If there is already an existing installation (and the lack of parameters to configure the connection to Foreman suggests this), you can also leave of --no-enable-foreman.
IMHO configuring chrony is also something you could leave out and only list in the requirements.
My recommendation would be to drop document this entirely and refer to the official manual. There's too many things that need to be modified.
foreman-proxy-certs-generate is part of Katello and therefore irrelevant for foreman-deb.
Rather than editing the service, you should really use --foreman-proxy-dhcp-interface and --foreman-proxy-dhcp-additional-interfaces. So pass --foreman-proxy-dhcp-additional-interfaces eth1 --foreman-proxy-dhcp-additional-interfaces eth2 in the procedure, drop 'Adding Multihomed DHCP details' entirely
Addressed in https://github.com/theforeman/foreman-documentation/pull/2488
My recommendation would be to drop document this entirely and refer to the official manual. There's too many things that need to be modified.
We've started to do this.
related discussion: What is the easiest way to generate and transfer the Foreman host certs to a fresh remote smart proxy during install in Foreman Community Forum
My recommendation would be to drop document this entirely and refer to the official manual. There's too many things that need to be modified.
We've started to do this.
4 years after this issue was created, we no longer provide a Proxy Installation guide for Debian.
triage: blocker of the milestone to move to docs.theforeman.org.
This still applies.
Overall, this issue looks a lot like a duplicate of https://github.com/theforeman/foreman-documentation/issues/647. Can we close it and continue with the other one? In https://github.com/theforeman/foreman-documentation/issues/647#issuecomment-1759691063, there was a suggestion to start opening more specific issues, which should eventually cover anything that was reported in this issue's description.
