NETWAYS
diff --git a/‎README.md‎
Lines changed: 3 additions & 3 deletions b/‎README.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎Setup.md‎
Lines changed: 23 additions & 28 deletions b/‎Setup.md‎
Lines changed: 23 additions & 28 deletions
diff --git a/‎Vagrantfile‎
Lines changed: 0 additions & 54 deletions b/‎Vagrantfile‎
Lines changed: 0 additions & 54 deletions
diff --git a/‎_files/share/foreman-preparation.yml‎
Lines changed: 177 additions & 0 deletions b/‎_files/share/foreman-preparation.yml‎
Lines changed: 177 additions & 0 deletions
@@ -18,9 +18,9 @@ In addition to the sources you can find the rendered material on
 [netways.github.io](https://netways.github.io/foreman-training)
 
 * [Presentation](https://netways.github.io/foreman-training)
-* [Handouts](https://github.com/NETWAYS/foreman-training/releases/download/v1.8/foreman-training-handouts.pdf)
-* [Exercises](https://github.com/NETWAYS/foreman-training/releases/download/v1.8/foreman-training-exercises.pdf)
-* [Solutions](https://github.com/NETWAYS/foreman-training/releases/download/v1.8/foreman-training-solutions.pdf)
+* [Handouts](https://github.com/NETWAYS/foreman-training/releases/download/v1.9/foreman-training-handouts.pdf)
+* [Exercises](https://github.com/NETWAYS/foreman-training/releases/download/v1.9/foreman-training-exercises.pdf)
+* [Solutions](https://github.com/NETWAYS/foreman-training/releases/download/v1.9/foreman-training-solutions.pdf)
 
 ## Provide your own training
 
 
@@ -2,58 +2,53 @@
 
 ## Virtual machine foreman.localdomain
 
-To setup a new version of the virtual machine install CentOS Stream 8 from ISO, only configuration required is
+To setup a new version of the virtual machine install CentOS Stream 9 from ISO, only configuration required is
 setting the network interface to manual, ip address 10.0.0.2, netmask 255.255.0.0, gateway 10.0.0.1,
-dns 10.0.0.1.
+dns 10.0.0.1. In addition you may want to allow SSH access for root.
 
-Afterwards run the finish.sh provided in the _files directory to setup host entries and openldap.
+Afterwards run the Ansible playbook provided in the _files directory to setup host entries and openldap.
 
 ## Virtual machine monitoring.localdomain
 
-To setup a new version of the virtual machine install Ubuntu 22.04 Server from ISO, only configuration required is
+To setup a new version of the virtual machine install Ubuntu 24.04 Server from ISO, only configuration required is
 setting the network interface to manual, ip address 10.0.0.3, netmask 255.255.0.0, gateway 10.0.0.1,
 dns 10.0.0.1 and creating a user training with the default password.
 
-Afterwards run the finish.sh to setup host including Icinga 2, Icinga Web 2 and Director with preparations for the exercise.
+Afterwards run the Ansible playbook provided in the _files directory to setup host including Icinga 2, Icinga Web 2 and Director with preparations for the exercise.
 
 ## Local mirror
 
-A Vagrant file is provided in the directory to setup a local mirror of CentOS 8 x86_64, EPEL 8 x86_64
-Puppet EPEL 8 x86_64, Foreman EPEL 8 x86_64 and the Discovery Image. This machine will require about
-25GB.
+To provide a local mirror use a Katello instance like needed for the Katello Demo.
+In addition to RPM and DEB repositories you will need some files like the Ubuntu isos and Discovery image which you can drop in the /pub directory.
+As most repositories stopped providing rsync, this is the best solution. Some limitations like Katello not supporting the debian installer and the need to publish unprotected do apply of course.
+You can also use on-demand downloading to save space, just run all the exercises once against the mirror.
 
 ## Katello Demo
 
 To setup the Katello demo follow this guide (it requires vagrant and ansible to be installed):
 
     # git clone https://github.com/Katello/forklift.git
     # cd forklift
-    # vagrant up centos7-katello-3.10
+    # vagrant up centos9-stream-katello-4.15
 
 This will setup your Katello server, login with the provided credentials and add the following content:
 
-* GPG Key "RPM-GPG-KEY-CentOS-7" by uploading the key from a CentOS 7 system
-* Product "CentOS7" with the key assigned
-* Repository "CentOS7-Base-x86_64" of type "yum" and URL "http://mirror.centos.org/centos/7/os/x86_64/"
-* Sync this repository - it will consume about 7GB (or choose "On Demand" to save some storage)
+* GPG Key "RPM-GPG-KEY-centosofficial" by uploading the key from a CentOS Stream system
+* Product "CentOS" with the key assigned
+* Repository "CentOS-Stream-9-Base-x86_64" of type "yum" and URL "https://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os/"
+* Repository "CentOS-Stream-9-Appstream-x86_64" of type "yum" and URL "https://mirror.stream.centos.org/9-stream/Appstream/x86_64/os/"
+* Sync this repository - it will consume about 10GB (or choose "On Demand" to save some storage)
 * Life Cycle Environment "Test" and "Production"
-* Content View "CentOS7"
- * Add the Repository "CentOS7-Base-x86_64"
+* Content View "CentOS"
+ * Add the Repositories "CentOS-Stream-9-Base-x86_64" and "CentOS-Stream-9-Appstream-x86_64"
  * Publish new version
  * Promote "Version 1.0" to Life Cycle Environment "Test"
-* Activation Key "CentOS7-Test"
- * Assigned to Life Cycle Environment "Test" and Content View "CentOS7"
- * Subscription to Repository "CentOS7-Base-x86_64"
+* Activation Key "CentOS Stream 9 - Test"
+ * Assigned to Life Cycle Environment "Test" and Content View "CentOS"
+ * Enable the Repositories
 
-Register the system to itself:
+Register the system to itself (typically not recommended) or use another system (depending on your setup) using the command provided by the UI.
 
-    # vagrant ssh centos7-katello-3.10
-    # yum -y install katello-agent http://$(hostname -f)/pub/katello-ca-consumer-latest.noarch.rpm
-    # subscription-manager register --org Default_Organization --activationkey="CentOS7-Test"
+If you own a Red Hat Developer Subscription, it is also possible to create a Manifest and show the Red Hat specific parts.
 
-If you own a Red Hat Developer Subscription, it is also possible to create a Manifest and show the Red Hat
-specific parts.
-
-If you own a SUSE Subscription, you can install "tfm-rubygem-foreman_scc_manager" to show the SLES specific
-parts. At the moment it requires you to install the nightly package because 3.10 does not include plugin
-version 1.6.0 or higher.
+If you own a SUSE Subscription, you can install "tfm-rubygem-foreman_scc_manager" to show the SLES specific parts.
@@ -0,0 +1,177 @@
+---
+- name: Prepare Foreman Setup
+  hosts: foreman.localdomain
+  become: true
+  gather_facts: true
+  tasks:
+    - name: Ensure hostname is set
+      ansible.builtin.hostname:
+        name: foreman
+        use: systemd
+
+    - name: Ensure host entries
+      ansible.builtin.blockinfile:
+        path: /etc/hosts
+        append_newline: true
+        prepend_newline: true
+        block: |
+          10.0.0.1 host.localdomain host
+          10.0.0.2 foreman.localdomain foreman
+          10.0.0.3 monitoring.localdomain monitoring
+
+    - name: Install epel-release
+      ansible.builtin.dnf:
+        name: epel-release
+        state: installed
+
+    - name: Disable repository {{ item }}
+      ansible.builtin.ini_file:
+        path: "/etc/yum.repos.d/{{ item }}.repo"
+        section: "{{ item }}"
+        option: enabled
+        value: 0
+      loop:
+        - epel
+        - epel-next
+        - epel-cisco-openh264
+
+    - name: Install OpenLDAP server
+      ansible.builtin.dnf:
+        name:
+          - openldap-servers
+          - openldap-clients
+          - python3-ldap
+        state: installed
+        enablerepo: epel
+
+    - name: Start OpenLDAP server
+      ansible.builtin.service:
+        name: slapd
+        state: started
+        enabled: true
+
+    - name: OpenLDAP - Define Suffix
+      community.general.ldap_attrs:
+        dn: olcDatabase={2}mdb,cn=config
+        attributes:
+          olcSuffix: dc=localdomain
+        state: exact
+
+    - name: OpenLDAP - Set up admin
+      community.general.ldap_attrs:
+        dn: olcDatabase={2}mdb,cn=config
+        attributes:
+          olcRootDN: "{{ ldap_user }}"
+          olcRootPW: "{{ ldap_password_encrypted }}"
+        state: exact
+
+    - name: OpenLDAP - Check for schema cosine
+      ansible.builtin.command: ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config -s one '(cn={*}cosine)' dn
+      changed_when: false
+      register: schema_cosine_loaded
+
+    - name: OpenLDAP - Load schema cosine
+      ansible.builtin.command: ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
+      when: not schema_cosine_loaded.stdout
+
+    - name: OpenLDAP - Check for schema inetorgperson
+      ansible.builtin.command: ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config -s one '(cn={*}inetorgperson)' dn
+      changed_when: false
+      register: schema_inetorgperson_loaded
+
+    - name: OpenLDAP - Load schema inetorgperson
+      ansible.builtin.command: ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
+      when: not schema_inetorgperson_loaded.stdout
+
+    - name: OpenLDAP - Check for schema nis
+      ansible.builtin.command: ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config -s one '(cn={*}nis)' dn
+      changed_when: false
+      register: schema_nis_loaded
+
+    - name: OpenLDAP - Load schema nis
+      ansible.builtin.command: ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
+      when: not schema_nis_loaded.stdout
+
+    - name: OpenLDAP - Root
+      community.general.ldap_entry:
+        dn: dc=localdomain
+        bind_dn: "{{ ldap_user }}"
+        bind_pw: "{{ ldap_password }}"
+        objectClass:
+          - dcObject
+          - organizationalUnit
+        attributes:
+          ou: localdomain
+
+    - name: OpenLDAP - OU for User
+      community.general.ldap_entry:
+        bind_dn: "{{ ldap_user }}"
+        bind_pw: "{{ ldap_password }}"
+        dn: ou=users,dc=localdomain
+        objectClass: organizationalUnit
+
+    - name: OpenLDAP - User administrator
+      community.general.ldap_entry:
+        bind_dn: "{{ ldap_user }}"
+        bind_pw: "{{ ldap_password }}"
+        dn: cn=administrator,ou=users,dc=localdomain
+        objectClass: inetOrgPerson
+        attributes:
+          sn: User
+          description: Administrator
+          userPassword: "{{ ldap_password_encrypted }}"
+          givenName: Administrator
+          mail: administrator@localdomain
+          uid: administrator
+
+    - name: OpenLDAP - User viewer
+      community.general.ldap_entry:
+        bind_dn: "{{ ldap_user }}"
+        bind_pw: "{{ ldap_password }}"
+        dn: cn=viewer,ou=users,dc=localdomain
+        objectClass: inetOrgPerson
+        attributes:
+          sn: User
+          description: Viewer
+          userPassword: "{{ ldap_password_encrypted }}"
+          givenName: Viewer
+          mail: viewer@localdomain
+          uid: viewer
+
+    - name: OpenLDAP - User selfservice
+      community.general.ldap_entry:
+        bind_dn: "{{ ldap_user }}"
+        bind_pw: "{{ ldap_password }}"
+        dn: cn=selfservice,ou=users,dc=localdomain
+        objectClass: inetOrgPerson
+        attributes:
+          sn: User
+          description: Selfservice
+          userPassword: "{{ ldap_password_encrypted }}"
+          givenName: Selfservice
+          mail: selfservice@localdomain
+          uid: selfservice
+
+    - name: OpenLDAP - OU for Groups
+      community.general.ldap_entry:
+        bind_dn: "{{ ldap_user }}"
+        bind_pw: "{{ ldap_password }}"
+        dn: ou=groups,dc=localdomain
+        objectClass: organizationalUnit
+
+    - name: OpenLDAP - Group admins
+      community.general.ldap_entry:
+        bind_dn: "{{ ldap_user }}"
+        bind_pw: "{{ ldap_password }}"
+        dn: cn=admins,ou=groups,dc=localdomain
+        objectClass: posixGroup
+        attributes:
+          description: Admins
+          gidNumber: 666
+          memberUid: administrator
+
+    - name: Stop firewalld
+      ansible.builtin.service:
+        name: firewalld
+        state: stopped
+        enabled: false