updates to latest releases and some small fixes

Author: dgoetz

README.md

@@ -2,7 +2,7 @@
 
 This training is designed as a two day hands-on training introducing Foreman.
 
-In the training you will get basic knowlegde of the architecture of Foreman. You will
+In the training you will get basic knowledge of the architecture of Foreman. You will
 install and configure Foreman to provide several ways of provisioning. The configuration
 management solution used is Puppet to show configuration management integration into Foreman.
 Furthermore user and permission management of Foreman is shown. And last but not least
@@ -18,9 +18,9 @@ In addition to the sources you can find the rendered material on
 [netways.github.io](https://netways.github.io/foreman-training)
 
 * [Presentation](https://netways.github.io/foreman-training)
-* [Handouts](https://github.com/NETWAYS/foreman-training/releases/download/v1.4/foreman-training-handouts.pdf)
-* [Exercises](https://github.com/NETWAYS/foreman-training/releases/download/v1.4/foreman-training-exercises.pdf)
-* [Solutions](https://github.com/NETWAYS/foreman-training/releases/download/v1.4/foreman-training-solutions.pdf)
+* [Handouts](https://github.com/NETWAYS/foreman-training/releases/download/v1.6/foreman-training-handouts.pdf)
+* [Exercises](https://github.com/NETWAYS/foreman-training/releases/download/v1.6/foreman-training-exercises.pdf)
+* [Solutions](https://github.com/NETWAYS/foreman-training/releases/download/v1.6/foreman-training-solutions.pdf)
 
 ## Provide your own training
 

Setup.md

@@ -2,15 +2,15 @@
 
 ## Virtual machine foreman.localdomain
 
-To setup a new version of the virtual machine install CentOS from ISO, only configuration required is
+To setup a new version of the virtual machine install CentOS 8 from ISO, only configuration required is
 setting the network interface to manual, ip address 10.0.0.2, netmask 255.255.0.0, gateway 10.0.0.1,
 dns 10.0.0.1.
 
 Afterwards run the finish.sh provided in the _files directory to setup host entries and openldap.
 
 ## Virtual machine monitoring.localdomain
 
-To setup a new version of the virtual machine install CentOS from ISO, only configuration required is
+To setup a new version of the virtual machine install CentOS 8 from ISO, only configuration required is
 setting the network interface to manual, ip address 10.0.0.3, netmask 255.255.0.0, gateway 10.0.0.1,
 dns 10.0.0.1.
 
@@ -19,8 +19,8 @@ Icinga 2, Icinga Web 2 and Director with preparations for the exercise.
 
 ## Local mirror
 
-A Vagrant file is provided in the directory to setup a local mirror of CentOS 7 x86_64, EPEL 7 x86_64
-Puppet EPEL 7 x86_64, Foreman EPEL 7 x86_64 and the Discovery Image. This machine will require about
+A Vagrant file is provided in the directory to setup a local mirror of CentOS 8 x86_64, EPEL 8 x86_64
+Puppet EPEL 8 x86_64, Foreman EPEL 8 x86_64 and the Discovery Image. This machine will require about
 25GB.
 
 ## Katello Demo

Vagrantfile

@@ -1,89 +1,54 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 
-# All Vagrant configuration is done below. The "2" in Vagrant.configure
-# configures the configuration version (we support older styles for
-# backwards compatibility). Please don't change it unless you know what
-# you're doing.
 Vagrant.configure(2) do |config|
-  # The most common configuration options are documented and commented below.
-  # For a complete reference, please see the online documentation at
-  # https://docs.vagrantup.com.
-
-  # Every Vagrant development environment requires a box. You can search for
-  # boxes at https://atlas.hashicorp.com/search.
-  config.vm.box = "centos/7"
-  config.vm.hostname = "mirror"
-  config.vm.synced_folder ".", "/vagrant", type: "rsync"
-
-  # Disable automatic box update checking. If you disable this, then
-  # boxes will only be checked for updates when the user runs
-  # `vagrant box outdated`. This is not recommended.
-  # config.vm.box_check_update = false
-
-  # Create a forwarded port mapping which allows access to a specific port
-  # within the machine from a port on the host machine. In the example below,
-  # accessing "localhost:8080" will access port 80 on the guest machine.
-  # config.vm.network "forwarded_port", guest: 80, host: 8080
-
-  # Create a private network, which allows host-only access to the machine
-  # using a specific IP.
-  # config.vm.network "private_network", ip: "192.168.33.10"
-
-  # Create a public network, which generally matched to bridged network.
-  # Bridged networks make the machine appear as another physical device on
-  # your network.
-  # config.vm.network "public_network"
-
-  # Share an additional folder to the guest VM. The first argument is
-  # the path on the host to the actual folder. The second argument is
-  # the path on the guest to mount the folder. And the optional third
-  # argument is a set of non-required options.
-  # config.vm.synced_folder "../data", "/vagrant_data"
-
-  # Provider-specific configuration so you can fine-tune various
-  # backing providers for Vagrant. These expose provider-specific options.
-  # Example for VirtualBox:
-  #
-  # config.vm.provider "virtualbox" do |vb|
-  #   # Display the VirtualBox GUI when booting the machine
-  #   vb.gui = true
-  #
-  #   # Customize the amount of memory on the VM:
-  #   vb.memory = "1024"
-  # end
-  #
-  # View the documentation for the provider you are using for more
-  # information on available options.
-
-  # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies
-  # such as FTP and Heroku are also available. See the documentation at
-  # https://docs.vagrantup.com/v2/push/atlas.html for more information.
-  # config.push.define "atlas" do |push|
-  #   push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME"
-  # end
-
-  # Enable provisioning with a shell script. Additional provisioners such as
-  # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
-  # documentation for more information about their specific syntax and use.
-  config.vm.provision "shell", inline: <<-SHELL
-    sleep 10
-    sudo yum -y install rsync httpd wget
-    sudo systemctl enable httpd.service
-    sudo systemctl start httpd.service
-    # CentOS 7
-    sudo mkdir -p /var/www/html/centos/7.4.1708/os/
-    sudo ln -s /var/www/html/centos/7.4.1708 /var/www/html/centos/7
-    sudo rsync  -avSHP --delete --exclude "local*" --exclude "isos" mirror.eu.oneandone.net::centos/7.4.1708/os/ /var/www/html/centos/7.4.1708/os/
-    sudo mkdir -p /var/www/html/epel/7/x86_64/
-    sudo rsync -vaH --exclude="debug*" --numeric-ids --delete --delete-after --delay-updates rsync://rsync.hrz.tu-chemnitz.de/fedora-epel/7/x86_64/ /var/www/html/epel/7/x86_64/
-    sudo mkdir -p /var/www/html/puppet5/el/7/x86_64/
-    sudo rsync -av --copy-links --del rsync://yum.puppet.com/packages/yum/puppet5/el/7/x86_64/ /var/www/html/puppet5/el/7/x86_64/
-    sudo mkdir -p /var/www/html/foreman/releases/latest/el7/x86_64/
-    sudo rsync -av --copy-links --del rsync://yum.theforeman.org/yum/releases/latest/el7/x86_64/ /var/www/html/foreman/releases/latest/el7/x86_64/
-    sudo mkdir -p /var/www/html/foreman/plugins/latest/el7/x86_64/
-    sudo rsync -av --copy-links --del rsync://yum.theforeman.org/yum/plugins/latest/el7/x86_64/ /var/www/html/foreman/plugins/latest/el7/x86_64/
-    sudo mkdir -p /var/www/html/foreman/discovery
-    sudo wget -P /var/www/html/foreman/discovery http://downloads.theforeman.org/discovery/releases/latest/fdi-image-latest.tar
-  SHELL
+  config.vm.define "mirror" do |mirror|
+    mirror.vm.box = "centos/7"
+    mirror.vm.hostname = "mirror.localdomain"
+    mirror.vm.synced_folder ".", "/vagrant", type: "rsync"
+
+    mirror.vm.provision "shell", inline: <<-SHELL
+      sleep 10
+      sudo yum -y install rsync httpd wget
+      sudo systemctl enable httpd.service
+      sudo systemctl start httpd.service
+      # CentOS 8
+      sudo mkdir -p /var/www/html/centos/8.2.2004/{BaseOS,AppStream}/x86_64
+      sudo ln -s /var/www/html/centos/8.2.2004 /var/www/html/centos/8
+      sudo rsync  -avSHP --delete --exclude "local*" --exclude "isos" mirror.eu.oneandone.net::centos/8.2.2004/BaseOS/x86_64/ /var/www/html/centos/8.2.2004/BaseOS/x86_64/
+      sudo rsync  -avSHP --delete --exclude "local*" --exclude "isos" mirror.eu.oneandone.net::centos/8.2.2004/AppStream/x86_64/ /var/www/html/centos/8.2.2004/AppStream/x86_64/
+      sudo mkdir -p /var/www/html/epel/8/{Everything,Modular}/x86_64/
+      sudo rsync -vaH --exclude="debug*" --numeric-ids --delete --delete-after --delay-updates rsync://rsync.hrz.tu-chemnitz.de/fedora-epel/8/Everything/x86_64/ /var/www/html/epel/8/Everything/x86_64/
+      sudo rsync -vaH --exclude="debug*" --numeric-ids --delete --delete-after --delay-updates rsync://rsync.hrz.tu-chemnitz.de/fedora-epel/8/Modular/x86_64/ /var/www/html/epel/8/Modular/x86_64/
+      sudo mkdir -p /var/www/html/puppet6/el/8/x86_64/
+      sudo rsync -av --copy-links --del --exclude "pdk*" --exclude "puppet-bolt*" --exclude "puppetdb*" --exclude="puppetserver*" rsync://rsync.puppet.com/packages/yum/puppet6/el/8/x86_64/ /var/www/html/puppet6/el/8/x86_64/
+      sudo mkdir -p /var/www/html/foreman/releases/latest/el8/x86_64/
+      sudo rsync -av --copy-links --del rsync://rsync.theforeman.org/yum/releases/latest/el8/x86_64/ /var/www/html/foreman/releases/latest/el8/x86_64/
+      sudo mkdir -p /var/www/html/foreman/plugins/latest/el8/x86_64/
+      sudo rsync -av --copy-links --del rsync://rsync.theforeman.org/yum/plugins/latest/el8/x86_64/ /var/www/html/foreman/plugins/latest/el8/x86_64/
+      sudo mkdir -p /var/www/html/foreman/client/latest/el8/x86_64/
+      sudo rsync -av --copy-links --del rsync://rsync.theforeman.org/yum/client/latest/el8/x86_64/ /var/www/html/foreman/client/latest/el8/x86_64/
+      sudo mkdir -p /var/www/html/foreman/discovery
+      sudo rm /var/www/html/foreman/discovery/fdi-image-latest.tar
+      sudo wget -P /var/www/html/foreman/discovery http://downloads.theforeman.org/discovery/releases/latest/fdi-image-latest.tar
+    SHELL
+  end
+
+  config.vm.define "foreman" do |foreman|
+    foreman.vm.box = "centos/8"
+    foreman.vm.hostname = "foreman.localdomain"
+    foreman.vm.synced_folder ".", "/vagrant", type: "rsync"
+
+    foreman.vm.provision "shell", path: "_files/share/foreman/finish.sh"
+  end
+
+  config.vm.define "monitoring" do |foreman|
+    foreman.vm.box = "centos/8"
+    foreman.vm.hostname = "monitoring.localdomain"
+    foreman.vm.synced_folder ".", "/vagrant", type: "rsync"
+
+    foreman.vm.provision "file", source: "_files/share/monitoring/monitoring.localdomain.pp", destination: "~/"
+    foreman.vm.provision "file", source: "_files/share/monitoring/icingaweb2.conf", destination: "~/"
+    foreman.vm.provision "shell", path: "_files/share/monitoring/finish.sh"
+  end
 end

_files/share/finish.sh _files/share/foreman/finish.sh_files/share/finish.sh renamed to _files/share/foreman/finish.sh

@@ -3,9 +3,11 @@ echo "10.0.0.1 host.localdomain host" >> /etc/hosts
 echo "10.0.0.2 foreman.localdomain foreman" >> /etc/hosts
 echo "10.0.0.3 monitoring.localdomain monitoring" >> /etc/hosts
 
-yum install -y openldap-servers openldap-clients
+yum install -y wget
+wget -q https://repo.symas.com/configs/SOFL/rhel8/sofl.repo -O /etc/yum.repos.d/sofl.repo
+yum install -y symas-openldap-servers symas-openldap-clients
 
-echo 'dn: olcDatabase={2}hdb,cn=config
+echo 'dn: olcDatabase={2}mdb,cn=config
 changetype: modify
 replace: olcSuffix
 olcSuffix: dc=localdomain

_files/share/users.ldif _files/share/foreman/users.ldif_files/share/users.ldif renamed to _files/share/foreman/users.ldif

@@ -1,9 +1,9 @@
 #!/bin/bash
 yum install epel-release -y
-yum install http://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm -y
+yum install http://yum.puppetlabs.com/puppet6/puppet6-release-el-8.noarch.rpm -y
 yum install puppet-agent -y
 /opt/puppetlabs/bin/puppet module install puppetlabs-apache
 /opt/puppetlabs/bin/puppet module install puppetlabs-mysql
 /opt/puppetlabs/bin/puppet module install icinga-icinga2
 /opt/puppetlabs/bin/puppet module install icinga-icingaweb2
-/opt/puppetlabs/bin/puppet apply monitoring.localdomain.pp
+/opt/puppetlabs/bin/puppet apply -v monitoring.localdomain.pp

_files/share/monitoring/finish.sh

@@ -37,6 +37,7 @@ For more details see: http://theforeman.org/manuals/latest/index.html#4.1.5Searc
 * Graphs changes in your enviroment
 * Configured in the WebGUI and collected by a cronjob
 * Internal Host parameters or Facts provided by Configuration Management
+* Moved to a separate plugin with Foreman 2.2
 
 <div style="text-align:right">
 <img src="./_images/foreman-trend-puppetversion.png" style="float: right, max-width:200px; max-height: 300px; width: auto; height: auto; margin-top: 50px; margin-right: 260px" alt="Foreman Trends"/>
@@ -48,8 +49,10 @@ For more details see: http://theforeman.org/manuals/latest/index.html#4.1.5Searc
 
 <br/>
 Foreman can provide graphs about changes in your environment. Those are configured and displayed in the WebGUI in
-"Monitor > Trends" and a cronjob is performs the data collection. By default this cronjob runs every 30 minutes matching 
+"Monitor > Trends" and a cronjob performs the data collection. By default this cronjob runs every 30 minutes matching 
 Puppet's default run interval because most trends will be based on the facts collected by the configuration management
 solution, another source are Foreman's internal parameters like the operatingsystem of the host.
 
+This functionality was moved to a separate plugin with Foreman 2.2 which can enabled using `foreman-installer --enable-foreman-plugin-statistics`.
+
 ~~~ENDSECTION~~~

advanced/01_web.md

@@ -12,7 +12,7 @@
  * Requires a lot of space
 
 * Cleanup job is provided by the Foreman
- * Execute via cron
+ * Executed via cron
  * Can run with different parameters
 
 ~~~SECTION:handouts~~~
@@ -24,13 +24,13 @@ Depending on the solution, configuration and interval the required storage space
 
 ~~~PAGEBREAK~~~
 
-Foreman provides a cleanup job for this. Best Practice would be an execution as a cronjob. The command takes parameters
+Foreman provides a cleanup job for this in form of a cronjob. Best Practice would be to adjust is based on your needs. The command takes parameters
 for the maximum age to keep the status of the reports.
 
-Depending on your needs configure a daily cronjob like this to delete all reports 'without event', 'after one day' or
+For example configure the daily cronjob like this to delete all reports 'without event' 'after one day' and
 those with events 'after 7 days'.
 
-    #!/bin/sh
+    # vi /etc/cron.d/foreman
     foreman-rake reports:expire days=1 status=0
     foreman-rake reports:expire days=7
 
@@ -142,6 +142,7 @@ and see pending config changes, if some are shown run the foreman-installer agai
  * Restore
 * Handles Updates including Health checks
 * Maintenance mode prevents access to Foreman
+* Yum plugin prevents unexpected package sources
 
 ~~~SECTION:handouts~~~
 
@@ -150,6 +151,8 @@ and see pending config changes, if some are shown run the foreman-installer agai
 Foreman Maintain is a newly developed tool which tries to automate the previous tasks. It can handle multiple strategies for backup and restore,
 like offline and online, full and incremental. It ensures system health during Update and its maintenance mode prevents access to Foreman.
 
+The yum plugin "foreman-protector" is created to prevent accidental updates of packages from unexpected sources.
+
 For more information: https://theforeman.org/plugins/foreman_maintain/0.2/index.html
 
 ~~~ENDSECTION~~~

advanced/02_cleanup.md

@@ -11,6 +11,9 @@
  * Requires username and password
  * Collections are paged
  * Search strings like provided in the WebGUI
+* GraphQL
+ * Available since 1.22, still considered experimental
+ * Intended for development
 
 ~~~SECTION:handouts~~~
 
@@ -24,9 +27,13 @@ in the WebGUI but they have to be URL encoded.
 
 ~~~PAGEBREAK~~~
 
+Another API was introduced with GraphQL in 1.22. This API is more intended for development of
+plugins instead of scripting and still considered experimental, but should cover all objects
+of the core now and be available for a good number of plugins already.
+
 Usage explainations can be found at http://theforeman.org/manuals/latest/index.html#5.1API
 
-API documentation is located at http://theforeman.org/api/1.18/index.html
+API documentation is located at http://theforeman.org/api/2.0/index.html
 
 ~~~ENDSECTION~~~
 
@@ -71,20 +78,20 @@ API documentation is located at http://theforeman.org/api/1.18/index.html
 ### Query the API for all subnets using the URL endpoint "/api/subnets"
 
     # curl -k -u admin:PASSWORD -H "Accept: version=2,application/json" \ 
-    https://foreman.localdomain/api/subnets | python -m json.tool
+    https://foreman.localdomain/api/subnets | python3 -m json.tool
 
 ### Query the API for all Debian hosts using the URL endpoint "/api/hosts" and the search "os=Debian" or "facts.osfamily=Debian"
 
 If you want to see all systems configured in Foreman with operating system "Debian" run the following curl command. 
 This will also include hosts with provisioning pending.
 
     # curl -k -u admin:PASSWORD -H "Accept: version=2,application/json" \ 
-    https://foreman.localdomain/api/hosts?search=os%3DDebian | python -m json.tool
+    https://foreman.localdomain/api/hosts?search=os%3DDebian | python3 -m json.tool
 
 If you want to see all systems reported to run operating system "Debian" :
 
     # curl -k -u admin:PASSWORD -H "Accept: version=2,application/json" \ 
-    https://foreman.localdomain/api/hosts?search=facts.osfamily%3DDebian | python -m json.tool
+    https://foreman.localdomain/api/hosts?search=facts.osfamily%3DDebian | python3 -m json.tool
 
 ### Create a hostgroup "training" using the API with valid defaults
 
@@ -94,12 +101,12 @@ In the following command the ids depend on your environment and may differ:
     -X POST -d '{ "name":"training", "environment_id":1, "puppet_ca_proxy_id":1, "puppet_proxy_id":1, 
     "subnet_id":1, "domain_id":1, "architecture_id":1, "operatingsystem_id":1, "medium_id":1, "ptable_id":94, 
     "root_pass":"start123", "organization_id":2, "location_id":1 }' \
-    https://foreman.localdomain/api/hostgroups | python -m json.tool
+    https://foreman.localdomain/api/hostgroups | python3 -m json.tool
 
 ### Change the root password for the hostgroup "training" using the API
 
 You can verify the change in the Audits menu afterwards with:
 
     # curl -k -u admin:PASSWORD -H "Accept: version=2,application/json" -H "Content-Type: application/json" \ 
     -X PUT -d '{ "root_pass":"St@rt123" }' \
-    https://foreman.localdomain/api/hostgroups/training | python -m json.tool
+    https://foreman.localdomain/api/hostgroups/training | python3 -m json.tool

advanced/03_api.md

@@ -24,7 +24,7 @@ environment, so feel free to create your own plugins to solve your own administr
 
 <br/>
 
-A list of plugins is provided by the Github page of the framework: https://github.com/theforeman/hammer-cli
+An incomplete list of plugins is provided by the Github page of the framework: https://github.com/theforeman/hammer-cli
 
 ~~~ENDSECTION~~~
 
@@ -79,19 +79,19 @@ Adjust the configuration if required in `~/.hammer/cli.modules.d/foreman.yml`:
 
 ### Create the new Operatingsystem entry for "CentOS 6.8"
 
-    # hammer os create --name CentOS --major 6 --minor 8 --description "CentOS 6.8" --architectures x86_64 \ 
-    --family "Redhat" --password-hash SHA256 --media "CentOS mirror" --partition-tables "Kickstart default"
+    # hammer os create --name CentOS --major 7 --minor 8 --description "CentOS 7.8" --architectures x86_64 \ 
+    --family "Redhat" --password-hash SHA256 --media "CentOS 7 mirror" --partition-tables "Kickstart default"
 
 ### Associate the template "Kickstart default PXELinux" and set as default template
 
 The ids may vary depending on our environment but you can get them with the list subcommands.
 
     # hammer template add-operatingsystem --name "Kickstart default PXELinux" \
-    --operatingsystem "CentOS 6.8"
-    # hammer os set-default-template --config-template-id 35 --id 6
+    --operatingsystem "CentOS 7.8"
+    # hammer os set-default-template --provisioning-template-id 35 --id 6
 
 ### Associate the template "Kickstart default" and set as default template
 
     # hammer template add-operatingsystem --name "Kickstart default" \
-    --operatingsystem "CentOS 6.8"
-    # hammer os set-default-template --config-template-id 31 --id 6
+    --operatingsystem "CentOS 7.8"
+    # hammer os set-default-template --provisioning-template-id 31 --id 6