问题[foreman](server)

我在使用 Foreman 中的全局变量时遇到了一些麻烦。我有一个名为 ALLOW_AD_USERS 的全局变量，我可以在针对主机的事实部分中看到它。我正在尝试在与主机关联的 YAML 配置中使用此变量。它似乎只是以类似的方式复制它。

阅读手册后，我想我可以添加"${$foreman::ALLOW_AD_USERS}"并自动归档我在全局变量中定义的名称。

任何帮助在这里都会很棒。

sssd:
  domains: example.com
  config_file_version: 2
  services:
  - nss
  - pam
domain/example.com
  ad_domain: example.com
  krb5_realm: EXAMPLE.COM
  realmd_tags: manages-system joined-with-adcli
  cache_credentials: true
  id_provider: ad
  access_provider: simple
  simple_allow_users:
  - "${$foreman::ALLOW_AD_USERS}"
  ignore_group_members: true
  dyndns_update: true
  ad_gpo_map_permit: "+polkit-1"

我开始了我的新工作，它在一个小型基础架构中，但他们经常在 CentOS 下配置新的虚拟机。目前他们在 VMWare VCenter 中使用模板，但它只是一个克隆，当他们想要修改克隆时，他们必须配置它，然后从这个新 VM 创建一个新模板。

我将所有软件包安装和配置转换为 ansible 角色，但我继续使用 VMWare 模板......

您知道可以与 VMWare 基础架构链接并从头开始配置 CentOS VM 的产品吗？

谢谢你的提前，问候。

我目前正在构建一个基础设施管理工具，用于配置裸机和虚拟机等。我们有一个工作虚拟机，它通过 SSH 在远程节点上运行命令（通过 ansible）。

其中一个步骤需要重新启动节点以应用一些配置。重启完成后，工作进程必须在节点上运行更多命令（必须同步完成）。

我的问题是，如何检查重启是否完成？

我可以添加一个睡眠定时器（等到重启完成），但我觉得这是一个糟糕的解决方案，原因有很多。

另一种选择是每隔 5 秒左右从我的工作进程尝试 SSH 到远程节点，如果失败，请继续重试，直到我获得成功连接。

还有另一种方法吗？

我正在尝试给工头一个尝试，我按照网站上的教程将它安装在 Debian 8 上。但是，当我尝试加载工头时，我得到：

Sinatra 不知道这个小曲。

# in usr/share/foreman-proxy/modules/root/root_api.rb
class Proxy::RootApi
  get '/' do
    "Hello World"
  end
end

我在生产日志中也没有看到任何有用的东西。有什么建议么？我应该查看其他日志吗？

这是使用 postgresql 后端的工头/木偶的新安装。尝试添加新主机（或使用我们导入的以前的数据库主机更新现有主机）时，在工头 Web ui 中会看到以下错误。

Unable to save
Create Reverse IPv4 DNS record for raul-cubito.ncct.global task failed with the following error: ERF12-2357 [ProxyAPI::ProxyException]: Unable to set DNS entry ([RestClient::BadRequest]: 400 Bad Request) for proxy https://factory-7.ncct.global:8443/dns

我们还在命名日志中收到以下错误（raul-cubito.ncct.global 是创建的随机名称工头）。

25-Jan-2017 19:30:31.408 general: debug 1: zone_settimer: zone 105.100.IN-ADDR.ARPA/IN: enter
25-Jan-2017 19:30:31.408 general: debug 1: zone_timer: zone 112.100.IN-ADDR.ARPA/IN: enter
25-Jan-2017 19:30:31.408 general: debug 1: zone_maintenance: zone 112.100.IN-ADDR.ARPA/IN: enter
25-Jan-2017 19:30:31.408 general: debug 1: zone_settimer: zone 112.100.IN-ADDR.ARPA/IN: enter
25-Jan-2017 19:30:31.408 general: debug 1: zone_timer: zone 127.100.IN-ADDR.ARPA/IN: enter
25-Jan-2017 19:30:31.408 general: debug 1: zone_maintenance: zone 127.100.IN-ADDR.ARPA/IN: enter
25-Jan-2017 19:30:31.408 general: debug 1: zone_settimer: zone 127.100.IN-ADDR.ARPA/IN: enter
25-Jan-2017 19:30:31.408 general: debug 1: zone_timer: zone authors.bind/CH: enter
25-Jan-2017 19:30:31.408 general: debug 1: zone_maintenance: zone authors.bind/CH: enter
25-Jan-2017 19:30:31.408 general: debug 1: zone_settimer: zone authors.bind/CH: enter
25-Jan-2017 19:31:18.411 update-security: info: client 127.0.0.1#43296/key rndc.key: signer "rndc.key" approved
25-Jan-2017 19:31:18.412 update: info: client 127.0.0.1#43296/key rndc.key: updating zone 'ncct.global/IN': adding an RR at 'raul-cubito.ncct.global' A
25-Jan-2017 19:31:18.430 general: debug 1: zone_needdump: zone ncct.global/IN: enter
25-Jan-2017 19:31:18.430 general: debug 1: zone_settimer: zone ncct.global/IN: enter
25-Jan-2017 19:31:18.430 general: debug 1: zone_settimer: zone ncct.global/IN: enter
25-Jan-2017 19:31:18.431 general: debug 1: zone_timer: zone ncct.global/IN: enter
25-Jan-2017 19:31:18.431 general: debug 1: zone_maintenance: zone ncct.global/IN: enter
25-Jan-2017 19:31:18.431 general: debug 1: zone_settimer: zone ncct.global/IN: enter
25-Jan-2017 19:31:18.518 update-security: info: client 127.0.0.1#63594/key rndc.key: update '10.IN-ADDR.ARPA/IN' denied
25-Jan-2017 19:31:18.646 update-security: info: client 127.0.0.1#18812/key rndc.key: signer "rndc.key" approved
25-Jan-2017 19:31:18.646 update: info: client 127.0.0.1#18812/key rndc.key: updating zone 'ncct.global/IN': deleting rrset at 'raul-cubito.ncct.global' A
25-Jan-2017 19:31:18.676 general: debug 1: zone_needdump: zone ncct.global/IN: enter
25-Jan-2017 19:31:18.677 general: debug 1: zone_settimer: zone ncct.global/IN: enter
25-Jan-2017 19:31:18.677 general: debug 1: zone_settimer: zone ncct.global/IN: enter
25-Jan-2017 19:31:18.677 database: debug 1: decrement_reference: delete from rbt: 0x7fbab1f1f0d0 raul-cubito.ncct.global
25-Jan-2017 19:31:23.431 general: debug 1: zone_timer: zone ncct.global/IN: enter
25-Jan-2017 19:31:23.431 general: debug 1: zone_maintenance: zone ncct.global/IN: enter
25-Jan-2017 19:31:23.431 general: debug 1: zone_settimer: zone ncct.global/IN: enter

工头代理日志在这里：

D, [2017-01-25T19:31:18.323970 ] DEBUG -- : close: 10.1.0.231:48712
D, [2017-01-25T19:31:18.366717 ] DEBUG -- : accept: 10.1.0.231:48714
D, [2017-01-25T19:31:18.369179 ] DEBUG -- : Rack::Handler::WEBrick is invoked.
D, [2017-01-25T19:31:18.372605 ] DEBUG -- : verifying remote client 10.1.0.231 against trusted_hosts ["factory-7.ncct.global"]
D, [2017-01-25T19:31:18.375281 ] DEBUG -- : running /usr/bin/nsupdate -k /etc/rndc.key 
D, [2017-01-25T19:31:18.387114 ] DEBUG -- : nsupdate: executed - server 127.0.0.1
D, [2017-01-25T19:31:18.387261 ] DEBUG -- : nsupdate: executed - update add raul-cubito.ncct.global. 86400 A 10.1.0.235
I, [2017-01-25T19:31:18.438840 ]  INFO -- : 10.1.0.231 - - [25/Jan/2017:19:31:18 +0000] "POST /dns/ HTTP/1.1" 200 - 0.0666

D, [2017-01-25T19:31:18.440716 ] DEBUG -- : close: 10.1.0.231:48714
D, [2017-01-25T19:31:18.485007 ] DEBUG -- : accept: 10.1.0.231:48716
D, [2017-01-25T19:31:18.487437 ] DEBUG -- : Rack::Handler::WEBrick is invoked.
D, [2017-01-25T19:31:18.488705 ] DEBUG -- : verifying remote client 10.1.0.231 against trusted_hosts ["factory-7.ncct.global"]
D, [2017-01-25T19:31:18.491298 ] DEBUG -- : running /usr/bin/nsupdate -k /etc/rndc.key 
D, [2017-01-25T19:31:18.494701 ] DEBUG -- : nsupdate: executed - server 127.0.0.1
D, [2017-01-25T19:31:18.494817 ] DEBUG -- : nsupdate: executed - update add 235.0.1.10.in-addr.arpa. 86400 PTR raul-cubito.ncct.global
D, [2017-01-25T19:31:18.525675 ] DEBUG -- : nsupdate: errors
Answer:

;; ->>HEADER<<- opcode: UPDATE, status: REFUSED, id:  31844

;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1

;; ZONE SECTION:

;10.in-addr.arpa.       IN  SOA



;; TSIG PSEUDOSECTION:

rndc.key.       0   ANY TSIG    hmac-md5.sig-alg.reg.int. 1485372678 300 16 IrfcM6Xf0cjlizVKrvQbhQ== 31844 NOERROR 0 



E, [2017-01-25T19:31:18.526086 ] ERROR -- : Update errors: Answer:

;; ->>HEADER<<- opcode: UPDATE, status: REFUSED, id:  31844

;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1

;; ZONE SECTION:

;10.in-addr.arpa.       IN  SOA



;; TSIG PSEUDOSECTION:

rndc.key.       0   ANY TSIG    hmac-md5.sig-alg.reg.int. 1485372678 300 16 IrfcM6Xf0cjlizVKrvQbhQ== 31844 NOERROR 0 



D, [2017-01-25T19:31:18.526210 ] DEBUG -- : Update errors: Answer:

;; ->>HEADER<<- opcode: UPDATE, status: REFUSED, id:  31844

;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1

;; ZONE SECTION:

;10.in-addr.arpa.       IN  SOA



;; TSIG PSEUDOSECTION:

rndc.key.       0   ANY TSIG    hmac-md5.sig-alg.reg.int. 1485372678 300 16 IrfcM6Xf0cjlizVKrvQbhQ== 31844 NOERROR 0 


 (Proxy::Dns::Error)
/usr/share/foreman-proxy/modules/dns_nsupdate/dns_nsupdate_main.rb:104:in `nsupdate_disconnect'
/usr/share/foreman-proxy/modules/dns_nsupdate/dns_nsupdate_main.rb:51:in `do_create'
/usr/share/foreman-proxy/modules/dns_nsupdate/dns_nsupdate_main.rb:44:in `create_ptr_record'
/usr/share/foreman-proxy/modules/dns/dns_api.rb:33:in `block in <class:Api>'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:1293:in `call'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:1293:in `block in compile!'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:860:in `[]'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:860:in `block (3 levels) in route!'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:876:in `route_eval'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:860:in `block (2 levels) in route!'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:897:in `block in process_route'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:895:in `catch'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:895:in `process_route'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:859:in `block in route!'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:858:in `each'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:858:in `route!'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:963:in `block in dispatch!'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:946:in `block in invoke'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:946:in `catch'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:946:in `invoke'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:960:in `dispatch!'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:794:in `block in call!'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:946:in `block in invoke'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:946:in `catch'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:946:in `invoke'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:794:in `call!'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:780:in `call'
/usr/share/gems/gems/rack-1.6.4/lib/rack/commonlogger.rb:33:in `call'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:161:in `call'
/usr/share/foreman-proxy/lib/proxy/log.rb:88:in `call'
/usr/share/foreman-proxy/lib/proxy/request_id_middleware.rb:9:in `call'
/usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/xss_header.rb:18:in `call'
/usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/path_traversal.rb:16:in `call'
/usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/json_csrf.rb:18:in `call'
/usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:in `call'
/usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:in `call'
/usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/frame_options.rb:31:in `call'
/usr/share/gems/gems/rack-1.6.4/lib/rack/nulllogger.rb:9:in `call'
/usr/share/gems/gems/rack-1.6.4/lib/rack/head.rb:13:in `call'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/showexceptions.rb:21:in `call'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:124:in `call'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:1417:in `block in call'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:1499:in `synchronize'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:1417:in `call'
/usr/share/gems/gems/rack-1.6.4/lib/rack/urlmap.rb:66:in `block in call'
/usr/share/gems/gems/rack-1.6.4/lib/rack/urlmap.rb:50:in `each'
/usr/share/gems/gems/rack-1.6.4/lib/rack/urlmap.rb:50:in `call'
/usr/share/gems/gems/rack-1.6.4/lib/rack/builder.rb:153:in `call'
/usr/share/gems/gems/rack-1.6.4/lib/rack/handler/webrick.rb:88:in `service'
/usr/share/ruby/webrick/httpserver.rb:138:in `service'
/usr/share/ruby/webrick/httpserver.rb:94:in `run'
/usr/share/ruby/webrick/server.rb:295:in `block in start_thread'
I, [2017-01-25T19:31:18.526878 ]  INFO -- : 10.1.0.231 - - [25/Jan/2017:19:31:18 +0000] "POST /dns/ HTTP/1.1" 400 329 0.0385

D, [2017-01-25T19:31:18.568055 ] DEBUG -- : close: 10.1.0.231:48716
D, [2017-01-25T19:31:18.615342 ] DEBUG -- : accept: 10.1.0.231:48717
D, [2017-01-25T19:31:18.617373 ] DEBUG -- : Rack::Handler::WEBrick is invoked.
D, [2017-01-25T19:31:18.618385 ] DEBUG -- : verifying remote client 10.1.0.231 against trusted_hosts ["factory-7.ncct.global"]
D, [2017-01-25T19:31:18.620211 ] DEBUG -- : running /usr/bin/nsupdate -k /etc/rndc.key 
D, [2017-01-25T19:31:18.622757 ] DEBUG -- : nsupdate: executed - server 127.0.0.1
D, [2017-01-25T19:31:18.622891 ] DEBUG -- : nsupdate: executed - update delete raul-cubito.ncct.global A
I, [2017-01-25T19:31:18.685449 ]  INFO -- : 10.1.0.231 - - [25/Jan/2017:19:31:18 +0000] "DELETE /dns/raul-cubito.ncct.global/A HTTP/1.1" 200 - 0.0673

D, [2017-01-25T19:31:18.688007 ] DEBUG -- : close: 10.1.0.231:48717
D, [2017-01-25T19:31:18.729434 ] DEBUG -- : accept: 10.1.0.231:48718
D, [2017-01-25T19:31:18.730888 ] DEBUG -- : Rack::Handler::WEBrick is invoked.
D, [2017-01-25T19:31:18.732015 ] DEBUG -- : verifying remote client 10.1.0.231 against trusted_hosts ["factory-7.ncct.global"]
D, [2017-01-25T19:31:18.732356 ] DEBUG -- : Loading subnets for 10.1.0.231
D, [2017-01-25T19:31:18.732585 ] DEBUG -- : Loading subnet data for 10.1.0.224/255.255.255.224
D, [2017-01-25T19:31:18.735328 ] DEBUG -- : omshell: executed - set hardware-address = 08:00:27:6a:fc:a8
D, [2017-01-25T19:31:18.735429 ] DEBUG -- : nil
D, [2017-01-25T19:31:18.735496 ] DEBUG -- : omshell: executed - open
D, [2017-01-25T19:31:18.735542 ] DEBUG -- : nil
D, [2017-01-25T19:31:18.735641 ] DEBUG -- : omshell: executed - remove
D, [2017-01-25T19:31:18.735708 ] DEBUG -- : nil
D, [2017-01-25T19:31:18.760750 ] DEBUG -- : caught :modify event on /var/lib/dhcpd/dhcpd.leases.
D, [2017-01-25T19:31:18.761434 ] DEBUG -- : Deleted a reservation: 10.1.0.235:08:00:27:6a:fc:a8:raul-cubito.ncct.global
D, [2017-01-25T19:31:18.767722 ] DEBUG -- : Removed DHCP reservation for raul-cubito.ncct.global => raul-cubito.ncct.global (10.1.0.235 / 08:00:27:6a:fc:a8)
I, [2017-01-25T19:31:18.768278 ]  INFO -- : 10.1.0.231 - - [25/Jan/2017:19:31:18 +0000] "DELETE /dhcp/10.1.0.224/08:00:27:6a:fc:a8 HTTP/1.1" 200 - 0.0366

D, [2017-01-25T19:31:18.769692 ] DEBUG -- : close: 10.1.0.231:48718

通过工头调试显示的系统信息：

HOSTNAME: factory-7.ncct.global
OS: redhat
RELEASE: CentOS Linux release 7.2.1511 (Core)
FOREMAN: 1.14.0
RUBY: ruby 2.1.8p440 (2015-12-16 revision 53160) [x86_64-linux]
PUPPET: 4.8.1
DENIALS: 117014

/etc/named.conf

acl lan {
        127.0.0.0/8;
        10.0.0.0/8;
};

options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { lan; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity debug;
        print-time yes;
        print-severity yes;
        print-category yes;
        };
};

controls {
        inet 127.0.0.1 allow {localhost;} keys {rndc.key;};
};

include "/etc/rndc.key";

zone "in-addr.arpa" {
        type master;
        file "10.0.0.0";
        allow-update { key "rndc.key"; };
};

zone "ncct.global" {
        type master;
        file "ncct.global";
        allow-update { key "rndc.key"; };
};

/etc/foreman-proxy/settings.yml

---
### File managed with puppet ###
## Module:           'foreman_proxy'

:settings_directory: /etc/foreman-proxy/settings.d

# SSL Setup

# if enabled, all communication would be verified via SSL
# NOTE that both certificates need to be signed by the same CA in order for this to work
# see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information
:ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem
:ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/factory-7.ncct.global.pem
:ssl_private_key: /etc/puppetlabs/puppet/ssl/private_keys/factory-7.ncct.global.pem

# Use this option only if you need to disable certain cipher suites.
# Note: we use the OpenSSL suite name, take a look at:
# https://www.openssl.org/docs/manmaster/apps/ciphers.html#CIPHER-SUITE-NAMES
# for more information.
#:ssl_disabled_ciphers: [CIPHER-SUITE-1, CIPHER-SUITE-2]

# the hosts which the proxy accepts connections from
# commenting the following lines would mean every verified SSL connection allowed
:trusted_hosts:
  - factory-7.ncct.global

# Endpoint for reverse communication
:foreman_url: https://factory-7.ncct.global

# SSL settings for client authentication against Foreman. If undefined, the values
# from general SSL options are used instead. Mainly useful when Foreman uses
# different certificates for its web UI and for smart-proxy requests.
#:foreman_ssl_ca: ssl/certs/ca.pem
#:foreman_ssl_cert: ssl/certs/fqdn.pem
#:foreman_ssl_key: ssl/private_keys/fqdn.pem

# by default smart_proxy runs in the foreground. To enable running as a daemon, uncomment 'daemon' setting
:daemon: true
# Only used when 'daemon' is set to true.
# Uncomment and modify if you want to change the default pid file '/var/run/foreman-proxy/foreman-proxy.pid'
#:daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid

# host and ports configuration
# Host or IPs to bind on (e.g. *, localhost, 0.0.0.0, ::, 192.168.1.20)
:bind_host: '*'
# http is disabled by default. To enable, uncomment 'http_port' setting
# https is enabled if certificate, CA certificate, and private key are present in locations specifed by
# ssl_certificate, ssl_ca_file, and ssl_private_key correspondingly
# default values for https_port is 8443
:https_port: 8443
#:http_port: 8000
# Log configuration
# Uncomment and modify if you want to change the location of the log file or use STDOUT or SYSLOG values
:log_file: /var/log/foreman-proxy/proxy.log
# Uncomment and modify if you want to change the log level
# WARN, DEBUG, ERROR, FATAL, INFO, UNKNOWN
:log_level: DEBUG

# Log buffer size and extra buffer size (for errors). Defaults to 3000 messages in total,
# which is about 500 kB request.
:log_buffer: 2000
:log_buffer_errors: 1000

/etc/foreman-proxy/settings.d/dns.yml

---
# DNS management
:enabled: true
# valid providers:
#   dns_dnscmd (Microsoft Windows native implementation)
#   dns_nsupdate
#   dns_nsupdate_gss (for GSS-TSIG support)
#   dns_libvirt (dnsmasq via libvirt)
:use_provider: dns_nsupdate
# use this setting if you want to override default TTL setting (86400)
:dns_ttl: 86400

/etc/foreman-proxy/settings.d/dns_nsupdate.yml

---
#
# Configuration file for 'nsupdate' dns provider
#

:dns_key: /etc/rndc.key
# use this setting if you are managing a dns server which is not localhost though this proxy
:dns_server: 127.0.0.1

/var/named/10.0.0.0

$ORIGIN .
$TTL 30000  ; 8 hours 20 minutes
in-addr.arpa        IN SOA  ncct.global. root.ncct.global. (
                46         ; serial
                300        ; refresh (5 minutes)
                300        ; retry (5 minutes)
                300        ; expire (5 minutes)
                300        ; minimum (5 minutes)
                )
            NS  ncct.global.
$ORIGIN 0.1.10.in-addr.arpa.
$TTL 1800   ; 30 minutes
231         PTR factory-7.ncct.global.

/var/named/ncct.global

$ORIGIN .
$TTL 300000 ; 3 days 11 hours 20 minutes
ncct.global     IN SOA  factory-7.ncct.global. root.factory-7.ncct.global. (
                47         ; serial
                300        ; refresh (5 minutes)
                300        ; retry (5 minutes)
                300        ; expire (5 minutes)
                300        ; minimum (5 minutes)
                )
            NS  factory-7.ncct.global.
            TXT "ncct.global"
$ORIGIN ncct.global.
factory-7       A   10.1.0.231
linuxds         CNAME   factory-7
puppet          CNAME   factory-7
winds           CNAME   factory-7

/etc/rndc.key

key "rndc.key" {
    algorithm hmac-md5;
    secret "iiZK1kuf7L7hob1aR7PekA==";
};

我需要一个自动化的工作来对 Foreman 执行 REST API 调用，我宁愿不为它设置一个帐户——然后永远维护密码。

然而，Foreman 似乎只有“全有或全无”——如果任何事情都需要身份验证 ( :login: true)，那么一切都需要身份验证。

这真的是真的吗，还是外观具有欺骗性，可以告诉工头允许匿名查找和主机浏览，同时仍需要对任何更改进行身份验证？

我们在 Foreman 中使用了一些全局参数，我需要列出所有将全局参数foo设置为“ bar”的主机。

我可以使用 REST API 或通过其他方法做到这一点吗？浏览API-calls 列表，我没有找到任何适用的 - 有希望吗？

或者，我正在考虑创建一个特殊的 Puppet 类，它只会将全局参数重新声明为它自己的变量。通过使其成为导出资源，我可以从所有主机收集数据......但是看起来很讨厌 - 有更好的方法吗？

我们非常努力地安装和喜爱 Spacewalk，但没有成功。所以我们搬到了卫星 6，它在 Centos 7 上是工头/卡特洛/纸浆/烛台组合。

一切都很好，我们正在使用它来部署、更新和安装包。

我找不到的一件事是如何获取安装了包 X 的主机列表。（在这种情况下，postgresql-server）

有可能，我只是没有找到它，还是我要求太多？

我是 Puppet 和 Foreman 的新手。我已经在 Ubuntu LTS 14.04 服务器上安装了带有 Foreman 的 Puppet。我连接了一些客户端并更改了主机组。这一切都很好。
但现在我想在 Foreman 中创建一个新环境。工头向我展示了新环境，在我将客户放入其中之后，他们向我展示了配置失败。他们说，agent --test/etc/puppet/environments 没有路径。事实上，Foreman 并没有在此处创建文件夹或任何具有环境名称的内容。因此，Foreman 似乎根本没有创造环境。

有谁知道，我该如何解决这个问题？为什么工头不能创建新环境？

我们在这里使用 Foreman 和 Puppet 来管理我们的 Unix 系统，但是 Kerberos 基础架构是通过 Active Directory 实现的（因为 Exchange）。

使用 AD 注册新引导的主机是一个手动过程，我们非常希望将其自动化。

看起来，Foreman 已经（或曾经？）支持加入 AD-realm 有一段时间了，但我找不到任何实际的示例或教程。