Fix foreman_provisioning role

[adamruzicka]

The role expects that the user has community.libvirt role installed. With these changes, the role should at least pass.

[sjha4]

I ran into this when running this playbook:

Thursday 21 November 2024  11:32:58 -0500 (0:00:00.017)       0:08:41.550 ***** 
 [started TASK: foreman_provisioning : create hostgroup Base on ip-10-0-167-217.rhos-01.prod.psi.rdu2.redhat.com]

TASK [foreman_provisioning : create hostgroup Base] **********************************************************************************************
fatal: [ip-10-0-167-217.rhos-01.prod.psi.rdu2.redhat.com]: FAILED! => changed=true 
  cmd: |-
    hammer hostgroup create --name 'Base' --architecture x86_64 --domain example.com --puppet-environment production --puppet-ca-proxy-id 1 --puppet-proxy-id 1 --subnet '192.168.73.0/24' --compute-profile libvirt-profile --compute-resource libvirt --root-pass changeme --pxe-loader "PXELinux BIOS" --organization 'Default Organization' --organizations 'Default Organization' --locations 'Default Location'
  delta: '0:00:00.810490'
  end: '2024-11-21 11:32:59.718525'
  msg: non-zero return code
  rc: 64
  start: '2024-11-21 11:32:58.908035'
  stderr: |-
    Could not create the hostgroup:
      Error: Unrecognised option '--root-pass'.
  
      See: 'hammer hostgroup create --help'.
  stderr_lines: <omitted>
  stdout: ''
  stdout_lines: <omitted>

[ekohl]

In 5592157 we rewrote the CentOS parts to FAM. I had hoped the other distros would also get done. Is this a good excuse to clean them up into sustainable code? I'd imagine people might actually use it as reference code.

[ekohl]

In theforeman/foreman#10227 I'd like to rename this again to the generic CentOS mirror so I think the variable still makes sense.

[ekohl]

Would this work as a replacement for the Hammer stuff?

- name: "Ensure Debian 12" # noqa: args[module]       
  theforeman.foreman.operatingsystem:
    name: Debian
    family: Debian
    major: 12
    minor: 7                                                                             
    release_name: Bookworm                                                               
    architectures:                                                                       
      - x86_64                                                                           
    media:                                                                               
      - Debian mirror                                                                    
    provisioning_templates:                                                              
      - Preseeed default                                                                 
    ptables:                                                                             
      - Preseed default                                                                  
    state: present                                                                       
                                                                                         
- name: "Set default template for Debian 12" # noqa: args[module]                        
  theforeman.foreman.os_default_template:                                                
    operatingsystem: "Debian 12"                                                         
    template_kind: "provision"                                                           
    provisioning_template: "Preseed default"                                             
    state: present  

[adamruzicka]

Almost, if I'm reading it correctly, the current hammer-based implementation associates all templates which start with "Preseed default" with the os. This one associates just the ones which are explicitly listed? Unless I'm missing something, fam doesn't really give us options to list with search and the reuse the result so I'd have to fallback to a mix of hammer and this to associate all the relevant templates?

[ekohl]

I've also often wondered how we can make this better. We already know the operating systems that are compatible (since the template lists them) so should Foreman have some option to automatically associate all compatible options? And by that I mean server side, without having to specify them.

@evgeni any thoughts on this?

[evgeni]

FAM can do searches (I can drop you an example if you want), but yeah, automatic in Foreman would be cooler

[adamruzicka]

I can drop you an example if you want

If you'd indulge me

[evgeni]

Untested:

- name: "Find all preseed templates"
  theforeman.foreman.resource_info:
    resource: provisioning_templates
    search: name ~ "Preseed default"
  register: result

- name: "Set default template for Debian 12" # noqa: args[module]                        
  theforeman.foreman.os_default_template:                                                
    operatingsystem: "Debian 12"                                                         
    template_kind: "{{ item.template_kind_name }}"                                                           
    provisioning_template: "{{ item.name }}"                                             
    state: present
  loop: "{{ result.resources }}"

[evgeni]

But now I wonder, how should an OS have multiple default templates of the same kind?

[adamruzicka]

Well, not of the same kind. The search should return several templates of different kinds. It would be nice to not have to do this https://github.com/theforeman/forklift/pull/1885/files

[evgeni]

Right! Updated the snippet above to do that, can you try it?

[evgeni]

Mhh, but it'd still be a problem for PXE* ones, as there are two of them? 🤔

        {
            "created_at": "2024-09-04 05:14:23 UTC",
            "description": "The template to render Grub2 bootloader configuration for preseed based distributions.\nThe output is deployed on the host's subnet TFTP proxy.",
            "id": 9,
            "name": "Preseed default PXEGrub2",
            "snippet": false,
            "template_kind_id": 4,
            "template_kind_name": "PXEGrub2",
            "updated_at": "2024-09-04 05:14:23 UTC"
        },
        {
            "created_at": "2024-09-04 05:14:23 UTC",
            "description": null,
            "id": 10,
            "name": "Preseed default PXEGrub2 Autoinstall",
            "snippet": false,
            "template_kind_id": 4,
            "template_kind_name": "PXEGrub2",
            "updated_at": "2024-09-04 05:14:23 UTC"
        },
        {
            "created_at": "2024-09-04 05:14:23 UTC",
            "description": "The template to render PXELinux bootloader configuration for preseed based distributions.\nThe output is deployed on the host's subnet TFTP proxy.",
            "id": 19,
            "name": "Preseed default PXELinux",
            "snippet": false,
            "template_kind_id": 2,
            "template_kind_name": "PXELinux",
            "updated_at": "2024-09-04 05:14:23 UTC"
        },
        {
            "created_at": "2024-09-04 05:14:23 UTC",
            "description": null,
            "id": 20,
            "name": "Preseed default PXELinux Autoinstall",
            "snippet": false,
            "template_kind_id": 2,
            "template_kind_name": "PXELinux",
            "updated_at": "2024-09-04 05:14:23 UTC"
        },

[evgeni]

I think Ubuntu 24 needs the "Autoinstall" type templates, not the classic ones.

[adamruzicka]

Is regular debian fine with the non-autoinstall ones?

[evgeni]

Yeah, it's just ubuntu who switched to the new installer.

[adamruzicka]

Well, let's just hope there won't be any other flavor of the preseed templates.

[ekohl]

Like CentOS

Suggested change

	password_hash: "SHA256"
	password_hash: "SHA512"

[ekohl]

Suggested change

	password_hash: "SHA256"
	password_hash: "SHA512"

[ekohl]

Can we replace the hammer logic with FAM here too? theforeman.foreman.hostgroup should be way easier to maintain:

- name: "Ensure CentOS 9 Mirror hostgroup"
  theforeman.foreman.hostgroup:
    name: 'CentOS 9 Mirror'
    operatingsystem: 'CentOS_Stream 9'
    medium: '{{ foreman_provisioning_centos_medium_name }}'
    ptable: 'Kickstart default'
    parent: 'Base'

Not sure how to convert foreman_provisioning_hammer_taxonomy_params easily.

And the same for the Base hostgroup.

[ekohl]

In #1888 I had a go at rewriting much of this file to also use FAM. I'd appreciate if you could take a look.