From the Foreman dashboard we can execute Linux commands on the registered host but for that we have to install remote execution plugin in your Foreman or Katello Server.With the help of ‘foreman-installer’ command we can install remote execution plugin to the existing and new installation of Foreman or Katello server.
Run Job option in Foreman dashboard allows us to run Linux commands on the register hosts immediately. This option becomes useful whenever we want to update or execute commands on all or group of hosts on the fly.
In this tutorial i am assuming that either the Foreman or Katello Server is already installed and clients are registered to it. Please refer the beneath urls for the followings
In my case i have a already installed katello Server which is up and running and one client is registered to it. Refer the following steps to install remote execution plugin and run commands on registered host with ‘Run a Job’ option from Foreman or Katello Dashboard.
Step:1 Install Remote Execution plugin
Below command will install and enable remote execution option(Run Job) in your Foreman or Katello Server.
[root@katello ~]# foreman-installer --enable-foreman-plugin-remote-execution --enable-foreman-proxy-plugin-remote-execution-ssh
Once the above command is executed successfully we will get the output something like below :
Step:2 Configure SSH Keys for Target or Registered Hosts
SSH mechanism is used to run commands on the Registered or target hosts with Run job option in foreman server. Whenever we install the remote execution plugin, smart proxy configure default ssh keys under the folder “/usr/share/foreman-proxy/.ssh“. We can create our own ssh keys by referring the following steps:
[root@katello ~]# cd /usr/share/foreman-proxy/.ssh [root@katello .ssh]# sudo -u foreman-proxy ssh-keygen -f ~foreman-proxy/.ssh/id_rsa_foreman_proxy -N ''
In Case SELinux is running on your foreman server then execute the below command.
[root@katello ~]# restorecon -RvF ~foreman-proxy/.ssh
Now restart the httpd, foreman-tasks and foreman-proxy service.
[root@katello ~]# systemctl restart httpd [root@katello ~]# systemctl restart foreman-tasks [root@katello ~]# systemctl restart foreman-proxy
Step:3 Copy Foreman server’s ssh public key to registered host or target servers.
Use the ssh-copy-id command to copy or distribute ssh public key to registered hosts. In my case i have CentOS 7 Server registered on my foreman server with the name “web.example.com”
[root@katello ~]# ssh-copy-id -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy.pub [email protected]
Also make sure the folder “/var/tmp/foreman-proxy/” has the file owner and group ownership permissions are set as “foreman-proxy”
[root@katello ~]# ls -ld /var/tmp/foreman-proxy/ drwxr-xr-x 3 foreman-proxy foreman-proxy 65 Mar 12 22:36 /var/tmp/foreman-proxy/ [root@katello ~]#
Step:4 Now Run Commands on Registered host with Run Job option
Login to the foreman Dashboard and first verify whether Dynflow and ssh feature is available in smart proxy.
From the infrastructure Tab –> click on Smart Proxies
In case Dynflow and SSH feature is not visible in smart proxies then click on Edit and verify whether your organizations and locations are updated and then click on Submit
Now Let’s run the commands on register hosts. From the Hosts Tab–> Select All hosts
Select and Click on the host on which you want to run commands
click on “Run Job” option
Let’s assume i want to run three commands (uptime, uname -r and hostname) on the host. Specify the commands in commands field separated by semi colon (;) example is shown below:
Click in Submit
Once the commands are executed successfully we will get success message on the Dashboard as shown below
To view the output of commands, click on the Hosts option in the above window and then Click on the Host(In my case web.example.com)
That’s all from this tutorial, Hope you guys understand how to enable remote execution plugin and run Linux commands from Foreman Dashboard. Please share your valuable feedback and comments 🙂
So you are suggesting using keys with no passphrase? My company does not allow this, how can this be accomplished using a passphrase
This works for me but the problem is I have to enable PermitrootLogin should be “Yes” otherwise the remote execution will not work. Any solution to change the user from root to some other user?
Did you try role based access control (RBAC), you can assign execution rights for that particular application
You can set : PermitRootLogin without-password in /etc/ssh/sshd_config. This will allow root login only with key
This is one of few articles covering the subject. For some reason when I run the command to execute I immediately get the error:
Error initializing command: Net::SSH::AuthenticationFailed – Authentication failed for user root@
My interface is version 2.0 though.
I am also facing the same error. If I try login from CLI, it works.
sudo -u foreman-proxy ssh -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy [email protected]
However, interface gives the same error Net::SSH::AuthenticationFailed – Authentication failed for user [email protected]
Please suggest. Using Foreman 2.0
I found that the configuration points to /var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy rather than ~foreman-proxy/.ssh so I created a symlink
https://access.redhat.com/solutions/4282171