Foreman templates in github

We use the [foreman-templates]( module to keep any changes to our foreman templates in github.

Never edit the Foreman templates in the GUI

Updates in the GUI are written directly to the local foreman database, where they can be lost and are not change managed. There is only one copy of each template in the local database, and you cannot revert to earlier changes.

Adding/Changing Foreman templates

Change or add templates in the OIT-Linux_Control repo, under foreman-templates hierarchy. Never modify an upstream template directly, instead copy it and add an oit_linux prefix to the filename and change the contents of the file so that it’s display name clearly indiciates that it is not an upstream module.

As reinforced below, best practice is to work with the ncsutest branch and only pull into production after suitable testing.

Never Deploy templates to Production

Unlike puppet code, there are no webhooks to automatically read github on template updates. You must manually read github with a foreman-rake command from the foreman server.

The long lived development environment, hosted at reads from the ncsutest branch of the OIT-Linux_Control repo. You should test your changes there first where possible.

The command to read from github from the foreman server is

# Replace $adminpassword with Foreman's admin password
curl -H "Accept:application/json,version=2" \
 -H "Content-Type:application/json" \
 -u admin:$adminpassword \
 -k -X POST \
 -d "{\"dirname\":\"/foreman-templates\", \
  \"repo\":\"ssh://\", \
  \"branch\":\"production\" \

More information can be found in the foreman-templates manuals.

Using Hammer CLI with templates

At some point, they updated hammer so it can manage the templates plugins

# The branch must exist

hammer export-templates --dirname foreman-templates --filter ^oit --verbose true --repo ssh\:// --branch export_templates --metadata-export-mode refresh 
Edit me