On 15 July 2016 at 15:26, Steve Hajducko <hajdu...@gmail.com> wrote: > Thanks for the replies. Most of these seem doable - I'd have to consider > how we'd accomplish the templated scripts in Foreman, as it sounds like you > can only have a single script and we use several of these calls during an > installation. > > My biggest concern would be around the dual-homed networks. > > - Do we have to have Foreman control DNS? We already have DNS automation > tools and have no wish to port that over to Foreman >
It's optional - if the Domain/Subnet (s) associated with the host don't have a DNS proxy, Foreman will skip the record creation. > - We don't route any services to the prov vlan - including DNS. We make > dhcp/tftp/http available to it, but those are all served by the provision > Cobble server. Will that still work? > I'm unclear from that on whether you made a typo with "Cobble server" or you're planning to keep it for some services. I'm going to assume a typo based on the questions below about per-DC provisioning - do correct me and clarify otherwise :) For Foreman provisioning, you can achieve a completely segregated provisioning network - the Foreman Proxy can relay templates. So long as the proxy (which you'd have for TFTP/DHCP management anyway) has a route to Foreman, it can retrieve rendered templates on behalf of the installing host. See https://theforeman.org/manuals/1.12/index.html#4.3.12Templates for more. - We only use DHCP for the provisioning process. Everything else has static > IPs. I assume that's ok, as long as we let Foreman control the DHCP server > on the prov vlan > Yes, that's fine. The default templates (for Kickstart anyway) come with static configuration snippets, and there's an IP allocation mode for the Subnet in the UI. Set that to static, and the templates should render correctly. For other OSs (you mentioned Windows? :p) then you may want to see how we're detected the IPAM mode and re-use it in templates of your own. > - Do we install one Foreman server for the entire DC in our case and > replace the Cobbler servers with Smart proxies or would we need a Foreman > server to replace each existing Cobbler server? > In general, and assuming all the proxies can reach the central Foreman server, one Foreman server should be fine - it designed to scale out. You have a fair number of options on how to separate out logical entities in the UI, depending on who should have access to what, and so forth. That said, you'll want to think about scale, no doubt, with the number of systems you mentioned in the OP. It's quite possible to scale out the various parts of Foreman itself (in addition to the obvious scaling of the proxies) in different ways, so that's something we can go into if you need more info. Greg -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
