Broadly speaking, I haven't thought too much about foreman except how to use
confluent to feed hammer mac addresses. Beyond that I assume the user just
wants to use foreman.
For katello, yeah, just as part of post installation, it's an rpm and a command
to run without a lot of work to do. So as a non-foreman user, I find this a
pretty straightforward way to get systems deployed targeting satellite. For
diskless, I have no concept of satellite registration (well, imgutil build will
pull from rhn to build the image of course, using the build system's rhn
setup),.
So the confluent has two 'discovery' strategies, depending on what you have to
work with:
-Gather everything before powering off (currently only with Lenovo hardware
with dedicated management port wired, could be extended to other vendor with
dedicated management, but shared port is generally not viable for this due to
security mindset).
-Doing MAC/UUID collection at DHCPDISCOVER time. Currently, it supports
storing id.uuid for uuid and net.hwaddr for mac (if net.bootable=1, because you
could have net.eth0.bootable=1 or net.compute.bootable=1, bootable is a flag to
indicate which 'net.name' to store the pxe mac in, if using confluent or
otherwise don't care about mac, you leave it blank). Before and independent of
a DHCP OFFER occurring, it does the discovery (searching switches for the MAC
in the DHCPDISCOVER packet). It can in theory do and complete discovery in
time to send an OFFER before the firmware times out, if confluent has been
directed to offer an OS deployment. Currently when gathering for other
systems, you'd have to nodediscover list -t pxe-client or confluent2xcat -m
mac.csv or noderun noderange hammer create ..{net.hwaddr} .. {node} or
something like that, no automatic push to the deployment engines, though I'm
open to defining an interface to auto-feed.
Note in this model, genesis is optional, though it's a fine platform for
'configbmc'. We however also made it considered ok to run configbmc as a
pre.d/ script in a diskful install or as onboot.d/ in a diskless image (though
in the latter case, I'd probably just use configbmc once manually instead of
having it onboot.d/).
Noderun is like psh, except for two things:
-It runs the command locally on whichever server you typed 'noderun' on instead
of ssh to target
-It supports expressions to sub in confluent attributes instead of a straight
command. E.g. noderun compute ipmitool -I lanplus -H {bmc} raw 0 1 would
locally execute ipmitool in parallel, substitituting the bmc per node.
Nodeshell also supports this, e.g. nodeshell rack1 nmcli c m ib0 ipv4.addresses
172.30.{n1}.{n2}/16.
Part of the foreman/confluent coexistence is that you still pick one or the
other to be your deployment engine (in theory, so long as you have no overlap,
they can occupy same vlan, so you can choose on a node-by-node basis so long as
the non-confluent doesn't have filenames offered to dynamic range). The
difference being that confluent doesn't need a dynamic range and will only
offer to PXE/HTTP boot dhcp discovers and only if it has a specific offer in
mind for that specific node, so it's a bit less picky about owning anything
except the specific uuids/macs that it explicitly has os deployment currently
pending right this moment for.
-----Original Message-----
From: THomas HUMMEL <thomas.hum...@pasteur.fr>
Sent: Monday, November 8, 2021 8:48 AM
To: xcat-user@lists.sourceforge.net
Subject: Re: [xcat-user] [External] Re: RedHat Satellite and xCAT stateful
installs
On 11/3/21 11:49, Jarrod Johnson wrote:
> So technically I haven't used xCAT for this either (I've been using
> confluent),
Hello, thanks for your answer.
> and I've not actually configured satellite myself (using the corporate
> ones), but all I did was:
> -Add the katello rpm provided by the satellite administrators to the
> installation -Run subscription-manager-register --org=....
> --activationkey=base
You did that when/where ? In the kickstart file ? After the initial install ?
What was the pkgdir value of the osimage you were using ?
> I can take it as an improvement in confluent to explictly have a
> suggested procedure to accomplish this before any package is installed.
> Note that confluent already supports full TLS for internal servers,
> and you can add 'CAs to trust from the beginning' by putting their pem
> files in /var/lib/confluent/public/site/tls/.
Well, my understanding is that the katello-ca-consumer-latest.noarch.rpm
pacakge installation does more than installing the CA. It also setup the
/etc/rhsm/rhsm.conf file.
> As to why do this instead of foreman it's ultimately a matter of
> preference. Note that if you want foreman but want xCAT-style
> discovery, then confluent can gather macs for foreman instead of
> internal if desired without interfering with the DHCP infrastructure.
> If you set net.bootable=1, and pxe boot, discovery is done without
> sending any dhcpoffers at all, and then you can:
> noderun n1-n100 hammer host create --name {node} .... --mac
> {net.hwaddr} ....
This sound interesting. I haven't tested confluent yet. How does this work ?
1) node PXE boots
2) satellite provides IP, hostname / confluent provides next-server/filename
3) node boots on a discovery image (like xCAT genesis)
4) ...? where do you run the noderun you mentionned ? How do you chain to
Satellite kickstart ?
For what I understand the answer to my initial post is that in order to use
Satellite kickstart repos instead of DVD.iso, one have to:
a) either PXE boot against Satellite itself (which, on the same vlan would not
coexist peacefully with another (xCAT) dhcp server ?). So this would mean
dropping xCAT (but - see my previous post - some xCAT features are really
important to us)
b) or PXE boot against xCAT/Confluent which would point, instead of DVD.iso, to
a Satellite generated boot media. The latter would imply:
b1) to go all the way to the procedure to build a host (including all its
related Foreman objects such as subnet - even if in the end it is not used as
it would be xCAT/Confluent which would deal with the subnet)
-> I have a hard time on this one. I did not manage to have - but I'm
new to Satellite so I may have missed something - a generic, similar to DVD.iso
install media without faking a node creation
b2) some manual copy/substitution of what pkgdir would point to
So my guess it that in the begining of your answer you implied you went the
usual way of pkdir == DVD.iso, correct ?
Thanks for your help
--
Thomas HUMMEL
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user&data=04%7C01%7Cjjohnson2%40lenovo.com%7C999b9df705e3484b28a108d9a2be850c%7C5c7d0b28bdf8410caa934df372b16203%7C1%7C0%7C637719761433184815%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BlKYYheieQUpzV%2FOd9a5OlL3g60%2BIzfOM0R%2FLq%2Bdb4s%3D&reserved=0
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
