Can FOREMAN be clustered?

I have numerous datacenters scattered over a number of regional sites. I could use a single FOREMAN instance to manager all of them because of the Smart Proxies, but I would like to avoid the single-point-of-failure issue if possible. I have a couple of questions.

  1. Should the central FOREMAN instance go down, or otherwise be cut off from the network, what impact would that have on any given managed datacenter?
  2. Is it possible to tie multiple instances of FOREMAN together, perhaps in a cluster, so that if one instance goes down, another instance elsewhere on the network could take over?
  3. I am new to FOREMAN. Are there any tutorials out there that you would recommend?



Kind of. There is an ongoing discussion regarding HA and clustering fore Foreman over on the development forum.

Firstly, you can use a capsule server to manage and store content for each of your datacenters. This is so that you don’t have to transmit ISO images and deb/rpm packages over site-to-site VPNs or point-to-point connections, thus saving your time and bandwidth. These all roll up into a centralized foreman instance however.

You should be able to configure that behind a load balancer (F5, A10, nginx, corosync, etc), but to be truly redundant, you would also need to mirror your database layer. You could do this with MaxScale from MariaDB, ScaleArc or MySQL Proxy, but you will still run into issues with your Smart Proxies. Some of them can’t handle a failover during operations, though some of them can. Those that can can be placed behind a load balancer, but for the remaining, you would have a single point of failure at each datacenter.

The real question though is if you need this level of redundancy and complexity for a system that manages patching and spins up and down VMs. The decision in my environment has been, things will operation normally with no customer impact if our foreman instance gets blown away. It will be some hard work to get it back online, but it doesn’t need to be redundant like that. We can continue to operate for a day or two without our patching depot and orchestration server.

1 Like

I agree with everything @James_Shewey has said, don’t over complicate somthing you don’t need to.

Puppet would still run via your Smart Proxies, though you would lose the run reports in the outage. You wouldn’t be able to provision new machines or view reports. Also depends on what plugins you have.

Yes, I talked about this at FOSDEM, checkout the recording