We don’t have documented unfortunately, depends on services you plan to use. I can tell that for TFTP and DHCP you simply configure the server with hostname set to the interface which is Foreman-facing so installer generates HTTPS certificate for Foreman-Proxy communication and you give TFTP and DHCP services inteface which is client (server) facing.
But we have services which are talking to smart proxy hostname directly, for example template endpoint (provision template download). Foreman renders URL which you want to download from as the Foreman-facing hostname which will not work (resolves to wrong IP address). There are various workarounds, the best is I think changing the template and using host/hostgroup/subnet parameter to override the hostname. @sean797 ?
Since Foreman is not aware of multi-home setups, you are on your own here and you will run into issues you need to resolve. But it’s been done in the past, we can help you when you hit those. I recommend to do POC installation in clean network without multi-homing and learn about how Foreman works first.
All client communication is not via proxy by default, but you can configure this. If you had single NIC on proxy, installer can easily set you things up. But in case of multi-nic this is more complex problem. I am familiar with PXE provisioning, so in that case TFTP, DHCP, DNS and kickstart request can be all completely proxy only. This is same for Puppet - master runs on Proxy itself. @ekohl do we have working installer setups for multi-nic proxies?
To force clients to download kickstarts from proxy instead of foreman, you need to install module called “smart proxy template”. Here is a snippet I use to install PXE setup on my single-nic environment:
foreman-installer -v --scenario $SCENARIO \
--foreman-admin-password=$PASS \
--foreman-organizations-enabled true \
--foreman-initial-organization=$ORG \
--foreman-locations-enabled true \
--foreman-initial-location=$LOC \
--enable-foreman-plugin-discovery \
--enable-foreman-plugin-bootdisk \
--enable-foreman-plugin-remote-execution --enable-foreman-proxy-plugin-remote-execution-ssh \
--enable-foreman-plugin-ansible --enable-foreman-proxy-plugin-ansible \
--foreman-proxy-http=true \
--foreman-proxy-dns true \
--foreman-proxy-dns-interface eth0 \
--foreman-proxy-dns-forwarders 192.168.${NATLAN}.1 \
--foreman-proxy-dns-zone nat.lan \
--foreman-proxy-dns-reverse ${NATLAN}.168.192.in-addr.arpa \
--foreman-proxy-dhcp true \
--foreman-proxy-dhcp-interface eth0 \
--foreman-proxy-dhcp-gateway=192.168.${NATLAN}.1 \
--foreman-proxy-dhcp-range="192.168.${NATLAN}.10 192.168.${NATLAN}.109" \
--foreman-proxy-dhcp-nameservers="192.168.${NATLAN}.${IP}" \
--foreman-proxy-tftp true \
--foreman-proxy-tftp-servername=192.168.${NATLAN}.${IP} \
--foreman-proxy-puppet true \
--foreman-proxy-puppetca true \
--foreman-proxy-templates true \
--foreman-proxy-logs true \
--foreman-proxy-register-in-foreman true
The option you are looking for probably is “–foreman-proxy-templates true”.
I admit this is confusing and @ekohl correct me if I am wrong, but everytime you call foreman-installer command it adds new options to YAML and reruns puppet. So basically it “remembers” already overriden options.
Hmm question or kafo devs (foreman-installer framework), maybe @mbacovsky or @ekohl? I have no idea. If I mess up, I dig in shell history and “correct” all options by providing them again.
Not puppet expert, not sure why you don’t see dhcpd.config file. Define “to see” verb, like the file literally disappears?
Foreman is a beast! Really, it has hundreds of features, plugins, hidden features and (few) bugs Absolutely do start with simple use case and learn.