Foreman build using proxy

chatlow · November 2, 2023, 12:01pm

Can the Foreman master build VM’s in vCenter by running the code using the smart proxy it’s connected to? We have 1 master with 3 proxies in different DC’s. 2 of the 3 DC’s have vCenter that the master can talk to. The 3rd currently does not, so I was hoping to use the proxy in that DC to run the builds from…

Version is foreman 3.6, katello 4.8

chatlow · November 7, 2023, 10:17am

Anyone know if this is possible?

cintrix84 · November 7, 2023, 8:01pm

You can create a smart-proxy in a different subnet/datacenter as long as it can talk to the vCenter you are trying to build with and the proxy can reach back to the Foreman, it should work fine.

This was one of the use cases for having a smart-proxy.

chatlow · November 8, 2023, 10:26am

I already have the smart proxy deployed in this new vCenter. But when I try adding the vCenter details in Foreman it’s not connecting. I assumed it was trying to connect from the master but is there a way to confirm?

chatlow · November 14, 2023, 6:05pm

so can you please confirm if Foreman will use the master instance to connect into vCenter to run the build or can/will it use the proxy?
vCenter connection is configured in the GUI but no option to say where it builds from

cintrix84 · November 14, 2023, 6:56pm

Hey @chatlow

Very sorry for the delay, and confusion. I was incorrect after looking into it more and for that I do apologize. The Foreman server needs to be able to connect to the vCenter, the smart-proxy only handles the following things:

BMC - BMC management of devices supported by freeipmi and ipmitool
DHCP - ISC DHCP and MS DHCP Servers
DNS - Bind and MS DNS Servers
Puppet - Puppetserver 6 or 7
Puppet CA - Manage certificate signing, cleaning and autosign on a Puppet CA server
Realm - Manage host registration to a realm (e.g. FreeIPA)
TFTP - any UNIX based tftp server
Facts - module to gather facts from facter (used only on discovered nodes)
HTTPBoot - endpoint exposing a (TFTP) directory via HTTP(s) for UEFI HTTP booting
Logs - log buffer of proxy logs for easier troubleshooting
Templates - unattended Foreman endpoint proxy

Which it can do in a DMZ as long as the smart-proxy can connect back to the Foreman instance. For your situation you would want another Foreman instance in the subnet that the other vCenter is located in.

chatlow · November 15, 2023, 12:28pm

thanks for clearing that up. I suspected it was the master and good to see what the smart proxies can do.

We are working on a fireflow from master to the vCenter subnet.

You’ve got me wondering whether we will need a flow between the proxy and the vCenter though. I can test a build once the master can talk to vCenter