Hi everyone, Could you share with me, which version Foreman/Katello you are using in production environment? Right now i am using F2.3/K3.18 on CentOS 7 and testing F3.0/K4.2 one the same os version. Another think what i want to test is use the Postgresql12 + Zalando/Patroni HA cluster as a Foreman/Katello backend, what you are think about that?
One thought does come to mind: I think the downstream products will move from K3.18 to K4.1, so you could consider mirroring that step since it will naturally receive a lot of testing and attention. Instead of going straight to K4.2 that is.
Thanks for reply, thatās make perfect sense, but what about the database backend. Is that worth to try with zalando/patroni or there are some limitations? Is a good idea move the pulpcore db to external host or better will be leave that on Foreman/Katello server and only move candlepin and foreman db to external node. The install docs talking only about that two, but i am curious about the reasons.
Since I have little experience about Foreman with HA and separate DB, I will just ping @Justin_Sherrill who may be able to help (or at least ping the right person).
I see that current installation docs has been updated and right now all pointing to install all three databases(foreman/candlepin/pulpcore) on external node, unfortunately i did not have time to test Postgresql12 + Zalando/Patroni HA cluster.
Another question is if i can safely disable proxy content:
āforeman-proxy-content-enable-docker=false
āforeman-proxy-content-enable-ansible=false
āforeman-proxy-content-enable-deb=false
āforeman-proxy-content-enable-file=false
new in F3.1/K4.3
āforeman-proxy-content-enable-python=false
āforeman-proxy-content-enable-ostree=false
if I do not plan to use that? Same is related to:
āno-enable-puppet
āforeman-proxy-puppet false
āforeman-proxy-puppetca false
but i consider to set Load balancer proxy and I am not sure if that is required on master server?
Thanks.
Hello Foreman/Katello community
Smart proxy installation error, I will fallow that doc: Configuring SmartĀ Proxies with a Load Balancer
Was able to install F3.1/K4.3
foreman-installer --scenario katello
-l DEBUG
āforeman-initial-organization="$ORGANIZATION"
āforeman-initial-location="$LOCATION"
āforeman-initial-admin-username="$ADMIN_USER"
āforeman-initial-admin-password="$ADMIN_PASSWORD"
āforeman-initial-admin-email="$ADMIN_EMAIL"
āforeman-proxy-dhcp=āfalseā
āforeman-proxy-dns=āfalseā
āforeman-proxy-tftp=ātrueā
āenable-foreman-plugin-bootdisk
āenable-foreman-plugin-templates
āforeman-plugin-tasks-automatic-cleanup=ātrueā
āforeman-proxy-content-enable-docker=āfalseā
āforeman-proxy-content-enable-ansible=āfalseā
āforeman-proxy-content-enable-deb=āfalseā
I generate certs on katello:
foreman-proxy-certs-generate
āforeman-proxy-fqdn $SMART_PROXY
ācerts-tar $SMART_PROXY_CERTS_TAR
āforeman-proxy-cname $SMART_PROXY_CNAME
But when i trying to install foreman-proxy-content with default SSL without puppet:
foreman-installer --scenario foreman-proxy-content
-l DEBUG
ācerts-tar-file="/root/$SMART_PROXY_CERTS_TAR"
ācerts-cname="$SMART_PROXY_CNAME"
āforeman-proxy-puppetca=ātrueā
āpuppet-server-ca=ātrueā
āpuppet-ca-server="$SMART_PROXY"
āpuppet-dns-alt-names="$SMART_PROXY_CNAME"
āpuppet-server-foreman-url=āhttps://$KATELLOā
āforeman-proxy-register-in-foreman=ātrueā
āforeman-proxy-foreman-base-url=āhttps://$KATELLOā
āforeman-proxy-trusted-hosts="$KATELLO"
āforeman-proxy-trusted-hosts="$SMART_PROXY"
āforeman-proxy-oauth-consumer-key="$KATELLO_KEY"
āforeman-proxy-oauth-consumer-secret="$KATELLO_SECRET"
āforeman-proxy-dhcp=āfalseā
āforeman-proxy-dns=āfalseā
āforeman-proxy-tftp=ātrueā
āforeman-proxy-content-enable-docker=āfalseā
āforeman-proxy-content-enable-ansible=āfalseā
āforeman-proxy-content-enable-deb=āfalseā
I run into issue:
[configure] Could not set groups on user[foreman-proxy]: Execution of ā/sbin/usermod -G puppet foreman-proxyā returned 6: usermod: group āp
uppetā does not exist
so i added that group and have another issue:
[configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[sp1.lan]/features: change from [āLogsā, āPulpcoreā, āRegistrationā, āTFTPā, āTemplatesā] to [āDynflowā, āLogsā, āPulpcoreā, āPuppet CAā, āRegistrationā, āTFTPā, āTemplatesā] failed: Proxy sp1.lan has failed to load one or more features (Puppet CA), check /var/log/foreman-proxy/proxy.log for configuration errors
Do I missing something? To have that working?
I am refering to docs.theforeman.org LB configuration default certs without puppet.
OK, another day, I am just curious, if puppet is disabled by default in scenario katello and we use command:
foreman-proxy-certs-generate
āforeman-proxy-fqdn $SMART_PROXY
ācerts-tar $SMART_PROXY_CERTS_TAR
āforeman-proxy-cname $SMART_PROXY_CNAME
to generate certificates for smart proxy:
apache.crt
foreman-client.crt
foreman-proxy-client.crt
foreman-proxy.crt
puppet-client.crt
qpid-broker.crt
qpid-router-client.crt
qpid-router-server.crt
Do we need PuppetCA on smart proxy?
I was able to install without any issue two smart proxies:
For LB i am using HAPROXY - config from forklift repo.
Those are the magic options which i used(same for sp1 and sp2):
foreman-installer --scenario foreman-proxy-content
-l DEBUG
ācerts-tar-file="/root/$SMART_PROXY_CERTS_TAR"
āforeman-proxy-register-in-foreman=ātrueā
āforeman-proxy-foreman-base-url=āhttps://$KATELLOā
āforeman-proxy-trusted-hosts="$KATELLO"
āforeman-proxy-trusted-hosts="$SMART_PROXY"
āforeman-proxy-oauth-consumer-key="$KATELLO_KEY"
āforeman-proxy-oauth-consumer-secret="$KATELLO_SECRET"
āforeman-proxy-dhcp=āfalseā
āforeman-proxy-dns=āfalseā
āforeman-proxy-tftp=ātrueā
āforeman-proxy-content-enable-docker=āfalseā
āforeman-proxy-content-enable-deb=āfalseā
ācerts-cname ā$SMART_PROXY_CNAMEā
āenable-foreman-proxy-plugin-remote-execution-ssh
I was able to sync CentOS7/Stream8/Rocky8
I made the dummy smart proxy pointing to LB server.
Set the subents and assign that proxy.
For now just tested CentOS7 and with using the bootdisk generated from UI I was able provision that VM.
Disabling one from two smart proxies, i was able without any issue sync repos to VM which is registered to dummy proxy like that.
yum -y localinstall http://$SMART_PROXY_CNAME/pub/katello-ca-consumer-latest.noarch.rpm
subscription-manager register --org=$ORG --serverurl=https://$SMART_PROXY_CNAME:8443/rhsm --baseurl=https://$SMART_PROXY_CNAME/pulp/content --activationkey centos-7
I do not see any error logs(enabled debug option on both) in
/var/log/foreman/production.log
/var/log/foreman-proxy/proxy.log
The most strange is that wen i first sync proxies some dirs was missing and I had to sync one more time but i used Complete sync and all show up on smart proxies.
Any comments are appreciated.
Thanks