Foreman Provisioning Interest Group [October 2025]

lstejska · September 4, 2025, 6:39am

Hello,
Allow me to invite you to the Foreman Provisioning Interest Group meetup, this time on Tuesday.

Feel free to join and discuss provisioning with us, or add any topics/presentations that you’d like to share with the community.

Link: meet.google.com/wpf-timj-wtc

Dirk · September 22, 2025, 2:23pm

I am not 100% sure if I can make it to the meeting as I am on vacation, but I will try as I was hit by several problems with Debian provisioning which I can probably better explain in person. But I will try to describe them here as detailed as I can in the case I can not make it to the meeting.

The problem which was the main reason I was at the costumer was caused by them trying to use Grub2 UEFI HTTP to provision Debian which always failed with preseed telling us the preconfiguration file is corrupt. After investigation I found this is caused by the DHCP lease containing supersede server.filename = "http://smart-proxy.example.com:8000/httpboot/host-config/aa-bb-cc-dd-ee-ff/grub2/boot.efi";. I removed the line of code from the Smart Proxy creating the entry as a workaround and verified also AlmaLinux and Ubuntu can be installed without. This breaks bootloader-universe and with this secure boot which is no requirement yet for provisioning. I opened a thread but unfortunately did not get any feedback yet, so I want to ask here if someone has an idea for the root cause and/or how to process!
Next question was than about installation repositories as currently there is no support for installing from synced content in Katello, in pulp_deb is only broken support for it. I think noone is working on this currently, but it is something which results in a bad user experience as every OS has now a different way to setup installation media (synced content for EL, manually provide ISO for Ubuntu, stick with upstream for Debian).
Next one came up after the system was provisioned and registered with the repositories being by default not structured with all the drawbacks. Is there a reason for this still being the default or could we go for deprecation, migration and have structured repositories as default?
Registration itself is also not in a good state as it needs to be done after provisioning, manually or by an Ansible role, which again shows how much Debian is lacking behind.
Which brings me to signing the deb repositories which is quite hard to find documentation on. I had to point the customer to it because running out of time and I ended up with a community thread to start jumping on it. Should we get better documentation on this or go further and improve it for example with an UI interface to it?

TLDR: Debian Provisioning is not in the best shape, can we improve?

lstejska · September 25, 2025, 6:07am

Hi Dirk,
I’m afraid I won’t have much good news to share with you. We are currently busy with various work efforts, and Debian provisioning is not on the list. To the best of my knowledge, that’s unlikely to change in the future.

Foreman is an open-source project; I would love to have some PRs to review, but I wouldn’t count on the Foreman core team taking any initiative in Debian provisioning.

Dirk · September 25, 2025, 7:01am

Perfectly fine, but I hope not only the core team is in the meeting and while it is very unlikely I can fix the code myself, if we just want/need better documentation, templates, Ansible code I can hopefully help.

Bernhard_Suttner · September 25, 2025, 9:14am

Thanks Dirk for your message. Just some thoughts as I’m pretty busy…

Grub2 UEFI HTTP: sounds like a issue. Maybe you want to create a pull request?
Install Debian from synced Repo: would be interesting and we have this on our plate since some time. But, not so easy as a lot of non .deb files need to be part of the repo then. And, its now even harder since Ubuntu switched away from preseed to subiquity / autoinstall. Ubuntu does currently always need a ISO - which is “nice”
Structured Apt: currently working on it to get structured apt the default method: Fixes #38741 - Make structured APT mandatory for deb content by quba42 · Pull Request #11487 · Katello/katello · GitHub
Don’t know what you mean. maybe some template changes needed?
If not clear, documentation change would be fine.

lstejska · October 7, 2025, 12:29pm

@Bernhard_Suttner, here’s the list of the templates sorted by the updates.

Script to generate the list

find . -type f -name "*.erb" | while read -r file; do
  last_commit_date=$(git log -n 1 --invert-grep --grep "33034" --pretty=format:"%cs" -- "$file")
  echo "$last_commit_date;$file"
done

(It’s ignoring one commit that was just formatting the description)

For the sorted list, see the Attachment