Is there any solutions?
The devs could probably give you a better answer but put two Foreman
instances behind a load balancer and cluster the DB. We don't need that
layer of redundacy since we monitor the Rackspace instance and if it goes
down we restart it or restore from a snapshot.
Jim
···
On 8 August 2013 09:51, Jiang Jim wrote:Is there any solutions?
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
I think you can follow standard approach of HAing a web application.
They will share same database (or you can replicate if you need to) and
the secondary instance can be turned off until the point you (manually)
start it up.
On top of that, you can implement your heartbeat solution. Tools are
there, just pick some up. On RHEL, for example, there are solutions
which should work with Foreman.
http://www.redhat.com/products/enterprise-linux-add-ons/high-availability/
LZ
···
On Thu, Aug 08, 2013 at 02:07:41PM +0100, James Bailey wrote: > The devs could probably give you a better answer but put two Foreman > instances behind a load balancer and cluster the DB. We don't need that > layer of redundacy since we monitor the Rackspace instance and if it goes > down we restart it or restore from a snapshot. > > Jim > > > On 8 August 2013 09:51, Jiang Jim wrote: > > > Is there any solutions? > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Foreman users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to foreman-users+unsubscribe@googlegroups.com. > > To post to this group, send email to foreman-users@googlegroups.com. > > Visit this group at http://groups.google.com/group/foreman-users. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > You received this message because you are subscribed to the Google Groups "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com. > To post to this group, send email to foreman-users@googlegroups.com. > Visit this group at http://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/groups/opt_out.–
Later,
Lukas “lzap” Zapletal
irc: lzap #theforeman
> From: "Lukas Zapletal" <lzap@redhat.com>
> To: foreman-users@googlegroups.com
> Sent: Thursday, August 8, 2013 10:51:02 AM
> Subject: Re: [foreman-users] How can I build HA In Foreman?
>
> I think you can follow standard approach of HAing a web application.
> They will share same database (or you can replicate if you need to) and
> the secondary instance can be turned off until the point you (manually)
> start it up.
>
> On top of that, you can implement your heartbeat solution. Tools are
> there, just pick some up. On RHEL, for example, there are solutions
> which should work with Foreman.
You don't even need heartbeat. Just deploy a load balancer with backend health checking, put 2 foreman web interfaces in front of it, with postgres master/master replication.
This seems like something that we should write up in a wiki page with a reference architecture for making foreman HA.
···
----- Original Message -----http://www.redhat.com/products/enterprise-linux-add-ons/high-availability/
LZ
On Thu, Aug 08, 2013 at 02:07:41PM +0100, James Bailey wrote:
The devs could probably give you a better answer but put two Foreman
instances behind a load balancer and cluster the DB. We don’t need that
layer of redundacy since we monitor the Rackspace instance and if it goes
down we restart it or restore from a snapshot.Jim
On 8 August 2013 09:51, Jiang Jim jiangwt100@gmail.com wrote:
Is there any solutions?
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.–
Later,Lukas “lzap” Zapletal
irc: lzap #theforeman–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
> From: "Sam Kottler" <skottler@redhat.com>
> To: foreman-users@googlegroups.com
> Sent: Thursday, August 8, 2013 11:21:42 AM
> Subject: Re: [foreman-users] How can I build HA In Foreman?
>
>
>
> > From: "Lukas Zapletal" <lzap@redhat.com>
> > To: foreman-users@googlegroups.com
> > Sent: Thursday, August 8, 2013 10:51:02 AM
> > Subject: Re: [foreman-users] How can I build HA In Foreman?
> >
> > I think you can follow standard approach of HAing a web application.
> > They will share same database (or you can replicate if you need to) and
> > the secondary instance can be turned off until the point you (manually)
> > start it up.
> >
> > On top of that, you can implement your heartbeat solution. Tools are
> > there, just pick some up. On RHEL, for example, there are solutions
> > which should work with Foreman.
>
> You don't even need heartbeat. Just deploy a load balancer with backend
> health checking, put 2 foreman web interfaces in front of it, with postgres
> master/master replication.
s/in front of it/behind the load balancer/ 
···
----- Original Message ----- > ----- Original Message -----This seems like something that we should write up in a wiki page with a
reference architecture for making foreman HA.http://www.redhat.com/products/enterprise-linux-add-ons/high-availability/
LZ
On Thu, Aug 08, 2013 at 02:07:41PM +0100, James Bailey wrote:
The devs could probably give you a better answer but put two Foreman
instances behind a load balancer and cluster the DB. We don’t need that
layer of redundacy since we monitor the Rackspace instance and if it goes
down we restart it or restore from a snapshot.Jim
On 8 August 2013 09:51, Jiang Jim jiangwt100@gmail.com wrote:
Is there any solutions?
–
You received this message because you are subscribed to the Google
Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send
an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.–
Later,Lukas “lzap” Zapletal
irc: lzap #theforeman–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
If you do, include the foreman_memcache plugin
···
On 8 August 2013 16:21, Sam Kottler wrote:You don’t even need heartbeat. Just deploy a load balancer with backend
health checking, put 2 foreman web interfaces in front of it, with postgres
master/master replication.This seems like something that we should write up in a wiki page with a
reference architecture for making foreman HA.
> You don't even need heartbeat. Just deploy a load balancer with backend health checking, put 2 foreman web interfaces in front of it, with postgres master/master replication.
>
> This seems like something that we should write up in a wiki page with a reference architecture for making foreman HA.
>
Sure, this is a solution too.
Just one small warning (not the case for Foreman tho). Cluster can be
seen as HA only and only if one node (out of two) has the capacity to
take all the load 
Otherwise, it can fall down when there is a failure on one of these.
But yeah, generally - cluster is better
···
-- Later,Lukas “lzap” Zapletal
irc: lzap #theforeman
Thank you for your reply and sorry for my inadequacy description.
Actually, i'm not confused about web and db HA now, but i am confused about
the foreman-proxy HA, tftp, dhcp and so on.
When create a host, foreman will generate a provision template with mac
address in tftp dir, in HA, it means i will generate files on each machine,
i can not find a elegance way to deal with situation.
在 2013年8月8日星期四UTC+8下午10时51分02秒,Lukas Zapletal写道:
···
> > I think you can follow standard approach of HAing a web application. > They will share same database (or you can replicate if you need to) and > the secondary instance can be turned off until the point you (manually) > start it up. > > On top of that, you can implement your heartbeat solution. Tools are > there, just pick some up. On RHEL, for example, there are solutions > which should work with Foreman. > > http://www.redhat.com/products/enterprise-linux-add-ons/high-availability/ > > LZ > > On Thu, Aug 08, 2013 at 02:07:41PM +0100, James Bailey wrote: > > The devs could probably give you a better answer but put two Foreman > > instances behind a load balancer and cluster the DB. We don't need that > > layer of redundacy since we monitor the Rackspace instance and if it > goes > > down we restart it or restore from a snapshot. > > > > Jim > > > > > > On 8 August 2013 09:51, Jiang Jim <jiang...@gmail.com > > wrote: > > > > > Is there any solutions? > > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Foreman users" group. > > > To unsubscribe from this group and stop receiving emails from it, send > an > > > email to foreman-user...@googlegroups.com . > > > To post to this group, send email to forema...@googlegroups.com. > > > > Visit this group at http://groups.google.com/group/foreman-users. > > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > > -- > > You received this message because you are subscribed to the Google > Groups "Foreman users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to foreman-user...@googlegroups.com . > > To post to this group, send email to forema...@googlegroups.com. > > > Visit this group at http://groups.google.com/group/foreman-users. > > For more options, visit https://groups.google.com/groups/opt_out. > > -- > Later, > > Lukas "lzap" Zapletal > irc: lzap #theforeman >What about smart-proxy for DHCP? I recently ran into a scenario where the
VM cluster I had Foreman w/ local puppetmaster, puppetca, dhcp, tftp
smart-proxy running failed. As a result, all the hosts which Foreman had
provisioned and were still using their static lease through DCHP went
offline.
···
-- Sean M. Alderman Senior Engineer, UDit Systems Integration and Engineering University of Dayton 300 College Park Dayton, Ohio 45469-1530 (937) 229-5088 salderman1@udayton.eduOn Thu, Aug 8, 2013 at 11:37 AM, Lukas Zapletal lzap@redhat.com wrote:
You don’t even need heartbeat. Just deploy a load balancer with backend
health checking, put 2 foreman web interfaces in front of it, with postgres
master/master replication.This seems like something that we should write up in a wiki page with a
reference architecture for making foreman HA.Sure, this is a solution too.
Just one small warning (not the case for Foreman tho). Cluster can be
seen as HA only and only if one node (out of two) has the capacity to
take all the loadOtherwise, it can fall down when there is a failure on one of these.
But yeah, generally - cluster is better
–
Later,Lukas “lzap” Zapletal
irc: lzap #theforeman–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
I convert all hosts from DHCP to static once provisioning is complete. But
yeah, one needs to account for DHCP, TFTP, etc when considering a Foreman
HA solution as well.
···
On Thu, Aug 8, 2013 at 11:54 AM, Sean Alderman wrote:What about smart-proxy for DHCP? I recently ran into a scenario where the
VM cluster I had Foreman w/ local puppetmaster, puppetca, dhcp, tftp
smart-proxy running failed. As a result, all the hosts which Foreman had
provisioned and were still using their static lease through DCHP went
offline.–
Sean M. Alderman
Senior Engineer, UDit Systems Integration and Engineering
University of Dayton
300 College Park
Dayton, Ohio 45469-1530
(937) 229-5088
salderman1@udayton.eduOn Thu, Aug 8, 2013 at 11:37 AM, Lukas Zapletal lzap@redhat.com wrote:
You don’t even need heartbeat. Just deploy a load balancer with backend
health checking, put 2 foreman web interfaces in front of it, with postgres
master/master replication.This seems like something that we should write up in a wiki page with a
reference architecture for making foreman HA.Sure, this is a solution too.
Just one small warning (not the case for Foreman tho). Cluster can be
seen as HA only and only if one node (out of two) has the capacity to
take all the loadOtherwise, it can fall down when there is a failure on one of these.
But yeah, generally - cluster is better
–
Later,Lukas “lzap” Zapletal
irc: lzap #theforeman–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
Mr. Baird,
Do you have a good puppet module recommendation to do this, or is it a
manual process?
···
-- Sean M. Alderman Senior Engineer, UDit Systems Integration and Engineering University of Dayton 300 College Park Dayton, Ohio 45469-1530 (937) 229-5088 salderman1@udayton.eduOn Thu, Aug 8, 2013 at 12:05 PM, Josh Baird joshbaird@gmail.com wrote:
I convert all hosts from DHCP to static once provisioning is complete.
But yeah, one needs to account for DHCP, TFTP, etc when considering a
Foreman HA solution as well.On Thu, Aug 8, 2013 at 11:54 AM, Sean Alderman salderman1@udayton.eduwrote:
What about smart-proxy for DHCP? I recently ran into a scenario where
the VM cluster I had Foreman w/ local puppetmaster, puppetca, dhcp, tftp
smart-proxy running failed. As a result, all the hosts which Foreman had
provisioned and were still using their static lease through DCHP went
offline.–
Sean M. Alderman
Senior Engineer, UDit Systems Integration and Engineering
University of Dayton
300 College Park
Dayton, Ohio 45469-1530
(937) 229-5088
salderman1@udayton.eduOn Thu, Aug 8, 2013 at 11:37 AM, Lukas Zapletal lzap@redhat.com wrote:
You don’t even need heartbeat. Just deploy a load balancer with
backend health checking, put 2 foreman web interfaces in front of it, with
postgres master/master replication.This seems like something that we should write up in a wiki page with
a reference architecture for making foreman HA.Sure, this is a solution too.
Just one small warning (not the case for Foreman tho). Cluster can be
seen as HA only and only if one node (out of two) has the capacity to
take all the loadOtherwise, it can fall down when there is a failure on one of these.
But yeah, generally - cluster is better
–
Later,Lukas “lzap” Zapletal
irc: lzap #theforeman–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
I think that you'll find
https://forge.puppetlabs.com/razorsedge/network is a better network
module for Red Hat systems.
network::if::static { 'eth0':
ensure => 'up',
ipaddress => '1.2.3.248',
netmask => '255.255.255.128',
}
You can also do a clever trick. If the system can get DHCP addresses
on all interfaces from Foreman on first boot, you can do this
network::if::static { 'eth0':
ensure => 'up',
ipaddress => "$ipaddress_eth0",
netmask => "$netmask_eth0",
}
Unfortunately, facter does not have a fact for the gateway, so you
would still have to specify that manually (or create your own fact).
···
On Thu, Aug 8, 2013 at 11:27 AM, Baird, Josh wrote: > My "network" module takes care of this: > > > > # Define static network if static_network=dev is used > > > > if $::static_network { > > network::redhat::static-network{$::static_network:} > > } > > > > define network::redhat::static-network($enabled = 'yes') { > > > > file { "ifcfg-$name": > > path => "/etc/sysconfig/network-scripts/ifcfg-$name", > > mode => '0644', > > content => template('network/redhat/ifcfg-static.erb'), > > ensure => $enabled ? {'yes' => present, default => absent }, > > notify => Service['network'], > > } > > > > } > > > > Just make sure you set $static_network. I set it as a global parameter in > Foreman. > > > > Actually, I think I got this from Ohad... so give him the credit! > > > > Josh > > > > > > From: foreman-users@googlegroups.com [mailto:foreman-users@googlegroups.com] > On Behalf Of Sean Alderman > Sent: Thursday, August 08, 2013 12:22 PM > To: foreman-users@googlegroups.com > > > Subject: Re: [foreman-users] How can I build HA In Foreman? > > > > Mr. Baird, > > Do you have a good puppet module recommendation to do this, or is it a > manual process? > > > > -- > Sean M. Alderman > Senior Engineer, UDit Systems Integration and Engineering > University of Dayton > 300 College Park > Dayton, Ohio 45469-1530 > (937) 229-5088 > salderman1@udayton.edu > > > > On Thu, Aug 8, 2013 at 12:05 PM, Josh Baird wrote: > > I convert all hosts from DHCP to static once provisioning is complete. But > yeah, one needs to account for DHCP, TFTP, etc when considering a Foreman HA > solution as well. > > > > On Thu, Aug 8, 2013 at 11:54 AM, Sean Alderman > wrote: > > What about smart-proxy for DHCP? I recently ran into a scenario where the > VM cluster I had Foreman w/ local puppetmaster, puppetca, dhcp, tftp > smart-proxy running failed. As a result, all the hosts which Foreman had > provisioned and were still using their static lease through DCHP went > offline. > > > > -- > Sean M. Alderman > Senior Engineer, UDit Systems Integration and Engineering > University of Dayton > 300 College Park > Dayton, Ohio 45469-1530 > (937) 229-5088 > salderman1@udayton.edu > > > > On Thu, Aug 8, 2013 at 11:37 AM, Lukas Zapletal wrote: > >> You don't even need heartbeat. Just deploy a load balancer with backend >> health checking, put 2 foreman web interfaces in front of it, with postgres >> master/master replication. >> >> This seems like something that we should write up in a wiki page with a >> reference architecture for making foreman HA. >> > > Sure, this is a solution too. > > Just one small warning (not the case for Foreman tho). Cluster can be > seen as HA only and only if one node (out of two) has the capacity to > take all the load :-D > > Otherwise, it can fall down when there is a failure on one of these. > > But yeah, generally - cluster is better :-D > > > -- > Later, > > Lukas "lzap" Zapletal > irc: lzap #theforeman > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to foreman-users+unsubscribe@googlegroups.com. > To post to this group, send email to foreman-users@googlegroups.com. > Visit this group at http://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to foreman-users+unsubscribe@googlegroups.com. > To post to this group, send email to foreman-users@googlegroups.com. > Visit this group at http://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to foreman-users+unsubscribe@googlegroups.com. > To post to this group, send email to foreman-users@googlegroups.com. > Visit this group at http://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to foreman-users+unsubscribe@googlegroups.com. > To post to this group, send email to foreman-users@googlegroups.com. > Visit this group at http://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/groups/opt_out. > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to foreman-users+unsubscribe@googlegroups.com. > To post to this group, send email to foreman-users@googlegroups.com. > Visit this group at http://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/groups/opt_out.Yeah, I have been meaning to test that. This is what I use for the gateway
fact:
Add default gateway and default interface fact
Linux
if File.exists?('/sbin/ip')
%x{/sbin/ip route}.each_line do |line|
if line =~ /.default via (.) dev (\w+).*/
Facter.add("gateway") {
confine :kernel => "Linux"
setcode { $1 }
}
Facter.add("gateway_if") {
confine :kernel => "Linux"
setcode { $2 }
}
end
end
end
Josh
···
On Thu, Aug 8, 2013 at 2:41 PM, Justin Brown wrote:I think that you’ll find
https://forge.puppetlabs.com/razorsedge/network is a better network
module for Red Hat systems.network::if::static { ‘eth0’:
ensure => ‘up’,
ipaddress => ‘1.2.3.248’,
netmask => ‘255.255.255.128’,
}You can also do a clever trick. If the system can get DHCP addresses
on all interfaces from Foreman on first boot, you can do thisnetwork::if::static { ‘eth0’:
ensure => ‘up’,
ipaddress => “$ipaddress_eth0”,
netmask => “$netmask_eth0”,
}Unfortunately, facter does not have a fact for the gateway, so you
would still have to specify that manually (or create your own fact).On Thu, Aug 8, 2013 at 11:27 AM, Baird, Josh jbaird@follett.com wrote:
My “network” module takes care of this:
Define static network if static_network=dev is used
if $::static_network {
network::redhat::static-network{$::static_network:}}
define network::redhat::static-network($enabled = ‘yes’) {
file { “ifcfg-$name”:
path => "/etc/sysconfig/network-scripts/ifcfg-$name", mode => '0644', content => template('network/redhat/ifcfg-static.erb'), ensure => $enabled ? {'yes' => present, default => absent }, notify => Service['network'],}
}
Just make sure you set $static_network. I set it as a global parameter
in
Foreman.Actually, I think I got this from Ohad… so give him the credit!
Josh
From: foreman-users@googlegroups.com [mailto:
foreman-users@googlegroups.com]
On Behalf Of Sean Alderman
Sent: Thursday, August 08, 2013 12:22 PM
To: foreman-users@googlegroups.comSubject: Re: [foreman-users] How can I build HA In Foreman?
Mr. Baird,
Do you have a good puppet module recommendation to do this, or is it a
manual process?–
Sean M. Alderman
Senior Engineer, UDit Systems Integration and Engineering
University of Dayton
300 College Park
Dayton, Ohio 45469-1530
(937) 229-5088
salderman1@udayton.eduOn Thu, Aug 8, 2013 at 12:05 PM, Josh Baird joshbaird@gmail.com wrote:
I convert all hosts from DHCP to static once provisioning is complete.
But
yeah, one needs to account for DHCP, TFTP, etc when considering a
Foreman HA
solution as well.On Thu, Aug 8, 2013 at 11:54 AM, Sean Alderman salderman1@udayton.edu > > wrote:
What about smart-proxy for DHCP? I recently ran into a scenario where
the
VM cluster I had Foreman w/ local puppetmaster, puppetca, dhcp, tftp
smart-proxy running failed. As a result, all the hosts which Foreman had
provisioned and were still using their static lease through DCHP went
offline.–
Sean M. Alderman
Senior Engineer, UDit Systems Integration and Engineering
University of Dayton
300 College Park
Dayton, Ohio 45469-1530
(937) 229-5088
salderman1@udayton.eduOn Thu, Aug 8, 2013 at 11:37 AM, Lukas Zapletal lzap@redhat.com wrote:
You don’t even need heartbeat. Just deploy a load balancer with backend
health checking, put 2 foreman web interfaces in front of it, with
postgresmaster/master replication.
This seems like something that we should write up in a wiki page with a
reference architecture for making foreman HA.Sure, this is a solution too.
Just one small warning (not the case for Foreman tho). Cluster can be
seen as HA only and only if one node (out of two) has the capacity to
take all the loadOtherwise, it can fall down when there is a failure on one of these.
But yeah, generally - cluster is better
–
Later,Lukas “lzap” Zapletal
irc: lzap #theforeman–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
My "network" module takes care of this:
Define static network if static_network=dev is used
if $::static_network {
network::redhat::static-network{$::static_network:}
}
define network::redhat::static-network($enabled = 'yes') {
file { "ifcfg-$name":
path => "/etc/sysconfig/network-scripts/ifcfg-$name",
mode => '0644',
content => template('network/redhat/ifcfg-static.erb'),
ensure => $enabled ? {'yes' => present, default => absent },
notify => Service['network'],
}
}
Just make sure you set $static_network. I set it as a global parameter in Foreman.
Actually, I think I got this from Ohad… so give him the credit!
Josh
···
From: foreman-users@googlegroups.com [mailto:foreman-users@googlegroups.com] On Behalf Of Sean Alderman Sent: Thursday, August 08, 2013 12:22 PM To: foreman-users@googlegroups.com Subject: Re: [foreman-users] How can I build HA In Foreman?Mr. Baird,
Do you have a good puppet module recommendation to do this, or is it a manual process?
–
Sean M. Alderman
Senior Engineer, UDit Systems Integration and Engineering
University of Dayton
300 College Park
Dayton, Ohio 45469-1530
(937) 229-5088
salderman1@udayton.edumailto:salderman1@udayton.edu
On Thu, Aug 8, 2013 at 12:05 PM, Josh Baird <joshbaird@gmail.commailto:joshbaird@gmail.com> wrote:
I convert all hosts from DHCP to static once provisioning is complete. But yeah, one needs to account for DHCP, TFTP, etc when considering a Foreman HA solution as well.
On Thu, Aug 8, 2013 at 11:54 AM, Sean Alderman <salderman1@udayton.edumailto:salderman1@udayton.edu> wrote:
What about smart-proxy for DHCP? I recently ran into a scenario where the VM cluster I had Foreman w/ local puppetmaster, puppetca, dhcp, tftp smart-proxy running failed. As a result, all the hosts which Foreman had provisioned and were still using their static lease through DCHP went offline.
–
Sean M. Alderman
Senior Engineer, UDit Systems Integration and Engineering
University of Dayton
300 College Park
Dayton, Ohio 45469-1530
(937) 229-5088
salderman1@udayton.edumailto:salderman1@udayton.edu
On Thu, Aug 8, 2013 at 11:37 AM, Lukas Zapletal <lzap@redhat.commailto:lzap@redhat.com> wrote:
You don’t even need heartbeat. Just deploy a load balancer with backend health checking, put 2 foreman web interfaces in front of it, with postgres master/master replication.
This seems like something that we should write up in a wiki page with a reference architecture for making foreman HA.
Sure, this is a solution too.
Just one small warning (not the case for Foreman tho). Cluster can be
seen as HA only and only if one node (out of two) has the capacity to
take all the load
Otherwise, it can fall down when there is a failure on one of these.
But yeah, generally - cluster is better
–
Later,
Lukas “lzap” Zapletal
irc: lzap #theforeman
–
You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.commailto:foreman-users%2Bunsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.commailto:foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
–
You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.commailto:foreman-users%2Bunsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.commailto:foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
–
You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.commailto:foreman-users%2Bunsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.commailto:foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
–
You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.commailto:foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.commailto:foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
If you are moving into HA territory then you need to start splitting
everything out into its component services and either make them
active/active or active/passive clusters depending on that service's best
practice. It would be good to see a core Forman HA document on the wiki but
I don't think it is the projects job to advise on these tasks except to
advise on best practice and potential problems on integrating Foreman with
HA versions of these services.
Jim
···
On 8 August 2013 16:54, Sean Alderman wrote:What about smart-proxy for DHCP? I recently ran into a scenario where the
VM cluster I had Foreman w/ local puppetmaster, puppetca, dhcp, tftp
smart-proxy running failed. As a result, all the hosts which Foreman had
provisioned and were still using their static lease through DCHP went
offline.–
Sean M. Alderman
Senior Engineer, UDit Systems Integration and Engineering
University of Dayton
300 College Park
Dayton, Ohio 45469-1530
(937) 229-5088
salderman1@udayton.eduOn Thu, Aug 8, 2013 at 11:37 AM, Lukas Zapletal lzap@redhat.com wrote:
You don’t even need heartbeat. Just deploy a load balancer with backend
health checking, put 2 foreman web interfaces in front of it, with postgres
master/master replication.This seems like something that we should write up in a wiki page with a
reference architecture for making foreman HA.Sure, this is a solution too.
Just one small warning (not the case for Foreman tho). Cluster can be
seen as HA only and only if one node (out of two) has the capacity to
take all the loadOtherwise, it can fall down when there is a failure on one of these.
But yeah, generally - cluster is better
–
Later,Lukas “lzap” Zapletal
irc: lzap #theforeman–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
Thanks to your reply.
Its a good ideal to set static ip_address use puppet to solve problem about
dhcp_lease, but i have troublesin tftp files, i can not find a good way to
generate the tftp files on each machine.
在 2013年8月9日星期五UTC+8上午12时21分36秒,Sean Alderman写道:
···
> > Mr. Baird, > Do you have a good puppet module recommendation to do this, or is it a > manual process? > > > -- > Sean M. Alderman > Senior Engineer, UDit Systems Integration and Engineering > University of Dayton > 300 College Park > Dayton, Ohio 45469-1530 > (937) 229-5088 > salde...@udayton.edu > > > On Thu, Aug 8, 2013 at 12:05 PM, Josh Baird <josh...@gmail.com > > wrote: > >> I convert all hosts from DHCP to static once provisioning is complete. >> But yeah, one needs to account for DHCP, TFTP, etc when considering a >> Foreman HA solution as well. >> >> >> On Thu, Aug 8, 2013 at 11:54 AM, Sean Alderman <salde...@udayton.edu >> > wrote: >> >>> What about smart-proxy for DHCP? I recently ran into a scenario where >>> the VM cluster I had Foreman w/ local puppetmaster, puppetca, dhcp, tftp >>> smart-proxy running failed. As a result, all the hosts which Foreman had >>> provisioned and were still using their static lease through DCHP went >>> offline. >>> >>> >>> -- >>> Sean M. Alderman >>> Senior Engineer, UDit Systems Integration and Engineering >>> University of Dayton >>> 300 College Park >>> Dayton, Ohio 45469-1530 >>> (937) 229-5088 >>> salde...@udayton.edu >>> >>> >>> On Thu, Aug 8, 2013 at 11:37 AM, Lukas Zapletal <lz...@redhat.com >>> > wrote: >>> >>>> > You don't even need heartbeat. Just deploy a load balancer with >>>> backend health checking, put 2 foreman web interfaces in front of it, with >>>> postgres master/master replication. >>>> > >>>> > This seems like something that we should write up in a wiki page with >>>> a reference architecture for making foreman HA. >>>> > >>>> >>>> Sure, this is a solution too. >>>> >>>> Just one small warning (not the case for Foreman tho). Cluster can be >>>> seen as HA only and only if one node (out of two) has the capacity to >>>> take all the load :-D >>>> >>>> Otherwise, it can fall down when there is a failure on one of these. >>>> >>>> But yeah, generally - cluster is better :-D >>>> >>>> -- >>>> Later, >>>> >>>> Lukas "lzap" Zapletal >>>> irc: lzap #theforeman >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Foreman users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to foreman-user...@googlegroups.com . >>>> To post to this group, send email to forema...@googlegroups.com >>>> . >>>> Visit this group at http://groups.google.com/group/foreman-users. >>>> For more options, visit https://groups.google.com/groups/opt_out. >>>> >>>> >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Foreman users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to foreman-user...@googlegroups.com . >>> To post to this group, send email to forema...@googlegroups.com >>> . >>> Visit this group at http://groups.google.com/group/foreman-users. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Foreman users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to foreman-user...@googlegroups.com . >> To post to this group, send email to forema...@googlegroups.com >> . >> Visit this group at http://groups.google.com/group/foreman-users. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > >Hello
I am reopening the very old post as I want to achieve same functionality as author.
Being said, the HA config would be:
- SERVER_1_FOREMAN
- SERVER_2_FOREMAN
- SERVER_3_FOREMAN_DATABASE
- SERVER_4_LOAD_BALANCER
So what I did for now was:
- Install postgresql database on SERVER_3. Configured foreman user and password for the database.
- Generated self-signed certificates (just for the testing purposes) on SERVER_4.
- Configured HA Proxy to use the cert plus to load balance between SERVER_1 & SERVER_2.
- Installed Foreman on SERVER_1, used installation parameters to use database installed on SERVER_3.
- Copied the self-signed certificates from SERVER_4 to SERVER_1
- Changed certificate configuration on SERVER_1 in:
/etc/foreman/settings.yml
/etc/foreman-proxy/settings.yml
/etc/foreman-proxy/settings.d/puppetca_http_api.yml
to provide to my newly generated certs.
And Foreman works fine. When I connect to the HaProxy url on SERVER_4 I am able to connect to the foreman server located on SERVER_1.
However, foreman-proxy doesn’t work correctly. When I go to the Infrastructure/Smart Proxies I see following errors:
Failure: ERF50-5345 [Foreman::WrappedException]: Unable to connect ([ProxyAPI::ProxyException]: ERF12-7885 [ProxyAPI::ProxyException]: Unable to fetch logs ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate)) for proxy https://SERVER_1.mydomain.net:8443/logs)
How can I make foreman-proxy to trust my self-signed certs?
Is it a good setup? If not, how I can achieve HA?
Im sorry I dont have an answer for you, but we are doing the same, so really interested to see what you find. I’ll be building this out soon, so Ill follow this thread.
Try to add your local CA certificate into Foreman host. Or you can generate all necessary certs for all smart-proxy on your foreman host.