What controls how foreman decides what smart proxy to send commands to a host?
I thought it used the smart proxy that the host was discovered against, but I am seeing it randomly use any of the smart proxies.
Is there a way to control which ones it uses or does it use all available?
a) Is it the smart proxies associated with the location via administer->locations?
or
b) Is it the locations associated with the smart proxies via the infrastructure->smartproxies?
Are they randomly selected or is it a round-robin or load balance?
Just curious about it. I have never seen this mentioned, even in any of the other discussions or write-ups about location associations I have come across.
Also, most of our smart proxies just have “Default Location” setup, if a host is assigned to a different sub location like Default Location/XYZ but no smart proxies are setup for that location how is the list of smart proxies decided? If there are smart proxies that have that location Default Location/XYZ associated do only those get used?
It really depends on the feature. Some are assigned on the host level, others on domain or subnet, some like remote execution are even more flexible with one assigned to a subnet, but being able to configure a fallback and global one too.
Host’s provisioning interface IP address is matched against all your subnets. If there’s a match, provisioned host is associated with that subnet. When Foreman wants to call to the node, it uses Discovery Proxy associated with that Subnet.
Ok thanks Lukas. So does the location associations on the smartproxy do anything? or should I just leave them all as “default location” even if we have disconnected subnets behind smart proxies?
Organization and Location are for multi-tenancy. I can’t tell what you expect from this, but at the moment you can only put discovered nodes into either single org/loc (the setting) or per subnet (it must be in a single org/loc).
Typically we assume you have SubnetA which only belongs to OrgA/LocA and so when a host is discovered in that subnet, only users from that context can see/provision them.
